Domain Name System (DNS)

Computer Networks DNS Internet

Domain Name System (DNS)

DNS is the Internet’s phone book, translating human-readable domain names into IP addresses that computers use to communicate.

How DNS Works

When you type a URL into your browser, DNS resolves it to an IP address through a series of queries.

DNS Resolution Process

  1. Browser cache check: Browser looks for cached DNS record
  2. OS cache check: Operating system checks its DNS cache
  3. Recursive resolver: Query sent to ISP’s DNS server
  4. Root nameserver: Points to TLD nameserver
  5. TLD nameserver: Top-level domain server (.com, .org, etc.)
  6. Authoritative nameserver: Returns the IP address
  7. Response: IP address returned to browser

DNS Record Types

Common Record Types

A Record: Maps domain to IPv4 address

AAAA Record: Maps domain to IPv6 address

CNAME Record: Canonical name record, creates alias for another domain

MX Record: Mail exchange record, directs email to mail servers

TXT Record: Text record for arbitrary text data (SPF, DKIM, domain verification)

NS Record: Nameserver record, delegates subdomain to other nameservers

SOA Record: Start of authority, contains administrative information

DNS Security

DNSSEC (DNS Security Extensions)

DNSSEC adds cryptographic signatures to DNS records to prevent tampering and ensure authenticity.

Benefits:

  • Prevents DNS cache poisoning
  • Authenticates DNS responses
  • Protects against man-in-the-middle attacks

DNS over HTTPS (DoH) and DNS over TLS (DoT)

Encrypts DNS queries to prevent eavesdropping and manipulation.

DNS Performance

Caching

DNS records are cached at multiple levels to improve performance:

  • Browser cache
  • Operating system cache
  • Router cache
  • ISP cache

TTL (Time to Live)

Specifies how long DNS records should be cached before requesting updated information.

Common DNS Issues

Slow DNS resolution: Check DNS server performance, consider using public DNS (Google: 8.8.8.8, Cloudflare: 1.1.1.1)

DNS cache poisoning: Corrupted cache entries pointing to wrong IP addresses

Propagation delays: DNS changes can take up to 48 hours to propagate globally