What Is Domain Name System (DNS)?

What Is Domain Name System (DNS)?

Any time you’re online, you’re using the Domain Name System (DNS) whether you realize it or not! When we’re online, we typically rely on website names, email addresses, or search engines to find what we need and communicate successfully. However, computers operate differently, communicating with each other using a system of numbers known as IP addresses. Finding and remembering a string of random numbers for every website we want to visit would be near-impossible for us. That’s where DNS comes in handy. DNS translates human-readable website names into IP addresses, allowing us to visit websites, send emails, and book flights by remembering just a catchy address, like gcore.com, instead of a string of numbers, like 92.223.84.84. In this comprehensive guide, you’ll learn everything there is to know about DNS, including what it is, how it works, security concerns, and Gcore Hosting benefits.

What Is DNS?

DNS (the Domain Name System) translates user-friendly website names, like www.gcore.com, into numerical IP addresses that computers use to communicate with each other, like 92.223.84.84 or 2a03:90c0:9994::9994. Both your device and the website you want to view have numbers that need to connect. DNS is like the internet’s phonebook, and IP addresses are like phone numbers.

Beyond websites, DNS is used for all online resources, including:

  • Email: When sending an email, your email client uses DNS to look up the Mail Exchange (MX) records of the recipient’s domain. This is how it knows where to send the email.
  • Video conferencing: Apps like Zoom and Microsoft Teams use DNS to connect users to their servers for video meetings.
  • Mobile apps: Apps on your smartphone that connect to the internet use DNS to convert the domain of the web service into an IP address.
  • Online gaming: Games played online use DNS to connect players to game servers.
  • Internet of things (IoT) devices: Smart home devices use DNS to turn a service’s website name into an IP address so they can use internet services.
  • Cloud: Many cloud services rely on DNS to route traffic and perform load balancing across multiple servers or data centers.
  • Content delivery networks (CDNs): CDNs use DNS to direct a client request to the nearest server holding the cached content.
  • VPNs: VPNs use DNS to resolve the domain names of their servers so that users can connect to them.
Multiple users with different IP addresses connecting to servers
Users and servers over a network, with IP addresses used to facilitate network connections

DNS is a distributed database, which means that the IP data it holds is spread out across many servers, rather than being stored in one central place. DNS servers are distributed worldwide, managed by different organizations and internet service providers (ISPs.)

How Does DNS Work?

From the user’s point of view, entering a website address into the browser results in an almost instant content display. To go one level deeper, when the user requests a website (for example,) the DNS resolver gets the IP address from the web server, and then returns the information to the user’s device.

User accesses example.com, DNS resolver gets IP address and returns information to the user
A simple illustration of how users access website content via DNS

However, behind the scenes, the DNS resolver performs a critical process called DNS lookup or DNS recursive query, which is central to how DNS operates. Let’s learn about it in more depth.

What Is DNS Lookup?

DNS lookup is when a DNS resolver asks DNS servers to find the IP address or related information of a domain name. When you enter a domain name in your web browser (or any other internet application,) the DNS resolver starts a DNS lookup to query the domain name into its matching IP address, giving you access to the desired content.

How Does DNS Lookup Work?

User enters www.example.com, DNS resolver starts DNS lookup: checks DNS Cache for IP, then queries root, TLD, and authoritative name servers
How DNS lookup works

Here’s how DNS lookup works:

  1. DNS query initiated: When you enter a domain name in your web browser (or any application requiring internet access,) your device initiates a DNS query to find the corresponding IP address.
  2. DNS resolver cache check: The DNS resolver first checks its local cache—the DNS cache—to see if it recently resolved the same domain name. If the information is found in the cache, it can provide the IP address directly without the need for further queries to the name servers; i.e., we can skip to step 6.
  3. Query root name servers: If the domain information is not found in the DNS cache, the DNS resolver queries the root server. The root name server then responds to the resolver’s query with the TLD name server responsible for the specific domain extension. For this one it is “example.com,” so the TLD is “com.”
  4. Contact TLD name servers: The DNS resolver then queries the TLD name servers to obtain the authoritative name servers addresses responsible for the queried domain (e.g., “example.com.”)
  5. Query authoritative name server: The DNS resolver sends a query to one of the authoritative name servers to obtain the IP address associated with the domain name. The authoritative name servers respond to the DNS resolver with the IP address.
  6. Establish connection: Now that the DNS resolver has obtained the IP address “192.0.2.1”, it sends it back to the user’s browser. The resolver will also store this information in the DNS cache respecting the TTL (time to live), which was provided as a part of the authoritative answer. With the IP address, the computer/device can connect to the appropriate server. The web content is then delivered to the device, allowing the user to access the website.

