What is the DNS?
Copy article linkAll devices connected to the Internet, from the smallest phone to the largest server, have an Internet Protocol (IP) address. IP addresses are used by computers and other devices on the Internet to communicate with each other.
When you visit a website on your phone, it sends a message to the IP address of a web server, and the web server sends the web page back to your phone's IP address.
IP addresses are strings of numbers. They are difficult for humans to remember and type. Imagine having to type 2607:f8b0:400a:080a::2004 instead of www.google.com! The DNS allows us to use friendly names for websites instead of IP addresses.
Converting friendly, human-readable names like www.google.com into IP addresses is the primary job of the DNS. But the DNS does a lot more behind the scenes to keep the Internet running!
How does the DNS work?
The DNS is like a telephone directory of IP addresses for all of the names on the Internet. Any time a device needs to convert a DNS name like wikipedia.org or bbc.co.uk into an IP address, the DNS supplies the answer.
The DNS is a massive global database made up of millions of DNS zones. Each DNS zone holds a small portion of the DNS tree. DNS zones are linked together using delegations to form a single database of names for the entire Internet.
At the top of the tree is a special zone called the DNS root zone. Directly below the root zone are the Top Level Domains (TLDs) like org, com, net, and uk.
A zone like wikipedia.org will hold different DNS names that are part of Wikipedia's domain, such as en.wikipedia.org and fr.wikipedia.org.
When a user types a DNS name like www.google.com into their browser, software on their computer sends a DNS query to convert the name into an IP address. This query usually goes to a recursive DNS server operated by the user's Internet Service Provider (ISP).
The recursive DNS server sends additional DNS queries to follow the chain of delegations from the DNS root down through various DNS zones until it discovers the IP address corresponding to the DNS name the user typed into the browser.
The IP address is sent back to the user's computer in a DNS response message, and the browser uses the IP address to connect to the web server. The process is called recursion.
How is domain name ownership managed?
Anyone can purchase a DNS domain name from a DNS registrar. A DNS zone will also need to be created and hosted somewhere on the Internet.
Many registrars will provide DNS zone hosting as part of their services, or the domain owner can host and operate the DNS zone themselves.
Once a domain name is purchased from a registrar, the registrar will insert the domain in the registry of DNS names for the appropriate Top Level Domain (TLD).
The entire process of operating DNS registries and TLDs is overseen by ICANN (Internet Corporation for Assigned Names and Numbers). ICANN ensures that all registrars have good security, provide good customer service, and prevent abuse of the DNS.
What are the steps in a DNS lookup?
A lot of work happens under the covers when a DNS name is resolved. Let's consider what happens when a user tries to open a webpage such as www.example.org
from their laptop:
- The user's laptop sends a DNS query for
www.example.org
to its recursive DNS server. - The recursive DNS server sends a query for
www.example.org
to one of the Internet root servers. - The root server returns a delegation for
org
. - The recursive DNS server sends a query for
www.example.org
to an authoritative server fororg
. - The
org
server returns a delegation forexample.org
. - The recursive DNS server sends a query for
www.example.org
to an authoritative server forexample.org
. - The
example.org
server returns the answer: address records forwww.example.org
. - The recursive DNS server sends the answer back to the user's laptop.
Not all DNS lookups will involve so many steps. The recursive DNS server will often have previously resolved the name. In this case, it will have a copy of the answer saved in its cache.
Authoritative vs recursive DNS servers
There are two different types of DNS servers on the Internet: authoritative DNS servers and recursive DNS servers.
Authoritative DNS servers generally answer DNS queries only for the specific zones they are authoritative for, while a recursive DNS server can answer any DNS query for any zone. Recursive DNS servers use a process called recursion to retrieve answers from authoritative DNS servers.
A recursive DNS server uses recursion to answer a DNS query. A recursive DNS server starts at the DNS root zone and works its way down through delegations until it reaches an authoritative DNS server that hosts the DNS zone containing the answer.
If the recursive DNS server already has the answer in its cache, it will respond directly and skip recursion.
What is DNS caching?
In the example above, the recursive DNS server had to send the user's query three times. The recursive DNS server must process each response. This is a lot of work!
The DNS was designed to reduce the work and time required for recursion through caching. Caching is the process of saving a copy of a piece of data for a period of time to make subsequent lookups faster.
When a recursive DNS server receives a lookup request that it resolved recently, within the DNS record's Time-To-Live (TTL), it will return the answer directly from its cache.
Caching serves three very important purposes in the DNS:
- It reduces DNS query latency.
- It reduces the number of queries each recursive DNS server sends, reducing the workload on recursive DNS servers.
- It also reduces the load on each of the authoritative servers.
Where does DNS caching take place?
Caching is critical in the DNS to make lookups faster and reduce the overall number of queries. Caching is performed in several places in the DNS:
- Recursive DNS servers cache for all of their customers and clients.
- Devices such as laptops and phones cache for all the applications on that device.
- Some applications, particularly web browsers, have their own dedicated caches.
When are cached records purged?
DNS caches remove records when their TTLs expire. Some DNS caches ignore this TTL when domain owners set it to a very low or high value. It may do so to protect itself from querying those records too often or running out of memory.
To speed up DNS propagation, you can also clear the DNS cache on your device and browser.
What else can the DNS do?
So far, we've talked about how the DNS converts human-readable names into IP addresses. But the DNS does much more than this, including:
- NS records form delegations, which allow the DNS to maintain itself as a massive, global hierarchical database.
- MX records allow email to be delivered for each domain.
- SPF, DKIM, and DMARC records prevent spam and provide security for email.
- CNAME records allow aliases in the DNS, so one set of IP addresses can be reused for many names without duplication.
- SRV records are used by some applications load balance traffic across servers.
- PTR records allow IP addresses to be converted back into domain names.
- The DNS is used internally by countless applications and services, such as Kubernetes.