DNS (Domain Name System) is a computer tool that translates a domain name into an IP address. In simpler terms, when you type a website address (URL) into your browser, to contact the requested website (or any other service), this address needs to be translated into an IP address, and a request is made to that IP address.
DNS provides a decentralized database for resolving a hostname. It operates in stages, starting with what is known as the root, represented by a dot (.). You may have noticed when querying a DNS with tools like dig that the domain name being searched is represented with a trailing dot. This is the root. When resolving a hostname through DNS, it first asks the root servers for the list of servers that can respond to the next-level subdomain.
Let's take the following example: md5decrypt.net.
This domain consists of the root on the right (.), followed by what is called the TLD (Top-Level Domain). Therefore, for the TLD .net, we inquire about the servers that handle the subdomain md5decrypt.
The servers indicated by the NS record must be authoritative servers.
The NS record indicates the servers that manage the subdomain of the TLD. For example, in the TLD .net, we display the servers that handle the subdomain md5decrypt. The servers indicated by the NS record must be authoritative servers.
The A record is perhaps the simplest and most commonly used DNS record. It associates a domain name with an IP address. The IP address here is an IPv4, the older addresses comprising a maximum of 4 octets. Often, there are multiple IPv4 addresses for a domain or subdomain.
Like the A record, the AAAA record associates a domain name or subdomain with an IP address. This time, it's an IPv6 address, spanning 16 octets. The name AAAA comes simply from the fact that it has 4 times more octets than A.
The PTR record is the reverse of A or AAAA. That is, it associates an IP address with a domain name.
The SOA record checks the master server for a hostname or domain. As the name suggests (Start of Authority), it displays the authoritative server for the corresponding DNS zone. It also shows a contact email address.
The MX record checks the servers that receive and distribute emails for a domain. For example, we could have mailboxes on md5decrypt.net, such as email@example.com, firstname.lastname@example.org, etc. When you send an email to addresses like these, it needs a server to receive and route them to the relevant user. These are the MX records that contain the names of these servers. There are generally multiple servers handling this to avoid outages. The priority order is decided by the priority column. Emails are initially directed to the server with the lowest priority index.
The CNAME record, for Canonical Name, allows creating an alias for a domain, meaning another name applicable to a domain. CNAME is often used to link a subdomain to the domain that hosts the subdomain's data. For example, the subdomain www for www.md5decrypt.net redirects to md5decrypt.net.
The TXT record allows an administrator to insert text for various reasons. This text is not intended to be read by users. For example, Google uses this record to verify domain ownership when you use its services (search console, etc).
DNS plays a crucial role in the functionality and security of the internet. Understanding additional aspects can provide deeper insights into how the internet infrastructure operates.
DNSSEC is a suite of extensions to DNS that adds an additional layer of security by signing DNS data. It helps in ensuring the integrity and authenticity of DNS responses, mitigating various types of cyber threats.
CDNs use DNS to distribute website content across multiple servers worldwide. This enhances website performance, reduces latency, and ensures a seamless user experience.
Anycast is a routing technique that directs traffic to the nearest DNS server location. This improves speed and resilience, making DNS resolution faster and more reliable.
DNS supports various query types beyond the A, AAAA, and MX records mentioned earlier. Some notable ones include CAA (Certificate Authority Authorization), SRV (Service), and SPF (Sender Policy Framework).
Fast Flux is a technique used by malicious actors to constantly change the IP addresses associated with a domain, making it challenging for security systems to block or track malicious activities.