What Is a DNS Server? Definition, Purpose, Types of DNS Servers, and Their Safety
Why Does the DNS Server Play Such a Crucial Part in Browsing the Internet?
A ‘DNS server’, also known as ‘name server’ or ‘domain name system server’ is a computer server that stores a database of hostnames and their corresponding IP addresses and in most situations resolves or translates those names to the requested IP addresses. DNS servers use specialized software and exchange information with one another using special protocols.
In the following, we will explore some of their basic principles, the way they work, what types of DNS servers are out there, their safety, and why a DNS server plays such an important role in the process of using the internet as we know it.
Why do we need a DNS server?
Simply put – it makes our lives easier. The DNS server acts as an intermediary between humans and computers.
All machines connected to the internet, from our computers and smartphones to the servers that deliver content for large websites, use numbers to locate and communicate with one another. These numbers are referred to as IP addresses. The DNS server helps translate these numerical addresses into the domain names that we enter when we browse the internet.
Let’s give an example. If you want to access heimdalsecurity.com, you would normally just type this URL into the address bar. Now, what if instead of the URL you will have to type 220.127.116.11 (the actual IP address of the website). Not so easy to remember, right? Without a DNS server, we would be forced to memorize all the IPs of the websites we want to reach.
How does it work? Types of DNS servers
When you type a website’s address into the address bar of your browser for the first time, a DNS server starts looking for the site you want to visit. It does this by sending a DNS query to several servers. Each server translates a different part of the domain name you entered. This process of translating and looking up names is also known as ‘DNS resolution’. These are the servers that are being queried in the process:
A DNS Resolver: Gets the request to find the IP address for a domain name. This server does the hard work of figuring out where on the internet the site you want to go to is actually located.
A Root Server: The root server gets the first request and delivers a response that informs the DNS resolver of the address of the Top Level Domain (TLD) server that holds the site’s information. A top-level domain is the .com or .net section of the domain name that you typed into the address box.
It’s important to mention that 13 primary DNS root servers in the world maintain a directory of all domains and their corresponding public IP addresses. These top DNS servers are identified by the first 13 letters of the alphabet (A through M). The United States is home to ten of these servers, while London, Stockholm, and Japan each host one. The root servers are managed by companies, universities, and government agencies and appointed by ICANN – Internet Corporation for Assigned Names and Numbers. You can check out the full list of root servers all over the world here.
A TLD Server: The DNS resolver queries the TLD server, which returns the Authoritative Name Server.
An Authoritative Name Server: Lastly, the DNS resolver will send a query to this server in order to determine the precise IP address of the website you are attempting to display.
The step-by-step process of solving a DNS query is explained in greater detail by my colleague Alina in this article on What Is DNS.
Although it sounds like a lot of work, this whole process happens within a few seconds, without us even perceiving it. It can even happen within milliseconds the second time you visit the same website because the web browser will retrieve the information already stored in its cache (assuming you did not delete your browser cache).
DNS Cache Locations
The IP addresses that servers get from DNS queries can be stored in a cache for a certain amount of time. Caching is good for efficiency because it lets servers respond quickly the next time someone asks for the same IP address. There are a number of places where DNS data can be cached. The following are some common ones:
- Browser. Most browsers, like Apple Safari, Google Chrome, and Mozilla Firefox, store DNS data by default for a fixed amount of time. When a DNS request is made, the browser is the first cache that is checked before the request is sent to a local DNS resolver server.
- Operating system (OS). Many operating systems have built-in DNS resolvers called ‘stub resolvers’ that cache DNS data and handle queries before sending them to an external server. Most of the time, the OS is queried after the browser or another application is queried.
- Recursive resolver. The DNS recursive resolver can also cache the result of a DNS query. Some of the records required to produce a response may be available to resolvers, allowing them to skip some steps in the DNS resolution process
DNS Servers: Primary and Secondary
When you subscribe to your internet service provider (ISP), your router or computer is typically set up with a primary and secondary DNS server. In the event that one DNS server should malfunction, the other will be used to resolve any hostnames your input.
