The Purpose of DNS Servers
The DNS server sits in the space between humans and computers to help facilitate their communication. It’s easier to remember a domain or hostname like lifewire.com than it is to remember the site’s IP address numbers 151.101.2.114. So when you access a website, like Lifewire, all you have to type is the URL https://www.lifewire.com. However, computers and network devices don’t work well with domain names when trying to locate each other on the internet. It’s far more efficient and precise to use an IP address, which is the numerical representation of what server in the network (internet) the website resides on.
How DNS Servers Resolve a DNS Query
When you enter a website address into your browsers address bar, a DNS server goes to work to find the address that you want to visit. It does this by sending a DNS query to several servers, each of which translates a different part of the domain name you entered. The different servers queried are:
A DNS Resolver: Receives the request to resolve the domain name with the IP address. This server does the grunt work in figuring out where the site you want to go actually resides on the internet.A Root Server: The root server receives the first request, and returns a result to let the DNS resolver know what the address of the Top Level Domain (TLD) server that stores the information about the site. A top level domain is the equivalent of the .com or .net portion of the domain name you entered into the address bar.A TLD Server: The DNS resolver then queries this server, which will return the Authoritative Name Server where the site is actually returned.An Authoritative Name Server: Finally, the DNS resolver queries this server to learn the actual IP address of the website you’re trying to deliver.
Once the IP address is returned, the website you wanted to visit is then displayed in your web browser. It sounds like a lot of back and forth, and it is, but it all happens very quickly with little delay in returning the site you want to visit.
Primary and Secondary DNS Servers
In most cases, a primary and a secondary DNS server are configured on your router or computer when you connect to your internet service provider. There are two DNS servers in case one of them happens to fail, in which case the second is used to resolve hostnames you enter.
Why You Might Change Your DNS Server Settings
Some DNS servers can provide faster access times than others. This is often a function of how close you are to those servers. If your ISP’s DNS servers are closer to you than Google’s, for example, you may find domain names are resolved quicker using the default servers from your ISP than with an external server. If you experience connection problems where it seems no websites will load, it’s possible there’s an error with the DNS server. If the server isn’t able to find the correct IP address that’s associated with the hostname you enter, the website can’t be located and loaded. Some people choose to change their DNS servers to ones provided by a company they consider more trustworthy; e.g., one that promises not to track or record the websites you visit.
How to Obtain Internet Server Information
The nslookup command is used to query your DNS server on Windows PCs. Start by opening Command Prompt, and then typing the following: This command should return something like this: In the example above, the nslookup command tells you the IP address, or several IP addresses in this case, that the lifewire.com address translates to.
DNS Root Servers
There are 13 important DNS root servers on the internet that store a complete database of domain names and their associated public IP addresses. These top-tier DNS servers are named A through M for the first 13 letters of the alphabet. Ten of these servers are in the US, one in London, one in Stockholm, and one in Japan. The Internet Assigned Numbers Authority (IANA) keeps this list of DNS root servers if you’re interested.
Malware Attacks That Change DNS Server Settings
Malware attacks against DNS servers are not at all uncommon. Always run an antivirus program because malware can attack your computer in a way that changes the DNS server settings. For example, if your computer uses Google’s DNS servers (8.8.8.8 and 8.8.4.4) and you open your bank’s website, you naturally expect that when you enter its familiar URL, you’ll be sent to the bank’s website. However, if malware changes your DNS server settings, which can happen without your knowledge after an attack on your system, your system no longer contacts Google’s DNS servers but instead a hacker’s server that poses as your bank’s website. This fake bank site might look exactly like the real one, but rather than logging you into your bank account, it harvests the username and password you just typed, giving the hackers the essential information they need to get into your bank account. Malware attacks that hijack your DNS server settings may also redirect traffic away from popular websites to ones that are full of advertisements or to a fake site designed to scare you into believing your computer has been infected with a virus, and that you must buy their advertised software program to remove it.
Protecting Yourself From DNS Attacks
There are two things you should do to avoid becoming a victim of a DNS settings attack. The first is to install antivirus software so that malicious programs are caught before they can do any damage. The second is to pay close attention to the appearance of important websites you visit regularly. If you visit one and the site looks off in some way—maybe the images are all different or the site’s colors have changed, or menus don’t look right, or you find misspellings (hackers can be dreadful spellers)—or you get an “invalid certificate” message in your browser, it might be a sign that you’re on a faked website.
How DNS Redirection Can Be Positively Used
This ability to redirect traffic can be used for positive purposes. For example, OpenDNS can redirect traffic to adult websites, gambling websites, social media websites, or other sites network administrators or organizations don’t want their users visiting. Instead, they may be sent to a page with a “Blocked” message.