The domain name system (DNS) is a naming database in which internet Domain names are located and translated into internet protocol (IP) addresses. The domain name system maps the name people use to locate a website to the IP address that a computer uses to locate a website. For example, if someone types example.com into a web browser, a server behind the scenes will map that name to the corresponding IP address, something similar in structure to 22.214.171.124.
Web browsing and most other internet activities rely on DNS to quickly provide the information necessary to connect users to remote hosts. DNS mapping is distributed throughout the internet in a hierarchy of authority. Access providers and enterprises, as well as governments, universities and other organizations, typically have their own assigned ranges of IP addresses and an assigned domain name. They also typically run DNS servers to manage the mapping of those names to those addresses. Most URLs are built around the domain name of the web server that takes client requests.
How DNS works
DNS servers answer questions from both inside and outside their own domains. When a server receives a request from outside the domain for information about a name or address inside the domain, it provides the authoritative answer. When a server receives a request from inside its own domain for information about a name or address outside that domain, it passes the request out to another server. Usually, this server is one managed by its internet service provider (ISP). If that server does not know the answer or the authoritative source for the answer, it will reach out to the DNS servers for the top-level domain -- e.g., for all of .com or .edu. Then, it will pass the request down to the authoritative server for the specific domain -- e.g., techtarget.com or stkate.edu. The answer will flow back along the same path.
A domain name is made of multiple parts, called labels. The domain hierarchy is read from right to left with each section denoting a subdivision. The top-level domain is what appears after the period in the domain name. A few examples of top-level domains are .com, .org and .edu, but there are many others that can be used. Some may denote a country code or geographic location such as .us for the United States or .ca for Canada.
Each label to the left denotes another subdomain to the right. So for example, “techtarget” is a subdomain of .com. and “www.” is a subdomain of techtarget.com. There can be up to 127 levels of subdomains, and each label can have up to 63 characters. The total domain character length can have up to 253 characters. Other rules include not starting or ending labels with hyphens and not having a fully numeric top-level domain name.
How does DNS increase web performance?
To promote efficiency, servers can cache the answers they receive for a set amount of time. This allows them to respond more quickly the next time a request for the same lookup comes in. For example, if everyone in an office needs to access the same training video on a particular website on the same day, the local DNS server will ordinarily only have to resolve the name once, and then it can serve all the other requests out of its cache. The length of time the record is held, or the time to live, is configurable. Longer values decrease the load on servers, shorter values ensure the most accurate responses.
DNS does have a few vulnerabilities that have been discovered over time. DNS cache poisoning is one such vulnerability. In DNS cache poisoning, data is distributed to caching resolvers, posing as an authoritative origin server. The data can then present false information and can effect the time to live. Actual application requests can also be redirected to a malicious host network.
An individual with malicious intent can create a dangerous website with a misleading title to try and convince users that the website they are on is real, giving the individual access to the user's information. By replacing a character in a domain name with a similar looking character—such as the number one “1” and a lowercase L “l,” which may look similar depending on the font—a user could be fooled into selecting a false link. This is commonly exploited with phishing attacks.
Individuals can use DNS Security Extensions (DNSSEC) to for security, which can support cryptographically signed responses.
Continue Reading About domain name system (DNS)
- Cisco, the networking product manufacturer, provides an overview of DNS as part of its pages on Configuring the DNS Service .
- DNS co-creator Paul Mockapetris discusses how to create a more secure DNS to combat internet challenges.