Joran Hofman
April 4, 2021

What is DNS?

The Domain Name System (DNS) is a decentralized, hierarchical naming system for services, computers, or other resources connected to the Internet or a private network. It works like an Internet phone book, in which names (domain names) are associated with numbers (IP address).

Mainly, it translates domain names, which are easier to memorize, into the numeric IP addresses that are required to identify and locate computerized services and devices.

How does DNS work?

The process consists of transforming a domain name into an IP address compatible with the device used (computer, telephone, tablet, etc.). Every device connected to the Internet is given an IP address, which is necessary to locate it, similar to when a street address is used to locate a particular house.

Every time a user wants to load a site or web page, there has to be a translation between what the user typed in their web browser and the machine-compatible address needed to locate the web page.

How does it work:

The information for assigning domain names to IP addresses is stored in name servers. These servers store DNS records in which it is indicated which domains are assigned to certain IP addresses. These records are stored and distributed throughout the world on name servers called root name servers, which hold the locations of top-level domains (TLDs).

In general, users do not communicate directly with the DNS server; name determination is done transparently by client applications. When a request is made that requires a DNS lookup, the request is sent to the operating system's local DNS server. Before establishing any communication, the operating system checks if the response is in the cache. If not found, the request will be sent to one or more DNS servers.

The DNS servers that the request reaches, initially look to see if the response is in the cache. If yes, they provide the answer; in the opposite case, a search is started recursively. When the answer is found, the DNS server caches the result for future use and returns the result.

Steps in a DNS lookup

Many times, DNS lookup information will be cached on the querying computer or remotely in the DNS infrastructure. There are several main steps in a DNS location. In cases where DNS information is cached, the steps in the DNS lookup process are skipped, speeding up the process.

The following example shows the 8 main steps in a DNS lookup (when nothing is cached)

  1. A person types "probando.com" in a web browser, and the query is received by a recursive DNS solver.
  2. The solver then looks at a DNS root name server (.).
  3. The root server then gives the answer to the solver by giving it the address of a TLD DNS server (such as .net or .com), which stores your domain information. When searching for “probando.com,” the request points to the .com TLD.
  4. Next, the solver makes a request to the .com TLD.
  5. Next, the TLD server responds with the IP address of the domain name server, “probando.com.”
  6. The recursive solver sends a query to the domain name server.
  7. The IP address of probando.com is returned to the solver from the name server.
  8. Then the DNS resolver gives the response to the web browser with the IP address of the domain requested at first.

Which DNS servers are involved in loading a webpage?

There are 4 compromised DNS servers when a web page loads:

  • DNS Recursor: It is like the head of a library which is asked to search for a specific book somewhere in the library. It fulfills the function of receiving queries from client machines using applications such as web browsers. Usually, it is responsible for making additional requests to meet the client's DNS query demands.
  • Root name server - This is the first stage in translating (resolving) human-readable host names to IP addresses. It can be compared to an index in a library that points to different shelves of books; usually, it is used as a reference to other more specific locations.
  • TLD Name Server: The TLD can be thought of as a particular shelf of books in a library. It is the next step in locating a specific IP address and hosts the final part of a hostname (in "probando.com", the TLD server is "com").
  • Authoritative name server: This final name server can be thought of as a dictionary on a bookshelf, in which a given name can be interpreted to its definition. This server is the last phase in the name server query. If it has access to the required record, it will return the IP address of the requested hostname to the DNS Recursor (the head of the library) that made the initial request.

Explore more glossaries