What are dns and what are they for? all the information you should know
Table of contents:
- The beginning of the internet and its collapse
- Domain names
- DNS (Domain Name System) servers
- DNS cache
- DNS security with DNSSEC
- Free DNS services: OpenDNS and Google Public DNS
- OpenDNS
- Google Public DNS
- Final Thoughts on DNS
You already know that on the internet you can find an infinity of sites with different themes. To access them, an address is usually written in the corresponding field of the browser, for example, www.google.es or www.profesionalreview.com. But do you have any idea how the team can search for these websites, regardless of where they are hosted? It is at this point that the work of DNS (Domain Name System) servers comes into the picture. In this article you will know what DNS are, how they work and what are other related concepts, such as DNSSEC.
Index of contents
The beginning of the internet and its collapse
At the start of the internet, as it was intended for little use, there was a hosts.txt file that contained all the IPs and names of the machines that exist on the internet. This file was managed by the NIC (Network Information Center) and distributed by a single host, the SRI-NIC.
The administrators of Arpanet sent to NIC, by e-mail, all the changes that had been made and from time to time SRI-NIC was updated, as well as the file hosts.txt.
The changes were applied to a new hosts.txt once or twice a week. With the growth of Arpanet, however, this scheme became unfeasible. The size of the hosts.txt file grew as the number of machines on the Internet grew.
Furthermore, the traffic generated by the update process grew in even greater proportions once each host was included, which not only meant one more line in the hosts.txt file, but also another host being updated from the SRI-NIC..
Image via commons.wikimedia.org
Using Arpanet's TCP / IP, the network grew exponentially, making updating the file almost impossible to manage.
Arpanet administrators tried other settings to resolve the problem in the hosts.txt file. The goal was to create a system that would solve problems on a single host table. The new system should allow a local administrator to convert the data available worldwide. Administration decentralization would solve the bottleneck problem generated by a single host and lessen the traffic problem.
In addition, local administration would make updating the data an easier task. The scheme should use hierarchical names to ensure uniqueness of names.
Paul Mockapetris, from the USC's Information Science Institute, was responsible for the architecture of the system. In 1984 it released RFC 882 and 883, which describes the "Domain Name System" or DNS. These RFCs (Request For Comments) were followed by RFCs 1034 and 1035, which have the current DNS specifications.
DNS was created to be hierarchical, distributed and recursive, in addition to allowing the caching of your information. Thus no machine would have to know all the internet addresses. The main DNS servers are root servers, (root servers). They are servers that know which are the machines in charge of the top level domains.
Image via commons.wikimedia.org
In total there are 13 root servers, ten located in the United States, two in Europe (Stockholm and Amsterdam) and one in Asia (Tokyo). When one fails, the others manage to keep the network running smoothly.
DNS works with ports 53 (UDP and TCP) and 953 (TCP) for their operation and control, respectively. UDP port 53 is used for server-client queries, and TCP port 53 is generally used for data synchronization between master (primary) and slave (secondary).
Port 953 is used for external programs that communicate with BIND. For example, a DHCP that wants to add the name of the hosts that received IP within the DNS zone. It is logical that this should only be done if a trust relationship is established between them, in order to prevent the DNS from having data overwritten by any software.
BIND was created by four graduating students, members of a University of Berkeley computer science research group. Developer Paul Vixie (creator of vixie-cron), while working for the DEC company, was first responsible for BIND. BIND is currently supported and maintained by the Internet Systems Consortium (ISC).
BIND 9 has been developed through a combination of commercial and military contracts. Most of BIND 9's features were promoted by Unix provider companies that wanted to make sure that BIND would stay competitive with Microsoft's DNS server offerings.
For example, the DNSSEC security extension has been funded by the United States military who realized the importance of security for the DNS server.
Domain names
Every website or internet service needs an IP address (either IPv4 or IPv6). With this resource, it is possible to find the server or set of servers that host the website and, thus, access its pages. At the time of writing this article, Google Spain's IP address is 172.217.16.227.
Imagine having to remember the IPs of all the websites you visit every day, such as Facebook, Twitter, email, news portals, and more. This would be almost impossible and very impractical, wouldn't it?
