What is DNS service and how does it work
What is DNS? How does it work? Virtually speaking, when you need to access a certain website your computer needs to know what IP address it resides on. In layman's terms, computers have no idea what the domain is. However, it understands the IP address. And it can obtain the IP for the domain you want to access from a DNS server. One of the common DNS services you can use to build your own DNS server is BIND9.
So, look at the DNS as an address book. Imagine that a house is a server that hosts the domain
bluegrid.io and the address book keeps the pairing
family name : address. Let's pretend that the family name is the domain (bluegrid.io) and that address is the IP address (220.127.116.11). How does this relate to DNS? Well, easily, if you (a client computer) want to find a certain house (visit bluegrid.io) you'll take a peek into the address book (DNS) and get directions/address (IP address). There you go!
Every device (house) on the internet has been given an IP address. Every client device that needs to communicate with these other devices has been instructed which DNS server (address book) to contact for IP address information. Simplified DNS diagram looks something like the following:
Simplified? Is there more?
Oh yes 😁. Let's move this topology to a test! There can't be just one DNS server? Right? Absolutely no! For one, we can recognize four different types of DNS servers:
- DNS recursor
- Root nameserver
- TLD nameserver
- Authoritative nameserver
Also, important to mention is that there is a global grid of DNS servers communicating with each other. This way we can ensure that our computers will obtain the necessary information when required.
DNS recursor is the first point of contact when your computer needs to obtain an IP address. It can be seen as a person who can tell you in which state a certain house you are looking for is located. The client is sending a recursive DNS query to this server which is why it's called this way. Recursive query means that we are asking for either a correct answer or error. Recursor will try to resolve the domain either by pulling information from its cache or from querying lower-level DNS servers. If it doesn't hold DNS information in its cache, the DNS recursor will direct your computer to the root name server for a further DNS lookup. Important to note is that recursor will perform the actual domain name resolution. This process is called the iterative DNS query. It means that our recursor will ask any lower-level DNS server for the best possible answer they could provide. If these servers aren't able to provide the best possible answer they will direct the recursor to next in chain lower level DNS server.
The root name server is the next step in domain name resolution. If the previous server didn't have the DNS information in its cache, that is. Root server holds the index of all the TLD name servers (cities in a country). When your DNS query reaches root server it will tell the recursor which TLD name server holds next clue.
The TLD name server can be seen as someone who has information in which municipality the house you are looking for is located. We are on the third step in domain name resolution. When recursor reaches the TLD name server it'll get info about the Authoritative name server holding the next clue.
And we have reached the last step in domain name resolution! An authoritative name server is a person who can tell you the actual street address where the house is located. This server will respond to recursor with the actual IP addresses for a domain their computer asked resolution for.
So, the steps plainly are as follows:
- The computer wants to open
http://bluegrid.ioso it asks the DNS recursor (or local Internet Service Provider provider name server) server for an IP
- Recursor will take on resolving this domain as its personal task so it contacts the root server for information about TLD name server
- Root name server responds to recursor with information about the location of the TLD name server
- Recursor now contacts the TLD name server for information about the IP address of the Authoritative name server.
- Finally, recursor contacts Authoritative name server for the IP address domain bluegrid.io. Actually, if there are CNAMES like www behind this domain, the same, or other Authoritative name servers will respond with appropriate IP addresses.
Graphically, it looks something like this:
Yeah, now that's more like it! Blue lines with numbers 1 and 8 are recursive queries. All black lines are iterative. If, for example, recursor needed to find www record for bluegrid.io it would send non-recursive DNS queries towards the Authoritative DNS server. Non-recursive queries are those last in the chain when the recursor or other DNS resolver knows that certain Authoritative name server holds the information we need.
Let's mention the DNS cache. Every DNS server regardless of a type can have (not as a rule) local cache. This way resolving domains can be much faster. Of course, if the change behind the domain IP happened in the meantime, it won't be visible until the DNS cache expires but, that is the price we are willing to take for faster resolution.
How to install DNS on Ubuntu server
How to install DNS on CentOS