What Are the DNS Record Types?

DNS records consist of the following common record types: A, AAAA, CNAME, MX, NS, and TXT. Each record is used to store a different type of information about domain names and the resources connected to them, such as an email service or a website’s IP address. DNS records are usually held and managed by the domain registrar or the domain’s authoritative name servers. Let’s explore the specific functions of each of these DNS records in the table below.

DNS Record TypePurposeExample
ATranslates a domain name into an IPv4 addressA record for “example.com” pointing to “192.168.1.1”
AAAATranslates a domain name to an IPv6 addressAAAA record for “example.com” pointing to “2001:0db8:85a3::8a2e:0370:7334”
CNAMECreates an alias for a domain nameCNAME record for “shop” to example.com domain name pointing to “website-builder.ursite.com”
MXShows which mail servers are in charge of receiving emailsMX record for “example.com” pointing to “mail.example.com”
TXTStore text information for various purposes such as SPF configuration or domain name verificationTXT record for “example.com” with an email SPF configuration
NSStands for “name servers;” specifies authoritative name servers for the domain nameNS record for “example.com” pointing to “ns1.example.com” and “ns2.example.com”
SOAProvides essential parameters for the zone, including primary name server and administrator email addressProvides essential parameters for the zone (e.g., ns1.example.com, admin.example.com)

Most domains typically have multiple DNS record types in the zone file, including at least two NS (name server) records. The purpose of having multiple authoritative name servers is to create redundancy, in case one name server is temporarily unavailable, and enhance the availability and reliability of the DNS resolution process for the domain. This redundancy helps to distribute the DNS query load, making the domain more robust and resilient against potential server outages or network issues.

What Are the Components of DNS?

DNS is composed of several key components that work together to facilitate the translation of human-readable domain names into numerical IP addresses. The main DNS components are as follows:

#1 IP Address

IP address, or Internet Protocol address, is a unique set of numbers that identifies any device connected to a computer network. It serves as an identifier for that device, allowing it to send and receive data over the internet or a local network.

A lot of IP address activity happens behind the scenes. You don’t need to remember your device’s IP address or the website’s IP address to connect. DNS handles this for you, ensuring the right IP addresses are used to connect devices and exchange data smoothly. You also don’t usually need to think about your devices’ IP addresses; when you connect to a network, like home Wi-Fi, the router automatically assigns your device an IP address.

What Are IPv4 and IPv6?

Currently, there exist two versions of IP addresses: IPv4 and IPv6 (IP version 4 and IP version 6.) A single device can be assigned both an IPv4 and an IPv6 address.

IPv4 consists of four numbers separated by dots, like this: XXX.XXX.XXX.XXX. Each set can have a value from 0 to 255. For example, an IPv4 address could be 192.168.1.10.

IPv6 is the newer version of the Internet Protocol, created because the number of IPv4 addresses was running out. IPv6 consists of eight groups of four hexadecimal digits separated by colons. For example, an IPv6 address could be 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Types of IP Address

There are two types of IP address: public and private.

  1. Public IP address: This is a unique set of numbers assigned by your Internet Service Provider (ISP) to your router, which is connected to the internet. It works like a digital “address” for that device, allowing it to communicate with other devices and services on the global internet.
  2. Example: Imagine you have home internet, and your ISP named XYZ Internet Company gives your router a unique public IP address. Here’s what it looks like:
ISP ProviderPublic IP Address
XYZ Internet Company203.56.78.123

203.56.78.123 is your home’s digital address on the internet. When you visit a website, your device uses this address to connect to the website’s server, just like giving someone your home address so they can locate and visit you.

  1. Private IP address: This is a special set of numbers assigned to a device, like a computer within a private network. It is not visible or accessible from the internet. Instead, private IP addresses act as a means for devices in the same network to find and talk to each other.
  2. Example: Let’s say you need to set up an office. A network administrator can set up private IP addresses so that your office’s devices are connected to a local network. Here’s what that looks like:
DevicesPrivate IP Address
Laptop192.168.1.10
Printer192.168.1.30
Network Storage192.168.1.50

In this home office network example, each device is assigned a unique private IP address using the formula 192.168.1.X, where X is a different number per device. These private IP addresses enable seamless communication, data sharing, and collaboration among the devices within the local network.

