The Domain Name System (DNS) is one of the foundations of the internet, yet most people outside of networking probably don’t realize they use it every day to do their jobs, check their email or waste time on their smartphones.
At its most basic, DNS is a directory of names that match with numbers. The numbers, in this case are IP addresses, which computers use to communicate with each other. Most descriptions of DNS use the analogy of a phone book, which is fine for people over the age of 30 who know what a phone book is.
If you’re under 30, think of DNS like your smartphone’s contact list, which matches people’s names with their phone numbers and email addresses. Then multiply that contact list by everyone else on the planet.
A brief history of DNS
When the internet was very, very small, it was easier for people to correspond specific IP addresses with specific computers, but that didn’t last for long as more devices and people joined the growing network. It’s still possible to type a specific IP address into a browser to reach a website, but then, as now, people wanted an address made up of easy-to-remember words, of the sort that we would recognize as a domain name (like networkworld.com) today. In the 1970s and early ’80s, those names and addresses were assigned by one person — Elizabeth Feinler at Stanford – who maintained a master list of every Internet-connected computer in a text file called HOSTS.TXT.
This was obviously an untenable situation as the Internet grew, not least because Feinler only handled requests before 6 p.m. California time, and took time off for Christmas. In 1983, Paul Mockapetris, a researcher at USC, was tasked with coming up with a compromise among multiple suggestions for dealing with the problem. He basically ignored them all and developed his own system, which he dubbed DNS. While it’s obviously changed quite a bit since then, at a fundamental level it still works the same way it did nearly 40 years ago.
How DNS servers work
The DNS directory that matches name to numbers isn’t located all in one place in some dark corner of the internet. With more than 332 million domain names listed at the end of 2017, a single directory would be very large indeed. Like the internet itself, the directory is distributed around the world, stored on domain name servers (generally referred to as DNS servers for short) that all communicate with each other on a very regular basis to provide updates and redundancies.
Authoritative DNS servers vs. recursive DNS servers
When your computer wants to find the IP address associated with a domain name, it first makes its request to a recursive DNS server, also known as recursive resolver. A recursive resolver is a server that is usually operated by an ISP or other third-party provider, and it knows which other DNS servers it needs to ask to resolve the name of a site with its IP address. The servers that actually have the needed information are called authoritative DNS servers.
DNS servers and IP addresses
Each domain can correspond to more than one IP address. In fact, some sites have hundreds or more IP addresses that correspond with a single domain name. For example, the server your computer reaches for www.google.com is likely completely different from the server that someone in another country would reach by typing the same site name into their browser.
Another reason for the distributed nature of the directory is the amount of time it would take for you to get a response when you were looking for a site if there was only one location for the directory, shared among the millions, probably billions, of people also looking for information at the same time. That’s one long line to use the phone book.
What is DNS caching?
To get around this problem, DNS information is shared among many servers. But information for sites visited recently is also cached locally on client computers. Chances are that you use google.com several times a day. Instead of your computer querying the DNS name server for the IP address of google.com every time, that information is saved on your computer so it doesn’t have to access a DNS server to resolve the name with its IP address. Additional caching can occur on the routers used to connect clients to the internet, as well as on the servers of the user’s Internet Service Provider (ISP). With so much caching going on, the number of queries that actually make it to DNS name servers is a lot lower than it would seem.
How do I find my DNS server?
Generally speaking, the DNS server you use will be established automatically by your network provider when you connect to the internet. If you want to see which servers are your primary nameservers — generally the recursive resolver, as described above — there are web utilities that can provide a host of information about your current network connection.
Can I use 8.8.8.8 DNS?
It’s important to keep in mind, though, that while your ISP will set a default DNS server, you’re under no obligation to use it. Some users may have reason to avoid their ISP’s DNS — for instance, some ISPs use their DNS servers to redirect requests for nonexistent addresses to pages with advertising.
If you want an alternative, you can instead point your computer to a public DNS server that will act as a recursive resolver. One of the most prominent public DNS servers is Google’s; its IP address is 8.8.8.8. Google’s DNS services tend to be fast and while there are certain questions about the ulterior motives Google has for offering the free service, they can’t really get any more information from you that they don’t already get from Chrome. Google has a page with detailed instructions on how to configure your computer or router to connect to Google’s DNS.
How DNS adds efficiency
DNS is organized in a hierarchy that helps keep things running quickly and smoothly. To illustrate, let’s pretend that you wanted to visit networkworld.com.
The initial request for the IP address is made to a recursive resolver, as discussed above. The recursive resolver knows which other DNS servers it needs to ask to resolve the name of a site (networkworld.com) with its IP address. This search leads to a root server, which knows all the information about top-level domains, such as .com, .net, .org and all of those country domains like .cn (China) and .uk (United Kingdom). Root servers are located all around the world, so the system usually directs you to the closest one geographically.
Once the request reaches the correct root server, it goes to a top-level domain (TLD) name server, which stores the information for the second-level domain, the words used before you get to the .com, .org, .net (for example, that information for networkworld.com is “networkworld”). The request then goes to the Domain Name Server, which holds the information about the site and its IP address. Once the IP address is discovered, it is sent back to the client, which can now use it to visit the website. All of this takes mere milliseconds.
Because DNS has been working for the past 30-plus years, most people take it for granted. Security also wasn’t considered when building the system, so hackers have taken full advantage of this, creating a variety of attacks.
