What is a DNS Server?

Let’s understand what a Server is. Domain Name System (DNS) is a protocol that assists users on the internet in locating websites by using simply readable addresses. Its functions are similar to that of a phone book.

It is a program or a device committed to serving other programs that are called “Clients”. DNS clients are modern operating systems for mobiles and desktops, allowing web browsers to communicate with DNS servers.

Just as a phone book helps you locate the name and number of a person, similarly, DNS server allows you to enter the website address, and soon as you do so, you can see the I.P. (Internet Protocol) address for that particular website.

Computers use these numeric IP addresses to communicate with other devices. A simpler analogy is, DNS server is like the contact’s list on your smartphone. This list has your contact’s name, number, and email address. Imagine multiplying this contact list with everyone on the internet.

The internet will surely collapse without DNS server. It will not be possible for users and machines to have access to internet servers, especially the friendly URLs everyone knows. DNS server is one of the bedrock of the internet.

Many don’t realize how often they make use of it in their daily tasks, spending time on their phones and checking emails. Let’s take an example, google.com (domain name), interprets to IP address 103.10.38.182(IPv4 Old format) or 2002:6184:20b5:0:0:1:0 (IPv4 newer format). How difficult would it be for you to type that every time instead of typing Google?

DNS Server History

When the internet was launched and was very small, people corresponded with a particular IP address for a particular computer. The network began to get popular, people began to join it, and before we knew it, the internet grew. So using a specific IP address became specifically challenging.

We can still type a particular IP address and reach the website. But imagine remembering combinations of multiple numbers. To be honest, I can only remember two numbers from my contact list. Whenever I want to connect with someone, all I do is type their name, and hit the call button. It is that simple.

I can’t imagine the stress of remembering a combination of numbers to get through my daily work. It’s a nightmare.

Users need something easy to remember, something to relate to the name of the domain (like animalworld.com). In the early ’80s, addresses and names were allotted by one single person – Mary Feinler at Stanford – who in turn had a master record of computers connected to the internet, which was in a text file format called HOSTS.TXT.

Imagine the challenge of maintaining these records as the internet grew, not least as Mary Feinler handled requisitions till 6 pm and took off’s for Christmas and New Year. Paul Mockapetris, a researcher, the year 1983, was asked to come up with solutions to manage these issues. He overlooked all the issues and developed a system of his own and called it DNS. Over the years, it has been improvised in many ways, but it still functions the same way as it did almost before 40 years.

Uses of DNS Server:

* It resolves names of WWW (World Wide Web) sites.

* it routes requests to webmail services and email servers.

* Within the web application, it connects the database, middleware, and app servers.

* VPN (Virtual Private Networks).

* Sharing programs like peer-to-peer.

* Games that are multiplayer.

* Online meeting and instant messaging services.

* Communication between servers, loT devices, and gateways.

You will need DNS server to communicate if you are currently using any of the above services.

For instance: If you permit VPN access to your business network or own a website, the DNS server will provide access to your users. So it is essential you set up a DNS server for your business.

How does DNS Servers Operate?

What is a DNS Server 1

The functions of the Domain Nameserver depend on four main blocks:-

1)  DNS Resolver

Domain Nameserver Resolver is also known as a Recursive Resolver. It is built to receive queries from multiple web browsers and various applications. The resolver gets a hostname – www.sample.com; it has to track down the I.P. address for this hostname.

You can use the DNS resolver by a local internet provider (IP), local network, WIFI network, third party, or any mobile carrier. The resolver looks into the local devices operating system and the local cache. Once the hostname is detected, it is considered to be resolved immediately. 

If it is unable to detect the hostname, it will contact a DNS Root Server for details of the Top Level Domain (TLD) Name Server. Through the Top Level Domain Nameserver, it obtains specifics of the Authoritative Name Server, asking it for an I.P. address to match the hostname that was requested. On receiving the I.P. address, it is considered to be resolved.

By the end of 2017, over 300 million domain names were listed. DNS directory that has all the numbers and names matched is not placed in one place on the internet. The directory is assigned all over the world that is stored on DNS servers. These servers communicate daily with each other to provide redundancies and updates.

2) Domain Name Root Server

It translates hostnames readable by humans to numeric IP addresses. The TLD (Top Level Domain) extracts the TLD given in the DNS query of the user- for example, www.sample.COM, it gives specifics for the.COM Top Level Domain Nameserver. Worldwide wide there are 13 root servers, designated by letters A to M, and are handled by companies like Cogent, the U.S. Army Research Lab, the University of Maryland, and Verisign.

3) TLD Name Server

It uses the name of the domain given in the query – example: www.sample.com -It then gives an I.P. of an Authoritative Name Server. This DNS server holds DNS records for the specific domain. Each TLD has a Name Server. Currently, there are more than 1500 TLD, which include the initial TLDs like .org and .com, country codes like co.fr and co. uk, and latest TLDs like .biz.

Authoritative Name Server: Authoritative Name Server is the final halt in the Name Server query. The Authoritative Name Server extracts the subdomain and domain name it has accessibility to the DNS records.

