Domain Name System
What is DNS?
Imagine if you had to remember the IP address of every website you wanted to visit, that would be an extremely cumbersome process, right? It wouldn’t give us the flexibility with which we browse the internet today. We human beings are better suited to remember comprehendible words and letters rather than a series of numbers. However routers do not understand words and letters, they understand IP addresses and how to route packets to and from an IP address. Which means, in order for us to use the internet like we do today, there needs to exist a sort of mapping process that maps domain names to the IP addresses of the servers that host the website we’d like to visit. This mapping is done by DNS – Domain Name System.
The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
How DNS works?
There are 4 DNS servers involved in loading a webpage:
- DNS recursor - The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. The recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.
- Root nameserver - The root server is the first step in translating (resolving) human readable host names into IP addresses. It serves as a reference to other more specific locations.
- TLD nameserver - This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In www.google.com, the TLD server is “.com”).
- Authoritative nameserver - The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor that made the initial request.
DNS hierarchy
Image 1: DNS hierarchy.
At the root level of the DNS hierarchy, there are root servers.. These root level DNS servers do not keep the IP address records of individual hosts, such as www.google.com, etc., but they can provide the list of IP addresses of Top-Level DNS servers dealing with the Top-level Domain, such as .com, .org, .net, .eu, etc. The designated DNS recursor sends its request to a root server, which in turn returns the address of the corresponding TLD server. There are hundreds of Top Level DNS servers, dealing with top level domains, such as .com, .org, .net, .eu, etc. These top level domain DNS servers do not keep the IP address records of individual or organisational hosts, but they can point to the right direction - a list of DNS servers further down the hierarchy or the authoritative DNS of the requested domain. The designated DNS server receives the IP address of the requested domain (www.google.com) from its authoritative DNS server, communicating with multiple DNS servers from different levels of the hierarchy tree.DNS lookup
Let us consider an example, the DNS lookup of “www.google.com”
- A user types ‘www.google.com’ into a web browser and the query travels into the Internet and is received by a DNS recursive resolver.
- The resolver then queries a DNS root nameserver (.).
- The root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for www.google.com, our request is pointed toward the .com TLD.
- The resolver then makes a request to the .com TLD.
- The TLD server then responds with the IP address of the domain’s nameserver, google.com.
- Lastly, the recursive resolver sends a query to the domain’s nameserver.
- The IP address for www.google.com is then returned to the resolver from the nameserver.
- The DNS resolver then responds to the web browser with the IP address of the domain requested initially.
Image 2: DNS lookup.
DNS Cache
As you might’ve noticed, this iterative process to get the IP address of a webserver is necessary if the website is being visited for the first time, but unnecessary if the website is a frequently visited one. Here’s where DNS cache comes into play. DNS cache refers to the temporary storage of information about previous DNS lookups on a machine's OS or web browser. Keeping a local copy of a DNS lookup allows one’s OS or browser to quickly retrieve it and thus a website's URL can be resolved to its corresponding IP much more efficiently. To view your DNS cache on your Chrome web browser, enter chrome://net-internals/#dns in the address bar of your Chrome browser. You can also clear the cache by clicking on the “Clear host cache” button. You can also view the DNS cache via the command prompt on your PC.
DNS providers
DNS service is provided by many DNS providers, a few popular DNS providers are listed below
- Google Public DNS: 8.8.8.8, 8.8.4.4
- CloudFlare Public DNS: 1.1.1.1
- Quad9 Public DNS: 9.9.9.9
- Cisco OpenDNS: 208.67.222.222
Demonstrating DNS with packet capture
Here, we will examine the packets captured during a DNS lookup and understand how DNS works using this topology.
Image 3: Topology to demonstrate DNS.
- Start all nodes and perform a packet capture on the interface e0 of the Linux PC.
- Configure the IP address, subnet mask and default gateway of both the PCs
- Set the Default DNS server and Alternate DNS server (on Windows) to the IP addresses of any one of the DNS service providers mentioned above
- Configure default route of the router R1 enabling the router to reach the Internet via the ISP whose gateway address is 200.1.1.1
Image 4: Router configuration.
- Ping a website, say “www.google.com” from the Windows/Linux PC command prompt.
Image 5: Output of ping command.
- Observe the captured packets on Wireshark.
The PC has sent two DNS queries to the DNS server, 8.8.8.8, one with the A record and one with the AAAA record. The A record returns the IPv4 address of the website, whereas the AAAA record returns the IPv6 address of the website. In this example, the IPv4 address of www.google.com is 142.250.67.68 and the IPv6 address of www.google.com is 2404:6800:4007:80c::2004. (This returns the IP address of one of the many different servers that host www.google.com, hence your DNS query might return a different IP address.)
Image 6: DNS query to 8.8.8.8, A record
Image 7: DNS query to 8.8.8.8, AAAA record
Image 8: DNS query response to 192.168.1.3, A record
Image 9: DNS query response to 192.168.1.3, AAAA record
ConclusionThus DNS is an integral part of the Internet today and plays a vital role in the smooth functioning of the Internet. It enables us to use the Internet efficiently and provides us with ease of access. Without DNS, the Internet as we know it today will not exist. In this article, we learnt about DNS, the hierarchical structure of DNS and how DNS lookup works.