What is DNS and how does it work?

This post will take a bird’s eye view of DNS and answer that question.

A while ago, I wrote a similar article about how DHCP works.

In it, I made some assumptions about you, the reader. Here I’m going to make the same assumptions and repeat them.

Like many things in the world of electronics and computers, it would take many posts to cover every aspect of what DNS is in its entirety.

First, I assume that you have a few computers/devices at home on a small network with a router as the default gateway and have some interest in how all things electronic (including computers) work.

Secondly, I assume that you’re an electronics enthusiast and may wish to build a project that can connect to a network (such as the Internet) using DNS.

Third, you’re not a network administrator of a large corporation or university. Because of this, we’ll cover the basics of DNS and how it works but won’t be covering more advanced features of DNS in detail. Nor will we discuss installing and/or configuring DNS on a server running a network operating system (NOS) like Windows Server 20xx.

Now let’s answer the question: what is DNS?

What is DNS?

Before we go into any detail on what DNS is and how it works, it will be helpful to talk about the history behind it. So first, let’s ask ourselves why DNS?

Why Use DNS?

Believe it or not, there was a time when DNS did not exist.

But why is it here now?

DNS works because it’s easier for humans to remember the name of a URL that makes sense than remember an IP address or a string of numbers.

For example, it’s easier for most of us to remember CircuitCrush.com and put that into our browser than it is to remember 77.104.157.25 which is the website’s IP address.

If not for DNS, we’d have to remember and type 77.104.157.25 into our browser to visit this site. Not very convenient. If all you had to use to address computers on the Internet was the computers’ IP addresses, keeping track of them and remembering them would drive a square man insane.

The problem is that, unlike humans, computers like numbers not words. Because of this there is a need for a way to translate friendly, text based website URLs into IP addresses computers can understand.

DNS’ Predecessor – the Hosts File

Before DNS was around, computers used the hosts file. Let’s talk a bit about what the hosts file actually is.

The Hosts File is Dead

A long time ago, in a galaxy far away and a time when many of us had no clue what the Internet was, network admins could keep track of it all in a simple text file — the hosts file.

The Internet was still in its infancy and was very small compared to today, so this worked.

The hosts file just listed the name and IP address of every host (a host is a computer or device — hence the name of the file) on the network. Each computer had its own copy of this file. The only problem was keeping them all up to date. For example, adding or removing a device from the network requires updating the file on all devices (a.k.a. hosts).

As more people got caught in the ‘Net and it grew, the hosts file followed and multiplied in size. By the mid-1980’s this was becoming unwieldy. A better solution was needed.

DNS was the answer to the call, and we’ll get into that in a minute.

Long Live the Hosts File

I lied. Turns out the hosts file is not dead.

Both Windows and Linux computers still use the hosts file today.

In fact, if you’re running a recent version of Windows you can find it in:

[root]\Windows\System32\drivers\etc

where [root] is probably your c: drive, though it doesn’t have to be.

And, you can edit the hosts file with any text editor.

Ever dreamed of being Iron Man, having the ability to build anything, anytime? Try Academy for Arduino!

A lot of unscrupulous hackers and malware creators know this. In fact, this kind of attack is quite common. Here’s how it works: the idea is to edit the victim’s host file so that whenever they type a web address — say google.com, into their browser (perhaps to get help removing malware) a site of the attacker’s choice shows up instead. This works because even today, computers go to the hosts file before using DNS.

This is not a hacker tutorial site, so I won’t go into any detail on how to do this (it’s actually pretty easy), but if wrong websites suddenly start coming up, check your hosts file.

Figure 1 below depicts a typical hosts file.

Figure 1: the hosts file on my PC.

There are a few things to notice about this file.

First, there are a bunch of comments at the top starting with the # sign. This is how you make comments in the hosts file.

Second, yours may not have any entries below the : : 1 localhost entry (near the middle of the pic).

Third, the file includes a mapping for the name localhost at IP address 127.0.0.1. This IP address is the loopback address that allows the computer to refer to itself. The IPv6 version of that address is the : : 1 below that. This is a networking standard.

