Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
What Is DNS? A Deep Dive into the Internet’s Hidden Backbone
What Is DNS? A Deep Dive into the Internet’s Hidden Backbone
1. What Is DNS?
DNS (Domain Name System) is the system that translates human-readable domain names like google.com into machine-readable IP addresses like 142.250.74.238.
It’s essentially the phone book of the internet:
- Humans remember domain names.
- Computers communicate using IP addresses.
DNS acts as the translator between them.
2. Why Does DNS Exist?
Because:
- IP addresses are hard to remember, especially IPv6 (e.g.,
2001:4860:4860::8888) - Brands need readable, consistent names like
amazon.com - IP addresses can change, domain names stay consistent
- Almost every internet connection begins with a DNS lookup
3. How Does DNS Work? (Step by Step)
When you visit example.com, your browser doesn’t go straight to the website. Instead, it follows a multi-step lookup process:
- Browser cache
If you’ve visited the site recently, the answer may already be cached. - OS cache
Your operating system checks its local DNS cache. - Router/Resolver
If not cached, the DNS query is passed to the system’s configured DNS server (e.g.,8.8.8.8), which resolves the address recursively.
DNS Resolution Chain:
- Root Name Server
Handles the root (.) zone and directs queries to the TLD servers. - TLD Name Server
Manages.com,.net,.org, etc. - Authoritative Name Server
The final source of truth for the domain — it holds the DNS records forexample.com.
The recursive resolver does all this behind the scenes and returns the final IP to your system.
4. DNS Record Types
| Type | Description | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com → 93.184.216.34 |
| AAAA | Maps domain to IPv6 address | example.com → 2606:2800::... |
| CNAME | Alias for another domain | www.example.com → example.com |
| MX | Mail server for domain | mail.example.com |
| NS | Delegates domain to name server | ns1.dnsprovider.com |
| TXT | Arbitrary text, often for SPF, DKIM, etc. | "v=spf1 include:_spf.google.com" |
| PTR | Reverse DNS (IP to name) | 34.216.184.93 → example.com |
| SRV | Defines service location/port | _sip._tcp.example.com |
| SOA | Start of Authority — metadata | Admin contact, serial, refresh time |
5. Types of DNS Queries
Recursive Query
Client requests a full answer; resolver does all the work.
Iterative Query
Server responds with a referral to another server instead of a full answer.
Non-Recursive Query
Used when the resolver already knows the answer from its cache.
6. DNS Caching & TTL (Time to Live)
Every DNS record has a TTL, e.g.:
example.com. 3600 IN A 93.184.216.34
This means the result is valid for 3600 seconds (1 hour). After that, a new lookup is required.
Benefits:
- Faster responses
- Reduced DNS traffic
- Lower load on authoritative servers
Risks:
- If the IP changes, cached records may still point to the old address
7. Key Components in the DNS System
| Component | Role |
|---|---|
| Stub Resolver | Your operating system’s DNS client |
| Recursive Resolver | Performs lookups on your behalf (e.g., Google DNS) |
| Root Server | Top of the DNS hierarchy |
| TLD Server | Knows where .com, .org, etc., domains are handled |
| Authoritative NS | The final source of truth for the domain |
8. DNS Security Vulnerabilities
DNS Spoofing / Cache Poisoning
An attacker injects fake data into a resolver’s cache, sending users to malicious sites.
DNS Amplification
Small queries trigger large responses, overwhelming a target in a DDoS attack.
DNS Hijacking
Traffic is redirected to rogue servers — can be done by ISPs or malware.
MITM Attacks
Because DNS is typically unencrypted, attackers on the network can alter queries or responses.
9. How to Improve DNS Security
DNSSEC (DNS Security Extensions)
Adds digital signatures to DNS records. Protects against forged responses.
DoH (DNS over HTTPS)
Encrypts DNS queries using HTTPS. Prevents sniffing and manipulation.
DoT (DNS over TLS)
Encrypts DNS queries at the protocol level using TLS.
Trusted DNS Providers
- Google DNS →
8.8.8.8,8.8.4.4 - Cloudflare →
1.1.1.1 - Quad9 →
9.9.9.9
10. Hands-On Tools and Commands for DNS
nslookup
nslookup example.com
dig
dig example.com A
dig +trace example.com # Full resolution path
host
host -t mx gmail.com
Wireshark or tcpdump
To capture and analyze DNS packets
11. Where Does DNS Show Up in Real Life?
- Every time you visit a website
- Sending and receiving email (via MX records)
- Connecting to game servers
- Smart home and IoT devices
- VPN and proxy server configurations
12. DNS and System Performance
- If DNS is down or slow, everything feels broken.
- A failed DNS server = no internet resolution, even if you have network access.
- TTL values affect how frequently lookups are made and how fresh the data is.
13. Now I Understand DNS, Not Just Memorize It
After deep research and testing, I now view DNS as a layered, distributed, fault-tolerant and also vulnerable infrastructure.
To turn theory into experience, I plan to:
- Compare DNS performance (Google vs Cloudflare)
- Analyze DNSSEC-signed domains
- Capture live traffic with Wireshark
- Use
dig +traceto visualize resolution chains - Simulate cache poisoning attacks in a safe lab environment