Whether your an IT Pro or just an average computer user, you are most likely familiar with something called DNS. You have likely gotten an error message in your browser indicating a DNS lookup failed, or have read an article mentioning DNS, or even had a computer technician walk you through verifying your computer’s DNS settings. If you are in IT, then you have most likely even encountered DNS in troubleshooting or while setting up a website or email server. After reading this post, you’ll have at least a good understanding of DNS, what it is, how it works, why it is important, and why things can break so easily when there is a DNS problem.
To begin, DNS stands for Domain Name System (not Domain Name Server as is commonly thought). To put it simply, DNS is like a phone book for the internet. When you want to call someone and you do not know their phone number, you can look them up in a phone book by their name and obtain their phone number. You can then place a call to that number and reach the person on the other end. On the internet, everything is assigned a unique IP address allowing for computers to talk to each other. Like a phone book is for phones, DNS provides a way for computers to lookup an IP address when a domain name is given. For example, let’s say you want to connect to www.google.com. Your browser will query a DNS server for www.google.com and the DNS server will respond with a corresponding IP address. Your browser is then able to connect to Google using the returned IP address. This is the most basic function of DNS.
So, how does DNS work? Let’s say you want to setup a website called www.example.com. The first thing you will need to do is register this domain name. To do so, you will go to a registrar. A registrar is a company who is authorized to register domain names on the internet. There are many registrars available including GoDaddy, 1&1, Network Solutions, and even the new Google Domains. You pay the registrar an annual fee and they maintain your domain’s registration on the internet. After a domain has been registered, it is listed in a global database and cannot be registered by anyone else or through any other registrar without being transferred by you. Registration requires your name, address, email address and phone numbers in order to tie the domain to you.
I want to point out here that a registrar is not the same thing as a DNS server. The registrar simply registers the domain on your behalf while a DNS server will actually host your DNS records for your domain. Most registrars will include DNS hosting along with your domain registration, but you can host your DNS with a different service than your registrar. Your DNS servers are specified as nameserver records. For example, you could register your domain at GoDaddy and then set your domain’s nameservers on GoDaddy to point to DNS servers at Amazon where you opt to host your DNS. By doing this, when a query is made for your website at www.example.com, GoDaddy will tell the requesting server to go to Amazon’s DNS servers to perform the lookup.
Now you have your domain www.example.com, but it isn’t really doing anything yet. The rest of the world knows that it exists now, but there is no data yet for it to provide when a DNS query is made. Now you need to edit your DNS zone. A DNS zone refers to all of the data that is stored on a DNS server related to a specific domain (example.com in this case). Note that example.com is the actual domain name while www.example.com refers to a specific host, called www, within the domain example.com. So we’ll go into our DNS server and we’ll add a new “A” record. An “A” record is one type of DNS record that can be defined. The A stands for address, as in IP address. Let’s say your web server is at IP address 18.104.22.168. You will create a new A record for the host www which points to the IP address 22.214.171.124. Now, when someone requests www.example.com, your DNS server will respond with that IP address and a connection can be made. Let’s saw you have another website you want to call test.example.com. You can simply create a second A record for the host name test which will point to the IP address for that webserver, which could be the same or different IP address than the one for www.
Another common record type is called a CNAME record. This stands for canonical name and is commonly referred to as an alias. An A record points to an IP address, but a CNAME record points to another DNS name, not an IP address. Let us use the previous example but make a modification. A common setup for a website would usually have both example.com and www.example.com load the same website. This way, when a person types, or forgets to type, the www part, the website will still load. Now instead of having to setup 2 A records, one for example.com and one for www.example.com, we could instead setup an A record for example.com and then add a CNAME alias for www which points to example.com. The benefit of this is that if the IP ever changes on the webserver, you only have to update 1 record. This could be particularly helpful if you have a lot of websites hosted on the same server. By the way, when creating a record for the parent domain name, you can usually use @ for the host name or just use the parent domain name as the host name. This just depends on the DNS server you are using.
In addition to A and CNAME records, there are also MX records. This stands for mail exchange. These records tell the world where email should be sent for your domain. When an email is sent out to firstname.lastname@example.org, the sender’s server will lookup the MX records for example.com and the email message will be delivered to the servers that are listed. MX records MUST point to domain names, not IP addresses.
