In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS.
The art of Routing Web Requests (Hello DNS)
DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism that allows us to find our favorite websites (e.g., amazon.com, noc.org, etc…), easily. It takes our memory out of the equation.
Any server connected to the Internet, or a private network, is mapped to an IP address (its physical location in the matrix). Imagine a world where you would need to remember 18.104.22.168 instead of NOC.org.
That’s the kind of friction that kills adoption. That’s not even taking into consideration the introduction of IPv6.
DNS presented an eloquent solution to this problem. It works tirelessly to map all the domains in the world to their rightful origin so that our browsers know where to get their information. It is a core tenant of the web fabric, without it, the internet would not be what it is today.
Technically, it is a redundant, hierarchical, distributed database that is used to pass information about domain names. Fun fact, it’s also one of the world’s largest distributed databases. DNS follows a client-server model, where the DNS clients query the DNS servers to retrieve data stored in that distributed database.
The DNS Hierarchy
DNS, as simple as it is to understand in practice, is a bit more complicated in implementation. It’s actually comprised of four key components:
|Recursive resolver||Recursive DNS nameservers are responsible for providing the proper IP address of the intended domain name to the requesting host.||This is our gateway to the web, it’s through this server that we access the rest of the internet. They don’t know anything about domains, they are great at asking questions.||CleanBrowsing|
|Root nameserver||The authoritative name servers that serve the DNS root zone.||These servers are the gateway to the internet. They are the first connection every recursive DNS has to make.||Verisign|
|TLD Root nameserver||The authoritative name servers for the Top Level Domain (TLD) – example: .com, .net, .org. Every TLD has a TLD root DNS.||These servers keep a list of all the Fully Qualified Domain Names (FQDN) on their specific TLD.||ICANN|
|Authoritative nameserver||These servers are the authority on domain names.||These servers contain all the information associated with a specific domain (e.g., perezbox.com is located 22.214.171.124).||NOC.org|
How DNS Works
All the requests you make from your browser, be it computers or phones, are made using a very similar process.
It all starts with the DNS resolver (Recursive DNS). These DNS resolvers do a lot of the heavy lifting trying to locate where a domain is located. It all starts with your local (e.g., Laptop, Desktop, Mobile device) resolver, which first looks to see if the request has been made before (searching the cache). If so, it uses the record stored in the cache.
If it’s not in the cache, it leverages DNS to find the answer.
When it leaves your device, it starts an intricate journey that sends it to various sources before landing on the correct one. The illustration below highlights that journey.
The illustration above shows how a DNS resolver initiates a conversation with the Root DNS, which then points it to the Authoritative DNS which eventually provides the appropriate response to the requestor (your browser).
All this happens in a matter of seconds.
Controlling Aspects of the DNS
As an online user and website owner you can control two very important pieces of the DNS chain:
|DNS Resolver (Recursive DNS)||The DNS resolver is at the core of how your device knows where things are on the web. Everyone can control which resolver they use. Here at NOC, we use CleanBrowsing as our DNS resolver because it allows us to filter the type of content we want to allow in our organization and helps create a DNS-based network firewall for our team.|
|Authoritative DNS (AuthDNS)||The AuthDNS is a critical element for all website owners to become familiar with. The AuthDNS contains all the pertinent information for the domain (e.g., noc.org). Without it, the DNS would not know where to send web requests. |
It’s also a single point of failure that is often misunderstood and poorly managed by website owners. It’s so critical that it’s highly sought after by bad actors because it gives them full access to route all domain information to their desired location (e.g., mail, website traffic, etc..).
Controlling aspects of the DNS chain empower you to dictate what you want to be accessible on your internet but also helps you protect your digital assets.
Here are NOC, we offer an AuthDNS service.
With the AuthDNS an administrator can perform complex tasks like autodetecting outages and self-healing when they’ve been recovered. The ability to optimize a website’s availability by building a custom DNS-based CDN using smart routing options for geo-based routing of traffic, and the creation of high availability, redundant, nodes around the world. Each is a critical aspect of a network administrator’s responsibility, and each is based on leveraging a critical piece of the internet fabric – DNS.