How DNS works and the type of DNS server.

As you type some alphabetic addresses in the URL, what happens next? How did the web browser show you the result?

It's all done by Domain Name System. It is like a phonebook for websites, you just have to remember their hostname, no need to remember IP addresses.

This is what a DNS does -

• Resolve hostname to corresponding IP addresses.

• It is an Application layer protocol.

• It uses both UDP and TCP.

• It works on port number 53.

There are 4 types of DNS -

1. Recursive Resolver (DNS resolver),

2. Root Nameserver,

3. Top-level domain server, and

4. Authoritative nameserver.

1. Recursive Resolver -

• It is the first domain name server. When your device wants to find the IP address associated with the hostname.

• A DNS query is sent by the DNS client (web browser).

• Then, the query goes to Recursive Resolver.

• Recursive resolver operated by ISP (Internet Service Provider), which stores the IP address in its cache.

• ISP further sends the query to the Root name server if do not find it in its cache.

2. Root Name Server -

• Root nameserver has information on top-level domain servers ( like .com, .net, .org, .in, etc).

• These are located all around the world.

• It sends back a query to DNS resolver about which TLD server has the required result.

• Then DNS resolver sends the query to the closest root nameserver.

3. Top-level Domain Server -

• TLD server stores the information for 2nd level domain or subdomain.

• Then, the TLD server sends back a query to DNS resolver to which the Authoritative server has the required result.

• Then, it sends the query to the Authoritative nameserver based on the subdomain.

4. Authoritative Nameserver -

• This is the last stop in the domain nameserver query.

• It stores the actual IP address of the corresponding hostname.

• It sends back the DNS record (IP address) of the particular hostname to the DNS resolver.

The whole process with an example.

A DNS SERVER B

(www.facebook.com) (192.168.62.8)

Let A is your PC, and you type www.facebook.com. Then the DNS client (web browser) first checks if its IP address is stored in the cache or not. If it is stored in the browser or operating system cache, the hostname will be resolved from there.

If the IP address does not store in the cache, the DNS client will send a query to the DNS resolver. Here it will check if the ISPs stored it in its cache or not. If stored, then the response is given to the DNS client, otherwise, the query will send to the closest Root nameserver.

Root nameserver will check for its domain whether it is (.com or .net or .org or .in) or whatever. On the basis of this, the query will send to the TLD nameserver where the subdomain (Facebook, google, etc) and this will go to their respective Authoritative nameserver and it will provide the DNS record for the required DNS query.

The above image shows the working of a DNS server and here Route 53 is an Authoritative nameserver for Amazon web services.

Always remember that each service has its own Authoritative nameserver.

Types of DNS queries -

1. Recursive query:

• Queries are sent between the DNS client and the Recursive resolver (DNS resolver).

• The DNS resolver will respond to the client with either the resource record or an error message.

2. Iterative query:

• Queries are sent between the DNS resolver and the other DNS server.

• The process of sending and receiving query continue till an error or time out or record is found.

3. Non-recursive query:

• DNS record is present in the browser cache or Operating system cache.

Some important points -

1. DNS records are present in the cache for a set amount of time, determined by TTL (time to live).

2. DNSSec is a security protocol that stops attackers to hijack DNS lookups.

3. DOH (DNS over HTTPS) encrypts the DNS requests, but the enterprise or the website you are visiting can able to monitor the web activity of users.