--- obj: concept wiki: https://de.wikipedia.org/wiki/Domain_Name_System rfc: https://datatracker.ietf.org/doc/html/rfc1034 --- # Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system that translates human-readable [domain](Domain.md) names into IP addresses, facilitating the mapping of hostnames to IP addresses on the internet. DNS plays a crucial role in making web browsing and various internet services accessible by allowing users to interact with websites using easy-to-remember [domain](Domain.md) names instead of numeric IP addresses. ## Components of DNS ### 1. **Domain Name Space:** - **Root Domain:** The highest level of the hierarchy represented by a dot (`.`). It is managed by the Internet Assigned Numbers Authority (IANA). - **Top-Level Domains (TLDs):** Immediately below the root, examples include `.com`, `.org`, `.net`. - **Second-Level Domains (SLDs):** Situated directly beneath TLDs, these are often used to identify specific entities or organizations. - **Subdomains:** Further subdivisions of domains, creating a hierarchical structure (e.g., `blog.example.com`). ### 2. **DNS Servers:** - **Root DNS Servers:** Initially contacted to resolve any [domain](Domain.md). They provide information about the authoritative DNS servers for each TLD. - **TLD DNS Servers:** Responsible for handling queries related to specific top-level domains. - **Authoritative DNS Servers:** Hold the actual DNS records for a [domain](Domain.md) and provide the authoritative answers. - **Recursive DNS Servers:** These servers query other DNS servers on behalf of a client until a complete answer is obtained. ### 3. **DNS Records:** - **`A` (Address) Record:** Maps a domain to an IPv4 address. - **`AAAA` (IPv6 Address) Record:** Maps a [domain](Domain.md) to an IPv6 address. - **`CNAME` (Canonical Name) Record:** Alias of one [domain](Domain.md) to another. - **`MX` (Mail Exchange) Record:** Specifies mail servers responsible for receiving [email](eMail.md). - **`NS` (Name Server) Record:** Indicates authoritative DNS servers for the [domain](Domain.md). ## DNS Resolution Process 1. **User Input:** A user enters a domain name into a web browser. 2. **Local DNS Resolver:** The user's device queries a local DNS resolver (usually provided by the ISP). 3. **Recursive Query:** If the local resolver doesn't have the information, it recursively queries the root DNS servers, then TLD servers, and finally the authoritative DNS server for the specific [domain](Domain.md). 4. **Response:** The authoritative DNS server responds with the IP address associated with the requested [domain](Domain.md). 5. **Caching:** The resolved IP address is cached at various levels to speed up future requests for the same [domain](Domain.md). ## DNS Security DNS plays a crucial role in internet security, and various measures are in place to protect against attacks, including: - **DNSSEC (DNS Security Extensions):** Provides data integrity and authentication for DNS responses, preventing DNS spoofing. - **DNS Filtering:** Blocks access to malicious websites by filtering DNS queries based on predefined policies. ## Using DNS DNS traditionally operates over both [UDP](UDP.md) and [TCP](TCP.md), with [UDP](UDP.md) being the default choice for standard query/response operations on port `53` ### DNS over HTTPS (DoH) DoH uses the HTTPS protocol (Port `443/tcp`) to encapsulate DNS queries. This makes it very secure and hard to block on a firewall level. ### DNS over TLS (DoT) DoT uses TLS encryption for DNS queries and runs on port `853/tcp` ### Common DNS Servers - `1.1.1.1` - [Cloudflare](websites/clearnet/Cloudflare.md) DNS - `8.8.8.8` - Google DNS