Default vs Alternative DNS Servers
However, in some situations, if you experience DNS server errors, you might want to consider changing the DNS servers provided by your ISP to ones from a more reliable company, like one that won’t keep track of the websites you visit, for instance.
You can also use DNS servers that are free and open to the public, provided by Google, Quad9, OpenDNS, or Cloudfare, to name a few. You can check out the complete list of the most trustworthy public DNS servers as well as a guide on how to configure or change your primary and secondary servers here.
The largest public DNS server in the world
Did you know? Google is the biggest public DNS server in the world right now and it has been around since 2009. To use this DNS server, you will need to change your IP addresses to 18.104.22.168 and 22.214.171.124. Google’s public DNS servers are hosted in data centers all over the world. This means that when you try to access a website using one of the two IP addresses mentioned above, you will be directed to the server that’s closest to you.
Are DNS servers vulnerable to attacks?
The short answer is: YES. According to research published by Neustar International Security Council in September 2021, 72% of enterprises were confronted with at least one DNS attack last year.
Although the DNS was not designed with security as a top priority, numerous sets of standards have been published since its early days to make sure that visiting a website is as safe as possible. While DNS Security Extensions and other best practices are helpful, they have their limitations.
Because of these limitations and the way technology has changed, DNS servers are vulnerable to a variety of attacks, such as spoofing, amplification, DoS (Denial of Service), and the extortion of private information. Because DNS is used in almost all Internet requests, it can be a tempting target for attackers.
The top 3 most common types of DNS attacks are:
- DoS attack. This cyberattack tries to temporarily or indefinitely interrupt the services of a network-connected host. Perpetrators typically accomplish this by flooding the target, which is typically a website, with redundant DNS requests, seeking to prevent legitimate searches from passing through.
- DDoS attack. In a DDoS attack, the source of the excess traffic has multiple points of origin. DDoS attacks are more common than DoS attacks. This happens because bots and botnets are widely available on the dark web, and volumetric attacks get a higher success rate than DoS attacks.
- DNS Hijacking. This is a cyberattack in which a malicious server is used to redirect traffic away from its intended destination. Thus, hackers can trick visitors into visiting a malicious website. This technique goes by a few different names such as DNS poisoning, DNS redirection, and so on.
And, while attacks like DNS hijacking and denial of service rely on the DNS as a medium for cybercrime, there are other forms of assaults that can either employ the DNS as a tool or are themselves tools employed by hackers to access the DNS. Examples include man-in-the-middle-attacks, zero-day attacks, and botnet attacks. These last three are also used to employ phishing campaigns or data exfiltration operations aimed at increasing cybercriminals’ profits.
How Can Heimdal® Help?
Since the launch of our first product in 2014, we have placed DNS security at the top of our priority list. Our primary service, Heimdal® Threat Prevention – Endpoint, is an enhanced version of the original product that combines cutting-edge machine learning technology with a highly efficient DNS filtering module to let you predict threats with 96% accuracy.
Heimdal Threat Prevention – Endpoint skillfully detects threats that would otherwise go undetected by typical antivirus, all while causing no interruptions and with minimum impact on your resources. Our code-autonomous endpoint solution assists you in detecting fraudulent URLs and processes before threat actors get access to your infrastructure.
Heimdal® Threat Prevention
The DNS server works its magic daily, every time you type a website URL into the address bar. In the process of locating your desired website, 4 types of servers work to exchange information that is delivered to you in a matter of seconds. Even if they are equipped with speed as a superpower, that is not enough to make them immune to cyberattacks, which is why we’re here to help you protect them by using innovative, highly efficient, and reliable solutions, inspired by our desire to revolutionize DNS security.
If you want to take a deeper dive into DNS Security, check out our free eBook – DNS Security of Dummies, and learn more about securing your DNS infrastructure or the one of your organization.
DNS Security for Dummies
An eBook that gives a comprehensive role-based security approach and addresses the numerous dangers to the Domain Name Systems (DNS) as cyberattacks increase globally.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.