The Domain Names System (DNS) is a technology that enables connectivity on the World Wide Web. Much like a phone book for the Internet age, DNS contains all the addresses of everything connected to the Internet and provides the framework for web browsing. DNS provides a distributed database of website addresses and their corresponding IP addresses.
Likely DNS is something you have already heard about simply because the Domain Name System makes the Internet tick. One commonplace example of DNS popping up in everyday Internet use is the DNS error message that displays when you type a website incorrectly in your web browser. In this article, we will demystify nameservers, DNS, and domain names and help piece together how DNS makes the Internet, WAN, and LAN networking services work.
When Was the DNS System Created?
Long before DNS was created, the Internet didn’t exist as we know it today. It was a research project known as the Advanced Research Products Agency Network (ARPAnet). A handful of servers would communicate to one another by looking up the server host-names recorded in a HOSTS file. Yes, this is the same HOSTS file that you would find on modern releases of Windows Server, Mac, and the Linux Operating System.
To see your HOST file, simply browse to:
- Mac – cat /etc/hosts
- Linux – cat /etc/hosts
- Windows – c:\Windows\System32\Drivers\etc\hosts
As you can see from the example, most HOST files don’t contain a lot of information these days, but you can still add local servers and computers to your HOST files. When your computer looks up a server name, it will always check the HOSTS file first before looking up DNS records.
Before the Domain Name System (DNS), the HOSTS file was shared between every networked computer. Each computer would have to download the master HOSTS file. The HOSTS file was centrally managed and kept up to date by Stanford University. However, the system was flawed because it did not work at scale and soon Stanford University servers were overloaded with requests for its host-names – a better system was needed.
In 1983, the idea of a domain name database was published in RFC882 and RFC883 by Paul Mockapetris, but it was not until 1986 that the DNS System was chosen as one of the very first Internet Standards. It was then that the very first top-level domains were created, most of which are still in use today.
What Is the Domain Name System (DNS)?
The Domain Name System is a complex system to understand, but without DNS, hostnames, or domain names, each Internet user would have to remember every raw Internet Protocol (IP) address of their favorite websites. For example, instead of visiting www.google.com, you would visit 18.104.22.168.
You’ll likely agree that it’s a lot easier to remember “Google” than a string of IP addresses. It doesn’t matter if you use the DNS resource record (hostnames) or an IP address, the result is the same. It is the Domain Name System (DNS) that turns www.google.com into 22.214.171.124!
Now consider that for every single website in the world, each one has a different IP address and often multiple IP addresses per website. It’s difficult to imagine the sheer scale of the Internet, not to mention the size of the hypothetical phone book needed to store all of the domain name system data.
There are three primary purposes of the Domain Name System:
- To route traffic over the Internet to the domain name associated with the desired IP address.
- Increasingly, to publish metadata.
- To publish additional information often regarding authentication, encryption processes (such as X.509 certs), and website reputation. You can even deliver credentials over DNS using DNSSEC.
It is clear to see that DNS is evolving as the Internet matures and the world becomes more security-conscious.
What Is DNS Propagation?
Think back to the phone book analogy. The phone book is a static list of names and addresses, and once it’s published, there is no option to update it. DNS is completely different, as websites dynamically update their IP addresses all the time. So, what happens if the IP address of your favorite website changes? If the domain name in the DNS is pointed to an old IP address, that’s where DNS Propagation comes in.
DNS Propagation occurs when any changes to a DNS record are updated and published around the world’s DNS Name Servers. There are thousands of DNS Name Servers located around the world, and as you can imagine, it may take some time to update the entire system when a domain name entry is updated. While officially the process can take up to 72 hours, DNS Propagation is normally completed in just a few hours.
