Prerequisite – Domain Name System (DNS) in Application Layer
In the world of networking, computers do not represent by names like humans do, they represent by numbers because that is how computers and other similar devices talk and identify with each other over a network, which is by using numbers such as IP addresses.
Humans on the other hand are accustomed to using names instead of numbers, whether is talking directly to another person or identifying a country, place, or things, humans identify with names instead of numbers. So in order to bridge the communication gap between computers and humans and make the communication of a lot easier networking engineers developed DNS.
DNS stands for a Domain Name System.
DNS resolves names to numbers, to be more specific it resolves domain names to IP addresses. So if you type in a web address in your web browser, DNS will resolve the name to a number because the only thing computers know are numbers.
If you wanted to go to a certain website you would open up your web browser and type in domain name of that website. Let us use google.com. Now technically you really do not have to type in google.com to retrieve Google web page, you can just type in IP address instead if you already know what google’s IP address is, but since we are not accustomed to memorizing and dealing with numbers, especially when there are millions of websites on Internet, we can just type in domain name instead and let DNS convert it to an IP address for us.
So back to our example, when you type google.com on your web browser DNS server will search through its cache to find a matching IP address for that domain name, and when it finds it it will resolve that domain name to IP address of Google web site, and once that is done then your computer is able to communicate with a Google web server and retrieve the webpage.
So DNS basically works like a phone book, when you want to find a number, you do not look up number first, you look up name first then it will give you the number. So to break this down into further detail, let us examine the steps that DNS takes. So when you type in google.com in your web browser and if your web browser or operating system cannot find IP address in its own cache memory, it will send a query to next level to what is called resolver server. Resolver server is basically your ISP or Internet service provider, so when resolver receives this query, it will check its own cache memory to find an IP address for google.com, and if it cannot find it it will send query to next level which is root server. The root servers are the top most server in the DNS hierarchy.
There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they are strategically placed around world, and they are operated by 12 different organizations and each set of these root servers has their own unique IP address. So when root server receives query for IP address for google.com, root server is not going to know what IP address is, but root server does know where to send resolver to help it find IP address. So root server will direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask TLD server for IP address for google.com.
The top-level domain server stores address information for top-level domains such as .com and .net, .org, and so on. This particular TLD server manages .com domain which google.com is a part of. So when a TLD server receives query for IP address for google.com, TLD server is not going to know what IP addresses for google.com. So the TLD will direct resolver to next and final level, which are authoritative name servers. So once again the resolver will now ask authoritative name server for IP address for google.com. Authoritative name server or servers are responsible for knowing everything about domain which includes IP address.
They are final authority.
So when the authoritative name server receives query from resolver, name server will respond with IP address for google.com. And finally, resolver will tell your computer IP address for google.com and then your computer can now retrieve google web page. It is important to note that once resolver receives IP address, it will store it in its cache memory in case it receives another query for google.com. So it does not have to go through all those steps again.
DNS servers has different types of records to manage resolution efficiently and provide important information about a domain. These records are the details which are cached bu DNS servers. Each records have a TTL(Time To Live) value in seconds associated with it, these values set time for the expiration of cached record in DNS server which ranges to 60 to 86400 depending on the DNS provider.
- A records – points to IPv4 address of machine where website is hosted
- AAAA records – points to IPv6 address of machine where website is hosted
- MX – points to email servers
- CNAME – canonical name for alias points hostname to hostname
- ANAME – Auto resolved alias, works like cname but points hostname to IP of hostname
- NS – nameservers for subdomains
- PTR – IP address to hostname
- SOA – containing administrative information about the DNS zone
- SRV – service record for other services
- TXT – Text records mostly used for verification, SPF, DKIM, DMARC and more
- CAA – certificate authority record for SSL/TLS certificate
DNSSEC(Domain Name System Security Extensions) are the cryptographic suite of authentication protocols added to the DNS to protect it from malicious actors from using forged or manipulated DNS data, such as that created by DNS cache poisoning by digitally signing DNS zones. DNSSEC does not provide confidentiality of data; in particular, all DNSSEC responses are authenticated but not encrypted. DNSSEC is still yet to be implemented by some registrars and registrys