Updated April 15, 2023
Introduction to Important Types of DNS Servers
We hear a lot about DNS Servers in our day-to-day life. Our web browser usually shows us a page stating DNS request failed or something similar. So, what exactly are DNS Servers? How do they affect the whole Internet? Some even said the entire Internet would shut down if the DNS servers did not exist. Are those threats real? Let’s look deeply into DNS servers and how their existence affects us.
DNS Servers and Myth
So let’s get started with DNS Servers first. DNS Server is a web technology to manage the names of websites on the Internet. But it just doesn’t end there. It has a lot of configurations in it as well. For example, let us say your physical address where you live is 42 Baker Street, California, 50001. And the latitude and longitude are 70.92854301 and 65.102840203(just a random one). So, if anyone asks you where you live, you don’t point out your lats and longs on a map. People will start going crazy if you do this.
But the worse fact is people won’t even remember it. Even the simplest change in number will change the whole address. DNS Server works similarly. DNS Server or Domain Name System Server is a temporary name given to a specific web place. It can change, however, but is less likely with popular websites. So the lats and longs are known as IP Addresses of the Internet.
So, taking the example of Google, the IP address is 220.127.116.11, but do you ever remember typing that on the URL bar in your browser? Likely not. You always type www.google.com or most even Google and hit ctrl+enter (if you are lazy like me). So, Google.com is just a name given to the IP address here, and it will never change unless you change the DNS records of Google (I will get back on DNS records later in the blog). When you are not connected to the Internet or if you type in an invalid URL, you may get a DNS request failed or a “This webpage is not available” error on your browser. This occurs because the DNS server cannot look up the name you typed in the URL bar and return the corresponding IP address.
There is a vast gangland myth that the Internet will shut down if DNS Servers stop working. Nope. That’s never going to happen unless a wide-range Nuclear blast occurs. This is pure idiocracy. If the DNS Servers stop working, you won’t be able to call any website with its name, say, for example, microsoft.com, but if you know the IP Address, you can type it in the URL immediately bar, and you are good to go.
The only worse thing here is that till now, you can ping a specific DNS Server using your terminal or your command prompt to get its IP Address, or you can even do a Who is a lookup to check it, but if the Internet goes down, there won’t is a DNS Server to ping to either by command prompts and terminals or by doing a who is lookup. The only possible way to connect would be to remember or list down all the IP Addresses of the Website you visit. But seriously, I don’t think the Internet is easy to go down. So, now that the Myth is busted let us look at how things work in the DNS Server.
DNS Records and DNS Queries
Now that we know what a DNS Server is let us look at how it works. A DNS Server consists of multiple things, but most importantly, DNS records and Queries. Let us take a look at them one by one:
DNS records are just resource records that define how the DNS system needs to work. A DNS system consists of the IP address, mail server, and other records to point to. So, for example, say you have a website with the name www.iamawesome.co; then you may need an email ID with something like [email protected].Againn here, you need an IP Address as to where to point towards when the mail comes to the domain iamawesome.com, and the DNS Records do this part That configures the DNS Servers. DNS Records consist of a lot of things. I won’t be going into detail, but I sure will list the critical DNS records here:
|A||Address Record||It returns a 32-bit IPv4 address. This is where the actual Website is redirected most commonly.|
|CNAME||Canonical Name Record||This is an Alias. The DNS Server will continue to lookup with this new name.|
|DNAME||Delegation Name||This, again, is an alias for a name and its subname, unlike CNAME, which is only an aliaf. But similar to CNAME, the DNS Server also tries to lookup with this new name.|
|DNSKEY||DNS KEY Record||There is another record known as a KEY record, which I haven’t mentioned here. The format of DNSKEY is the same as the KEY and is used in DNSSEC (more in the description).|
|LOC||Location Record||This provides the geographical location depending on the domain name.|
|MX||Mail Exchange Record||This is related to the email routing which I mentioned previously. This maps the domain name with the email ID.|
|NS||Name Server Record||Provides a DNS ZONE to authorized name servers.|
|TKEY||Secret Key Record||This is the Key used with TSIG, which is encrypted under Public Key.|
|TSIG||Transaction Signature||This is used to authenticate updates from an approved source or name server. It is used along with TKEY.|
|TXT||Text Record||This file provides machine data related to frameworks and encryption.|
DNSSEC, or Domain Name System Security Extensions, is a security protocol that designers use to secure the DNS information that the Internet Protocol uses. DNS Servers, by default, did not have sufficient security. DNSSEC development aimed to ensure the integrity and authenticity of DNS information, mitigating the risks of forged certificates or manipulated DNS records, such as DNS hacking or DNS cache poisoning. DNSSEC secures DNS information by digitally signing and securing replies from DNS servers. However, like other securities, even DNSSEC has loopholes. It only checks whether data is authenticated but does not encrypt any data. Thus, there is no data confidentiality. Here, public-key cryptography is used for digitally signing records to authenticate sources.
