Ch11.10.2: DNS (Domain Name System)
DNS is the phonebook of the Internet. It translates human-readable domain names
(like example.com) into IP addresses (like 93.184.216.34) that
computers use to identify each other.
How DNS Works
- Your application asks the OS to resolve
example.com - The OS queries a DNS resolver (often your ISP’s or a public one like
8.8.8.8) - The resolver checks its cache; if not found, it queries root servers, then TLD servers, then authoritative servers
- The resolver returns the IP address to your application
- Your application connects to the IP address
Record Types
- A — IPv4 address (e.g.,
93.184.216.34) - AAAA — IPv6 address (e.g.,
2606:2800:220:1:248:1893:25c8:1946) - CNAME — Canonical name (alias for another domain)
- MX — Mail exchange (specifies mail servers)
- TXT — Text records (used for SPF, DKIM, etc.)
- NS — Name servers (delegates to other DNS servers)
- SOA — Start of authority (administrative info about the zone)
- PTR — Pointer (reverse DNS: IP to domain name)
- SRV — Service locator (for specific services)
DNS over HTTPS (DoH) and DNS over TLS (DoT)
Traditional DNS queries are sent in plaintext over UDP port 53, which can be intercepted or manipulated. Modern secure alternatives:
- DNS over HTTPS (DoH) — DNS queries sent over HTTPS (port 443), encrypted and authenticated
- DNS over TLS (DoT) — DNS queries sent over TLS (port 853), encrypted and authenticated
- DNSCrypt — Another encrypted DNS protocol
These protocols prevent eavesdropping, man-in-the-middle attacks, and DNS spoofing. They are increasingly supported by browsers and operating systems.