I've previously covered "What is a CDN?" and I thought it was high-time I cover another of IT system with a three letter acronym for a name. DNS - commonly referred to as the “Phonebook of the Internet” - is an essential piece of modern web technology. It has a life that spans longer than almost any other system (it has been in use since 1985) you'll come across on the Internet as we know it today. You may not realise it, but you actually interact with it all day, every day!
So, what is DNS?
DNS goes by many names, such as Domain Name System, Domain Name Server, Domain Name Service and many other variations.
In simple terms, DNS is a translation service. Computers/browsers communicate and interact with one-and-other via IP addresses (numeric addresses that are "machine-readable" - we all know 192.168.0.1, right?), which isn't particularly user-friendly. Relying solely on IP address may have worked in the early days of the Internet where there were very few computers to interact with, but nowadays it's definitely a no-go!!
This is where DNS steps in. DNS "translates" an IP address into a human-readable and significantly more memorable, "domain name" (such as www.google.com) to either load or access the resources a person is looking for.
IP addresses are unique and are now split between IPv4 (e.g. 220.127.116.11) and IPv6 (e.g.2001:db8::ff00:42:8329). It would be impossible for a person to remember either one of those IP addresses for the websites/servers they visit on a daily basis, and it would be even worse if the IP's were not statically assigned (i.e. they could change!). DNS manages to do all of this, based on "records" stored in various systems, usually split across multiple locations.
The most common DNS records are as follows:
|Record Type||Record Name||Record Purpose|
|A||Address Mapping Record – IPv4||Returns the IPv4 address to map the domain to the IP of the hosting server|
|AAAA||Address Mapping Record – IPv6||Returns the IPv6 address to map the hostname to the IP of the hosting server|
|CNAME||Canonical Name Record||An alias of the domain name|
|MX||Mail Exchange Record||Maps the domain name to the mail exchange agents (for email routing)|
|NS||Name Server Record||Lists out the authoritative nameservers used by the domain|
|PTR||Reverse-Lookup Pointer Record||This is a "reverse" A record. Rather than mapping a domain to an IP, PTR's map an IP to a domain|
|TXT||Text Record||Used to store text values, usually for verification purposes|
How does DNS work?
In a super simplified manner, DNS typically works via the following process:
- You open your browser on your computer and type in the domain name for a website you want to visit - for example, willstocks.co.uk (shameless plug ????).
- Your browser checks your local DNS cache (usually there's one within your browser itself) on your device. If you've visited the site recently, chances are the DNS record will be cached and your browser will use that (dependent on record expiration etc.).
- If there is nothing in your local cache, your device then heads out to the internet at which point it hits a “resolving nameserver” (aka “recursive resolver” or “DNS Recursor”), which is typically hosted by your ISP. They have their own DNS resolving caches and in most cases, your DNS query likely won’t go further than this!
If it does have to go further, a DNS recursor actually completes most of the heavy lifting with regards to DNS queries, dealing with all information on behalf of your device.
- If the DNS recursor doesn’t have the correct information in its cache, it will send the request out to one of the 13 “DNS root server” IP addresses (which contains over 600 DNS root servers). Sticking with the “phonebook” metaphor, a DNS root server is kind of like the index page of the phone book. The root server lets the recursor know which TLD nameserver it needs to go to next, to get the right information.
- The next step in the query is the “TLD nameserver”. This is the “section” of the phonebook, containing all information relating to the specific “TLD” (top-level domain) being used (.co.uk or .com). The TLD nameserver lets the DNS recursor know which authoritative nameserver it needs to go to next.
- We’re almost there, it’s the final step! We’ve got the phonebook, we’ve got the right section and now we’re looking for the right page! The "authoritative nameserver" is the actual nameserver that, as long as there’s a valid A/AAAA Record (or CNAME record – which would result in the whole process having to be completed again to check the records for that canonical domain!) for the domain that has been queried, will let the DNS recursor know the correct IP address for the resource that was originally requested.
- The DNS resolver now has the IP for the resource originally requested. It provides this information back to the device/browser.
- The device/browser now makes a request directly to the resource/site you originally typed in.
Bear in mind, all of this happens in milliseconds! In most cases, all of these steps (across multiple systems, potentially spread all around the world) are completed in less than 50ms – literally quicker than a blink of the eye!
Cloudflare have a great, simple diagram of how these queries are completed:
Image from Cloudflare
OK, but why should you care?
After reading all of the above, I'm sure you'll agree - DNS is somewhat the unsung hero of the modern day Internet! However, it still has its flaws.
The most significant issue with DNS is 90% of people have little to no understanding of how DNS works (hopefully this article has helped a little though?? :D). The 10% of people that do, don't necessarily know how to properly manage DNS, as it's a fairly laborious and beastly system to maintain.
The second most significant issue is probably security. As I mentioned right at the beginning of this article, DNS has been around for a fairly significant amount of time - over 35 years in fact. That means minor tweaks, changes, patches and updates to keep up-to-speed with modern requirements. There are workarounds and fixes, however, they require fairly significant technical knowledge and understanding to implement.
If you're reading this article to learn a bit more ahead of setting up a website (or need to make some tweaks), it's important that you get DNS right. Not only to prevent security issues as best as is possible, but also to ensure you're maximising the performance of your website. Picking the right DNS provider/service can make a world of difference. If you choose someone like Cloudflare, or DNS Made Easy you'll be looking at sub 30ms lookup times. However chances are if you stick with the DNS service that came with your hosting package, you'll be looking at 100 - 150ms+ DNS lookup times. You can monitor the performance of various DNS providers via DNSPerf.