Advertisement

DNS Server

Reviewed by Kuntal ChakrabortyCheckmark | Last updated: February 22, 2021

What Does DNS Server Mean?

The Domain Name System (DNS) is called the phonebook of the Internet. When a user types a domain name or website address into the address bar of the browser, the DNS server is responsible for translating the domain name to a specific IP address, driving it to the correct website.


A DNS server is a server that manages the domain name system or DNS protocols, matching Internet domain names and IP addresses. The DNS server may also manage domain resolution services.


In the traditional client/server Internet model, DNS servers are built on specific hardware, and run specialized DNS software to accomplish these goals. In the DNS server, there is a database of domain names, host information, DNS records and network data. The DNS server will search records to return a result. This process allows DNS clients to access the DNS server through a web browser. A process of DNS caching can make this type of work more effective through removing the load of repetitive queries: A DNS cache system will keep a local copy of a DNS lookup so that an operating system (OS) or browser can retrieve it more quickly, and a website's URL can be resolved to a proper IP address more efficiently.


As DNS server designs have evolved, not all DNS servers are still run on individual on-premises hardware pieces. DNS servers can be run through the use of virtual machines in a logically partitioned network.


The versatility of virtualization has ushered in new models for how to achieve the DNS processes that have always been part of Internet data transfer protocols. In a general sense, virtualization and logical partitioning are making the requirement of isolated server function practically obsolete, and allowing stakeholders to consolidate these and other kinds of processes through large mainframe computers in modern data centers.

Advertisement

Techopedia Explains DNS Server

One of the easiest ways to explain the DNS processes managed by DNS servers is that they “check” Internet traffic for various kinds of consistency and legitimization. With that in mind, DNS servers and systems are vulnerable to various kinds of cyberattacks called DNS attacks. For example, DNS cache poisoning attacks the DNS cache system mentioned above.


Another kind of DNS attack that has become rampant on the Internet is a Distributed Denial-of-Service (DDoS) attack. The DDoS attack is basically an effort to disrupt the normal and legitimate traffic of a DNS server by adding massive amounts of trumped-up or fraudulent traffic in the form of client requests. The attackers bombard the system with individual requests for service, which may come from shielded or imposter IP addresses, and the system is unable to deal with the volume of demand.


Every web server has a unique IP address in textual form that gets translated into an IP address in a process called DNS resolution or DNS lookup (here DNS stands for Domain Name Service.) At the time of DNS resolution, the program which operates executing this translation contacts a DNS server that provides the translated IP address.


The complex process actually goes something like this:

  • The user types “xyz.com” into the address bar of the browser and presses enter.
  • The browser sends a request to that domain’s nameservers.
  • The nameservers reply back with the IP address of the website’s server.
  • Then the browser requests the website content from that IP address.
  • The browser retrieves the content and shows it in your browser.


One of the easiest ways to explain the DNS processes managed by DNS servers is that they “check” Internet traffic for various kinds of consistency and legitimization. With that in mind, DNS servers and systems are vulnerable to various kinds of cyberattacks called DNS attacks. For example, DNS cache poisoning attacks the DNS cache system mentioned above.


Another kind of DNS attack that has become rampant on the Internet is a Distributed Denial-of-Service (DDoS) attack. The DDoS attack is basically an effort to disrupt the normal and legitimate traffic of a DNS server by adding massive amounts of trumped-up or fraudulent traffic in the form of client requests. The attackers bombard the system with individual requests for service, which may come from shielded or imposter IP addresses, and the system is unable to deal with the volume of demand.



Due to DNS-based attacks and cybersecurity issues, some cybersecurity experts believe a best practice for modern DNS service is to separate the DNS service from the DNS resolution, and have two separate servers, one doing each job.


Best practices include minimal configuration and the customization of server design in order to create efficiencies and reduce vulnerabilities. The principle of isolation, so useful here and elsewhere in cybersecurity, creates its own kind of firewall for network operations, and minimizes the ability of DNS attackers to run amok inside the network.


In addition, the classical method of DNS server design is being added to in the form of alternatives like peer-to-peer DNS server systems. In some of these peer-to-peer DNS systems, connected nodes each take turns being the DNS query resolver or matching an IP address to a hostname.


Aspects like virtualization and peer-to- peer networks have changed the way that DNS service operates, but the DNS service function continues to be a critical part of the Internet as it passes from Web 2.0 into the era of a fully functional and interlinked Web 3.0.

Advertisement

Share this Term

  • Facebook
  • LinkedIn
  • Twitter

Related Reading

Tags

NetworkingServersInternetIP Addressing

Trending Articles

Go back to top