DNS for Dummies
Domain Name System or DNS for short is one of the key components for accessing the internet. In this article, we’ll discuss DNS in simpler terms and dive a bit deeper.
DNS is in its basic form is kind of like the phone book on your mobile phone. Whenever you want to call somebody, you have to either dial their telephone number from your memory or search the contact name in your phone book for their number. And let’s be honest, we almost always use the phone book because it’s far easier to remember a name than a number. (Quick question, can you recall ten phone numbers of your friends from the memory? because I can’t)
Similar to the phone numbers, the internet uses a bunch of numbers (or a bunch of numbers and letters in it’s newer form) to uniquely identify a device connected to it. Such a collection of numbers is known as an IP address. DNS is a mechanism that maps these IP addresses into domain names for the convenience of the users and eliminates the need for memorizing the complex numeric IP addresses.
So, now that we have a basic idea about the DNS, let’s dive a bit deeper and see how this is done.
DNS Resolution Process
Translating a domain name into a computer-friendly IP address is called DNS resolution or DNS lookup. Some say a picture is worth a thousand words, so here is a picture.
Architecture of a Domain Name System
As we saw in the above image, there are four types of servers involved in a DNS lookup. These servers are interconnected through networks and communicate and coordinate their actions by passing messages. That makes DNS a distributed system.
To lookup an IP address, the recursive DNS server has to forward the requests to other servers on the network (Root DNS server, Top level DNS server, and Authoritative DNS server). So we can classify the architecture of DNS as an n-tier architecture model.
Next, we’ll see how DNS manages to preserve some of the essential features for a distributed system.
Redundancy is used for making DNS fault tolerant. Usually there are at least two domain name server instances(often at different locations), one configured as primary and the others as secondaries. If the primary server goes down, secondaries can step in to serve the request. Also these secondary servers can help in distributing the load of requests to the domain so that the primary server doesn’t get overloaded causing a denial of service. They can use various load balancing techniques such as round-robin DNS which designed to send each server in the cluster roughly equal amounts of traffic.
Domain name server pools are located in different strategic locations around the globe in order to provide high availability. Also, these pools are scaled automatically according to the demand use load balancers to provide a reliable service. And often these server pools are on the data centers with robust and resilient infrastructure.
In an event of a server failure, the failed domain name server can be diagnosed and restarted automatically. Also, backups of the servers are created regularly and can be rolled back as needed.
Secondary domain name servers maintain only the read-only copies of the DNS records in the primary server and they get their info from the primary server via a process called a zone transfer. Since changes cannot be made at the secondary servers the system can maintain the consistency among the servers. In some cases, the secondary domain name server can pass along change requests to a primary server.
DNS uses a hierarchical structure that can be scaled better than a linear structure.
DNS also avoids the performance bottlenecks by partitioning the name table between servers located throughout the Internet and administered locally. Apart from this, domain name server pools can also be scaled up or down automatically according to the demand.
DNS data is stored in local caches and in the recursive domain name servers for a limited time in order to reduce the DNS lookup time and increase performance. Closer the DNS data to the requesting client, lesser the DNS lookup time.
Standard DNS queries create opportunities for malicious activities like DNS hijacking and man-in-the-middle attacks. These attacks can redirect the inbound traffic of a website to a fake copy of the site for malicious purposes. To protect against DNS threats, most DNS providers use DNSSEC protocol. DNS Security Extensions (DNSSEC) mitigates these DNS threats by digitally signing data. In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
Domain Name System is a mechanism that translates the human-friendly domain names into computer-friendly IP addresses. It eliminates the need for us humans to memorize the IP addresses. Domain Name Servers are fault-tolerant, highly available, recoverable, consistent, scalable, predictable performance, and secure distributed systems.
That’s about it! I hope you got a solid introduction to DNS. Thanks for sticking with me till the end 😅. Please don’t hesitate to leave a comment below if you need more clarification.