In this article, we will discuss the importance of a Provider having its own DNS and the benefits that this can bring to the security, reliability and scalability of a company’s online services.
What is DNS?
DNS is an acronym for Domain Name System, that is, a domain name system, this system is distributed and hierarchical, in the course of this article we will better understand what we use it for and how it works.
Whenever you hear about names, domains, zones, it’s the DNS servers that will handle it. When you type your website in the browser, the path to reach the website is not done with the name but with an IP address, whether v4 or v6, and anyone who knows all these names and does this translation from name to IP address is the DNS server.
Sure, the DNS server translates a name into an IP so we can browse, but how does that work?
In Brazil we have thousands of registered domains, websites that you can access, imagine having to memorize the IP address of each one of them…
When I wanted to access UOL, I would need to use the address: 22.214.171.124
When you want to access Google: 126.96.36.199
It would be quite difficult, wouldn’t it? DNS makes this easy for us, working like a phone book.
In a phone book we look for a person’s name and get their phone number, or even their address.
The DNS is a list that contains all the names of the websites and looking for the name we want to access we can find the IP address of the website, thus being able to browse the internet to the website.
Whenever you access a website on your computer, it will make a query to find out the IP address of the website and you will be able to browse, it is done through a request that is sent to your recursive DNS server and it makes the Query. Let’s now understand what this recursive server is, its role and how it works…
For everything to work the way I explained, there are some types of DNS servers to be configured, recursive is one of them.
As I mentioned, when we type the name of the site in the browser, a query is made by the recursive server configured on your machine and then the server responds with an IP address for you to access the site. But how does he do it? Here comes the hierarchical and distributed system…
There are some servers on the internet that we call root servers, they are responsible for knowing the DNS servers responsible for the TLDs (top-level domains), the first domains that appear on a website that we want to access.
There are more than one type of TLDs, such as ccTLDs (country code top-level domains) and gTLDs (generic top-level domains).
The ccTLDs are top-level domains generally used for country identification, such as “.br” for Brazil. The gTLDs are generic top-level domains, as the name implies, an example is “.com”, “.org” and “.info” as well
We call the DNS servers responsible for top-level domains, whether country code or generic, authoritative servers, they are the ones the root servers know, later on we will understand better about it
But what about the subdomain of the site I want to access, such as “facebook” from “facebook.com.br”? It has its own authoritative server, and the authoritative servers of previous domains will know about it. “.br” knows “.com”, which knows “facebook”.
When you make the query on your recursive server, it knows the entire list of root servers that exist in the world, there are several distributed, and then the recursive asks them if they know the address of the name we want to access, the root servers inform the path for it to reach the authoritative server of TLD, in it we discover the authoritative servers of the subsequent domains, until the recursive server discovers which authoritative server of the subdomain I want to access, and in it I find the IP address of the name.
So when I access a website, the following steps are taken:
1 – Client queries its recursive DNS server to discover the IP of a website it wants to access;
2 – Recursive asks the root server who has authority over the name that the client wants to access and it informs which is the authoritative DNS server of the TLD;
3 – The recursive server asks the authoritative server of the TLD which is the IP address of the name and it responds with the authoritative server of the subsequent domain;
4 – Again the recursive server asks the authoritative server of the domain when the IP address of the name we want to access and it answers us with the authoritative server of the subdomain.
5 – Finally, the recursive server asks the authoritative server of the subdomain which is the IP address of the name and is answered with the IP of the site we want to access.
6 – With the IP address provided by the authoritative server, the client responds recursively.
In the explanation about recursive, we talked about an authoritative server, but what is an authoritative DNS server?
When we talk about an authoritative server, we are talking about the server where the names are registered with their IP addresses, they are the servers that have authority over the domains, or sometimes also called zones.
For example, we at Made4IT have the domain “made4it.com.br” and this domain is managed on an authoritative server. So when someone needs to find our website’s IP address, the recursive server from which it was queried will go all the way to our authoritative server to receive the response of what the IP address is. The IP address that will be passed to the recursive goes according to the “pointing” that we configure in our DNS service inside the authoritative server. The note, as the name suggests, serves to tell which IP we need to get to to access that name.
But the function of notes does not stop there, there are also other types. The note that says the IPv4 of a name is type A, the one that says the IPv6 of a name is type AAAA, we can also point a name to another name that would be the CNAME type, among other different types each for its due functionality.
There are services on the internet where we can register our own domain, such as “made4dns.com.br”, as I mentioned earlier when we have a domain we need an authoritative server to manage it.
There is the option of using our own authoritative server, or we can also manage the domain through an authoritative server located on the Internet, usually available where we rent the domain or there are services specifically for this that can be hired.
An authoritative server can also work with reverse domains, in which case it can also be called a reverse server. Let’s understand better about this next topic.
A reverse server is nothing more than an authoritative DNS server. It can only have reverse domains configured, or “normal” domains together, both work smoothly, so we don’t need two different servers.
But what are these reverse domains? We use them to define the name of an IP address.
That’s right, the name of the IP address. When we type a website in the browser, we make a query with a name to find out what IP address it has. Now when we talk about reverse DNS, we query an IP address to find out what its name is, hence the name “reverse”.
The reverse domains are used to facilitate the diagnosis of problems, since they are consulted in tests such as when we use “traceroute” or some other program of the type. They also serve for validations in e-mail services, bringing greater security when there is an e-mail server that owns the domain.
The importance of a provider having its own DNS
We always see recommendations regarding an internet provider having its own DNS server so that its end customers can browse the internet in a better way, in this case we are talking about recursive since we use it to browse, but why is that?
A provider always seeks to provide the best quality internet for its customers, and a very important factor for us to be able to browse the internet is to have a recursive DNS server configured, the reason for this and how it works we already understand, but how to have a server within your network will improve navigation for your customers even more?
When we make a request to a recursive server, we need to get to that server to be able to do it, and using external servers like the famous “188.8.131.52” (Google’s Recursive DNS Server), we need to go out to the internet and go all the way to the Google server where it runs, it runs its recursive server, and then this server makes the query to find out the IP of the site we need to access, then this response goes back all the way we did and only then can we access the site. But imagine all the way we do on the internet until we get to the Google server and then have to go back…
With a server within the provider’s own infrastructure, we shorten our path by making our navigation faster, as we will have a faster response.
Also, when we have our own server, we end up not depending on our upstream to use the DNS, as we don’t need to go out over the internet to make our request, so in case of a problem with the links, it won’t impact the DNS.
This happens because when the recursive server makes the query to be able to answer the IP of a website we want to access, it may either need to go after that answer or have it already stored, which we call cache, that is, when we consult a website for the first time, it goes all the way between the root servers and the authoritative servers of the TLDs, but for the second time he already knows the site’s IP because he already had to look it up, so when that answer is in cache one of the steps is skipped and our question is answered even faster.
With our own recursive server and a well-configured cache, we are able to respond to customers with the IP of a website they want to access more quickly and efficiently, thus improving their navigation.
With this article we learned what DNS is, what types exist and why to have a server in your infrastructure. If you still have doubts about it, or if you need some support with your DNS server, or if you want to upload your own DNS, Made4it is available to assist you.