Finally, this hosts file has other entries below the localhost entry. These were added by an antimalware program I use. These entries are a list of known bad websites that the antimalware program keeps a database on. If I were to try to go 100sexlinks.com near the bottom (don’t judge me, I would never do such a thing), the hosts file would redirect me to my own PC. This is to protect me from some hacker or malware taking over and directing me to a bad website. Instead of going to the bad place, it simply redirects me to my own computer, thus saving my hide.

Let’s move onto DNS…

What is DNS?

Know we know that DNS is a facility that lets you use names instead of numbers to refer to other computers. After all, it’s a lot easier to remember Amazon.com than 207.171.182.48 (Amazon actually has a whole range if IP addresses). But let’s get into more nitty gritty.

DNS is a name service providing a standardized system for giving names to identify TCP/IP hosts and a way to look up the IP address of a host given their host name.

OK, I know that was confusing.

DNS uses a hierarchical naming system similar to the way Windows organizes folders on a computer. But, instead of folders, DNS organizes its names into domains.

Domains are organized in a tree arrangement with the root domain at the very top. The root domain is the anchor point for all domains. Below it are the ones you’re probably familiar with like .com, .org, .edu, etc. There are the top level domains or TLDs and there are others besides the ones you see here.

Under the TLDs reside all the websites, such as CircuitCrush.com, facebook.com, and all the others.

I can also create more subdomains if I wish under my main one such as the fictitious awesome.circuitcrush.com domain.

 

Figure 2: domain organization. Sorry, awesome, projects, and fubarred are not real subdomains on this site.

DNS Name Details

One thing to know about DNS names is that while each node (i.e. awesome.circuitcrush.com) can be up to 63 characters long (not including the dots), special characters aside from hyphens are not allowed.

Also, DNS names are not case sensitive. So, CircuitCrush.com is the same as circuitcrush.com. DNS ignores capitalization.

The tree in figure 2 can be up to 127 levels deep. In practice though few people usually go beyond 3-4 levels very often which makes the tree very broad rather than deep.

Earlier, we compared DNS to the Windows file system. One important difference, however, is that Windows starts at the root (usually c:) and then you work your way down. In the path c:\Windows\System32\drivers\etc the folder etc is the lowest node. However, in the name awesome.circuitcrush.com, awesome is the lowest node. With DNS names, you start at the bottom of the tree and work up to the root.

Finally, in addition to a bunch of top-level domains, there are also a bunch of geographic domains.

For example, .ca is for Canada and .it is for Italy. This is because many U.S. organizations dominate the non-geographic TLDs like .com and .org. These geographic domains open up many other domains that would normally already be taken to people in other countries.

Get in the Zone

A DNS server is simply a computer that runs DNS server software, helps maintain the DNS database, and responds to DNS name resolutions from other computers. The database is a hugely distributed one; no single DNS server contains the whole thing. And this is a good thing.

The whole DNS namespace is divided into what are called zones. The responsibility of each zone is given to a particular DNS server. Zones often correspond to directly to domains.

There are two basic types of zones.

The first is a primary zone. It is the master copy of a zone and the DNS server that hosts it also has the data for that zone on it. No other servers can host that particular primary zone.

A secondary zone is a copy of a zone that is read-only. The server hosting this zone does not have a copy of the zone data. Rather, it gets its copy of the zone from the zone’s primary server by zone transfer.

This brings us to primary and secondary DNS servers. If you’ve ever bought a domain name and connected it to your hosting company yourself, you probably had to designate a primary and a secondary DNS server. The names of these servers may have started with NS1 and NS2.

Every zone needs to have one primary server and should also have at least one secondary server. This is in case the primary server goes down.

How DNS Works

Now that we know a bit about DNS’ predecessor, domains, and zones let’s take a deeper look at how DNS actually works.

The root servers are the core of DNS and cover the whole Internet.

As of this writing there are 13 root DNS servers. Some super creative person decided to name each one after the first 13 letters of the alphabet A-M. Actually, each of these names represents not a single computer but rather a server cluster consisting of many computers. Nonetheless, it’s standard to say there are 13 them whose locations are scattered around the world, with many located in various places across the U.S.

Other DNS servers learn to access the root servers by way of a root hints file.

When a computer needs to resolve a DNS name to an IP address, it uses a resolver to handle the query. The resolver takes care of sending the query and interpreting the response.

There are two basic types of DNS queries.

With recursive queries the server replies with either the IP address of the requested host name or an error message. The error message indicates the host doesn’t exist. If the server doesn’t know the IP address, it’ll ask another DNS server and so on. Once the first server gets the IP, it’ll send it back to the requesting computer. Or you’ll get an error message if the name doesn’t exist.

With iterative queries the server will return the IP address of the requested host if it knows it. If it doesn’t know the IP, it will return a referral, which the address of a DNS server that should know.

Usually, DNS servers use recursive queries. Assuming that the first server knows the answer, it replies directly to the requestor. When it does not know, the server will do an iterative query to a DNS server it thinks should know the answer. If it gets an answer, it’ll return it to the requestor. If not, it’ll ask a third server and so on. When no answer can be obtained an error message is returned.

A Sample DNS Query

Let’s do an example to make this clearer.

Suppose that we want to visit www.circuitcrush.com — here is what happens.

1. We throw that in our browser’s address bar and the browser asks the computer’s resolver to find the IP address with a recursive query.
2. That query is issued to the name server, let’s call it ns1.myhostingcompany.com.
3. That name server checks to see if it knows the IP address of www.circuitcrush.com. No luck — it doesn’t, so the server does an iterative query to one of the root name servers to see if that server knows the IP address of www.circuitcrush.com.
4. That root server doesn’t know the IP either, so it returns a list of root servers that are authoritative for the .com domain.
5. The ns1.myhostingcompany.com server picks one of them and issues an iterative query for www.circuitcrush.com.
6. Still no luck. The .com server doesn’t know either, so it returns a list of name servers that are authoritative for the circuitcrush.com domain. The ns1.myhostingcompany.com server again picks one and sends it an iterative query for www.circuitcrush.com.
7. Success! The circuitcrush.com name server know the IP address for www.circuitcrush.com so it returns it to the ns1.myhostingcompany.com name server. The ns1.myhostingcompany.com name server than caches the result.
8. The client computer you’re using also caches the result so next time it’s a little quicker. Of course, all this happens very fast anyway.

DNS Resource Records

This article wouldn’t be complete with out a mention of DNS resource records. Earlier, I stated that this post assumes that you’re not a network administrator. With that in mind, I’m just going to give a bird’s eye view of the types of records with a quick explanation of what they are. If you want more detail, there are other resources out there that can help.

DNS zones are defined by a zone file which consists of one or more resource records.

Every zone needs to start with an SOA record, which names the zone and gives some default information for the zone.

Name server records or NS records give the name servers that are authoritative for the zone. Every zone needs at least one of these, more is better.

Address records or A records are the bulk of the zone file. They provide an IP for each host that you want to make accessible via DNS.

Canonical name or CNAME records create an alias for a fully qualified domain name.

Pointer records, also called PTR records are the opposite of an A record. They give the fully qualified domain name for a given IP address. These usually appear in reverse look-up zones (a bit on that in a minute) and not normal zones.

Finally, mail exchange or MX records identify the mail server for a domain.

A Word on Reverse Look-Up Zones

We know that normal DNS queries ask a name server for an IP address that corresponds to the URL we type in a browser. This is a forward look-up.

Opposite of that, a reverse look-up returns the domain name given an IP address.

This is possible due to the special domain in-addr.arpa, which keeps a log of all the IP addresses on the Internet and maps them to a domain name.

The Future of DNS

What does the future of DNS look like?

Like all things technology and computer related, change is likely in store.

In the earlier days of DNS, most of the things on the ‘Net were computers. Then came the smartphones. Now, we have everything from thermostats, appliances, and our own creations clamoring for web space and an IP address. My guess is that we’ll soon need more than 13 root DNS servers.

Plus, vulnerabilities have been discovered in DNS. Where there’s a software vulnerability there’s usually an update to follow and I’m sure more holes exist meaning more updates for DNS.

Perhaps something completely different will replace DNS in the future. Until then, I hope this longer-than-usual post shed some light on how DNS works — if for nothing else — just for curiosity.

Comment and tell us about your latest Internet or network connected project. Brag a bit!

Ever dreamed of being Iron Man, having the ability to build anything, anytime? Try Academy for Arduino!