What Is DNS (Server)? Definition, Workflow & Possible Privacy Concerns
For people with no or little knowledge out there on the computer, if online privacy turns into a focus, it’s a must-do to know what does DNS stand for, how it works, and the relationship between DNS and Internet privacy & security.
DNS is such a commonly known computing term just like the IP address. Although DNS is somewhat not so familiar as IP to the common user, it plays quite a crucial part in both the application layer and normal Internet functionality. Now let’s unveil the mysteries of DNS one by one in detail.
DNS is short for Domain Name System. Wikipedia describes it as “a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.” In fact, this name system is a directory of IP addresses. In many cases, editors compare this kind of directory to a telephone book and the IP address the phone number. That’s really an easy-to-understand metaphor. Whenever you want to visit a website, you input the full URL address in the browser and it’s the DNS server that translates the URL into a related IP address.
Then why DNS stores so many IP addresses? What are they used for? After viewing the following DNS workflow, you will make everything clear.
The general internet request and feedback route is shown as follows:
1. You enter and cinfirm the query by typing a domain name in a browser’s address bar. For example: wikipedia.org
2. The query goes to recursive resolver server or say recursive DNS (usually from your ISP), which acts as a middle-man server that connects the user and authoritative DNS server.
3. When then recursive DNS server transports domain request to authoritative root server which contains all top-level domains such as .com, .net, and .org, here the domain information of “.org” (top-level domain of wikipedia.org) will be answered.
* Root server is not a standalone server, but a server group that contains thousands of servers located in different places worldwide, for the purpose that your quest can be received by the nearest one fast for further operation. Still, there are many domain registries (e.g VeriSign and GoDaddy) to hold and manage WHOIS data.
4. First-level domain information handled, it comes to the second-level information, which is all stored in top-level domain/TLD name server. When the request is completed, the exact IP address of your target domain name will be found out.
5. Then the above-mentioned recursive DNS server will continue to work. When it knows the IP address of your requested domain wikipedia.org, it simply shares the IP information with the browser and it’s the browser that will finally send the visiting request to wikipedia.org. Once Wikipedia’s server accepts it and provides a response, you will soon see the rendered content on the browser page.
To help you understand everything easier, the following picture showcases the structure of a common domain name. Set the very first protocol aside, a domain name usually consists of three parts: top-level domain name, second-level domain name, and third-level domain name in reverse sequence. When a specific domain visiting query is made via browser, DNS who associates domain with IP address deals with the query and ass into IP address and make a connection.
According to the DNS working steps above, it’s easy to draw that there are multiple DNS servers of different types, each of which performs its own unique function during the whole internet activity process. Here are some typical examples:
- • DNS resolver
DNS resolver is the main force to complete domain name to IP address resolution locally in your device or router. Specifically, the resolvers can be divided into recursive resolver, non-recursive resolver, and still iterative resolver, which may work alone or together for a successful domain resolution.
- • DNS root server
It’s also known as the top-level domain/TLD name server. As the name suggests, this root server is responsible for storing all top-level domains. Currently, there are over 300 Internet top-level domains, among which 7 are original top-level domains(e.g .com, .net, .org, .gov and .edu), 1 is infrastructure one (.arpa), and about 316 country-code and internationalized ones (e.g .us, .uk, .apple, .bank, .forum, .info, .xyz, and .vip).
- • Cashing server
Caching server is here to answer recursive requests from clients and temporarily stores information coming from other name servers. It means the cashing servers are allowed to reach all (public) DNS data and collect all recent client requests.
- • Forwarding server
Forwarding server is an easy-to-understand DNS server type. The only work of it is to pass DNS queries from one server to another agent, with recursive capability like cashing server.
- • Authoritative name servers
The authoritative name server is in charge of the request response in a specific DNS zone. When the recursive resolver gets the related response from a TLD name/root name server, it will be directed to the authoritative server to go ahead. If it failed to respond, the mission will be handed over to the root name server. In a single DNS zone, there may be one or more authoritative name servers.
- • Non-authoritative name servers
Unlike authoritative name servers, non-authoritative ones don’t work for any specific DNS zone, nor record and contain the source files from the target domain’s zone, but use (recursive/iterative) DNS queries to collect on DNS zones’ information.
Domain Name System is created to simplify networking so that the general web surfers don’t need to remember a broad range of yet confusable IP addresses for their daily web behaviors. Yes, you didn’t hear it wrong: in the very start of the internet world, people did visit a site by typing the site’s IP address but not the current domain name we get used to today) Instead, with the advent of DNS, an easier-to-remember domain name of the website can open the door of the site’s content.
Since the very first batch of websites are not so many, so their names were all kept in a single HOSTS.TXT file that’s maintained by an institute called “The Stanford Research Institute”. However, as the site number soars in the following years, a decentralized and more efficient model becomes a necessity. Since the invention of DNS in 1983, it only took 3 years to become a member of Internet Standards. After that, the system surely experienced many core updates to ensure performance and efficiency, e.g NOTIFY mechanisms, DNSSEC security protocol extension, and AXFR/IXFR zone transfers. According to the data from verisign.com (one of the known companies focusing on network infrastructure), there are over 363 million domain name registrations in the first quarter of 2021, among which about 168 million are the most mainstream .com- and .net-based ones.
After having a rough idea on what is DNS and how does DNS work, you may wonder is there anything to harm your online privacy and security during the whole working route of DNS. The answer is yes. No matter you are using your own DNS server or a third-party one, once it’s not encrypted, DNS leaks happen because your ISP (who provides the DNS service) will always be able to see your DNS requests.
One of the most commonly used way to protect DNS data is to equipping the device with a VPN service or a Tor browserfor a totally private web action. Theoretically, with either of them, the connection between machine and DNS server will be encrypted tightly. Consequently, since there’s no way for ISP, hacker or other parties to crack down encryption for further data collection, you are anonymous online, just like an invisible man in the air.
PandaVPN is the one we recommend here for its cross-platform nature, high-level of encryption (256-bit ECC plus zero-log policy), ultra-fast accelerated servers (3000+ servers in total over 127 locations), simplicity of operation, and most importantly the best-value purchase plan options.
It not only locks DNS data and hide real IP address to avoid any privacy breach, but also enables you to one-click “flush DNS” to clear all IP and DNS records from the cache. Do remember to do DNS flushing regularly.