Any time youâre online, youâre using the Domain Name System (DNS) whether you realize it or not! When weâre online, we typically rely on website names, email addresses, or search engines to find what we need and communicate successfully. However, computers operate differently, communicating with each other using a system of numbers known as IP addresses. Finding and remembering a string of random numbers for every website we want to visit would be near-impossible for us. Thatâs where DNS comes in handy. DNS translates human-readable website names into IP addresses, allowing us to visit websites, send emails, and book flights by remembering just a catchy address, like gcore.com, instead of a string of numbers, like 92.223.84.84. In this comprehensive guide, youâll learn everything there is to know about DNS, including what it is, how it works, security concerns, and Gcore Hosting benefits.
What Is DNS?
DNS (the Domain Name System) translates user-friendly website names, like www.gcore.com, into numerical IP addresses that computers use to communicate with each other, like 92.223.84.84 or 2a03:90c0:9994::9994. Both your device and the website you want to view have numbers that need to connect. DNS is like the internetâs phonebook, and IP addresses are like phone numbers.
Beyond websites, DNS is used for all online resources, including:
- Email: When sending an email, your email client uses DNS to look up the Mail Exchange (MX) records of the recipientâs domain. This is how it knows where to send the email.
- Video conferencing: Apps like Zoom and Microsoft Teams use DNS to connect users to their servers for video meetings.
- Mobile apps: Apps on your smartphone that connect to the internet use DNS to convert the domain of the web service into an IP address.
- Online gaming: Games played online use DNS to connect players to game servers.
- Internet of things (IoT) devices: Smart home devices use DNS to turn a serviceâs website name into an IP address so they can use internet services.
- Cloud: Many cloud services rely on DNS to route traffic and perform load balancing across multiple servers or data centers.
- Content delivery networks (CDNs): CDNs use DNS to direct a client request to the nearest server holding the cached content.
- VPNs: VPNs use DNS to resolve the domain names of their servers so that users can connect to them.
DNS is a distributed database, which means that the IP data it holds is spread out across many servers, rather than being stored in one central place. DNS servers are distributed worldwide, managed by different organizations and internet service providers (ISPs.)
How Does DNS Work?
From the userâs point of view, entering a website address into the browser results in an almost instant content display. To go one level deeper, when the user requests a website (for example,) the DNS resolver gets the IP address from the web server, and then returns the information to the userâs device.
However, behind the scenes, the DNS resolver performs a critical process called DNS lookup or DNS recursive query, which is central to how DNS operates. Letâs learn about it in more depth.
What Is DNS Lookup?
DNS lookup is when a DNS resolver asks DNS servers to find the IP address or related information of a domain name. When you enter a domain name in your web browser (or any other internet application,) the DNS resolver starts a DNS lookup to query the domain name into its matching IP address, giving you access to the desired content.
How Does DNS Lookup Work?
Hereâs how DNS lookup works:
- DNS query initiated: When you enter a domain name in your web browser (or any application requiring internet access,) your device initiates a DNS query to find the corresponding IP address.
- DNS resolver cache check: The DNS resolver first checks its local cacheâthe DNS cacheâto see if it recently resolved the same domain name. If the information is found in the cache, it can provide the IP address directly without the need for further queries to the name servers; i.e., we can skip to step 6.
- Query root name servers: If the domain information is not found in the DNS cache, the DNS resolver queries the root server. The root name server then responds to the resolverâs query with the TLD name server responsible for the specific domain extension. For this one it is âexample.com,â so the TLD is âcom.â
- Contact TLD name servers: The DNS resolver then queries the TLD name servers to obtain the authoritative name servers addresses responsible for the queried domain (e.g., âexample.com.â)
- Query authoritative name server: The DNS resolver sends a query to one of the authoritative name servers to obtain the IP address associated with the domain name. The authoritative name servers respond to the DNS resolver with the IP address.
- Establish connection: Now that the DNS resolver has obtained the IP address â192.0.2.1â, it sends it back to the userâs browser. The resolver will also store this information in the DNS cache respecting the TTL (time to live), which was provided as a part of the authoritative answer. With the IP address, the computer/device can connect to the appropriate server. The web content is then delivered to the device, allowing the user to access the website.
What Are the DNS Record Types?