DNS translates all of these complex numbers into a human-readable format, so we don’t need to keep track of all of these IP addresses for us to connect to the internet!

#2 Domain Name

A domain name is a simple, memorable name that is used to access online resources such as websites and email servers. Examples of domain names include “example.com,” “example.org,” and “example.net.” A domain is structured into different parts, separated by dots. Each part has a specific purpose and contributes to the overall hierarchical structure of the domain name. Here’s the typical structure of a domain name:

The domain structure: “www” (third-level), “example” (second-level), “.com” (top-level) and example.com (root domain)
A fully-qualified domain name structure

Let’s break this down:

  • Root domain. The root domain is the base domain name without any subdomains. It is the main part of the domain name that represents the website’s identity. For example, in the “www.example.com,” “example.com” is the root domain.
  • Top-level domains (TLDs): This is the last part of a domain name that appears to the right of the furthest right “dot” symbol. TLDs are essential for categorizing and organizing domain names on the internet. Here are some common examples of TLDs:
Top Level Domains (TLD)Description
.comCommercial; commonly used for businesses and commercial websites
.orgOrganization; often used by non-profit organizations and non-commercial entities
.netNetwork; originally intended for network-related websites
Country-code top-Level Domains (ccTLDS)Description
.usCountry code TLD for United States
.ukCountry code TLD for United Kingdom
.caCountry code TLD for Canada

As of July 2023, China’s country code top-level domain (ccTLD) .cn is the most popular worldwide, with almost 30 million registered domains.

  • Second-level domain: A second-level domain is a part of the domain name that appears to the left of the top-level domain (TLD) and is located immediately to the left of the rightmost “dot” symbol. For instance, in the domain “gcore.com,” “gcore” is the second-level domain. Second-level domains serve as specific identifiers for websites, organizations, or individuals. Here are some additional examples below:
Domain NameSecond-Level Domain
gcore.comgcore
linux.orglinux
gov.ukgov
  • Subdomain (third-level domain): The subdomain, also known as third-level domain, is located to the left of the main domain and separated from it by a dot. Subdomains help to organize sections of a website with distinct web addresses. They appear before the main domain in a URL, allowing site owners to keep sections connected to the main domain. For instance, in “blog.example.com,” “blog” is the subdomain, “example” is the second-level domain, and “.com” is the TLD.
The domain structure: “blog” (third-level), “example” (second-level), “.com” (top-level)
Fully-qualified domain example
Example URLSubdomain
www.example.comwww
support.example.netsupport
forum.example.orgforum

#3 DNS Resolver

A DNS resolver or DNS recursor is a server which executes the process of requesting information from authoritative DNS servers to find the IP addresses for domain names. When you enter a domain name in your web browser or perform an action requiring DNS resolution, the DNS resolver first checks its local cache—a temporary storage mechanism—to see if it recently resolved the same domain name. If the information is not found in the cache, the resolver looks for the corresponding IP address by initiating a DNS lookup.

#4 Servers

Specialized servers store and provide DNS information for specific domain names. They are managed by domain registrars, web hosting or cloud providers, or organizations. They work according to a hierarchy, starting from the highest level root name servers, then top-level domain (TLD) name servers, and finally to authoritative name servers for specific domains.

DNS hierarchy showing root, TLD (.com, .org, .net), and authoritative name servers
DNS server hierarchy

Each domain has multiple authoritative name servers associated with it. These authoritative name servers are responsible for holding the DNS records containing the corresponding IP address.

Let’s look at each level of the hierarchy in more depth.

  • Root name servers: These are the highest-level DNS servers in the hierarchy, providing information about top-level domain (TLD) name servers. When a DNS resolver needs to find a domain’s IP address, it contacts a root name server, which then directs the resolver to the appropriate TLD name server based on the domain’s extension (e.g., .com, .net, .org.) There are thirteen operators of root name servers worldwide.
  • Top-level domain (TLD) name servers: These servers handle the next level in the DNS hierarchy. They are responsible for specific domain extensions like .com, .org, .net, and country-code TLDs (ccTLDs) like .uk, .ca, etc. Each TLD name server is responsible for storing information about the domain names registered under that specific TLD. The Internet Assigned Numbers Authority (IANA) maintains a list of root zone databases.
  • Authoritative name servers: Authoritative name servers are responsible for storing and supplying specific and definitive DNS records from the second level onwards, including the IP address for the domain. They are officially appointed by either the domain owner or the domain’s registrar. For example, if our Gcore clients wish to use our DNS service, they are required to modify their name server details at the location they originally bought their domain, which is the domain registrar. Here’s what the authoritative name servers looks like:
Authoritative name serversValue
NS1ns1.gcorelabs.net
NS2ns2.gcdn.services

#5 DNS Zone File

A DNS zone file can be likened to an organized filing cabinet. It is a plain text document that houses critical information about a domain name. This file includes resource records, which enable the efficient pairing of domain names with their related requests, streamlining the process of finding what you need.

