The Domain Name System (DNS) is a hierarchical and distributed naming system that translates human-readable [domain](Domain.md) names into [IP](Internet%20Protocol.md) addresses, facilitating the mapping of hostnames to [IP](Internet%20Protocol.md) addresses on the internet. DNS plays a crucial role in making web browsing and various internet services accessible by allowing users to interact with websites using easy-to-remember [domain](Domain.md) names instead of numeric [IP](Internet%20Protocol.md) addresses.
- **Root Domain:** The highest level of the hierarchy represented by a dot (`.`). It is managed by the Internet Assigned Numbers Authority (IANA).
- **Top-Level Domains (TLDs):** Immediately below the root, examples include `.com`, `.org`, `.net`.
- **Second-Level Domains (SLDs):** Situated directly beneath TLDs, these are often used to identify specific entities or organizations.
- **Subdomains:** Further subdivisions of domains, creating a hierarchical structure (e.g., `blog.example.com`).
### 2. **DNS Servers:**
- **Root DNS Servers:** Initially contacted to resolve any [domain](Domain.md). They provide information about the authoritative DNS servers for each TLD.
- **TLD DNS Servers:** Responsible for handling queries related to specific top-level domains.
- **Authoritative DNS Servers:** Hold the actual DNS records for a [domain](Domain.md) and provide the authoritative answers.
- **Recursive DNS Servers:** These servers query other DNS servers on behalf of a client until a complete answer is obtained.
### 3. **DNS Records:**
- **`A` (Address) Record:** Maps a domain to an IPv4 address.
- **`AAAA` (IPv6 Address) Record:** Maps a [domain](Domain.md) to an IPv6 address.
- **`CNAME` (Canonical Name) Record:** Alias of one [domain](Domain.md) to another.
- **`MX` (Mail Exchange) Record:** Specifies mail servers responsible for receiving [email](eMail.md).
- **`NS` (Name Server) Record:** Indicates authoritative DNS servers for the [domain](Domain.md).
## DNS Resolution Process
1.**User Input:** A user enters a domain name into a web browser.
2.**Local DNS Resolver:** The user's device queries a local DNS resolver (usually provided by the ISP).
3.**Recursive Query:** If the local resolver doesn't have the information, it recursively queries the root DNS servers, then TLD servers, and finally the authoritative DNS server for the specific [domain](Domain.md).
4.**Response:** The authoritative DNS server responds with the [IP](Internet%20Protocol.md) address associated with the requested [domain](Domain.md).
5.**Caching:** The resolved [IP](Internet%20Protocol.md) address is cached at various levels to speed up future requests for the same [domain](Domain.md).
DNS plays a crucial role in internet security, and various measures are in place to protect against attacks, including:
- **DNSSEC (DNS Security Extensions):** Provides data integrity and authentication for DNS responses, preventing DNS spoofing.
- **DNS Filtering:** Blocks access to malicious websites by filtering DNS queries based on predefined policies.
## Using DNS
DNS traditionally operates over both [UDP](UDP.md) and [TCP](TCP.md), with [UDP](UDP.md) being the default choice for standard query/response operations on port `53`
### DNS over HTTPS (DoH)
DoH uses the HTTPS protocol (Port `443/tcp`) to encapsulate DNS queries. This makes it very secure and hard to block on a firewall level.
### DNS over TLS (DoT)
DoT uses TLS encryption for DNS queries and runs on port `853/tcp`
