The Domain Name System (DNS) is the hierarchical and decentralized naming system for computers, services, or any resource connected to the internet or a private network. It serves as the “phonebook” of the internet, translating human-readable domain names (e.g., www.upsc.gov.in) into machine-readable IP addresses (e.g., 103.21.127.32) required to locate and address devices worldwide.
The DNS Hierarchy and Structure
DNS is organized into a tree-like structure, ensuring that domain management is distributed and scalable rather than centralized.
- Root Level: The apex of the hierarchy, represented by a dot (.). There are 13 logical root server clusters globally, operated by various organizations.
- Top-Level Domains (TLDs): The segment following the last dot. They are divided into two main categories:
- gTLDs (Generic): .com, .org, .net, .edu, .gov.
- ccTLDs (Country Code): .in (India), .uk (United Kingdom), .jp (Japan).
- Second-Level Domains (SLDs): The part directly to the left of the TLD (e.g., in “google.com”, “google” is the SLD).
- Subdomains: Additional levels created under the SLD (e.g., “mail.google.com”).
How DNS Resolution Works
When a user enters a URL into a browser, a sequence of events occurs to map the domain to an IP address.
- DNS Query: The browser asks the OS or a recursive resolver (usually provided by an ISP) for the IP address.
- Recursive Search: The resolver checks its local cache. If the data is absent, it queries the Root Server.
- Referral: The Root Server directs the resolver to the appropriate TLD Server (e.g., the .in server).
- Authoritative Answer: The TLD server directs the resolver to the Authoritative Name Server, which holds the final mapping of the domain to the IP address.
- Response: The resolver provides the IP address to the browser, which then connects to the web server.
Key DNS Components and Records
To manage traffic and security, DNS uses various “record types” that tell the network how to handle a specific request.
| Record Type | Purpose |
| A Record | Maps a domain name to an IPv4 address. |
| AAAA Record | Maps a domain name to an IPv6 address. |
| CNAME | Creates an alias for a domain (points one name to another). |
| MX Record | Directs email to a mail server. |
| NS Record | Identifies the authoritative name servers for a domain. |
| TXT Record | Used for verification (e.g., SPF/DKIM for email security). |
DNS Security Concerns
Because DNS was designed in the early days of the internet, it was not inherently secure, leading to several vulnerabilities.
- DNS Spoofing/Cache Poisoning: An attacker injects false data into a resolver’s cache, redirecting users to malicious websites.
- DNS Amplification (DDoS): Attackers use open DNS resolvers to flood a target server with massive volumes of traffic, causing a service outage.
- DNSSEC (DNS Security Extensions): A suite of protocols that adds a layer of authentication to DNS queries using digital signatures to prevent tampering.
- DNS over HTTPS (DoH): Encrypts DNS queries using the HTTPS protocol to prevent eavesdropping and protect user privacy from ISP surveillance.
Trivia and Key Facts
- Distributed Nature: DNS is intentionally distributed. No single entity manages all domains; management is delegated to registrars and registry operators.
- ICANN: The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces of the internet, ensuring the network’s stable and secure operation.
- TTL (Time to Live): A value in a DNS record that tells the resolver how long to cache the IP address before requesting an update from the authoritative server.
- Anycast: DNS uses a routing methodology called Anycast, where the same IP address is assigned to multiple servers across the globe. When a query is made, it is routed to the “nearest” server, reducing latency.