When you consider the near-real-time impact the Internet has on our lives, it’s hard to imagine that these changes take so long for DNS servers to handle. According to NS1, one of the world’s biggest DNS providers, traditional DNS takes so long to propagate for three reasons:
- Time to Live (TTL) Settings – Time to Live (TTL) is a DNS setting that declares how long the DNS cache remains on your computer. Every time your computer requests a website address, the DNS records are cached locally, and the TTL setting defines how long your computer will use the cached local copy before reaching out to the Internet to update its DNS records. In most systems, TTL is set to 1500 seconds (25 minutes). There are hundreds of DNS providers on the Internet and updates can take 25 minutes at each DNS provider – hence the time can add up.
- Internet Service Provider (ISP) – Your Internet provider also uses a DNS cache for DNS entries to speed up a user’s access to the Internet. The user pulls the DNS record direct from the provider, which is usually the first step when hopping on the Internet. ISPs ignore TTL configurations and set their own timeout on DNS cache refreshes.
- Domain Name Registry – Changing the authoritative server creates long delays in DNS propagation. The authoritative server is the official DNS records holder, and if you move from one IP address to another, the change needs to be reflected in the entire DNS hierarchy. These changes can take over 48 hours to complete.
There are things you can do to speed up DNS servers’ propagation, and we will go into detail about this later.
What Is DNS Hierarchy?
The DNS Database has to be structured in a specific hierarchy to work properly due to the sheer scale of the domain namespace. The DNS hierarchy is a tree hierarchy. It starts with the top-level domains and then extends to subdomains. TLD examples include .com, .net, .org, .edu, .mil, .gov, .us, .ca, .info, .biz, and .tv.
Consider the following for our domain name: https://www.atlantic.net
- HTTPS:// – is the protocol
- www – is the subdomain
- Atlantic – is the domain name
- .net – is the top-level domain (TLD)
- Atlantic.Net – The root domain includes the domain name and top-level domain (TLD)
Did you know that the dot net top-level domain was originally reserved for an Internet Service Provider (ISP) or for Internet administrative servers? In the early days of Atlantic.Net, we provided telecommunication services throughout Florida, hence we chose “Atlantic.Net.”
The dot com domain is reserved for companies (however this has not been strictly observed) and of course, you get country domains such as au—Australia, uk—the United Kingdom, us—the United States, or ca—Canada.
What Is a DNS Name Server?
The Name Server stores DNS Records such as IP address records (A – AAAA Record), Aliases, Name Server (NS) records, and information about email exchange (MX record). There are many other DNS Record types stored on a Name Server (far too many to go into detail about here), but these four are the most common records you will discover. DNS Service provider Cloudflare has produced this useful list of all the DNS record types that are available.
There are multiple layers in the DNS Name Server hierarchy, and each layer has a Name Server. The Domain Name System consists of multiple servers located around the world that perform the translation of DNS names into IP Addresses. The Top-Level Root name servers, managed and maintained by the Internet Corporation for Assigned Names and Numbers (ICANN), are used to maintain the domain name hierarchy and the IP Address system.
The next layer consists of Name Servers that manage Internet resources at the registrar level. A registrar is a company that sells domain names such as 123reg. They also maintain a hierarchy of master name servers that propagate to other registrars globally.
Next are the DNS Name Servers that are managed and maintained by Internet Service Providers and telecoms providers; these provide DNS caching.
Finally, you have individual domain controllers at a local layer (such as a business) that manage local DNS requests and route up the hierarchy for any unknown addresses.
No matter which layer the name server is at, they all perform similar functions.
There are four types of DNS servers for the DNS lookup process:
- Recursive DNS Resolver – The DNS recursive resolver (sometimes called a Local DNS nameserver) is a server that acts as the first stop in a recursive query from a client machine. The DNS resolvers are the middlemen between the client and the nameserver by making additional requests to resolve a client query. The DNS resolver recursively chains a query for DNS resolution.
- DNS Root NameServer – The root servers are the name servers responsible for the top-level domain within the hostname. For example, the root name server would refer the request to the Atlantic.Net DNS server.
