What is DNS and Why Do We Need It?

Each device or service on any network is useful only when it can exchange data with others on the same network. The processes that occur locally, on a specific device, are important. But networks exist in order to convey requests from one place to another and receive responses in return. Much like the telephone system.
The internet’s phone system has rules, of course, that describe the ways in which devices locate and communicate with one another. The systems that have been developed are known as Internet Protocols or IP. IP is responsible for addressing and routing packets between computers on a network. It is the foundation of internet communication, allowing networks worldwide to interconnect regardless of their underlying hardware.
There are about four billion IPv4 (Internet Protocol version 4) address and many, many times more IPv6 addresses (about 340 undecillion). These are either numeric (like 192.168.1.1) or alpha-numeric combinations of numbers and letters (2001:db8:85a3:8d3:1319:8a2e:370:7348). Given the many websites, services, etc. on the internet it is unreasonable for everyday people to recall numbers of this sort. Imagine trying to remember the phone numbers of everyone in your contacts list instead of only their names. Pretty difficult. The internet presents the same challenge.
When you connect to websites, your computer doesn’t actually understand names like “google.com” or “facebook.com.” Behind the scenes, devices locate one another and exchange data using IP addresses. These work like digital phone numbers.
But just as we prefer to use names instead of memorizing phone numbers, we find it much easier to remember “amazon.com” than “176.32.103.205.” That’s where DNS comes in.
DNS stands for Domain Name System. Think of it as the internet’s phonebook or translator – it uses the human-friendly website names we type into a browser to convert those names to the numerical IP addresses computers need to communicate with each other. Without DNS, you’d need to memorize strings of numbers to visit any website.
How DNS Works: Meet the Key Players
The DNS system has two main components that work together to make your internet experience seamless:
DNS Resolvers: Your Personal Internet Detectives
A DNS resolver is like a helpful librarian or detective. When you type a website address into your browser, your computer asks a resolver, “Do you know where to find amazon.com?” The resolver’s job is to find the answer for you.
Your internet service provider (like Comcast or AT&T) typically provides a DNS resolver, though you can also choose to use others like Google’s (8.8.8.8) or Cloudflare’s (1.1.1.1).
Resolvers work in two main ways:
- Recursive Resolution: This process is akin to asking your librarian to find a book, and they handle everything – checking the catalog, walking to the shelf, and bringing the book back to you. The resolver accepts full responsibility for finding the answer and returns only the final IP address to your computer.
- Iterative Resolution: Less common, this is more like the librarian giving you directions: “Try section B, and if it’s not there, ask the specialist in room 204.” Your resolver must follow a trail of referrals until it finds the right answer.
Resolvers also save time by remembering recent lookups. If you visited Twitter an hour ago, your resolver remembers its IP address and doesn’t need to search again when you return.
DNS Authorities: The Official Record-Keepers
While resolvers do the searching, DNS authorities (or authoritative nameservers) are the keepers of the official records. If DNS resolvers are detectives, authorities are like government record offices – they maintain the official, definitive information about an address.
For any domain, there’s at least one authoritative server that has the official answer about what IP address that domain should point to. These authorities store their information in “zone files” that contain different types of records:
- A Records: Connect a domain to an IPv4 address
- AAAA Records: Connect a domain to an IPv6 address (the newer IP system)
- CNAME Records: Create aliases or redirect one domain to another
- MX Records: Direct email to the right mail servers
- NS Records: Identify which nameservers are authoritative for a domain
When you buy a domain name and want to point it to your website, you’re actually updating these records on your domain’s authoritative nameserver.
The DNS Lookup Journey: A Step-by-Step Adventure
When you type “www.example.com” into your browser, here’s what happens behind the scenes (usually within milliseconds):
- Local Check: Your computer first checks if it already knows the answer from a previous visit.
- Ask the Resolver: If not, your computer asks your DNS resolver, “Where can I find www.example.com?”
- Start at the Top: If your resolver doesn’t know either, it starts at the top of the DNS hierarchy by querying a root nameserver – these are like the starting point of the internet’s map.
- Follow the Breadcrumbs: The root server points to the .com nameservers, saying, “I don’t know specifically, but ask these servers about .com domains.”
- Narrow It Down: Your resolver then asks a .com nameserver, which responds, “I don’t know specifically about www.example.com, but here’s who’s in charge of example.com domains.”
- Get the Final Answer: Finally, your resolver contacts the authoritative nameserver for example.com, which checks its records and replies, “Yes, www.example.com is at IP address 93.184.216.34.”
- Delivery: Your resolver gives this IP address to your computer.
- Connection: Your browser connects directly to that IP address, and the website loads.
Why Keep Resolvers and Authorities Separate?
Since the mid-1990s, network experts have recognized the importance of keeping DNS resolvers separate from authoritative servers. Initially, this was about network resilience – if an authoritative server gets attacked, resolvers can still function for other domains.
Today, there are two additional critical reasons:
- Security Integrity: If an authoritative server is compromised, it can only lie about its own domains. But if it’s also a resolver, it could potentially lie about any domain on the internet, sending users to malicious websites.
- Attack Prevention: In certain cyberattacks, attackers trick DNS servers into flooding innocent victims with data. Separating these roles helps prevent these “reflection attacks.”
Split Views: Your Private Internet Phonebook
Many organizations maintain two different DNS views:
- Internal View: For people inside the company network, showing internal resources like printers, file servers, and other private systems.
- External View: For the public internet, showing only what the world needs to see, like your website and email servers.
This is similar to having a private contact list for family and a public one for business. Your company printer doesn’t need to be accessible to the whole internet.
This approach also helps with mobile devices like laptops. Your IT team might use descriptive internal names that help with troubleshooting, while keeping those details hidden from the outside world.
Reverse DNS: Working Backwards
While standard DNS converts names to IP addresses, reverse DNS does the opposite – it finds the domain name associated with an IP address.
Think of it like caller ID. When you get a call, your phone doesn’t just show the number – it displays the name of who’s calling (assuming the identity isn’t blocked). Similarly, reverse DNS helps identify who’s behind an IP address.
This works through special records called PTR (Pointer) records. For the IPv4 address 192.0.2.1, a reverse lookup would search for 1.2.0.192.in-addr.arpa in the DNS system.
Reverse DNS is particularly important for email. When you receive an email, your mail server often checks if the sending server’s IP address properly matches its claimed domain name. If not, the email might be marked as spam. It’s like verifying that a caller is really who they claim to be.
Many legitimate email servers won’t even accept messages from servers without proper reverse DNS setup – it’s that important for preventing spam and phishing!