Unveiling the Magic of DNS: How the Internet's Directory Works

Unveiling the Magic of DNS: How the Internet's Directory Works

Learn Why DNS Matters and How It Affects You

Every time we open a page in our browser, we use DNS behind the scenes. Now, you might ask, what is DNS? Well, DNS stands for Domain Name System. It allows us to open websites without remembering their IP addresses. When we visit www.google.com in our browser, the browser doesn't know what google.com is. It only understands IP addresses like 10.1.1.1. DNS helps convert human-readable domains like www.google.com to their actual IP address (142.250.193.46) so we can visit the site. It's the internet's directory that translates domain names to IP addresses.

Every site we visit goes through DNS, but it's so fast that we don't even notice it in our daily lives. Ever wondered how it works behind the scenes?

In this blog post, we'll go through all the steps, starting from the browser until the IP address is returned by the DNS. But first, we need to understand the structure of a domain, as it's crucial to know this to understand how DNS works so effectively.

Structure of a Domain

Let's breakdown the 3 parts of a domain www.example.com

  1. Subdomain: This is the front part of the domain and defaults to www when nothing is mentioned. It is www in the above domain.

  2. Domain Name: It is the actual name of the domain which is most familiar to us. It is example in the above domain.

  3. Top Level Domain: It is the final segment of the domain name after the last dot. They are the top of the hierarchy of domain names. It is .com in the above domain. We will be using these terms, thus, we need to have a basic understanding of it.

How DNS works?

Diagram explaining DNS resolution. The flow begins with a client asking a DNS Resolver for the IP address of www.google.com. The DNS Resolver then queries Root NameServers for TLD name servers, which point to TLD NameServers. TLD NameServers direct the DNS Resolver to Authoritative NameServers, which return the IP address for www.google.com to the DNS Resolver. Finally, the DNS Resolver provides the IP address 142.250.192.228 to the client.

Here is a step-by-step process of how DNS works:

  1. Local Cache: First of all, the browser will check it's own cache to see if it has the IP address of the website. For frequently visited websites or popular sites like Google, YouTube, Instagram, etc, the browser will have the cached IP which will be used. If the browser cannot find the URL inside it's cache, it will ask the OS whether it has the IP address of that domain in its cache. The cache is maintained by both the browser and the OS (for tools like cURL).

  2. DNS Query: When both the cache does not return any results, then the OS will send the DNS query to the DNS Resolver. The query is generally a UDP request to the resolver which is stateless and much faster than TCP.

  3. DNS Resolver: The DNS Resolver used by the OS is often provided by our ISPs (Internet Service Provider) or it can be from Google (8.8.8.8) or Cloudflare (1.1.1.1). As with the previous steps, the DNS Resolver also has a cache that it maintains with a TTL (time to live) set by each domain owner (more on this later), so if the domain is cached there, then it will directly return the IP, else it will continue to next steps.

  4. Root Name Servers: The DNS Resolver will query one of the root name servers if it can't find the IP in it's cache. The root name servers are the most authoritative name servers and there are only 13 named root servers worldwide (named a - m) and is managed by ICANN. The root name servers will return the TLD name servers. For example, the root name servers will return the name server list of .com TLD if we query for www.google.com.

  5. TLD Name Servers: Now the resolver will query the nearest TLD name server (by the power of Anycast) and ask it for the authoritative name server that manages the domain name. Note that the TLD name server does not know the IP of the domain but it returns an additional name server which actually manages the domain.

  6. Authoritative Name Servers: The resolver will query the authoritative name server for the IP address of the domain. This name server actually stores the DNS Records like A, AAAA, CNAME, etc, (more on this later) for that domain. It will return the IP address of the domain.

  7. Returning the IP: Once the resolver gets the IP address from the authoritative name server, it will cache the IP and returns the IP back to the OS where it will again be cached by the OS before going back to the browser.

This whole process from cache lookup to DNS resolver is known as DNS Lookup. You can do a lookup of any site using:

nslookup {domain_name}

For example

A terminal window displaying the results of the  command for the domain "www.google.com," including server and address information along with both IPv4 and IPv6 addresses for Google.

Now, lets talk about DNS Records, what they mean and how the process of adding a DNS record works.

DNS Records

DNS Records are just information about a domain in various types of records. This is what is stored in the authoritative name servers. There are multiple types of records, some of them are:

  1. A Record: This record stores the IPv4 address of the domain.

  2. AAAA Record: This record stores the IPv6 address of the domain.

  3. CNAME Record: This record is the canonical name record of the domain. It is used to set alias for the different sub-domains of a domain.

  4. MX Record: It points to the mail exchange server of the domain.

    ...and many more.

What happens when a DNS record is added?

  1. When somebody buys a domain name from a registrar (like GoDaddy), then he has the option to choose who will manage that domain. It can either by the Registrar (with their own name server) or any other custom name server (like Cloudflare or self-made).

  2. Once he chooses a name server to use for his domain, he can add a DNS record for that domain name along with a TTL to tell the resolver when to expire the DNS Record Cache from its system.

  3. Once the DNS Records are populated, that info will be propagated to the TLD name servers of the domain so that when the resolver tries to query for the IP, it will know which authoritative name server has that info. This propagation can take some time to be shared to the whole DNS network.

DNS Security

As most of the DNS queries happen using UDP protocol, that makes the DNS queries vulnerable as any hacker can intercept those network packets sent from OS to resolver and it can know the client IP and which sites it is trying to visit.

There is another attack known as DNS Spoofing where the hacker stores faulty info in the resolver for a domain name, thus, that data is cached in the resolver leading somebody to a compromised site until the TTL expires.

There are multiple steps taken to secure DNS such as DNSSEC and DNS over HTTPS (DoH) but these are still not adopted widely due to lack of awareness.

Conclusion

DNS is the backbone that runs the Internet and it makes us appreciate how internet would not be what it is today without it.

For those who would like to read further into the topic, you can check out: