What Is a DNS Server?
You may have come across the term "DNS server" before but weren't sure what it referred to. This article aims to answer the question what is a DNS server as well as explain how they work.
First of all, let's define what DNS stands for. A DNS, short for domain name system, is used to resolve a particular domain name to its IP equivalent. Domain names (e.g. keycdn.com) are simply used to be more easily read and remembered by humans, however, all domain names are associated with a particular IP address. This can be compared to a phonebook where a person's name would correspond to the domain name (e.g. yourwebsite.com) and their phone number would correspond to the website's IP (e.g. 159.x.x.x).
These IP address lookups are performed by DNS servers. A website address is associated with a particular DNS hosting provider's name servers which are responsible for resolving the IP address of said website. The actual process of how a DNS server works is explained in greater detail in the section below.
How does a DNS server work?
You can perform a DNS lookup using a couple of methods such as using
dig example.com in the CLI or using a DNS lookup tool. There are a few steps that take place when a DNS server is asked to lookup a website's IP.
- Website request - The first step is, of course, to request the actual website via a web browser. When someone types in a particular website's address (e.g. keycdn.com) into their address bar, the DNS lookup process begins. Both the OS and browser first look at their own DNS caches to see if the information is already stored locally. If not, the resolver must be asked.
- Ask resolver - Once the locally cached DNS records have been checked, the OS asks the resolver. The resolver is usually your ISP (internet service provider). It first checks its own cache to verify if the information is not already stored locally. If it's not, it goes on to ask the root server.
- Ask root server - The next step is to ask the root server. The root server looks at the last section of the request (the .com portion). Although the root server cannot locate the IP address of the website, it tells the resolver where the top level domain (TLD) servers are for .com. The resolver then stores this information for later use.
- Ask TLD server - The resolver goes on to ask the TLD servers the IP address of the website in question. Although the TLD servers can't provide us with the required information, they know where to direct our request. The TLD servers provide the resolver with a list of name servers for that website. Again, the resolver stores this information for later use.
- Ask authoritative name servers - Finally, now that the resolver knows what the authoritative name servers are, it can query these name servers and retrieve the required IP information. The authoritative name servers contain all the necessary information regarding a particular domain.
- Cache the IP and return it to the browser - Now that the resolver knows the IP of said domain, it will cache it for later use. At this point, the IP is delivered to your OS where it is locally cached as well. The OS then passes this information on to the browser. Once the browser knows the IP address of the website, it can then begin requesting and receiving information from the website's origin server.
DNS servers use DNS records to store information about domain names. There are several types of DNS records, each with a specific purpose.
Some common DNS records include:
A (Address) Record: This type of record maps a domain name to an IP address. For example, the A record for "google.com" might map to the IP address 126.96.36.199.
MX (Mail Exchange) Record: This type of record specifies which mail server is responsible for handling email for a particular domain. For example, the MX record for "example.com" might specify that the mail server for that domain is "mail.example.com".
CNAME (Canonical Name) Record: This type of record maps one domain name to another. For example, a CNAME record might map "www.example.com" to "example.com".
NS (Name Server) Record: This type of record specifies which DNS server is authoritative for a particular domain. For example, the NS record for "example.com" might specify that the authoritative DNS server for that domain is "dns1.example.com".
TXT (Text) Record: This type of record is used to store arbitrary text data associated with a domain. It can be used for a variety of purposes, such as domain verification or SPF records for email.
DNS caching is an important aspect of the DNS system that helps to improve the speed and efficiency of DNS lookups. Caching DNS servers store DNS records in memory for a specified period of time (called the Time-to-Live, or TTL), so that they can respond to queries for that same record without having to query an authoritative DNS server every time.
When a client device requests a DNS resolution, the recursive DNS server checks its cache to see if it already has the necessary information. If the information is not in its cache or the cache entry has expired, the recursive DNS server queries the authoritative DNS server for the necessary information. Once the information is obtained, the recursive DNS server stores it in its cache for a specified amount of time, based on the TTL value provided by the authoritative DNS server.
DNS caching helps to reduce the load on authoritative DNS servers by reducing the number of queries they receive. This can significantly improve the speed and reliability of the DNS system by reducing latency and network congestion. Caching DNS servers also help to provide resilience to DNS outages or failures by allowing client devices to continue to access DNS records from the cache even if the authoritative DNS server is unavailable.
However, DNS caching can also lead to potential issues such as stale DNS records or DNS poisoning. To mitigate these issues, DNS administrators should monitor their DNS caches regularly, and implement security measures such as DNSSEC (DNS Security Extensions) to prevent DNS spoofing and other attacks.
We will discuss the possible security risks and how to counteract them in more detail below.
Common DNS Server Issues
There are several common DNS server issues that can occur. Some of these include:
- DNS server downtime: This can occur if the DNS server crashes or goes offline.
- DNS cache poisoning: This is when a hacker alters the DNS cache to redirect users to malicious websites.
- DNS spoofing: Occurs when a hacker sends false DNS information to a user's computer to redirect them to a malicious website.
- DNS hijacking: This is when a hacker takes control of a user's DNS settings to redirect them to a malicious website.
Because DNS is such a critical part of the internet infrastructure, it is also a common target for cyberattacks. DNS attacks can take many forms, from DNS spoofing to DNS hijacking, as described above. DNSSEC (DNS Security Extensions) is a set of protocols designed to add an additional layer of security to the DNS lookup process. DNSSEC works by adding digital signatures to DNS records, which allows DNS clients to verify that the records they receive are authentic.
Another common DNS security measure is DNS filtering, which is the process of blocking access to certain domains or IP addresses. DNS filtering is often used in corporate environments to prevent employees from accessing malicious websites or other inappropriate content.
Choosing a DNS hosting provider
If you're setting up a website, it is important to choose a reliable DNS hosting provider. A DNS hosting provider is responsible for providing the authoritative name servers as mentioned in step 5 above (e.g. ns1.yourdomain.com, ns2.yourdomain.com, etc). These name servers are able to provide all necessary information regarding your website. Choosing a reliable DNS hosting provider is important for a few reasons including:
Setting up a backup DNS provider is important to avoid downtime in the event that your primary provider goes down. Redundancy will help ensure that your website remains live, which is crucial for many online businesses. Speed is also important as a good DNS provider will ensure that latency between DNS lookups and TTFB is minimal. Lastly, as long as you have implemented proper redundancy, this will also help increase security in the event of a DDoS attack.
To learn more about DNS hosting providers, check out our 10 Best Free DNS Hosting Providers article.
Hopefully this post has helped clarify the question "what is a DNS server" as well as provide some insight into how a DNS server works. DNS servers are an essential aspect of how the Internet functions. Without DNS servers, there would be no way to associate a particular domain name to an IP.
It is also important to note that if you are hosting a website, choosing a reliable DNS Hosting Provider is vital for a few reasons - mentioned in the previous section. Additionally, if you are looking to optimize your website's current DNS lookups, consider reading our Reduce DNS Lookups post.