DNS Query is a way for the client uses to interact with DNS Servers to get a reply for an answer. Following are the types of DNS Queries:
In a recursive query, the DNS server receives your question and will perform all the jobs from receiving the answer to replying back to you. When processing this, the DNS server also queries other similar servers on the web to fetch a solution for you. When a DNS server receives a recursive query, it can either return the IP address associated with the requested hostname or provide an error message stating that the specified domain name does not exist.
However, on the other hand, if the DNS server cannot find the requested name in its zone database, it will then start ping other DNS servers for the same query. This is how the whole recursive query works.
You can also ban these types of recursive queries for a selected DNS server. In that case, the DNS server will only work with the help of iterative queries.
Iterative or Non-Recursive Queries
Before I begin with iterative or non-recursive queries, it is essential to note that all DNS servers must support this query first to work. When a client is not using a recursive query and tries to send an iterative question, the DNS server returns the client’s best possible answers. The response from the DNS server can either be the resolved name or a referral to a different server to provide the requested data. And this server is not a part of any old server where it has already been requested. Referrals work as a pointer here. A queried DNS Server doesn’t try to capture or request an answer from somewhere else, but it will provide you the solution if it already has any.
In this process, the DNS resolver requests the DNS server to provide the IP address corresponding to the hostname. Thus, searching for this specific host name must find the correct answer thoroughly. DNS resolvers are just simple applications that question the DNS Servers for correct answers.
Types of DNS Servers
There are ‘n’ number of DNS servers all over the Internet that contain DNS data piece by piece. However, only 13 servers, more appropriately known as root DNS servers, include the entire global database on each of these servers. And there are only two types of DNS Servers in total, one is the Primary, and another one is the secondary. Remember that the choice of which DNS server to use as primary or secondary is up to the server administrator, as either server can perform either role. It is also possible to keep one single server acting as Primary for one as a secondary for any other zone. In detail, information about these types of DNS Servers is as follows:
Primary DNS Servers
This server locates and reads the data from the domain zone file, mostly the A records found on the web server like Godaddy or Bigrock. This primary server is also responsible for sending this info to the secondary server.
Here, the server administrator writes the zone information and commands the server to behave with other servers. These include mainly the DNS records files that I mentioned previously. We call the transfer of domain zone information from one server to another by the primary server Zone transfer or Zone relocation. Every domain has two DNS servers configured. The primary reason for this is to make the admin’s life easier by having double the security due to multiple servers and creating a backup. You don’t need a backup if you create a primary server and copy zone data. The primary server automatically copies all data to the secondary server every time, so you don’t need to worry about this.
Secondary DNS Servers
We call the secondary DNS server a Slave server because it only receives data from the primary server and serves as a backup. The primary server is the Master Server in Microsoft’s DNS Server software.
You can configure more than two DNS servers, but you must keep only one as a Master Server, one as a Primary Server, and one as a Secondary Server. This can be confusing so I won’t get much deeper into that. But this is just for the information’s sake. Most of the time, the Primary and the Master server are the same.
Secondary servers are vital in data management and are as important as primary servers. They lower the load on the primary server by distributing it equally unless a load distribution ratio is specified. Also, if, in some cases, the primary server goes down due to load shedding, overloading, or some other attack by hackers, there will always be a secondary server to act as a primary one to deliver the data without disruption. Thus by doing this, they also provide a lot of security. There is much more to DNS Servers in general, but I can cover this by far in this blog.
Here are some articles that will help you to get more detail about the Types of DNS Servers, so go through the link.