What is DNS

The Domain Name System (DNS) translates domain names like "newrelic.com" into numeric IP addresses that computers use to identify each other on the internet. Think of it like a digital phone book, pairing the human-readable domains you use to access websites with their machine-readable numeric addresses. When you type a website address into your browser, DNS finds the corresponding IP address through a distributed database system that maps domain names to their assigned IP addresses.

DNS operates as a hierarchical, globally distributed database that eliminates the need to maintain centralized records of all domain names. This distributed architecture ensures scalability and fault tolerance across the billions of requests processed daily.

What is a DNS server?

A DNS server maintains databases containing IP addresses and their corresponding domain names. When you enter a domain name in your browser, the DNS server finds the matching IP address so your device can connect to the right destination. DNS servers form the backbone of internet navigation, directing traffic to the correct locations across the global network. Different types of DNS servers handle specific roles in the resolution process:

1. Recursive resolvers search for the right IP address by communicating with other DNS servers.
2. Root nameservers maintain information about top-level domains and direct queries toward the appropriate TLD servers.
3. Top-level domain nameservers (TLD) manage domains like .com, .org, and .net, pointing queries to the authoritative servers.
4. Authoritative nameservers store the actual DNS records for specific domains and provide the final IP address answers.

The difference between authoritative DNS and recursive DNS

Authoritative DNS

Authoritative DNS servers are the definitive source of information for the domains they manage. They maintain the actual DNS records and respond with the correct IP addresses for their domains. When you register a domain, your domain registrar configures these authoritative nameservers to hold your domain's information. These servers don't perform searches-they simply answer queries about domains they're responsible for. They're the final source of truth in the DNS chain.

Recursive DNS

Recursive DNS resolvers act as intermediaries between users and authoritative servers. When you try to access a website, your request first goes to a recursive resolver-typically operated by your internet service provider or a public DNS server. The recursive resolver either retrieves the information from its cache-if it has recently processed a similar request-or methodically queries other DNS servers until it finds the authoritative server with the correct IP address. Once found, it returns this information to your browser and caches it for future requests.

How does DNS work?

DNS transforms domain names into IP addresses through a series of steps that involves multiple servers working together, yet typically takes place in a matter of milliseconds.

Local cache check

Your device first checks its local DNS cache to see if it already knows the IP address from previous visits.

DNS resolver query

If not found locally, your request goes to a recursive DNS resolver, often provided by your ISP.

Root server lookup

The resolver queries a root server which directs it to the appropriate TLD server.

TLD server lookup

The TLD server-such as .com or .org-points to the authoritative nameserver for the specific domain.

Authoritative server lookup

The authoritative server, which holds the actual DNS records, provides the IP address.

IP address retrieval

The resolver receives the IP address from the authoritative server.

Response to user

The DNS resolver sends the IP address back to your device.

Browser access

Your browser uses the IP address to establish a connection and load the website.

Types of DNS queries

A DNS query is the request your system makes to find an IP address for a domain name. These queries vary based on how the DNS resolver interacts with other servers.

• Recursive query: Your device asks the resolver to find the answer completely. The resolver must return either the requested information or an error, handling all the necessary steps.
• Iterative query: The DNS resolver asks each server in the chain for the best information they have, even if it's just directions to another server.
• Non-recursive query: The resolver checks for information it already has in its cache or that it's directly responsible for.

How to perform a DNS lookup

A DNS lookup reveals the IP addresses and records associated with a domain. This process is useful for troubleshooting connection issues or verifying DNS configurations. To perform a lookup on a Windows device, run one of the following commands in Command Prompt:

• Basic DNS lookup: Use nslookup domain_name to find a domain's IP address (replace domain_name with the domain to look up).
• Nameserver lookup: Use nslookup -type=ns domain_name to find a domain's authoritative nameservers.
• Mail server lookup: Use nslookup -type=mx domain_name to identify mail servers for a domain. (You can also replace mx with any other valid record type.)
• Comprehensive record lookup: Use nslookup -type=any domain_name to view all available DNS records for a domain.
• Reverse lookup: Use ping -a ip_address to find the domain name associated with an IP address.

Common DNS issues and troubleshooting

DNS problems can prevent website access and cause connection errors. Identifying and fixing these issues requires understanding common DNS failures.

DNS server not responding

This error occurs when your device can't communicate with DNS servers. It may result from network connectivity problems, router issues, or DNS server outages. To resolve it, you can try restarting your networking equipment, temporarily disabling firewalls, or using alternative DNS servers.

DNS caching and its impact

Your device and browsers store DNS information to speed up browsing, but outdated cache entries can cause connection problems if a website changes its IP address. You can often resolve these issues by clearing your DNS cache.

Best DNS practices and security measures

DNS security is critical since attacks can redirect users to malicious sites or disrupt services. DNS spoofing and hijacking involve intercepting DNS queries to redirect traffic to fake websites designed to steal information.

How to secure your DNS

You can protect your DNS by implementing Domain Name System Security Extensions (DNSSEC) to add authentication and prevent tampering with DNS records. Use reputable DNS providers with built-in security features. Consider DNS filtering to block access to known malicious domains. For businesses, implement DNS monitoring to detect unusual patterns that might indicate an attack.

Next steps

DNS monitoring alerts you to suspicious activities like spoofing attempts or unexpected resolution changes. New Relic's Network Monitoring provides real-time visibility into your DNS infrastructure to help you identify security threats before they impact your services. By tracking response times, query patterns, and error rates, you can visualize DNS performance across your entire infrastructure and quickly troubleshoot problems.

Start protecting your digital assets with complete DNS visibility. Watch an on-demand demo to learn how New Relic's DNS monitoring can strengthen your security and improve user experience.