Did you know that DNS helps power the internet?
The device you’re reading this post from is configured to communicate with a DNS server. It is responsible for translating a domain name such as corebear.net into an IP address.
That, in turn, allows your machine to receive the data needed to render this web page.
The purpose of this post is to help you break down this technology into digestible bites.
How does DNS power the internet?
DNS works by resolving domain names into IP addresses. A Top Level Domain (com, org, net, io) will be managed by a central authority. VeriSign handles the com TLD, for example. They, in turn, allow companies to purchase domains from them at an agreed-upon cost. Those same companies then offer domains to anyone who wants them.
In turn, the people who buy their domain, such as hello.com or example.com, will register their domains with a DNS provider like ClouDNS to make their infrastructure visible to anyone who asks.
DNSPerf is a website (not affiliated with Corebear) that showcases the performance of different providers.
As you can see, the main ones considered are Cloudflare, ClouDNS & Bunny CDN. Either one of those should be worthy. I personally would recommend ClouDNS, as that’s what Corebear uses.
Is DNS traffic encrypted?
By default, your DNS traffic is likely not encrypted, as it relies on the standard DNS port 53. This is equivalent to HTTP when comparing HTTPS and HTTP.
If you wish to switch to more secure options, I recommend reading up on DoH (DNS over HTTPS) or DoT (DNS over TLS).
What should I consider as an end-user?
If you value your privacy or simply like having choices, you may want to consider switching from your ISP’s DNS to another provider. You have a few options, such as:
- Cloudflare 1.1.1.1
- Quad9 9.9.9.9
- Google 8.8.8.8
These will typically respond faster, be more secure, and offer options that suit your needs. For example, Quad9 has additional filtering options that may be helpful.
What is DNS Time to Live?
You have TTL (time-to-live). This is a way for website owners to say, “Hey, here’s the IP address for example.com, and I want you to keep this result for 24 hours”.
This means the website owners need to consider the risk profile of this. As if your IP address changes or something happens, a lot of DNS servers will have a cached version of your record that hasn’t expired yet. Therefore, it’s best practice to change it to 10 minutes, for example, at least 24 hours before making the actual change to the record.
If you’re interested in learning more, please visit What is TTL.
Enterprise Scale
Imagine you’re a startup with 100,000 global users of your product. What happens if the web server hosting the website crashes? What if a bad deployment causes 25% of all users to have an error in their cart? This is now entering the territory that every serious enterprise has to account for.
DNS also enters this picture.
Enterprises often have to account for the following:
- How do my visitors know to communicate with the X server for US visitors or the Y server if they’re in Europe?
- What happens if my primary web server goes offline?
- What if my data centre has an outage?
Depending on the use cases involved, the answers may be:
- I failover to a different data centre in the same region.
- I configure my DNS to answer X server for US visitors and Y for Europeans.
- I set up monitoring & observe my infrastructure constantly, ready to react.
If this area interests you, please see the related posts at the bottom of the page.
Conclusion
This is a small glimpse into the world of DNS. I hope this post has been helpful!