The DNS Resolver then receives the accurate I.P. address. With the growth of the internet, the initial I.P. address, IPv4 (That’s allowed for 4.3 billion IP addresses), is currently being replaced by IPv6 (that supports 3.4*10^38 IP addresses). More and more, we find DNS servers use the IPv6 format.

In some cases, we find the DNS Resolver is rerouted by the Authoritative Name Server to a Name Server that has detailed records for the subdomain, for example- SUPPORT.sample.com. DNS Zones are used to organize Authoritative Name Server. Authoritative Name Server is allotted to Every DNS zone. Since they provide a correct and authoritative response with regards to the IP addresses for a particular domain, they are known as “Authoritative.”

Let’s take a closer look at the following:-

Authoritative and Recursive DNS server: When you enter a hostname and begin your search. Your computer now needs to find the I.P. address, and in order to do so, it raises a request to the recursive resolver, which is also called a recursive DNS server.

Usually, a third party or ISP uses the recursive resolver server, as it intelligently works in connecting with other DNS servers to resolve the query, i.e., the site name with the I.P. address. Authoritative DNS servers are servers that have all the required information.

IP Addresses and DNS server: Every domain corresponds to multiple IP addresses at a time. A single domain name can communicate with some sites that have hundreds of IP addresses. For instance, your computer reaches www.google.com; it may be different from the server used by someone in a different country, although they have typed a similar site name in the browser.

The directory is distributed to make it convenient for the user; it would consume less time pulling up information when distributed in comparison to searching for information through one extensive directory. At a time, there are billions of users in search of information. That would make one extensive line to have access to the phone book.

DNS Server Caching: To resolve an issue, information is shared with multiple servers from the DNS Server. Details of site visits are locally cached on the user’s computer. Let’s presume your work requires you to use google.com frequently; in this case, the details are saved on your device/computer, so it doesn’t have to reach out to the DNS server every time you hit search. The routers that are used to connect the internet to the client and the server of the client’s ISP can have additional caching. The volume of queries that reach the DNS server is very low due to all the caching.

Discovering my DNS server: As soon as your computer connects to the internet, your local network provider will automatically establish your DNS server. If you want to learn more about the primary nameservers, you can approach web utilities that assist in getting multiple details about your network connection. Today one of the good ones is browserleaks.com. It will give you plenty of information that includes your present DNS Server.

8.8.8.8 DNS Server: Always remember, a default DNS server is set up by your ISP; you don’t have to necessarily use it. Some reasons people avoid using their Internet Service Provider DNS is to avoid the hassle of being redirected to advertising pages.

Some redirect their devices to a public DNS server for an alternative solution; this acts as a recursive resolver. There a many public DNS servers, one of the leading public DNS servers is Google’s: 8.8.8.8 is its I.P. address.

The DNS Service of Google is fast; while many question Google’s ulterior motives for giving free services, they actually can’t get additional information, except for what is found on Chrome.

Google has detailed instructions to help you configure your router or computer. This will help you connect with much ease to Google’s DNS server.

DNS adds efficiency: DNS server is arranged in an order that allows things to move smoothly and quickly. Let’s take an example – suppose you decide to visit exampleworld.com. As discussed earlier, the initial requisition is made to a recursive resolver.

This recursive resolver knows exactly who to work with in order to resolve the DNS query. Now it needs to resolve the I.P. address with the site name. It now reaches the root server; this server has all the details of the TLD (Top Level Domain) like .net, .org, .com, various country domains such as .uk and .cn (the United Kingdom and China, respectively). Root servers are placed all around the world, so they will direct you to the one closest to the tour location.

As soon as the requisition reaches the right root server, it is directed to the TLD (Top Level Domain) name server. This records all the data that is used by the SLD (Second Level Domain). It’s basically all the names you used earlier, before .com, .net, .org (like the information used to search exampleworld.com is “example world”).

Now, this requisition reaches the DNS server, which stores all the data of the IP address and the site. As the IP address is found, it’s rerouted to the user, who uses it to visit the site. All this extensive process takes a few milliseconds barely.

Many take DNS server for granted as it’s been around for over 30 years. The lack of security while designing it has given hackers an added advantage in creating various kinds of DNS attacks.

Types of DNS Hacking

DNS Reflection Attack

DNS Reflection Attack can flood the user with messages of high-volume sent from the DNS resolver server. The attacker uses open DNS resolvers to get sizeable DNS files. They do all this by using a fake I.P. address.

As soon as the resolver gets back, the user is swamped with unrequested DNS information that overworks their computers.

DNS Cache Poisoning

DNS Cache Poisoning diverts unsuspecting users to venomous sites. These attackers feed the DNS servers with incorrect address data as soon as a user puts in a requisition, and if it happens to be a poisoned site, immediately the DNS server will revert with an I.P. of another site.

The attacker will have full control of this site. Many are tricked and end up downloading malware or even entering their passwords.

DNS Resource Exhaustion

DNS resource exhaustion tends to block the DNS infrastructure of your local internet service provider (ISP); it keeps the users from connecting with the websites.

