Domain Name System (DNS) - What is that?

One of the reasons we need a Domain Names System (DNS) is to handle the translation between human-friendly naming and computer-preferred naming.

DNS is like a contacts list but is more than just a directory for address lookup. DNS is the standard way for computers to advertise and access important information about each other.

DNS makes that information available in a standard format. The standard format means it can be distributed widely and kept current. DNS information is distributed by Name Servers running on an enormous number of computers, which means it can be available worldwide.

Avoiding Name Collisions

Domain names are organized like a family tree to keep names unique and avoid naming conflicts. Many computers might be called John, but they are unique by knowing which part of the family they are in. Generations in the DNS family are indicted by “.”, so “John.Smith” and “John.Legend” are two distinct domain names or computers. The DNS family’s head (or root) is split into multiple top-level domains (TLDs), e.g., com, edu, or gov, based on a desire to separate commercial, educational, and government entities. So John.Smith.com and John.Smith.edu are different domain names, avoiding a collision of names. A domain can be split into multiple subdomains, e.g., sales.example.com and engineering.example.com, which might be distinct parts of the example organization.   

Reliable Response

Distributing the information to many Name Servers makes getting that information fast and reliable worldwide.

Someone in Australia connecting to a website in the USA will fetch DNS information about that domain from a local Name Server based in Australia. The local copy keeps the response time low even though the authoritative source of that information is based in the USA.

Since many copies of the domain information are stored worldwide, this redundancy removes single points of failure in the system and makes access more reliable.

Abstraction

Domain Names are human-friendly names that can be kept the same even if changes are made to the underlying computer information, e.g., when you move your website from one hosting company to another. You have spent time building your website’s reputation, so you want to keep your well-known Domain Name even if the IP Address of your website will change when you move host.

Consistency

The DNS protocol includes serial numbers for domain information to track changes. The protocol also defines how long a Name Server can use its copy of information before refreshing it from the authoritative source.

Security and Integrity

How can we trust the information DNS provides? The DNS system delegates authority to provide information from the top down, from Top Level Domains, into domains and subdomains.

How do we stop bad people from corrupting DNS information? DNS Security Extensions (DNSSEC) are defined to secure data exchanged in the Domain Name System. DNSSEC protects the integrity of DNS data. All answers to DNS queries are digitally signed to confirm that the information is identical to the original information published by the domain owner.

See our article “HTTP vs HTTPS: What’s that all about?” for more details on securing your website.

Summary

The Domain Name System translates human-friendly domain names into computer-preferred IP Addresses and provides critical data about domains and how they are linked. DNS is implemented as a distributed database to allow information to be accessed quickly, reliably, and securely worldwide.

Glossary

• DNS – Domain Name System
• IP – Internet Protocol
• VPN – Virtual Private Network
• TLD – Top-Level Domain
• DNSSEC – Domain Name System Security Extensions

References

• DNS and Bind, Fifth Edition by Cricket Liu & Paul Albitz. ISBN: 978-0-596-10057-5
• https://en.wikipedia.org/wiki/Domain_Name_System