- TLD Name Server – Top-Level NameServers provide DNS services and DNS resolution for each domain extension. The TLD servers are managed by the Internet Assigned Numbers Authority (IANA) which is a division of ICANN. Each TLD is divided into the generic top-level domains including .com, .org, .net, .edu, and .gov, and the country code top-level domains that include .uk, .us, .ru, and .jp and so on.
- Authoritative DNS Servers – An authoritative DNS server is a name server that has the authority to respond to DNS queries for a subdomain. It is usually the last step before resolving an IP address from a DNS A Record or CNAME record alias.
What Is an Authoritative Name Server?
An authoritative name server is a DNS name server that has the authority to respond to DNS queries by checking DNS records that are stored locally on the authoritative name server. There are three types of authoritative name servers:
Primary master authoritative name server
The primary master contains the master copy of the DNS records and it acts as the primary authoritative name server; all clients look to the server as the source of truth for DNS services.
Secondary server authoritative name server
The secondary server has an exact duplicate of the specific zones hosted on the primary authoritative name server. There can be many secondary authoritative name systems on the network, and they can even process master zones.
Stealth authoritative name server
Stealth servers, sometimes called DMZ or hidden authoritative name servers, are non-public authoritative DNS resolvers. These are often implemented in security-conscious environments; any DNS request for public resources goes straight out to the ISP Name server.
What is a Local DNS Server?
Most home networks and nearly all business networks have at least one local DNS server. A local DNS server is usually the very first hop when resolving a DNS recursive query. If the resource you are connecting to is located on the local network, there is no requirement for DNS to query your ISP authoritative DNS server, and the ISP domain name servers would never even keep a record of your local resources anyway.
For such a query, Local DNS is used. This can be a DNS server running on your network equipment or a fully configured corporate DNS Server farm configured as a local authoritative DNS server. Local DNS Servers run on Windows Servers and Linux Operating Systems, and they are typically managed by system administrators using a DNS manager tool.
One of the most common uses of DNS is by Microsoft Active Directory Domain Servers (AD DS). Active Directory Domain Controllers use DNS to manage local resources. Networked Computers and Servers use DNS to locate the Domain Controller, and the Domain Controllers use DNS to locate all other Domain Controllers and local domain names.
If you operate a Windows network of Computers and Servers, the DNS service is enabled by default. This allows automatic discovery of DNS servers, networked resources, and other servers on the local network.
How do I fix a DNS Server problem?
DNS is used everywhere, including on your home network, in your workplace, and on all the infrastructure you are using to read this post. Most end-users interact with DNS in a work environment, and DNS is a key component of the entire business network. A DNS not only points your internal DNS queries from your web browsers to internal corporate websites, but also ensures that a business directory server has a route to every server connected to the network.
DNS at Atlantic.Net
Atlantic.Net’s Cloud Portal includes a DNS management module that enables you to manage DNS records for your domains. DNS records tell people where your domain is hosted so they can reach it by name instead of just by server IP.
- From the ACP Cloud Portal, navigate to the “DNS” button and click “Add Domain.”
- After adding your domain, you will get a popup that says “Domain created successfully!”
- After hitting “OK” on the popup, you will go back to the DNS page with a list of your domains. There are buttons next to each labeled “Manage” and “Delete.”
- “Delete” will delete the domain and all associated DNS records from the system, and “Manage” will take you to the management page for that domain.
- The next step is to add a DNS record; this information is available from your domain registrar.
- Click the “Add DNS Record” button and fill in the information:
- In the Type column, choose “A/AAAA.”
- Leave the Host field empty.
- In the Content column, enter your server IP address.
- Click “Add.”
The records may take a few minutes to make their way to the rest of the world or “propagate.” While our side knows the records were added, those records then have to propagate to all other name servers that any other computer is using for others to be able to access it correctly. This process can take up to 72 hours to complete globally but is usually done locally within 5-15 minutes. We can test our newly created record by either going to the site or checking a DNS propagation tool such as WhatsMyDNS.
What Is My DNS Server Address?
