DNS Domain Name Server: Note
- A common misconception is that there are only 13 root servers in the world.
- In reality, there are many more, but still only 13 IP addresses used to query the different root server networks.
- Each has associated with it an IP address (and shortly some will have more than one as IPv6 is further rolled out)
- There are 13 logical root name servers specified, with logical names in the form letter.root-servers.net, where the letter ranges from a to m.
- which specifies a maximum packet size of 512 bytes when using the User Datagram Protocol (UDP).
- Technically, however, fourteen name servers fit into an IPv4 packet.
- The addition of IPv6 addresses for the root name servers requires more than 512 bytes, which is facilitated by the EDNS0 extension to the DNS standard.
- Recursive server
- Root name server
- TLD serve
- Authoritative name server
Reference : types of dns servers
The diagram below illustrates how DNS lookup works under the hood:
- harshityadav.in is typed into the browser, and the browser sends the domain name to the DNS resolver.
- The resolver queries a DNS root name server.
- The root server responds to the resolver with the address of a TLD DNS server. In this case, it is .in.
- The resolver then makes a request to the .in TLD.
- The TLD server responds with the IP address of the domain’s name server, harshityadav.in (authoritative name server).
- The DNS resolver sends a query to the domain’s nameserver.
- The IP address for harshityadav.in is then returned to the resolver from the nameserver.
- The DNS resolver responds to the web browser with the IP address (18.104.22.168) of the domain requested initially.
DNS lookups on average take between 20-120 milliseconds to complete (according to YSlow).
- Azure : Azure DNS » Azure Private DNS » Azure DNS Private Resolver
- Google: Cloud DNS
- Amazon: Amazon Route 53
- DNS maps a domain name to an IP address, which is done by sending a UDP packet to the DNS resolver on port 53
- The data is sent un-encrypted and ISP can snoop in
- DNS over HTTPS establishes a TLS connection with a DNS resolver to stop anyone from tracking
- DNS resolved have to decrypt to read the data hence ISP can monitor
Solution: Oblivious HTTPS over DNS ODOH
- It adds a proxy layer in the middle so that the client interacts with proxy layer and the entire process is encrypted end to end
- https://www.cloudflare.com/learning/dns/glossary/dns-root-server/#:~:text=A common misconception is that,addresses in the root zone.