C: \ Users \ Migue> ping www.google.es Pinging www.google.es with 32 bytes of data: Response from 172.217.16.227: bytes = 32 time = 39ms TTL = 57 Response from 172.217.16.227: bytes = 32 time = 30ms TTL = 57 Response from 172.217.16.227: bytes = 32 time = 31ms TTL = 57 Response from 172.217.16.227: bytes = 32 time = 30ms TTL = 57 Ping statistics for 172.217.16.227: Packets: sent = 4, received = 4, lost = 0 (0% lost), Approximate round trip times in milliseconds: Minimum = 30ms, Maximum = 39ms, Average = 32ms C: \ Users \ Migue>
This is basically why we use domain names to access internet websites. With this, the user does not need to know, for example, the IP address of Professional Review to access it, just know their domain name and that's it.
This is a very practical scheme, since memorizing names is much easier after all than memorizing number sequences. Also, even though you don't remember a name exactly, you can type it in a search engine and it will help you find it.
The point is that, despite the use of domains, sites still need IP addresses, since names have been created after all to facilitate human understanding, not that of computers. And it is up to the DNS to link a domain to IP addresses.
DNS (Domain Name System) servers
Internet DNS (Domain Name System) services are, in a nutshell, the large databases scattered on servers located in various parts of the world. When you write an address in your browser, such as www.profesionalreview.com, your computer asks the DNS servers of your internet provider (or others that you have specified) to find the IP address associated with that domain. In the event that these servers do not have this information, they will communicate with others who may have it.
The fact that the domains are hierarchically organized helps in this work. First we have the root server, which can be understood as the main DNS service and is represented by a period at the end of the address, as shown in the following example:
www.profesionalreview.com
Please note that if you type the address exactly as above, with a period at the end, in the browser, the program will usually find the website. However, it is not necessary to include this point, since the servers involved already know of its existence.
The hierarchy is followed by domains that we know a lot about, such as.com,.net,.org,.info,.edu,.es,.me and several others. These extensions are called “gTLDs” (Generic Top Level Domains), something like Generic Top Level Domains.
There are also country-oriented endings, the so-called “ccTLDs” (Country Code Top Level Domains), something like Country Code for Top Level Domains. For example:.es for Spain,.ar for Argentina,.fr for France and so on.
Then, the names that companies and individuals can register with these domains appear, such as the word Profesional Review at profesionalreview.com or Google at google.es.
With the hierarchy, finding out what is the IP and, therefore, what is the server that is associated with a domain (process called name resolution) is easier, since this mode of operation allows a distributed work scheme, where each hierarchy level has specific DNS services.
To understand it better, take a look at this example: suppose you want to visit the website www.profesionalreview.com. To do this, your provider's DNS service will try to discover if you know how to locate the referred website. If not, it will first query the root server. This, in turn, will indicate the DNS server of the.com termination, which will continue the process until it reaches the server that responds to the domain profesionalreview.com, which will finally report the associated IP, that is, on which server is the site in question.
DNS servers representing certain domains are called "authoritative". For their part, the services responsible for receiving DNS queries from client machines and trying to obtain responses with external servers are called "recursive".
The gTLD and ccTLD domains are managed by different entities, which are also responsible for the DNS servers.
DNS cache
Suppose you have visited a web page that was impossible to locate through your provider's DNS service, so that it has to consult other DNS servers (through the aforementioned hierarchical search scheme).
In order to prevent this investigation from having to be done again when another internet provider user tries to enter the same site, the DNS service may save the information of the first query for some time. Thus, in another similar request, the server will already know what the IP associated with the website in question is. This procedure is known as DNS cache.
In principle, DNS caching only kept positive query data, that is, when a site was found. However, DNS services also started to save negative results, from non-existent or non-localized sites, such as when they enter the wrong address, for example.
Cache information is stored for a specified period of time using a parameter known as TTL (Time to Live). This is used to prevent the recorded information from becoming obsolete. The TTL time period varies depending on the settings determined for the server.
Thanks to this, the work of the DNS services of the root and subsequent servers is minimized.