If you are on a home network, the DNS server is usually the IP address of your home network router. This is because in most home scenarios the router is responsible for resolving DNS lookups. The IP address will be either 192.168.1.1 or 192.168.1.254 in most setups; if you browse to this address you will be prompted to log into the home router. For internal networking, the router will redirect traffic locally, and for a DNS query on the Internet, the router will query the DNS server provided by your ISP.
Corporate types of DNS systems are usually different; in a corporate situation, a dedicated DNS server will serve DNS requests. These types of DNS systems are typically managed by system administrators; a standard user would never normally interact with them. If you are using Windows type ipconfig /all to view information about your DNS configuration.
If you are using a MacOS or Linux type scutil –dns | grep ‘nameserver\[[0-9]*\]’
What Is “DNS Server Not Responding?”
If after a DNS query you are getting the error message that reads something like “DNS server is not responding” it’s likely your Internet access is down or you are unable to browse to an internal website. In most circumstances, this error is a Local issue with your computer rather than with the DNS resolver; check network connectivity, reboot your router, or reboot your pc. this will fix the problem in most scenarios, if you are using a business system contact the IT department.
What Does DNS Stand For?
DNS stands for Domain Name System.
How Do I Change DNS on Windows 10?
On a Windows client system, you can check the DNS settings using ipconfig; however, to configure DNS settings perform the following process (this is the same process for IPV4 and IPV6).
- Right-click the network icon in the system tray and then click Open Network And Sharing Center.
- Click Change Adapter Settings.
- Right-click the appropriate network adapter and then click Properties.
- Double-click either IPv4 or IPv6)faith.
- Click Use The Following DNS Server Addresses and then enter a valid IPv4 or IPv6 address for a DNS server that is accessible to the client.
You can also configure DNS settings by using Netsh.exe from the Command Line
netsh interface ip set DNS name=”Ethernet” static <DNS Server IP>
If you prefer to use Windows PowerShell to manage DNS, type :
Set-DNSClientServerAddress -interfaceIndex <your ethernet-id> -ServerAddresses (‘<DNS Server IP>’)
How Do I Configure DNS Advanced Settings?
Advanced DNS Settings are available from the properties box on your IPV4 or IPv6 adapter. Click Advanced and then click the DNS tab. If you want to take a deep dive into the configuration I highly recommend this book from Microsoft – Exam Ref 70-698 Installing and Configuring Windows 10, 2nd Edition
The advanced DNS settings are:
Append Primary And Connection Specific DNS Suffixes
This option controls how the DNS resolver on the local client appends the DNS suffixes during queries. It lists the nameservers your computer will use for DNS resolution and the order in which they will be queried.
Append Parent Suffixes Of The Primary DNS Suffix
Appending suffixes speeds up the process of name resolution during a DNS query; performance is marginal on small systems, but on enterprise-scale systems, this is an essential service.
Append These DNS Suffixes
This option enables you to define suffixes and order them for a DNS query. Consider the DNS suffix cloud.atlantic.net, it will append atlantic.net and .net to the query. Again, this is a service designed to speed up DNS queries in large environments.
DNS suffix For This Connection
You can define a DNS suffix for each network interface card installed in your device. This is automatically set when running Active Directory.
Register This Connection’s Address
When selected, this option enables your server to dynamically create DNS records.
Use This Connection’s DNS Suffix
This option determines whether the IP addresses and the connection-specific domain name of this connection are registered with DNS.
What Is DNS Spoofing?
DNS Spoofing is a technique used by Hackers to redirect unexpected users to fake websites at IP addresses they choose rather than the IP addresses in a legitimate DNS record. It is similar to ARP poisoning, except the attack attempts to hijack the DNS cache. This can result in the victim being redirected to bogus Internet sites after making a DNS query.
The risk of DNS spoofing can be mitigated by using these techniques:
- Resolve all DNS queries locally.
- Implement DNSSEC.
- Block DNS requests from going to external DNS servers.
It is important to remember that spoofing attacks trick victims into thinking that something legitimate is occurring.
