Domain Name System, or DNS, is used to resolve domain names to IP addresses. When computers communicate with one another they require an IP address to know where to send the data, they cannot understand domain names. An example of a domain name could be ‘www.google.com’ or the name of a computer on a network. A computer cannot understand a name like ‘www.google.com’ or ‘my-server’ but it can understand IP addresses. Domain names are used to make it easier for us to understand and remember them, as trying to remember the IP address to all your favorite sites is a lot harder than trying to remember a human-readable name.
The way DNS works is pretty simple, it is basically just a table that has a list of domain names and their respective IP addresses. This means when you send it a domain name it will check the lookup table and respond with the corresponding IP address. However, not ever DNS will know every website and its IP address. The DNS server will then have to ask other DNS servers if they know the IP address of the domain name.
If a computer doesn’t have a record for a domain name it will ask the local DNS server. If the local DNS server doesn’t have a record for the requested domain name it will ask a Recursive Name Server, if the domain name still isn’t found, then it will ask one of 13 Route Servers which will forward the request to an Authoritative Name Server depending on what Top Level Domain (TLD) you are requesting. An Authoritative Name Server will handle requests for certain domain suffixes, such as .com or .org. Authoritative Name Servers are updated when domain names are bought and is the last stage of the DNS process, so if the domain name isn’t found then it probably doesn’t exist or hasn’t been replicated to the Authoritative Name Server yet. When you buy a domain or make changes to your website, that needs to be replicated to DNS’s so that when people search for the domain name they get the most up to date version of the website.
When the IP address is sent back to the Authoritative Name Server it will cache the results, also when your computer receives the IP address the record will be cached locally too. On Windows machines, the local DNS cache is referred to as the hosts file. This speeds up subsequent requests, as the process of receiving the correct IP address is shorter. These caches do not last forever as otherwise, you would always get old versions of websites. The local domain records on your computer can also be flushed or deleted. This can be important to do as not only will you then receive the new updated version of a website but also someone could hack into your computer and manipulate your local DNS cache. They could change a record to point to a malicious site, so when you think you’re going to www.google.com’ you’re actually going to their website.
The 13 Route Servers have hardware duplicates, or replications, worldwide to enable global access and speed of delivery. In most home networks the router will have its own internal DNS, which is why you don’t need a DNS server, and it can also manage other server protocols such as DHCP. In business networks, they often have their own local DNS server which allows more configuration and can allow them to set up their own internal intranet, for example setting up a webserver to serve a website that is only accessible inside the business network.
Reverse DNS, or rDNS, is the process of getting a domain name from an IP address. The reverse of what DNS usually does. This can be important for security and checking the integrity of a website. AS mentioned, a hacker could manipulate your local DNS cache to point to a malicious website. Reverse DNS could be used to ensure that the IP address belongs to the correct domain name. For example, when you ask to go to ‘www.google.com’ your computer asks the local DNS for the IP address, but it could also then use reverse DNS to validate that the IP address returned belongs to ‘www.google.com’. Reverse DNS can only be done on a DNS server, so unless the hacker has also gained access to the local DNS server, the malicious change to your cached DNS records will not work. Reverse DNS also means you can actually type the IP address of a website inside your browser, instead of the domain name, and still get sent to the same website.