Attackers register a domain name; they then continue to make their domain authoritative server by using the clients’ name server. It asks the user for their name server because they couldn’t get the I.P. address linked to the name of the website.

Attackers create a sizable amount of requisition for the domain. They also throw in subdomains that are non-existent, causing boot. The users’ name server is swamped with an overflow of resolution requisites. 

DNS Sec

Domain Name System Security Extensions tries to connect various servers at various levels to make DNS lookups more secure. The ICANN (Internet Corporation for Assigned Names and Numbers) devised it; they look over the DNS systems.

There was a weakness in communication between the three directory servers, i.e., the top-Second-third level. This weakness in communication made hijacking lookups very easy for attackers.

Attackers could now reply with a malicious I.P. address to queries for lookups to legitimate websites. These sites, with much ease, were able to carry out pharming and phishing attacks, or users would also have malware uploaded.

Every DNS server had to digitally sign a request addressed by the DNS Security Extension. This ensured that the attackers are not in control of the queries sent by the client. At every level of the lookup, it helps in building trust that ensures to validate the request, keeping the integrity intact of the request.

At all times, the Domain Name System Security Extension is vigilant and keeps a close watch on the name of the domain. If they come across a domain name that seems fraudulent or not found in the system, that means it doesn’t exist; it would keep it away from the unsuspecting user by blocking it and continues to resolve the domain name.

A good DNS environment is essential with the increase in devices and smart systems joining the network by using the internet. Many websites are migrating to IPv6 as well, creating a need for DNS management with the growth of analytics and big data.

Failure of a Domain Name System

There are various reasons that can cause a DNS Server to fail; some are hardware malfunctions, cyberattacks, and power outages. When the internet had initially begun, any of these outages would have taken a toll on it and have adverse effects too.

Today, DNS has plenty of redundancy built into it. For example, there are plenty of instances of the TLD nameserver and the root DNS server, and many ISPs tend to keep backup recursive resolvers for the clients. Cloudflare’s 1.1.1.1 is a public DNS resolver that can be used by individual users as well.  Popular websites tend to have various instances of the authoritative name server.

If there is a major outage of the DNS server, the backup servers handle the requests. This may cause a delay if there is a high volume of requests. Only a massive outage of the DNS server can lead to a crucial amount of the internet being unavailable.

In fact, in 2016, Dyn, a DNS provider, was under one of the largest DDoS attacks. Cloudflare has a very beneficial plan that gives the DNS client a specific plan called Managed DNS Service. This has in-built security that focuses on protecting servers from common server failures as well as planned DNS attacks. 

DNS Protocol

There are two types of messages used by DNS protocol – Queries and Replies. These messages contain four sections: question, answers, authority, and additional space. It also has a header.

1) Header

This section has identifications that are used to pair the answers with the queries; Number of additional resource records, Number of authority resource records, number of queries, and number of answers.

2) Flag Field

This section indicates if the request received is an answer or a question; if it’s a request, status or reply. It also determines if the server is authoritative if the user is sending an R.D. (Recursive query); It checks if recursion is supported by the DNS server; if the message was truncated (T.C.)and the 4 bits indicates status towards the end.

3) Question Section

This section has details of the resolved record type and name of the domain (TXT, MX, A, AAAA, etc.). It breaks the name of the domain into labels; the prefix of each label depends on the length of the label.

4) Answer Section

It has all the records of the name required. In case a domain name more than one I.P. address attached to it can appear in various other records. 

DNS Protocol-Transport

UDP (User Datagram Protocol) is primarily used by DNS server on port 53 to deal with requests. The DNS server has one User Datagram Protocol (UDP) request from the user accompanied by one UDP answer from the server. When the size of the response data is over 512 bytes, TCP (Transmission Control Protocol) is used. Most DNS resolvers prefer TCP for all their communications.

SIGRed

Recently, we all became aware of the weakness in the DNS server that caused so much chaos. A flaw was found in the Windows DNS Server, which was named as SIGRed. Dealing with this challenge has a complex strike chain. It takes advantage of the DNS servers that are unpatched to install and carry out malicious code on users.

This attack is termed “wormable,” which means without the help of humans, it can spread from one device to the other. This weakness was a major threat that gave the U.S. Federal Agencies just a few days to fix the patches.

The Future of DNS Servers

DNS is about to make its biggest shift in history, to achieve yet another milestone. As we are all aware, Mozilla and Google, in the browser market, have a big share. The browsers now have decided to go towards DNS instead of HTTP.

The protocol secures web traffic (most of them), the request from DNS is also encrypted by it. When you implement Chrome, the DNS server is checked by the browser to check if it supports DoH. The DNS requests are rerouted to 8.8.8.8 from Google. This type of movement leads to quite a bit of controversy. This move is called a ‘Disaster’ of security, by Paul Vixie.

Paul Vixie has done a lot of work on the protocol for the DNS platform back in the 80s. Directing and monitoring DoH traffic will be very challenging, especially for corporate I.T. For example, by default, DoH can be turned on while Chrome is still omnipresent.

So I guess we’ll have to just wait and watch what the future has in store for us. You can also check our article on How Do Nameservers Work.

Leave a Comment