What is DNS?
Let's understand DNS by a simple analogy.
To call someone on their mobile, We need their mobile number, but once we have it, There is no need to remember it. We can save their name and number in the phonebook. Next time we need to call them there is no need to use the mobile number, Instead just call them using their name. Yes, our mobile is still using the number to call but we don't need to remember it.
In the same way, If we want to connect to a website, then we need the IP Address of that website but we don't need to remember the IP Address rather we just provide the text URL and DNS does its magic to give us back the IP Address of that website. After which our browser will automatically connect to the web server.
DNS - Domain Name System is responsible for retrieving the IP address of the provided URL. It uses UDP on the default port 53.
Parts of the URL
A URL or Unified Resource Locator is broken into different parts.
Let's understand this by taking an example - https://drive.google.com
DNS Lookup
Whenever we query a URL, Our browsers will first check if the IP Address of the URL is present in its local cache. Let's assume it is not then it checks with the Operating System, whether it has the IP address saved for that URL.
/private/etc/
in MacOS, at C:\Windows\System32\Drivers\etc\
in Windows and /etc/hosts
in Linux.Let's assume that even OS doesn't have the IP of the domain cached then a UDP packet is sent to the DNS resolver which is responsible for getting us the IP address.
A Resolver can be your Router, Google's DNS Resolver - 8.8.8.8, Cloudflare's DNS Resolver 1.1.1.1 or any other resolver.
A UDP Packet is sent to the Resolver.
The resolver will query the root server. There are only 13 root servers in the entire world but obviously, they are replicated. The root server doesn't have the IP address of the domain but It does have the IP address of the TLD server (.com or any other TLD). It returns the IP address of the TLD server.
The resolver will then query the TLD server that will return us the IP Addresses of authoritative nameservers.
The resolver will then query the authoritative nameserver. These nameservers will hold the IP Address of the domain. These servers are managed by the domain registrar.
Finally, The resolver will return us the IP address of the URL provided. Now this IP address will be cached. The cached IP address has a TTL - time-to-live or better understood as an expiry time after which the IP address is expired and the DNS lookup is again repeated.
This type of DNS query is known as a Recursive DNS query. There are other types of DNS resolutions as well
Iterative - When the resolver returns the IP address of the next server instead of giving the IP address of the URL (final server)
Inverse / Reverse - When we want to know the URL from the IP address.
Types of DNS Records
There are many types of DNS records, some of the most commonly used ones are:
A - Address. The domain address in IPv4.
AAAA - The domain address in IPv6.
CNAME - Canonical name or alias. To map subdomains.
MX - Mail Exchange. The address of the mail server for that domain.
SOA - Start of Authority. Includes all the admin information.
NS - Nameserver. The address of the server that contains the actual DNS Record.
Lookup DNS using nslookup
You can easily know the IP address of any website using the nslookup
command.
nslookup google.com
- This will provide us with the IP address of the given website
We can also find different types of records using the flag -type
Remember that they are Non-authoritative answers, meaning they are from the local cache. If you want the response from the authoritative NS then you need to include the NS after the URL.
That's a wrap on DNS
Peace out ✌️