DNS Explained: The Internet's Phone Book

DNS: The Internet's Phone Book

How domain names translate to IP addresses

What is DNS?

The Domain Name System (DNS) is a hierarchical decentralized naming system that translates human-friendly domain names (like example.com) into machine-readable IP addresses (like 192.0.2.1).

flowchart LR A[User types example.com] --> B[DNS Lookup] B --> C[Returns IP: 192.0.2.1] C --> D[Browser connects to server]

Think of DNS as the internet's phone book - it matches names with numbers (IP addresses) so you don't have to remember complex numerical addresses.

Before DNS

In the early internet (ARPANET), computers used a hosts.txt file maintained by SRI that mapped names to numbers. This became impractical as the network grew.

# hosts.txt example
192.0.2.1 example.com
192.0.2.2 test.com

DNS Creation

DNS was invented in 1983 by Paul Mockapetris to solve the scaling problems of the hosts.txt system. It introduced:

  • Distributed database
  • Hierarchical naming structure
  • Caching for performance

How DNS Works

flowchart TD A[User enters URL] --> B[Check Browser Cache] B -->|Not Found| C[Check OS Cache] C -->|Not Found| D[Ask Resolver DNS] D -->|Not Found| E[Ask Root Server] E --> F[Ask TLD Server] F --> G[Ask Authoritative Server] G --> H[Return IP Address] H --> I[Cache Response]

The DNS Resolution Process

  1. Browser Cache: Your browser checks its own cache first
  2. OS Cache: The operating system checks its DNS cache
  3. Resolver: Your ISP's DNS server is queried
  4. Root Server: If needed, the root DNS servers are consulted
  5. TLD Server: The Top-Level Domain server (.com, .org, etc.) is queried
  6. Authoritative Server: The domain's nameserver provides the IP
  7. Caching: Each step caches the result for future requests

DNS Record Types

A Record

Maps a domain to an IPv4 address

example.com. 3600 IN A 192.0.2.1

AAAA Record

Maps a domain to an IPv6 address

example.com. 3600 IN AAAA 2001:db8::1

CNAME

Canonical name (domain alias)

www.example.com. 3600 IN CNAME example.com.

MX

Mail exchange server

example.com. 3600 IN MX 10 mail.example.com.

TXT

Text information (often for verification)

example.com. 3600 IN TXT "v=spf1 include:_spf.example.com ~all"

NS

Nameserver for the domain

example.com. 3600 IN NS ns1.example.com.

DNS Hierarchy

graph TD Root["Root DNS (.)"] -->|com| TLD1[.com TLD] Root -->|org| TLD2[.org TLD] Root -->|net| TLD3[.net TLD] TLD1 -->|example| Authoritative1[example.com NS] TLD1 -->|google| Authoritative2[google.com NS] Authoritative1 --> Record1[A: 192.0.2.1] Authoritative1 --> Record2[MX: mail.example.com]

DNS Components

Root Name Servers

13 logical servers (actually hundreds of physical servers) that know where to find TLD servers

TLD Servers

Servers for top-level domains (.com, .org, .net) that know about authoritative nameservers

Authoritative Nameservers

The final authority for a domain's DNS records

Recursive Resolvers

Servers (like your ISP's) that do the legwork of DNS lookups

DNS Security

Common DNS Attacks

DNS Spoofing/Cache Poisoning

Corrupting DNS cache with false information to redirect traffic

DNS Amplification

Using DNS servers to amplify DDoS attacks

NXDOMAIN Attack

Flooding DNS with requests for non-existent domains

Protection Mechanisms

DNSSEC

DNS Security Extensions that add cryptographic signatures to DNS data

DNS over HTTPS/TLS

Encrypting DNS queries to prevent eavesdropping

Response Rate Limiting

Limiting DNS responses to prevent amplification attacks

Try a DNS Lookup