DNS (Domain Name System)
As you already know, on TCP/IP networks each computer has a unique virtual address, called IP address. However for us, humans, names are easier to memorize than numbers.
DNS allows the use of names as alias for IP addresses. For example, it is easier to memorize the name of our website than the IP address that our web server is using – we are sure it is easier to memorize hardwaresecrets.com than 18.104.22.168.
When you enter http://www.hardwaresecrets.com on your web browser, DNS protocol enters in action, contacting a DNS server and asking it which IP address is associated with www.hardwaresecrets.com. The DNS server will answer 22.214.171.124 and then your web browser will know which IP address to use on this connection.
The DNS server your web browser will use is the DNS server your computer is configured to use – all computers that are connected to the Internet have a field for configuring the IP address of at least one DNS server. Usually this configuration is done automatically by via DHCP.
If the DNS server doesn’t know the name you asked, it will contact another DNS server with a higher hierarchy in order to learn about this name/IP address.
All entries on DNS servers have a “time to live” (a.k.a. TTL) field, which tells the server for how long that information is valid. When the information is expired, it should be updated by contacting again the DNS server with a higher hierarchy. This is done so if the IP address of a server has changed, the maximum time you will need to wait in order to learn what is the new IP address for that server will be its DNS TTL field – which can hang from a few hours to a few days.
DNS is an Application layer protocol, and DNS queries are done using the UDP protocol port 53 on the Transport layer. As we have already explained, UDP does not check whether the packet arrived or not at destination but, on the other hand, it is faster, as its header is smaller and less computational power is needed to process it, as the acknowledge scheme isn’t used.
An easy way to play with DNS queries is through the use of the nslookup command, available both on the Windows prompt as on Unix systems (like Linux – depending on your Linux flavor this command may be called host, not nslookup).
On Windows, try clicking on Start, Run and then enter Cmd and hit Enter. There try nslookup www.hardwaresecrets.com. You will get the IP address associated with this name (126.96.36.199). You can also do the other way around, you can enter an IP address to find out if there is a server name associated with it (if you enter our IP address you will get a different server name, as we host two different websites on the same server). Play around with this command so you can understand more how DNS works; it won’t damage your PC!
By the way, DNS allows more than one name to be associated with one given IP address. This allows you to host more than one website on a single server, for example. When you access a server that has more than one website hosted, your web browser will reach it through its IP address (learned through a DNS query, like we explained), while the server will check for the name you are using on your web browser to know which website deliver to you.