Domain Name System (DNS)

The Domain Name System is part of everyday web surfing, and many people don’t even realize. DNS enables the domain names that users type into the browser to be translated into server IP addresses that the computer can work with.

The abbreviation DNS stands for “Domain Name System”. With the help of DNS, human-readable domain names are converted into server IP addresses. As soon as you type a domain you know, such as www.ionos.com, into your browser, it searches various DNS servers for the domain name. The search usually starts at the router’s DNS server. From there, several other DNS servers are searched for the desired domain name until it is found.

Your browser then finds the corresponding IP address so that it can finally establish a connection to the desired website. The Domain Name System is therefore required to communicate in a network without knowledge of the respective IP addresses.

The Domain Name System is often referred to as the “internet’s phone book” and there’s good reason for that. It is directly related to the way DNS works since it finds suitable IP addresses for given domain names. This process is called DNS name resolution and can be understood as follows:

1. You enter any web address in the search line of your browser.
2. The search is forwarded to a DNS resolver which is usually managed by your ISP.
3. The DNS resolver forwards the search to a DNS server and is referred to another DNS server.
4. The DNS resolver is forwarded to different DNS servers until it finds the name of the web address.
5. The final server searches its records until it finds the corresponding IP address and returns it to the DNS resolver.
6. The DNS resolver delivers the IP address to the web browser. The browser accesses the corresponding website.

Various components such as the DNS resolver and different nameservers therefore play a role in name resolution. Roughly speaking, the DNS resolver is the program that controls the name resolution process and obtains the necessary information from the Domain Name System. The command line tool nslookup can be helpful in checking whether the name resolution is working correctly.

A distinction can be made between different nameservers that play a role in name resolution:

• DNS root server: Root servers are authoritative nameservers that normally return a list of other authoritative nameservers for a given top-level domain.
• TLD nameserver: The TLD server responds depending on the particular top-level domain. If you search for www.ionos.com, a TLD nameserver for the .com domain extension will respond.
• Authoritative nameservers: Authoritative nameservers are responsible for DNS zones, which is an individual domain or subdomain. The information that authoritative nameservers provide is authoritative. A distinction is made between primary and secondary DNS.
• Non-authoritative nameservers: Non-authoritative nameservers obtain their information from other authoritative nameservers.

Although the DNS plays a major role in daily network traffic, the system also has its problems. One of the biggest problems of the DNS is its security gaps. Since DNS servers store the IP addresses belonging to a domain in an unencrypted form and basically pass them on to anyone who asks for them, they are an ideal target for cybercriminals.

DNS leaks are also a problem faced by users who would like to keep their surfing private. During a leak, a DNS request is sent unprotected to a nameserver instead of being sent via the VPN.

The DNS can also cause problems when it comes to free, uncensored internet. Just recently, for example, the Russian Ministry of Digital Development ordered all domestically available internet services to be routed through Russian DNS servers, so that foreign websites would be blocked. This makes it possible for authoritarian governments to monitor all network traffic. It is also possible to censor through the DNS if, for example, a particular top-level domain was blocked. Internet providers can also block access to certain websites to implement government censorship requirements.

There are several DNS extensions that help to add additional functionality to the Domain Name System:

• DynDNS or DDNS: DynDNS or dynamic DNS is supposed to ensure that the domains in the Domain Name System are updated regularly and automatically. As soon as a computer changes its IP address, this change is recorded in the corresponding DNS record.
• Extended DNS: Various protocol extensions of DNS have been combined into Extended DNS. The extension is essential for transporting UDP packets.
• DNSSEC: DNSSEC offers an enhancement when it comes to security. DNSSEC is intended to prevent hackers from interfering with DNS name resolution. For this purpose, the extension uses asymmetric encryption.

For network security, an outdated or poorly maintained DNS can be problematic. A popular attack strategy is DNS hijacking. This is when hackers take over the nameserver and you are redirected to a site that you did not originally intend to visit. In combination with pharming or phishing, the attackers then often try to get access to your sensitive data. It could also be that the sites you have been redirected to try to infect your computer with malicious malware.

DNS spoofing is also a real danger when it comes to DNS queries. This is where only the name resolution is manipulated rather than the entire nameserver. This means that you do not get the correct IP address, because the DNS record has been altered to return an IP address controlled by the hackers. The site you end up on looks legitimate at first glance. The only thing it lacks is a security certificate.

During name resolution, different types of DNS queries ensure that the correct information is retrieved:

• Recursive query: the computer requests an IP address or confirmation that the nameserver does not know that IP address.
• Iterative query: Iterative queries are the most common. Here the computer requests the best possible answer from the DNS server. If the server does not know the corresponding address, it forwards the requesting person to authoritative nameservers.

DNS records are important DNS server entries. They indicate to which target address a certain domain name belongs. There are different types of DNS records:

• A records: A records are the most common DNS records. They assign an IPv4 address to a domain and are used to point a domain to a web server.
• CNAME records: This type of record is used to assign a subdomain to a parent domain.
• TXT records: With the help of TXT records, you can assign any text to a domain.
• MX records: MX records are used to map any domain to an email service.