How DNS Works

When you type a URL like "www.example.com" into your browser, a complex process called DNS resolution begins:

1. Browser DNS Cache: Your browser first checks its own cache to see if it has recently looked up the same domain name.
2. Operating System Cache: If the browser cache doesn't have the information, your computer's operating system checks its DNS cache.
3. Router Cache: If the OS cache doesn't have it, the query goes to your router, which may have its own DNS cache.
4. ISP's DNS Resolver: If all local caches fail, the query goes to your Internet Service Provider's recursive DNS resolver.
5. Root DNS Servers: If the ISP's resolver doesn't have the answer cached, it starts by querying one of the 13 root DNS server clusters.
6. TLD DNS Servers: The root server responds with the address of the appropriate Top-Level Domain (TLD) server (like .com, .org, .net).
7. Authoritative DNS Servers: The TLD server responds with the address of the authoritative nameserver for the domain.
8. Final Answer: The authoritative nameserver provides the IP address for the requested domain.
9. Caching the Result: The ISP's resolver caches this information for future use and returns the IP address to your computer.
10. Connecting to the Website: Your browser uses the IP address to establish a connection with the web server and retrieve the website content.

DNS Resolvers

DNS resolvers (also called recursive resolvers) are servers designed to receive DNS queries from client machines and process them. They have the responsibility of tracking down the DNS record by making requests to multiple DNS servers.

Root Servers

The root servers are a critical part of the DNS infrastructure. There are 13 logical root server clusters (labeled A through M) distributed worldwide, operated by 12 different organizations. They serve as the starting point for DNS resolution.

TLD Servers

Top-Level Domain servers manage the DNS information for specific domain extensions like .com, .org, .net, and country-specific TLDs like .uk or .jp. They know which authoritative nameservers hold the DNS records for domains under their TLD.

Authoritative Nameservers

These are the servers that hold the actual DNS records for specific domains. When you register a domain, you either use the registrar's nameservers or specify your own authoritative nameservers.

Caching is a critical aspect of DNS that improves performance and reduces load on DNS servers:

• Time-To-Live (TTL): Each DNS record has a TTL value that specifies how long it can be cached before a new query should be made.
• Browser Cache: Modern browsers cache DNS results to speed up page loads for frequently visited sites.
• OS Cache: Operating systems maintain their own DNS cache to serve all applications on the device.
• ISP Cache: ISPs cache DNS results to serve their many customers efficiently.

Caching is why DNS changes don't propagate instantly across the internet. You may need to wait for caches to expire before everyone sees updated DNS information.

When you update a DNS record, the change needs to propagate through the DNS system:

1. The change is made at the authoritative nameserver.
2. DNS resolvers with the old record cached will continue to use it until the TTL expires.
3. As TTLs expire, resolvers request fresh information and receive the updated record.
4. Eventually, all caches update and the new record is used universally.

Propagation can take anywhere from a few minutes to 48 hours, depending on the TTL values set for your DNS records.

DNS was originally designed without security in mind, but several extensions have been developed to address security concerns:

• DNSSEC (DNS Security Extensions): Adds digital signatures to DNS records to verify their authenticity.
• DNS over HTTPS (DoH): Encrypts DNS queries to protect privacy and prevent eavesdropping.
• DNS over TLS (DoT): Similar to DoH, it encrypts DNS traffic but uses a different protocol.

These security measures help protect against attacks like DNS spoofing, cache poisoning, and man-in-the-middle attacks.