Depiction of a DNS zone file as a cabinet that holds different kinds of DNS records (NS, A, MX, CNAME) for the domain name example.com
How a DNS zone file works

Every domain has a zone file of its own, containing different kinds of DNS resource records that describe the domain’s setup. The structure and language used in the zone file follow DNS standards such as RFC 1034 and RFC 1035, which define the architecture and specifications of DNS. This ensures that any DNS file can be easily read and interpreted by all DNS servers and other DNS-related software.

Here’s an example of a DNS zone file:

Sample DNS zone file including TTL, SOA, NS, A, MX and CNAME records
Components of DNS zone file

Let’s learn what each part means:

  1. Time to live (TTL): The initial line, “$TTL 3600,” establishes the zone’s default time to live (TTL) duration, which is 3600 seconds (1 hour.) The TTL determines how long DNS resolvers should store the records in their cache before looking for new information.
  2. Start of authority (SOA) record: The start of authority (SOA) record sets important details for the zone, like the main name server (ns1.example.com, ns2.example.com) and the email address of the zone’s administrator.
  3. Name server (NS) records: These records are the authoritative name servers that handle the DNS queries such as “ns1.example.com” and “ns2.example.com.”
  4. Address (A) records: This is a type of DNS resource record that maps a domain name to the corresponding IP address of the server hosting the domain. In our example above, the label “@” represents the origin of the domain, e.g., â€œexample.com”), so that the domain itself is mapped to the IP address 192.168.1.10. Additionally, “www.example.com” and “mail.example.com” are mapped to their respective IP addresses.
  5. Mail exchange (MX) records: MX records define the mail servers responsible for receiving email messages for the domain. In this example, all emails for “example.com” will be delivered to the mail server “mail.example.com.”
  6. Canonical name (CNAME) records: CNAME records create aliases or alternate names for specific domain names. They point to the canonical (primary) name of another domain. In the example above, the CNAME record creates an alias for the domain name “ftp.example.com,” pointing it to the same IP address as “www.example.com.”

What Are DNS Attacks?

Since DNS is considered as a backbone of the internet, it is prone to attacks with potentially devastating effects. Tunneling attacks, malware, and DNS flooding are some of the risks associated with DNS. These can impact business owners who manage online services and websites. Potential disruptions as a result of a DNS attack include website service interruption, data breaches, and domain reputation damage, rendering DNS security measures essential.

Here are some of the most common DNS attacks:

DNS AttackDescription
DNS cache poisoningAttackers insert fake information into DNS caches, causing domain names to be resolved incorrectly. By manipulating the cached data in DNS resolvers, they can redirect users to malicious websites, intercept sensitive data or cause a denial of service attack. This attack type exploits vulnerabilities in DNS resolvers and can spread rapidly, affecting a large number of users. Example: Attackers targeted XYZ Company, a file sharing website, by compromising DNS records and injecting malicious data into the DNS resolver’s cache. This manipulation led to the legitimate domain name of XYZ Company being associated with a fake IP address controlled by the attackers.
DNS spoofingMalicious entities create fake DNS responses, leading users to be redirected to fraudulent websites or unintended destinations. In this DNS attack, attackers exploit DNS vulnerabilities to inject fake DNS responses into caches, redirecting users to deceptive destinations. This can result in users unknowingly sharing sensitive information with malicious sites or downloading harmful content. Example: Cybercriminals executed a DNS spoofing attack on ABC-Shop, an e-commerce platform. The attackers used fake DNS responses into the cache that led users to redirect them to the attacker’s website where it posted fake products, instead of to ABC-Shop. The attackers thereby stole customers and damaged ABC-Shops’ reputation with fake, subpar quality goods.
DNS reflectionThis is a type of DDoS attack where the attacker sends fake DNS requests to public DNS servers, using the victim’s IP address as the source. The DNS servers then respond to the victim’s IP, generating a massive flood of responses that overwhelms the victim’s network. Example: TechZone, a computer repair chain, experienced a DNS reflection attack where attackers flooded public DNS servers with fake requests, spoofing TechZone’s IP address. The flood of responses overwhelmed TechZone’s network, disrupting their online services, causing financial losses.
DNS floodingDNS flooding is a type of cyberattack that overwhelms DNS servers with a high volume of request, causing disruptions to services. Malicious actors use techniques like botnets to generate a massive number of DNS queries, exhausting server resources and rendering legitimate services unavailable. Example: Gaming-ABC is a gaming company that was targeted by malicious actors, who flooded its DNS servers with a massive volume of queries using a botnet. The overwhelming number of requests disrupted Gaming-ABC’s DNS infrastructure, causing service disruptions for players trying to access the games.
DNS malwareDNS malware refers to harmful software that alters DNS settings to redirect users to malicious websites. When a device is infected, the malware replaces legitimate DNS servers with unauthorized or malicious ones. Users are unknowingly redirected to fraudulent sites, leading to phishing attacks or malware distribution. To protect against DNS malware, users should update security software and be cautious with links and downloads. Example: Toys Co faces a DNS malware attack when an employee’s device becomes infected. The DNS malware redirects DNS queries to malicious servers controlled by attackers. This leads Toys Co to experience data theft and compromised business operations.