DNS records consist of the following common record types: A, AAAA, CNAME, MX, NS, and TXT. Each record is used to store a different type of information about domain names and the resources connected to them, such as an email service or a websiteâs IP address. DNS records are usually held and managed by the domain registrar or the domainâs authoritative name servers. Letâs explore the specific functions of each of these DNS records in the table below.
DNS Record Type | Purpose | Example |
A | Translates a domain name into an IPv4 address | A record for âexample.comâ pointing to â192.168.1.1â |
AAAA | Translates a domain name to an IPv6 address | AAAA record for âexample.comâ pointing to â2001:0db8:85a3::8a2e:0370:7334â |
CNAME | Creates an alias for a domain name | CNAME record for âshopâ to example.com domain name pointing to âwebsite-builder.ursite.comâ |
MX | Shows which mail servers are in charge of receiving emails | MX record for âexample.comâ pointing to âmail.example.comâ |
TXT | Store text information for various purposes such as SPF configuration or domain name verification | TXT record for âexample.comâ with an email SPF configuration |
NS | Stands for âname servers;â specifies authoritative name servers for the domain name | NS record for âexample.comâ pointing to âns1.example.comâ and âns2.example.comâ |
SOA | Provides essential parameters for the zone, including primary name server and administrator email address | Provides essential parameters for the zone (e.g., ns1.example.com, admin.example.com) |
Most domains typically have multiple DNS record types in the zone file, including at least two NS (name server) records. The purpose of having multiple authoritative name servers is to create redundancy, in case one name server is temporarily unavailable, and enhance the availability and reliability of the DNS resolution process for the domain. This redundancy helps to distribute the DNS query load, making the domain more robust and resilient against potential server outages or network issues.
What Are the Components of DNS?
DNS is composed of several key components that work together to facilitate the translation of human-readable domain names into numerical IP addresses. The main DNS components are as follows:
#1 IP Address
IP address, or Internet Protocol address, is a unique set of numbers that identifies any device connected to a computer network. It serves as an identifier for that device, allowing it to send and receive data over the internet or a local network.
A lot of IP address activity happens behind the scenes. You donât need to remember your deviceâs IP address or the websiteâs IP address to connect. DNS handles this for you, ensuring the right IP addresses are used to connect devices and exchange data smoothly. You also donât usually need to think about your devicesâ IP addresses; when you connect to a network, like home Wi-Fi, the router automatically assigns your device an IP address.
What Are IPv4 and IPv6?
Currently, there exist two versions of IP addresses: IPv4 and IPv6 (IP version 4 and IP version 6.) A single device can be assigned both an IPv4 and an IPv6 address.
IPv4 consists of four numbers separated by dots, like this: XXX.XXX.XXX.XXX. Each set can have a value from 0 to 255. For example, an IPv4 address could be 192.168.1.10.
IPv6 is the newer version of the Internet Protocol, created because the number of IPv4 addresses was running out. IPv6 consists of eight groups of four hexadecimal digits separated by colons. For example, an IPv6 address could be 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Types of IP Address
There are two types of IP address: public and private.
- Public IP address: This is a unique set of numbers assigned by your Internet Service Provider (ISP) to your router, which is connected to the internet. It works like a digital âaddressâ for that device, allowing it to communicate with other devices and services on the global internet.
- Example: Imagine you have home internet, and your ISP named XYZ Internet Company gives your router a unique public IP address. Hereâs what it looks like:
ISP Provider | Public IP Address |
XYZ Internet Company | 203.56.78.123 |
203.56.78.123 is your homeâs digital address on the internet. When you visit a website, your device uses this address to connect to the websiteâs server, just like giving someone your home address so they can locate and visit you.
- Private IP address: This is a special set of numbers assigned to a device, like a computer within a private network. It is not visible or accessible from the internet. Instead, private IP addresses act as a means for devices in the same network to find and talk to each other.
- Example: Letâs say you need to set up an office. A network administrator can set up private IP addresses so that your officeâs devices are connected to a local network. Hereâs what that looks like:
Devices | Private IP Address |
Laptop | 192.168.1.10 |
Printer | 192.168.1.30 |
Network Storage | 192.168.1.50 |
In this home office network example, each device is assigned a unique private IP address using the formula 192.168.1.X, where X is a different number per device. These private IP addresses enable seamless communication, data sharing, and collaboration among the devices within the local network.