What is Google Public DNS?
Via IPv4 the addresses are 126.96.36.199 and 188.8.131.52
Via IPv6 the addresses are 2001:4860:4860::8888 and 2001:4860:4860::8844
How Do I Troubleshoot DNS?
There are many online resources that can help determine whether a DNS record is set up correctly, most notably WhatsMyDNS which was referenced earlier. With WhatsMyDNS you can check each DNS record type you’re using. The only thing to note would be that WhatsMyDNS does not differentiate the TXT records (SPF, DKIM, and DMARC), and it will only provide the output for those records, not whether or not they are working as needed.
MXToolbox is another resource that can help with checking DNS records, specifically MX records. They also provide other services, including blacklist checks against a long list of blacklists, SMTP Diagnostics (some email providers require strict SMTP settings, including some DNS settings), and a Domain Health Report, which can determine what can be done to improve DNS configuration.
Another convenient toolset is the default DNS tools that come with most operating systems. Windows comes with the ‘nslookup’ command, which can perform DNS queries directly from your system, and Linux systems also have the ‘dig’ command, which allows for similar requests. You can find a guide on using ‘nslookup’ here and one for ‘dig’ here.
What Is DNS Caching?
DNS caching is when DNS servers or root servers store DNS records locally. DNS caching reduces the wait time from your web browser request, quite often resource record needed in available almost instantly. The DNS lookup process is quick, and a recursive DNS query is much faster.
One issue experienced with DNS caching is that the DNS lookup request might be out of date, which can cause delays on the resource record being updated. You can flush the DNS caching by issuing the command ipconfig /flushdns. This forces the DNS resolver to make a new DNS query every time a web browser requests a page – thus forcing the DNS caching to update.
What’s a DNS Zone?
A DNS zone is an administrative unit that hosts a collection of computers in the DNS namespace. The Zone is considered a sub-tree of the DNS database. The DNS configuration for a zone is stored in a zone file and the DNS servers refer to the information within the zone file.
What Is the “in-addr.arpa” Zone Used for?
This zone is used by a reverse lookup of a hostname.
What Port does DNS use?
DNS uses TCP/UDP port 53
What Are the Requirements from DNS to Support Active Directory?
When you install Active Directory on a domain server, the process promotes a server to a domain controller. Active Directory uses DNS as the location mechanism for domain controllers, enabling computers on the network to obtain the IP addresses of domain resources. During installation, the service (SRV) and address (A) records are dynamically registered by DNS, enabling the DC to find domain resources and vice versa.
To find domain controllers in a domain or forest, a client queries DNS for the SRV and A record of the domain controller which is granted the IP addresses of the DC.
When adding a domain controller to a domain forest, the DNS zone is updated with the Locator DNS resource records identifying the resource. For this to work, the DNS zone must allow dynamic updates (RFC 2136), and the DNS server hosting that zone must support the SRV resource records (RFC 2782) to advertise the Active Directory directory service.
If the server does not support the required standards or the authoritative DNS zone cannot be configured to allow dynamic updates, the process will not work correctly.
Where Can I Learn More About DNS?
Atlantic.Net’s engineers have first-hand experience with the complexities of DNS server management. Our private and public VPS Cloud solutions have innovative, easy-to-use DNS resolver features built-in all available with a few clicks in your web browsers, taking the complexity out of DNS. All you need is a top-level domain (TLD Name) from your DNS provider; our system handles everything else.
Should you have any trouble with the cloud DNS Manager, you can contact our technical support at any time via email at [email protected], phone at 1-800-540-4686 option 2, or LiveChat anywhere on the site.
An industry-leading cloud hosting services provider, Atlantic.Net brings over 25 years of experience, hosting the infrastructure of top organizations. All personnel is trained to high-security standards, and Atlantic.Net is audited to ensure our VPS hosting platforms are built and managed to the highest of standards.
We can help you to achieve a fully secure and protected environment. Contact our sales team today to find out more about how Atlantic.Net can benefit your organization.