Even if nobody notices it, DNS is at the heart of the Internet. Without DNS, the Internet wouldn’t be possible. And, with that, all the services that run on the Internet. Forget about Netflix, or Amazon, or even the stock market and online payments. Despite its importance, DNS is simple in the way it works, and it is simple to understand. So, what is DNS? We will find it out in this post.
What is DNS?
A quick introduction to the Internet
Before starting to talk about DNS, we need to give a little explanation about how the Internet works. In the end, the Internet is just a collection of computers connected together. The goal of these connections is simple: exchange information. However, the Internet contains billions of devices, and we need a practical way to send information to the correct device. And, of course, we have it: IP addresses.
An IP address is a 32-bit number (written with four numbers from 0 to 255, like 143.11.234.21
). In this little space, it contains the information of a device on the Internet, just like an address contains everything: name, street, city, and country. With an IP address, you can effectively send information to a device on the Internet. Each device on the Internet uses a public IP address, that is valid and other devices will recognize.
This is awesome, but it has a problem. IP addresses are good for computers, but not for humans. Imagine if you need to remember the IP address of all websites you visit. Want to buy something on Amazon? Go to x.x.x.x
. What about a movie on Netflix? That was y.y.y.y
. Check your balance of your bank’s website? What was that? You can quickly see this is not the way to go. To do that, you would need a table to associate a name that you remember with an IP address, and more or less that’s what DNS does.
What does DNS do?
DNS is a service that resolves names. In other words, it provides you with an association between a name that you can remember, and an IP address (or even more than one). Instead of being a simple table on a PC, DNS is a service. It means you can have a DNS server that responds to queries. Your PC asks that DNS server the IP address of a given name, and the DNS serve replies back with the information. Just one thing here, you need to know the IP address of the DNS server, because you need it to resolve names, and you need to contact it before you are able to do that. The following picture shows that.
Names have a structure
More or less, we already know the answer to “What is DNS?”. Still, DNS is not just this simple, it has many features and functionalities we should talk about. However, before all, it is worth mentioning that DNS resolves names. Yet, these names cannot be exactly what you want, they must have a specific structure. You cannot resolve the name “John Doe”, because it is not a valid name. Instead, you can resolve “johndoe.com”.
You can see the pattern here, these names look like websites. That’s because a website must have a DNS-valid name. In such domain, the most important part, the top-level is at the right, for example .com
. Then, you have the domain name, in the example above johndoe
. And you can add more and more to the left. Generally, the person who has the control on the part on the right, can create as many entities as he wants on its left. The .com, that is the top-level extension, is under the control of the people who manage the Internet. However, since I have ictshore.com
, I can create any sub-domain for it. I can create www.ictshore.com
, but also pizza.ictshore.com
if I want to. Nobody else can do that.
Still, the DNS is just a server providing information. It may also provide wrong information, and that’s what we want in some complex setups we don’t want to cover here. However, you can see the importance of having a trusted DNS server. If it is a malicious one, it can direct you to the wrong website and disguise it as legitimate. You can enter your bank account data in a site which you feel is the one of your bank, but that isn’t. But that’s for another day.
The Internet is HUGE!
Now more than ever, the Internet is huge. The only day when we have more devices connected to the Internet than today is tomorrow. We simply cannot have one poor DNS server know them all. Instead, the DNS is a complex system in the Internet, where many servers work together, and each knows its tiny small part. How do you use them? You start big, and go narrowing down.
If you want to resolve the name for mail.ictshore.com
, you start by asking to the provider of .com
. This is a big battery of servers, but it does not have the information you need. Instead, it redirects to the DNS server who manages ictshore.com
. Here, ictshore.com is known as DNS zone: a piece of the Internet full of DNS information. And, we need to find the DNS server that is authoritative for that zone, and that’s what .com
DNS server is giving us.
Now, that server can redirect us to another who is authoritative only for mail.ictshore.com, or even providing us the information directly, depending how it is configured. In the end, the process looks something like the one below.
DNS Entries
DNS does more than simply providing IP addresses. In fact, it can provide different types of information. In a DNS table, you find associations between names and their values. However, this value is not always an IP address, it may be something else. Each association is a DNS record (or DNS entry), and you have many types of records.
- In an A record, the value is an IP address.
- Type AAA record still contains an IP address, but in version 6 and not in version 4 (tip: an IPv6 address is four times larger than an IPv4 address).
- In a CNAME record, you find a different domain name. That’s why this is known as alias. For example, you may want to have only
mail.example.com
, and haveimap.example.com
to resolve tomail.example.com
. There is a limitation to that, you cannot configure CNAME for the root of your domain, so you can have an IP address forexample.com
(record A), but not an alias. You would need to use something likewww.example.com
. See RFC 1912 for more information on that. - In a TXT record, you provide a short free-form text. This record is important for domain validation and mail validation, like ensuring that you are the legitimate owner of a domain and that you can send emails for that domain. It is thanks to that only your bank can send you emails “@yourbank”.
- An NS record indicates what are the authoritative name servers for this zone.
- In an MX record, you specify a priority number (e.g. 10) and a mail server, and you use that to receive emails.
Wrapping it up
In this post, we presented what is DNS in simple terms and we understood its importance in the Internet. Still, we did not go deep on the technical part, but this will give you enough information to start understanding its functionality. If you are interested in DNS, and some of its obscure functions like recursive DNS, you may want to take a look at this post about network protocol with technical information about DNS.
What do you think about DNS? Did you get its importance before? Let me know in the comments.