DNS translates all of these complex numbers into a human-readable format, so we donât need to keep track of all of these IP addresses for us to connect to the internet!
#2 Domain Name
A domain name is a simple, memorable name that is used to access online resources such as websites and email servers. Examples of domain names include âexample.com,â âexample.org,â and âexample.net.â A domain is structured into different parts, separated by dots. Each part has a specific purpose and contributes to the overall hierarchical structure of the domain name. Hereâs the typical structure of a domain name:
Letâs break this down:
- Root domain. The root domain is the base domain name without any subdomains. It is the main part of the domain name that represents the websiteâs identity. For example, in the âwww.example.com,â âexample.comâ is the root domain.
- Top-level domains (TLDs): This is the last part of a domain name that appears to the right of the furthest right âdotâ symbol. TLDs are essential for categorizing and organizing domain names on the internet. Here are some common examples of TLDs:
Top Level Domains (TLD) | Description |
.com | Commercial; commonly used for businesses and commercial websites |
.org | Organization; often used by non-profit organizations and non-commercial entities |
.net | Network; originally intended for network-related websites |
Country-code top-Level Domains (ccTLDS) | Description |
.us | Country code TLD for United States |
.uk | Country code TLD for United Kingdom |
.ca | Country code TLD for Canada |
As of July 2023, Chinaâs country code top-level domain (ccTLD) .cn is the most popular worldwide, with almost 30 million registered domains.
- Second-level domain: A second-level domain is a part of the domain name that appears to the left of the top-level domain (TLD) and is located immediately to the left of the rightmost âdotâ symbol. For instance, in the domain âgcore.com,â âgcoreâ is the second-level domain. Second-level domains serve as specific identifiers for websites, organizations, or individuals. Here are some additional examples below:
Domain Name | Second-Level Domain |
gcore.com | gcore |
linux.org | linux |
gov.uk | gov |
- Subdomain (third-level domain): The subdomain, also known as third-level domain, is located to the left of the main domain and separated from it by a dot. Subdomains help to organize sections of a website with distinct web addresses. They appear before the main domain in a URL, allowing site owners to keep sections connected to the main domain. For instance, in âblog.example.com,â âblogâ is the subdomain, âexampleâ is the second-level domain, and â.comâ is the TLD.
Example URL | Subdomain |
www.example.com | www |
support.example.net | support |
forum.example.org | forum |
#3 DNS Resolver
A DNS resolver or DNS recursor is a server which executes the process of requesting information from authoritative DNS servers to find the IP addresses for domain names. When you enter a domain name in your web browser or perform an action requiring DNS resolution, the DNS resolver first checks its local cacheâa temporary storage mechanismâto see if it recently resolved the same domain name. If the information is not found in the cache, the resolver looks for the corresponding IP address by initiating a DNS lookup.
#4 Servers
Specialized servers store and provide DNS information for specific domain names. They are managed by domain registrars, web hosting or cloud providers, or organizations. They work according to a hierarchy, starting from the highest level root name servers, then top-level domain (TLD) name servers, and finally to authoritative name servers for specific domains.
Each domain has multiple authoritative name servers associated with it. These authoritative name servers are responsible for holding the DNS records containing the corresponding IP address.
Letâs look at each level of the hierarchy in more depth.
- Root name servers: These are the highest-level DNS servers in the hierarchy, providing information about top-level domain (TLD) name servers. When a DNS resolver needs to find a domainâs IP address, it contacts a root name server, which then directs the resolver to the appropriate TLD name server based on the domainâs extension (e.g., .com, .net, .org.) There are thirteen operators of root name servers worldwide.
- Top-level domain (TLD) name servers: These servers handle the next level in the DNS hierarchy. They are responsible for specific domain extensions like .com, .org, .net, and country-code TLDs (ccTLDs) like .uk, .ca, etc. Each TLD name server is responsible for storing information about the domain names registered under that specific TLD. The Internet Assigned Numbers Authority (IANA) maintains a list of root zone databases.
