What is DNS?
The Domain Name System (DNS) is used by every Internet application to transform human-readable names such as www.netnod.se into the numeric string (known as the IP address) for that domain. While the DNS should largely be transparent to users, organisations with an online presence need to ensure their DNS setup is robust.
This page gives an overview of how the DNS works, what is involved in DNS queries and DNS caching, and how to optimise DNS performance.
How does the DNS work?
When using the Internet, users access websites using names. For example, if you want Netnod’s website, you type www.netnod.se. The computers and servers that make up the Internet, however, know these websites by unique numeric strings known as IP addresses . They see www.netnod.se as either 192.71.80.67 or 2a01:3f0:1:3::67, depending on which version of the Internet protocol (IP) they use.. The name to number translation is done by the Domain Name System. Without the DNS running effectively, the Internet as we know it would not work.
But what goes on “behind the scenes” to make the DNS work? What happens from the second a user types a domain name into their browser until the moment that the webpage they were looking for is loaded?
How does a DNS lookup work?
In order to follow how each DNS query is processed, it is important to understand that the Domain Name System is a hierarchical system that uses a distributed database. In simple terms, this means that different parts of the Domain Name System are stored in servers spread throughout the globe. These servers handle different parts of a DNS query. There are four types of name servers involved in returning the correct IP address for a particular web page entered by a user.
The DNS name servers involved in a DNS lookup
1. Recursive name server
The local recursive name server sits on your local network where your computer sends DNS queries. This could be either your ISP or your IT department if you are working on a company network. The recursive name server, also known as a DNS resolver, is responsible for sending out DNS queries to the servers mentioned in points 2-4 below.
2. Root name server
The root name servers sit at the top of the Domain Name System hierarchy. There are 13 root name servers in the world and they are responsible for directing a DNS query to the appropriate Top-Level Domain name server. The first root name server to be deployed outside of the United States was the I-root name server, which has been operated by Netnod since 2000.
3. Top-level Domain (TLD) name server
The TLD name servers hold the information for a specific TLD. These include generic TLDs, such as .com or .net, and country-code TLDs such as .se. They direct a DNS query to the appropriate authoritative name server below them in the DNS hierarchy.
4. Authoritative name server for domain
The final authoritative name server holds the information for the last part of the DNS query. It will direct this query to the correct record for the specified domain (e.g. www.netnod.se). Organisations are free to select which authoritative name servers (and secondary servers) hold their domain records. A trusted and well managed name server is important to ensure users can find an organisation’s domain.
What are the steps in a DNS lookup?
The recursive name server is the server on your local network where your computer sends DNS queries. When you type www.netnod.se into a browser, your computer asks your local recursive name server where to find www.netnod.se and it responds with the numeric IP address.
The recursive name server may already know the answer, if the same question has been asked recently, or it may need to go find the answer. To find the answer, it asks the servers described in 2-4 above.
Since the Domain Name System is a hierarchy, with domains containing other domains, a recursive name server starts at the root servers – the servers at the root of the DNS hierarchy, which have the list of top level domains and their name servers. The recursive name server asks a root server where to find www.netnod.se, and receives a list of servers for .se.
It then asks the .se servers where to find www.netnod.se, and gets a list of the authoritative servers for netnod.se. It asks the same question of the netnod.se servers, and finally gets the answer it was looking for – the IP address of www.netnod.se.
What is DNS caching?
DNS caching enables DNS queries and their results to be stored for a limited period of time on what are known as DNS caches. These caches can be stored locally, on the user’s device, on a router or remotely - for example on caching resolvers provided by ISPs. DNS caches dramatically increase the efficiency of the Domain Name System. They increase the speed for users by enabling the recursive name server to skip some of the steps in a DNS query outlined above. They also reduce the amount of DNS traffic and the load on the name servers.
Who runs the name servers?
The root zone – the list of top level domains – is managed by the Internet Corporation for Assigned Names and Numbers (ICANN). Some top level domain operators, such as Verisign with .COM and .NET, operate the authoritative servers for their zones. Others contract out their DNS, or run some of their own authoritative servers and contract out others. .SE, for instance, has its name servers operated by several organisations, including Netnod.
The name servers for companies’ own domain names, and names below those in the hierarchy are often operated by the domain owner’s ISP or hosting company, although some companies run their name servers themselves and some contract it out to dedicated DNS providers.
What should I do to ensure my DNS works well?
DNS for end users
Ideally the DNS is completely transparent to users. You type in a name, and get taken to the resource identified by the name. There is usually no need to know about the IP addresses used in the back end or the process by which they are located and served to your device.
DNS for organisations
If you are running a network, you will most likely be receiving DNS services from either your domain registry or DNS hosting provider. As these services are vulnerable to outages including Distributed Denial of Service (DDoS) attacks, it is essential to follow DNS best practice.
Remember: without rock-solid DNS, your online presence is at risk and this can severely impact your business.
If you have any questions about your organisation’s DNS needs, you can contact one of our DNS experts here.