There are also TXT, or text records. These records contain plain text and are used for many purposes. Some common uses are for domain verification and email spoofing protection. I wrote another post about certificates in which I mentioned that in order to obtain a certificate domain verification is required. One way this can be accomplished is by using TXT records. The CA (certification authority) will provide a value that you must put into a TXT record. Once completed, the CA will check if the record exists and contains the correct value. If this checks out, then the CA is able to confirm that you, the certificate requester, are the owner of the domain.
Another use for TXT records is email spoofing prevention by using SPF (sender policy framework). This is a TXT record which defines the servers that are authorized to send mail on behalf of your domain and also recommends a policy for handling emails that are not sent from an authorized server. You would list any server which are used to send emails for your domain. This would certainly contain your mail servers. If you also used some service to send out emails, such as a CRM, where the emails contain your domain as the from address, then the mail servers for that CRM should be listed as well. You would also specify what should happen to emails if they are not from one of these servers. This allows mail servers receiving emails from your domaim to be verified that they really came from you and were not spoofed to look like they came from you. An example of this would be a spambot server sending out emails from a server in Russia and forging your email address. The receiving server would see that the message came from the Russian server which is not listed in your SPF record, so the message will likely get marked as spam or rejected completely, depending upon the receiving server’s configuration for how to handle such messages that fail SPF checks.
Another record type is SRV, or service records. These records are probably the most complex looking, in my opinion. They specify various services that you may use in your domain such as messaging services. In order to connect to the messaging server, the computer has to know the server’s name, the port number and the protocol in order to connect. All of this information is provided through SRV records.
So now you have your DNS server all setup and your records in place. Let’s take a look at things from the other side beginning with your computer’s DNS settings. Every device connected to the internet has to, or very well should, have at least 1 DNS server assigned. This is usually always done automatically when your computer connects to a network. When a domain name lookup is required, the computer will send a query to the DNS server that is assigned. If there are more than one servers assigned and the first one fails to respond then a query will be sent to the next server in the list, so it is generally best practice to have at least 2 DNS servers. Your internet provider typically provides you with their own DNS servers, but there many public DNS servers that you can use alternatively such as Google’s public DNS (126.96.36.199 and 188.8.131.52) or OpenDNS (184.108.40.206 and 220.127.116.11).
Back to our example. So your computer sends out a query to the DNS server that it has assigned. The DNS server looks to see if it has the information that is being requested. If it doesn’t already have this information, it then reaches out to the DNS server that is listed as the nameserver for your domain and requests the information. Once that is returned, the original DNS server will cache that information and then forward it back to your computer which also will cache the information. This is called DNS caching and it helps to limit the number of DNS lookup that occur. This cached information will be stored for as long as the DNS records TTL (time-to-live) setting will allow for. Your computer now has the information it needs and can proceed with connecting to the requested site.
So now you have an understanding of what DNS is, how it works, and even why things don’t work when DNS isn’t configured or working properly. You can also see why DNS is important as it keeps us from having to know and memorize every IP address for everything we want to access which wouldn’t even be possible as IP addresses do change sometimes and some sites are even hosted on multiple IP addresses. Google, for example, has over 200,000 IP addresses used across all of their various services and that is as of 2013.
Another reason DNS is so important is that it is the core control of a domain. Let’s say the DNS server for example.com was hijacked. The hijacker has complete control of the domain. They can change the www record to point to any webserver they want. They can create TXT records and prove ownership of the domain in order to obtain valid certificates. They can take over email by sending emails to a different server. This actually happened a few months ago to a large bank in Brazil which resulted in their desktop and mobile websites and apps, ATM machines, and even point-of-sale devices of businesses using their services for credit card processing being redirect to malicious servers. In this sort of scenario, the malicious servers likely captured credit card information, account details, etc. So DNS is very crucial and it is very important to keep it secure.
Well, it is very late as I am writing this and I think I’ve covered everything I wanted. I hope this post has been helpful and that you now maybe have a better understanding of DNS than you did before. As always, please feel free to leave any questions or comments below and I’ll try my best to follow up as quickly as possible. And thanks for reading!