What is DNS and How does it works



Ever wondered how we type a URL or FQDN and the internet directly forwards us toa website without any issues? If so than don't need to worry, because in this blog we are going to talk about a concept that we use in networking and we call it DNS [domain Name server] resolution.

If you are someone who knows about DNS, don't worry, because I will be writing a 3 separate blogs about DNS. We will start from the basics of DNS, and then we will proceed to the advanced DNS. For example, we will discuss later about DNS TTL and how DNS failover happens, so stay tuned.

What is a DNS, and DNS resolution?

To access anything on the Internet, for example: URL google.com, it needs to have an Ip address, so that the traffic can be forwarded to the URL to which the Ip is assigned.

The Internet works on an IP address. You type a FQDN or URL, you will be able to access, but once you press enter, it first goes to a server that knows where Ip address of that particular URL exists. and the server that has these IP addresses or a list of Ip's it is known as a DNS server, and this process of going from the user machine to the DNS server and sending the IP address of the URL is known as DNS resolution.

There are many types of DNS resolvers, but the most famous one is the recursive resolver, and we will discuss the working of the DNS resolver. In the latter part, I will explain the other resolver also.

How does DNS resolution work?



Suppose that you typed a URL www.google.com in the browser, and here is what will happen exactly, and keep in mind that this will happen within a few milliseconds.

OS check:

First system or OS checks its own DNS cache, to see if it knows about that URL, or if it was previously visited by the user or not. Every time you access anything DNS resolution of that URL will be stored in the user's machine. So next time you don't need to go the server again.

Query to Recursive DNS Resolver

  If the OS doesn't find the Ip of the URL in the cache, then the system will send a DNS query to the Recursive Resolver. You might have heard of Google DNS 8.8.8.8; this is known as a recursive resolver. It will do all the work to find the Ip address and will give to you.

Root DNS server

  DNS follows a hierarchy to find the Ip address of the URL, to find the Ip address of the URL, It will start from the rightmost part of the URL, for example: if we want to find the Ip address of the URL: www. notebook.com, it will start from the rightmost part of the URL that is .com, and if the server has the Ip it will forward, else it will tell who will have it.

Since the Root DNS server doesn't know about the address, it will forward the resolver to the server that has the address. Most recursive resolvers will be forwarded to the TLD, who know about the .com.

Top-Level Domains.

This Domain server usually knows who can provide information or Ip address of the URL. They have information only about the domain, such as .com, .gov, or .org, TLD will forward the resolver to an authoritative server, so that the Ip address can be found.

Authoritative DNS server.

This server will be the one that will have the Ip address of the URL, we usually call it "the source of truth", it will provide the IP address, and the response will be sent to the machine, so that the website can be accessible.

Here is a small representation from the user machine to the authoritative server.

Browser
  ↓
OS Cache
  ↓
Recursive Resolver
  ↓
Root Server
  ↓
TLD Server (.com)
  ↓
Authoritative DNS Server
  ↓
IP Address

Type of DNS record

DNS server has a lot of mapping of FQDN and IPs in its database, and we call it records or DNS record, some FQDN get mapped to IPv4, and some get mapped to IPv6, while others may map to other FQDN, and now we will talk about them here.

A record :
 These are a type of record that maps to IPv4 addresses; basically, an FQDN gets converted to IPv4.

AAAA[Quad A record] :
Similar to an A record, but these records get converted to IPv6.

CNAME[canonical name] record:
 These record usually points to other FQDNs, basically FQDN to FQDN mapping. we often use this mapping, usually when we want to point both FQDNs to one IP.

MX record:
This maps the FQDN to the email address with the priority. We use this when we want our domain to send and receive email
.
For example:
example.com   MX   10 mail1.example.com
example.com   MX   20 mail2.example.com

NS [Name server] record:
 
Similar to CNAME, but we use it when we want to know which DNS servers are authoritative for a domain.

For example:
example.com   NS   ns1.cloudflare.com
example.com   NS   ns2.cloudflare.com

PTR record:
A more common term for this is reverse DNS; from its name, it is clear that it maps the IP to FQDN, and it is very similar to an A record.

SRV record:
These are the record that specifies multiple things in one record, for example: host and port.
for example:
_service._proto.name. TTL class type of record priority weight port target.
_service._tcp.example.com. 86400 IN SRV 4 18 23456 server.example.com.

Commands to execute to check information related to DNS

 


NSlookup :
One of the most common commands you can execute in user machine is to verify if the DNS resolution is happening or not. Apart from this, we can get a lot of information with the Nslookup. Here are some of them.

  • What is the IP address of the URL or FQDN?
  • Which DNS server is resolving the address?
  • Is it getting resolved in time, or is there any latency?
  • DNS error, such as the name does not exist, or the server failed


Tracroute:
This command can be used to check the reachability to the DNS server; it will show a Hop-by-Hop action happening during the reachability.

-----------------------------

I hope you like this blog. There will be more blogs on DNS, and I will try to cover more topics such as TTL and latency troubleshooting.

If you want me to write a blog on any other topic, please let me know. I will be happy to write.




Post a Comment

0 Comments