- Authoritative name servers: Authoritative name servers are responsible for storing and supplying specific and definitive DNS records from the second level onwards, including the IP address for the domain. They are officially appointed by either the domain owner or the domainâs registrar. For example, if our Gcore clients wish to use our DNS service, they are required to modify their name server details at the location they originally bought their domain, which is the domain registrar. Hereâs what the authoritative name servers looks like:
Authoritative name servers | Value |
NS1 | ns1.gcorelabs.net |
NS2 | ns2.gcdn.services |
#5 DNS Zone File
A DNS zone file can be likened to an organized filing cabinet. It is a plain text document that houses critical information about a domain name. This file includes resource records, which enable the efficient pairing of domain names with their related requests, streamlining the process of finding what you need.
Every domain has a zone file of its own, containing different kinds of DNS resource records that describe the domainâs setup. The structure and language used in the zone file follow DNS standards such as RFC 1034 and RFC 1035, which define the architecture and specifications of DNS. This ensures that any DNS file can be easily read and interpreted by all DNS servers and other DNS-related software.
Hereâs an example of a DNS zone file:
Letâs learn what each part means:
- Time to live (TTL): The initial line, â$TTL 3600,â establishes the zoneâs default time to live (TTL) duration, which is 3600 seconds (1 hour.) The TTL determines how long DNS resolvers should store the records in their cache before looking for new information.
- Start of authority (SOA) record: The start of authority (SOA) record sets important details for the zone, like the main name server (ns1.example.com, ns2.example.com) and the email address of the zoneâs administrator.
- Name server (NS) records: These records are the authoritative name servers that handle the DNS queries such as âns1.example.comâ and âns2.example.com.â
- Address (A) records: This is a type of DNS resource record that maps a domain name to the corresponding IP address of the server hosting the domain. In our example above, the label â@â represents the origin of the domain, e.g., âexample.comâ), so that the domain itself is mapped to the IP address 192.168.1.10. Additionally, âwww.example.comâ and âmail.example.comâ are mapped to their respective IP addresses.
- Mail exchange (MX) records: MX records define the mail servers responsible for receiving email messages for the domain. In this example, all emails for âexample.comâ will be delivered to the mail server âmail.example.com.â
- Canonical name (CNAME) records: CNAME records create aliases or alternate names for specific domain names. They point to the canonical (primary) name of another domain. In the example above, the CNAME record creates an alias for the domain name âftp.example.com,â pointing it to the same IP address as âwww.example.com.â
What Are DNS Attacks?
Since DNS is considered as a backbone of the internet, it is prone to attacks with potentially devastating effects. Tunneling attacks, malware, and DNS flooding are some of the risks associated with DNS. These can impact business owners who manage online services and websites. Potential disruptions as a result of a DNS attack include website service interruption, data breaches, and domain reputation damage, rendering DNS security measures essential.
Here are some of the most common DNS attacks:
DNS Attack | Description |
DNS cache poisoning | Attackers insert fake information into DNS caches, causing domain names to be resolved incorrectly. By manipulating the cached data in DNS resolvers, they can redirect users to malicious websites, intercept sensitive data or cause a denial of service attack. This attack type exploits vulnerabilities in DNS resolvers and can spread rapidly, affecting a large number of users. Example: Attackers targeted XYZ Company, a file sharing website, by compromising DNS records and injecting malicious data into the DNS resolverâs cache. This manipulation led to the legitimate domain name of XYZ Company being associated with a fake IP address controlled by the attackers. |
DNS spoofing | Malicious entities create fake DNS responses, leading users to be redirected to fraudulent websites or unintended destinations. In this DNS attack, attackers exploit DNS vulnerabilities to inject fake DNS responses into caches, redirecting users to deceptive destinations. This can result in users unknowingly sharing sensitive information with malicious sites or downloading harmful content. Example: Cybercriminals executed a DNS spoofing attack on ABC-Shop, an e-commerce platform. The attackers used fake DNS responses into the cache that led users to redirect them to the attackerâs website where it posted fake products, instead of to ABC-Shop. The attackers thereby stole customers and damaged ABC-Shopsâ reputation with fake, subpar quality goods. |
