The Domain Name System or DNS is the naming system that lets internet users reach services by domain names instead of needing to remember numeric IP addresses. It is a core part of how the public internet works.
When a person enters a domain such as example.com, DNS helps find the records that point to the servers responsible for that name. Those records can then direct web browsers, email systems and other software to the right destination.
Purpose
Computers communicate using addresses such as IPv4 and IPv6 addresses. Those addresses are useful to machines but awkward for people. DNS creates a distributed system for mapping readable names to the technical data needed to contact services.
DNS is not a search engine. It does not decide which website is best, rank pages or inspect the meaning of a page. Its job is narrower: it answers questions about names and records.
How Resolution Works
DNS resolution usually begins with a recursive resolver. That resolver may be run by an internet service provider, a company, a public DNS service or software on the user's own network.
If the resolver does not already have a cached answer, it follows the DNS hierarchy. It asks root name servers where to find the correct top-level domain servers, then asks those servers where to find the authoritative name servers for the domain. The authoritative name servers hold the records for that domain.
The resolver then returns the answer to the user's device and usually caches it for a limited time.
Common Record Types
Common DNS record types include:
- A records, which point a name to an IPv4 address;
- AAAA records, which point a name to an IPv6 address;
- CNAME records, which make one name an alias of another;
- MX records, which define mail exchangers for email delivery;
- TXT records, which store text data used for verification, email security and other purposes;
- NS records, which identify authoritative name servers;
- SOA records, which store basic authority and timing information for a DNS zone.
Caching and TTL
DNS answers are normally cached. The time to live, or TTL, tells resolvers how long they may keep an answer before checking again. A short TTL can make changes take effect faster but increases query traffic. A long TTL reduces query traffic but can make changes take longer to appear.
This is why moving a website or changing mail records can appear immediate for some users and delayed for others.
Security
DNS can be attacked or misused. Common problems include cache poisoning, domain hijacking, misconfigured records, spoofed lookups and abuse of domains for phishing or malware.
DNSSEC adds cryptographic signing to help prove that DNS answers have not been tampered with, although it does not encrypt the query itself. DNS over HTTPS and DNS over TLS can encrypt the link between a client and a resolver, but they do not remove the need to trust the resolver.
Administration
ICANN helps coordinate the global domain-name system, including policies around generic top-level domains. Registries run top-level domains, registrars sell or manage domain registrations for customers, and authoritative DNS providers host the records.
In practice, a website owner may use one company for registration, another for DNS hosting, another for email and another for web hosting.
See Also
References
Discussion log
Use comments for sourcing notes, corrections, and disputed details.
No comments yet.