DNS security with DNSSEC
At this point, you already know that DNS servers play a huge role on the internet. The problem is that DNS can also be a "victim" of malicious actions.
Imagine, for example, that a person with a great deal of knowledge put together a scheme to capture customer name resolution requests from a particular provider. When successful with this, you can try to direct to a fake address instead of the safe website that the user wants to visit. If the user does not realize that he is going to a false web page, he can provide confidential information, such as the credit card number.
To avoid problems like these, the DNSSEC (DNS Security Extensions) was created, which consists of a specification that adds security features to the DNS.
Image from Wikimedia Commons
The DNSSEC considers, fundamentally, the aspects of the authenticity and integrity of the procedures that involve the DNS. But, contrary to what some people initially think, it cannot provide protection against intrusions or DoS attacks, for example, although it may help in some way.
Basically DNSSEC uses a scheme involving public and private keys. With this, you can be sure that the correct servers are responding to DNS queries. The implementation of the DNSSEC must be carried out by the entities responsible for the management of the domains, which is why this resource is not fully used.
Free DNS services: OpenDNS and Google Public DNS
When you hire an internet access service, by default, you switch to using the company's DNS servers. The problem is that, many times, these servers may not work at all well: the connection is established, but the browser cannot find any page or access to websites may be slow because the DNS services are slow to respond.
One solution to problems like these is to adopt alternative and specialized DNS services, which are optimized to offer the best possible performance and are less susceptible to errors. The best known are OpenDNS and Google Public DNS. Both services are free and almost always work very satisfactorily.
OpenDNS
Using OpenDNS is very easy: you just have to use both IPs of the service. They are:
- Primary: 208.67.222.222 Secondary: 208.67.220.220
The secondary service is a replica of the primary; if this cannot be accessed for any reason, the second is the immediate alternative.
These addresses can be configured on your own equipment or on network equipment, such as Wi-Fi routers. If you use Windows 10, for example, you can make the settings as follows:
- Press Win + X and select "Network Connections".
Now, you must right click on the icon that represents the connection and choose Properties. Then, in the "Network functions" tab, select the Internet protocol version 4 (TCP / IPv4) option and click Properties. Activate the option "Use the following DNS server addresses". In the Preferred DNS Server field, enter the primary DNS address. In the field just below, enter the secondary address.
Obviously, this type of configuration can also be done on Mac OS X, Linux and other operating systems, just see the instructions on how to do it in the manual or in the help files. The same is true for many computers on the network.
The OpenDNS service does not require registration, but it is possible to do so on the service's website in order to enjoy other resources, such as domain blocking and access statistics, for example.
Google Public DNS
Google Public DNS is another service of the type that stands out. Despite not offering as many resources as OpenDNS, it is strongly focused on security and performance, in addition to, of course, being part of one of the largest internet companies in the world. Their addresses have a great advantage: they can be remembered more easily. Take a look at:
- Primary: 8.8.8.8 Secondary: 8.8.4.4
Google Public DNS also has IPv6 addresses:
- Primary: 2001: 4860: 4860:: 8888 Secondary: 2001: 4860: 4860:: 8844
Final Thoughts on DNS
The use of DNS is not limited to the internet, since this resource has the ability to be used in local networks or extranets, for example. It can be implemented practically on any operating system, such as Unix and Windows being the most popular platforms. The best known DNS tool is BIND, which is managed by the Internet Systems Consortium.
WE RECOMMEND YOU Free and public DNS servers 2018Every system administrator (SysAdmin) must deal with DNS, since if they are properly configured, they are the base of a network where services are executed. Understanding how DNS works and how we can improve it is important to make the service work correctly and securely.
▷ Sata: all the information you need to know and what is your future
We help you to know all the information about the SATA connection: characteristics, models, compatibility and what is its future.
Rgb vs cmyk: all the notions you should know
Those content creators who use digital format for their work bring you a tutorial on RGB vs CMYK color. Let's start!
Should you buy a gaming chair? All you need to know
When purchasing a new chair, many users wonder if they should purchase a gaming chair. The answer is yes, and these are the reasons