The Domain Name System is part of everyday web surfing, and many people don’t even realise. DNS enables the domain names that users type into the browser to be trans­lated into server IP addresses that the computer can work with.

Free DNS hosting in the UK
Reduce page loading speeds with free DNS
  • Faster domain res­ol­u­tion to keep you online longer
  • Added pro­tec­tion against outages and downtime
  • UK-based name servers
  • No domain transfer needed

What exactly is DNS?

The ab­bre­vi­ation DNS stands for ‘Domain Name System’. With the help of DNS, human-readable domain names are converted into server IP addresses. As soon as you type a domain you know, such as www.ionos.co.uk, into your browser, it searches various DNS servers for the domain name. The search usually starts at the router’s DNS server. From there, several other DNS servers are searched for the desired domain name until it is found.

Your browser then finds the cor­res­pond­ing IP address so that it can finally establish a con­nec­tion to the desired website. The Domain Name System is therefore required to com­mu­nic­ate in a network without knowledge of the re­spect­ive IP addresses.

How does the Domain Name System work?

The Domain Name System is often referred to as the ‘internet’s phone book’ and there’s good reason for that. It is directly related to the way DNS works since it finds suitable IP addresses for given domain names. This process is called DNS name res­ol­u­tion and can be un­der­stood as follows:

  1. You enter any web address in the search line of your browser.
  2. The search is forwarded to a DNS resolver, which is usually managed by your ISP.
  3. The DNS resolver forwards the search to a DNS server and is referred to another DNS server.
  4. The DNS resolver is forwarded to different DNS servers until it finds the name of the web address.
  5. The final server searches its records until it finds the cor­res­pond­ing IP address and returns it to the DNS resolver.
  6. The DNS resolver delivers the IP address to the web browser. The browser accesses the cor­res­pond­ing website.

Various com­pon­ents such as the DNS resolver and different nameserv­ers therefore play a role in name res­ol­u­tion. Roughly speaking, the DNS resolver is the program that controls the name res­ol­u­tion process and obtains the necessary in­form­a­tion from the Domain Name System. The command line tool nslookup can be helpful in checking whether the name res­ol­u­tion is working correctly.

Which servers are used for DNS?

A dis­tinc­tion can be made between different nameserv­ers that play a role in name res­ol­u­tion:

  • DNS root server: Root servers are au­thor­it­at­ive nameserv­ers that normally return a list of other au­thor­it­at­ive nameserv­ers for a given top-level domain.
  • TLD nameserv­er: The TLD server responds depending on the par­tic­u­lar top-level domain. If you search for www.ionos.co.uk, a TLD nameserv­er for the .co.uk domain extension will respond.
  • Au­thor­it­at­ive nameserv­ers: Au­thor­it­at­ive nameserv­ers are re­spons­ible for DNS zones, which is an in­di­vidu­al domain or subdomain. The in­form­a­tion that au­thor­it­at­ive nameserv­ers provide is au­thor­it­at­ive. A dis­tinc­tion is made between primary and secondary DNS.
  • Non-au­thor­it­at­ive nameserv­ers: Non-au­thor­it­at­ive nameserv­ers obtain their in­form­a­tion from other au­thor­it­at­ive nameserv­ers.
Tip

Sometimes the DNS server doesn’t respond. In this case you should try, for example, to change your web browser, tem­por­ar­ily disable the firewall or restart your router.

Criticism of the Domain Name System

Although the DNS plays a major role in daily network traffic, the system also has its problems. One of the biggest problems of the DNS is its security gaps. Since DNS servers store the IP addresses belonging to a domain in an un­en­cryp­ted form and basically pass them on to anyone who asks for them, they are an ideal target for cy­ber­crim­in­als.

DNS leaks are also a problem faced by users who would like to keep their surfing private. During a leak, a DNS request is sent un­pro­tec­ted to a nameserv­er instead of being sent via the VPN.

The DNS can also cause problems when it comes to free, un­censored internet. Just recently, for example, the Russian Ministry of Digital De­vel­op­ment ordered all do­mest­ic­ally available internet services to be routed through Russian DNS servers, so that foreign websites would be blocked. This makes it possible for au­thor­it­ari­an gov­ern­ments to monitor all network traffic. It is also possible to censor through the DNS if, for example, a par­tic­u­lar top-level domain was blocked. Internet providers can also block access to certain websites to implement gov­ern­ment cen­sor­ship re­quire­ments.

An overview of DNS ex­ten­sions

There are several DNS ex­ten­sions that help to add ad­di­tion­al func­tion­al­ity to the Domain Name System:

  • DynDNS or DDNS: DynDNS or dynamic DNS is supposed to ensure that the domains in the Domain Name System are updated regularly and auto­mat­ic­ally. As soon as a computer changes its IP address, this change is recorded in the cor­res­pond­ing DNS record.
  • Extended DNS: Various protocol ex­ten­sions of DNS have been combined into Extended DNS. The extension is essential for trans­port­ing UDP packets.
  • DNSSEC: DNSSEC offers an en­hance­ment when it comes to security. DNSSEC is intended to prevent hackers from in­ter­fer­ing with DNS name res­ol­u­tion. For this purpose, the extension uses asym­met­ric en­cryp­tion.

The risks as­so­ci­ated with DNS queries

For network security, an outdated or poorly main­tained DNS can be prob­lem­at­ic. A popular attack strategy is DNS hijacking. This is when hackers take over the nameserv­er and you are re­dir­ec­ted to a site that you did not ori­gin­ally intend to visit. In com­bin­a­tion with pharming or phishing, the attackers then often try to get access to your sensitive data. It could also be that the sites you have been re­dir­ec­ted to try to infect your computer with malicious malware.

DNS spoofing is also a real danger when it comes to DNS queries. This is where only the name res­ol­u­tion is ma­nip­u­lated rather than the entire nameserv­er. This means that you do not get the correct IP address, because the DNS record has been altered to return an IP address con­trolled by the hackers. The site you end up on looks le­git­im­ate at first glance. The only thing it lacks is a security cer­ti­fic­ate.

Recursive and iterative DNS queries

During name res­ol­u­tion, different types of DNS queries ensure that the correct in­form­a­tion is retrieved:

  • Recursive query: the computer requests an IP address or con­firm­a­tion that the nameserv­er does not know that IP address.
  • Iterative query: Iterative queries are the most common. Here the computer requests the best possible answer from the DNS server. If the server does not know the cor­res­pond­ing address, it forwards the re­quest­ing person to au­thor­it­at­ive nameserv­ers.

A, CNAME, TXT and MX DNS records

DNS records are important DNS server entries. They indicate to which target address a certain domain name belongs. There are different types of DNS records:

  • A records: A records are the most common DNS records. They assign an IPv4 address to a domain and are used to point a domain to a web server.
  • CNAME records: This type of record is used to assign a subdomain to a parent domain.
  • TXT records: With the help of TXT records, you can assign any text to a domain.
  • MX records: MX records are used to map any domain to an email service.
Go to Main Menu