Making complex easy. How DNS Server works and what is it for?

We all know that each computer, each server and even each network device have IP addresses associated/allocated to each of them; so, imagine you have to remember the IP addresses of over 50 servers. For the majority of us without photographic memories and the fact that we aren’t even robots, that could be a very hard task to accomplish. Hence, the advent of a DNS server.

This article provides a step-by-step explanation of what a DNS server is, how it works and what it is used for.

What is a DNS Server?

• Basic DNS query
• Types of DNS servers
• Different DNS public servers

Domain Name System Server, popularly known as DNS server, is the foundation and backbone on which the internet was built. We are all aware that every server, whether it be a web server, database server or even a file server, all have an IP address attached to them. You can also find your IP address and location using our what is my IP service.

Does that mean I have to remember the IP address each time I want to make a request? Back in college, I had a research assignment on encryption methodologies, and the report was meant to be an extensive one. Are you really telling me that I have to remember the IP address of every site I visit?

This is where the Domain Name System (DNS) server comes into play. DNS is like the phone book of the internet. You are already thinking about your phone, right? Your thoughts are in the right direction. Imagine having to cram all the phone numbers of your family members, friends and acquittances. Is that even possible?

The phonebook helps to save the phone number alongside a name of your choice, making calling easier and faster. This is what the DNS server does. It saves you the stress of having to remember countless number of IP addresses.

All you need is the name of the site you want to visit, and voila, it is right in front of you.

Basic DNS query

We all know that the primary goal of a Domain Name System (DNS) is for domain name resolution i.e. from cooltechzone.com to 172.67.160.129; resolving hostnames to IP addresses. What your system/DNS client performs is called a DNS query/lookup. Pick up your favourite browser and type the URL cooltechzone.com.

What happens is that the DNS client queries a DNS server using UDP port 53 for a response, and sometimes, it is immediately given. Other times, the DNS server queries other DNS servers in search for a response. When this process is completed, the responses are stored in a cache for a particular amount of time so that upon future requests, the query processes are not repeated again.

Surprisingly, despite these number of steps, these processes are completed within a twinkle of an eye.

Usually, the DNS server hosts zone files i.e. text database files that contain records of the IP addresses. Some of these zone files or records are as follows:

1. A record: This is the most commonly used zone record. It contains both the hostnames and ipv4 addresses for forward lookups.
2. AAAA record: This record is very similar to the A record, but the distance between them is while A contains ipv4 addresses, AAAA contains ipv6 addresses.
3. PTR record: This is called the pointer record. This is the opposite of A record. Instead of the DNS client querying the DNS server with a hostname, it is queried with an IP address. Some websites block this feature, though, for security reasons.
4. CNAME record: This canonical name record contains information on which a single IP address can be accessed using different hostnames.

Others include mail exchange (MX) records and start of authority (SOA) records.

Types of DNS servers

There are basically 4 types of DNS serves, namely: Recursive resolvers, root nameservers, Top Level Domain (TLD) nameservers and authoritative nameservers. These servers work hand in hand to make DNS queries as seamless as possible. Let's talk more about these servers.

1. Recursive resolvers: This is the first server a DNS query/Lookup hits. After receiving the query request from a client, it could either respond with cached data or send a request to the root nameservers followed by the TLD nameservers, then finally, the bus stop, the authoritative nameserver. After receiving a response from the authoritative server, the recursive resolver then relates the IP address to the client. EASY PEASY.
2. Root nameservers: There are about 13 root nameservers (from letter a to m). The root nameserver responds to the query of the recursive resolver by directing it to the TLD nameserver depending on the extension of the domain, whether it be .com or .net etc.
3. Top-Level Domain (TLD) nameservers: The TLD nameserver contains information about the domain extension; basically, whatever comes after the dot in the URL. Take, for instance, a .org TLD nameserver that contains information for every website that ends in .org.