DNS reflection | This is a type of DDoS attack where the attacker sends fake DNS requests to public DNS servers, using the victimâs IP address as the source. The DNS servers then respond to the victimâs IP, generating a massive flood of responses that overwhelms the victimâs network. Example: TechZone, a computer repair chain, experienced a DNS reflection attack where attackers flooded public DNS servers with fake requests, spoofing TechZoneâs IP address. The flood of responses overwhelmed TechZoneâs network, disrupting their online services, causing financial losses. |
DNS flooding | DNS flooding is a type of cyberattack that overwhelms DNS servers with a high volume of request, causing disruptions to services. Malicious actors use techniques like botnets to generate a massive number of DNS queries, exhausting server resources and rendering legitimate services unavailable. Example: Gaming-ABC is a gaming company that was targeted by malicious actors, who flooded its DNS servers with a massive volume of queries using a botnet. The overwhelming number of requests disrupted Gaming-ABCâs DNS infrastructure, causing service disruptions for players trying to access the games. |
DNS malware | DNS malware refers to harmful software that alters DNS settings to redirect users to malicious websites. When a device is infected, the malware replaces legitimate DNS servers with unauthorized or malicious ones. Users are unknowingly redirected to fraudulent sites, leading to phishing attacks or malware distribution. To protect against DNS malware, users should update security software and be cautious with links and downloads. Example: Toys Co faces a DNS malware attack when an employeeâs device becomes infected. The DNS malware redirects DNS queries to malicious servers controlled by attackers. This leads Toys Co to experience data theft and compromised business operations. |
Reliable DNS hosting, a DNS firewall, and mitigation solutions are essential measures to combat cybercrimes and address DNS security concerns.
At Gcore, our mission is to deliver a fast, reliable internet experience for users and create a safe online space for businesses to offer their products and services, free from worries about DNS attacks. Letâs explore how Gcore assists in mitigating DNS security risks and helps your business to succeed in a volatile cybersecurity environment.
Gcore DNS Hosting Benefits
At Gcore, we ensure that your website performance is consistent and outstanding with our DNS Hosting. We provide services to keep you safe from DNS attacks, ensuring that your website stays safe and your customers can always enjoy your business without experiencing downtime.
Letâs explore some key features of Gcore DNS hosting:
Gcore DDoS- and Bot-Protected DNS Hosting
Our DNS Hosting service leverages anycast network technology with hundreds of global nodes, providing superior security and unmatched resilience, even against the most extreme DDoS attacks. We ensure that only legitimate traffic reaches your website. Without proper DDoS protection, your website is vulnerable to DNS attacks that can cause your website to become unavailable to your visitors.
Another security concern is DNS flooding, a type of DDoS attack that employs botnets to generate an overwhelming number of DNS queries, causing resource exhaustion and preventing legitimate users from accessing the website. Website owners are rightly concerned about such an attack, since downtime means lost revenue and lost customers. Gcore Bot Protection defends against this risk.
Gcore Geobalancing
GeoDNS or Geo Balancing is a DNS capability that leverages the clientâs geographical location to deliver personalized DNS responses. Geobalancing is Gcoreâs specialized product in this arena. It directs users to the closest or most suitable server based on their geographic region, improving the performance of online services and reducing latency. Users from Asia will be directed to an Asian server, while European users will be sent to a European server. This ensures a better user experience and improved efficiency for your online services.
Gcore DNS Failover
DNS failover ensures that your business services remain accessible even during server outages. If any of your servers experience downtime, our failover system kicks in automatically, seamlessly redirecting user requests to an available server. This ensures uninterrupted service performance, safeguarding your business operations and customer experience.
Gcore DNS Advanced Features
Gcore DNS advanced features offer enhanced security and performance measures:
- Anycast DNS
- Load balancing
- CNAME flattening
- Zero-latency updates
- DNS resolution at the network edge
- Advanced yet intuitive user interface
Learn more about Gcoreâs DNS solution for an exceptional DNS experience.
Conclusion
DNS plays a critical role in the functioning of the internet, translating human-readable domain names into numerical IP addresses, allowing seamless communication between devices and access to online services. However, DNS management comes with risks, such as DNS attacks that can disrupt services and compromise data security.
At Gcore, we prioritize fast and secure internet using comprehensive DNS solutions like DNS failover, Geobalancing, and anycast network. Trusting us with your DNS management means you can focus on your core business, knowing your website is performing and protected to the highest standard. If youâre interested in learning more or setting up DNS Hosting with us, reach out to our experts.