Reliable DNS hosting, a DNS firewall, and mitigation solutions are essential measures to combat cybercrimes and address DNS security concerns.

At Gcore, our mission is to deliver a fast, reliable internet experience for users and create a safe online space for businesses to offer their products and services, free from worries about DNS attacks. Let’s explore how Gcore assists in mitigating DNS security risks and helps your business to succeed in a volatile cybersecurity environment.

Gcore DNS Hosting Benefits

At Gcore, we ensure that your website performance is consistent and outstanding with our DNS Hosting. We provide services to keep you safe from DNS attacks, ensuring that your website stays safe and your customers can always enjoy your business without experiencing downtime.

Let’s explore some key features of Gcore DNS hosting:

Gcore DDoS- and Bot-Protected DNS Hosting

Our DNS Hosting service leverages anycast network technology with hundreds of global nodes, providing superior security and unmatched resilience, even against the most extreme DDoS attacks. We ensure that only legitimate traffic reaches your website. Without proper DDoS protection, your website is vulnerable to DNS attacks that can cause your website to become unavailable to your visitors.

Another security concern is DNS flooding, a type of DDoS attack that employs botnets to generate an overwhelming number of DNS queries, causing resource exhaustion and preventing legitimate users from accessing the website. Website owners are rightly concerned about such an attack, since downtime means lost revenue and lost customers. Gcore Bot Protection defends against this risk.

A website without Gcore DNS Hosting is not secure as attackers have unrestricted access
Gcore DDoS-protected DNS Hosting

Gcore Geobalancing

GeoDNS or Geo Balancing is a DNS capability that leverages the client’s geographical location to deliver personalized DNS responses. Geobalancing is Gcore’s specialized product in this arena. It directs users to the closest or most suitable server based on their geographic region, improving the performance of online services and reducing latency. Users from Asia will be directed to an Asian server, while European users will be sent to a European server. This ensures a better user experience and improved efficiency for your online services.

Gcore’s GeoDNS displays connections between users in various cities and their local DNS server<a></a>
Gcore’s GeoDNS directs users to their nearest DNS server

Gcore DNS Failover

DNS failover ensures that your business services remain accessible even during server outages. If any of your servers experience downtime, our failover system kicks in automatically, seamlessly redirecting user requests to an available server. This ensures uninterrupted service performance, safeguarding your business operations and customer experience.

DNS failover process

Gcore DNS Advanced Features

Gcore DNS advanced features offer enhanced security and performance measures:

Learn more about Gcore’s DNS solution for an exceptional DNS experience.

Conclusion

DNS plays a critical role in the functioning of the internet, translating human-readable domain names into numerical IP addresses, allowing seamless communication between devices and access to online services. However, DNS management comes with risks, such as DNS attacks that can disrupt services and compromise data security.

At Gcore, we prioritize fast and secure internet using comprehensive DNS solutions like DNS failover, Geobalancing, and anycast network. Trusting us with your DNS management means you can focus on your core business, knowing your website is performing and protected to the highest standard. If you’re interested in learning more or setting up DNS Hosting with us, reach out to our experts.

Explore Gcore DNS

What Is Domain Name System (DNS)?

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.