Let's say you want to visit coolteczone.com. The query is escalated to the .com TLD nameserver, which then points to the authoritative nameserver. Various countries have their unique TLD nameservers. For example, Nigeria's TLD is .ng, United Kingdom’s TLD is .uk, United States of America's TLD is .us e.t.c

4. Authoritative nameservers: After leaving the TLD nameserver, the last stop that the query hits is the authoritative nameserver. This server contains information about the specific domain (e.g. cooltechzone.com), and the IP address could either be found in the A record, CNAME record or any of the aforementioned records. Then finally, the IP address is sent back to the recursive resolvers, which in turn sends it to the DNS client.

Different DNS public servers

A public and free DNS server is one that is available to the general public, and it comes from either your internet service provider or a dedicated DNS provider. Below, you will find the IP addresses of different public DNS servers.

What to do when your DNS server isn’t responding

On some occasions, you might try to visit a website, and you are greeted with an error message "DNS server not responding”. Your DNS server not responding to queries could be a result of different issues. Luckily, these issues can be fixed by following these troubleshooting steps.

Step 1: Browser Issue

In other to rule out browser issues, we have to troubleshoot. If you were using google chrome before and it brought up that error message, try switching to other browsers like Safari, Mozilla. Brave, Edge etc. It could be an update issue, and sometimes, it could even be solved by uninstalling and installing the preferred browser all over again.

Step 2: Firewall

Even after changing browsers, reinstalling them and the problem still persists, it could then be a firewall issue. The firewall might be dropping the response from the DNS server or preventing you from making a query. If, after temporarily turning OFF the firewall, the issue isn’t yet resolved, we can strike that off the bucket list.

Step 3: Change the DNS server

This is the final and probably the method that will resolve all your issues with unresponsive DNS. Below are steps on changing my DNS server on a Windows system.

Step I: Search for network connections using the windows search button and double-click.

Step II: Right click on your wi-fi.

Step III: Right-click on TCP/IPv4, view properties, then fill in your preferred DNS server.

DNS security

DNS security should be taken with utmost importance because it is an avenue for bad attackers to wreak havoc. One risk that comes with DNS is DNS cache poisoning. This is when an attacker modifies the DNS cache with a false IP address in an attempt to send every request the DNS client makes to that bogus IP address instead of the correct IP address.

Take, for instance, you want to visit your bank's website in an attempt to make online transactions, and the correct IP address to that website is 172.165.124.21. If the attacker is successful with the DNS cache poisoning, the IP address of the bank's website in the DNS cache could be changed to a false one leading the victim to a bogus website where his credit card details are stolen.

Another attack that could affect a DNS server is a DDoS attack (Distributed Denial of Service). Back in October 2016, Dyn, a major DNS service provider, was attacked with DDoS. This attack was recorded as the largest DDoS attack in history. Sites like Amazon, Netflix, PayPal, CNN, Reddit, Spotify and many more couldn’t be accessed.

More than half of the internet was down. The attack was performed using commands in the form of DNS queries with 10s of millions of infected IoT devices. It was called a Mirai attack perpetrated using a botnet.

One primary way of preventing these attacks is with DNSSEC (Domain Name System Security Extensions). DNSSEC adds digital security to every record, providing non-repudiation and maintaining integrity. It helps provides validation for DNS responses.

Conclusion

We can clearly understand now why the whole idea of a phone book is used in describing what a DNS server is and how it works. We also saw how important a DNS server is to our internet usage and why it is necessary for them to be protected and secured with DNSSEC.

Lest we forget, Sys Admins also normally employ command-line tools like nslookup (name server lookup) and dig (domain information groper) to troubleshoot DNS servers to verify that they can resolve hostnames and fully qualified domain names (FQDN) to IP addresses.

If you are interested in knowing more about DNS servers or have questions to ask, please let me know by leaving a comment below.

Author

Oreoluwa Jetawo

Cyber Security Student and researcher.