Domain Name System (DNS) – demystifying system design concepts

Tram Ho

1.First of all

Domain Name System (DNS) is the underlying technology of the Internet. It translates human-readable domain names (eg ) to computer-readable IP addresses. This article explores DNS system design concepts and details its architecture, components, and domain name resolution process.

1.1. Importance of DNS

DNS is essential for the smooth functioning of the Internet. Without DNS, users would have to remember IP addresses to access websites, which is impractical and inefficient. DNS acts like a phone book, allowing users to access websites by domain name and computers to communicate by IP address.

2. DNS architecture

The architecture of DNS is a hierarchical, distributed database system that spans the Internet. It is a combination of servers, resolvers, and databases that work together to resolve domain names to IP addresses.

2.1. Components of the DNS Architecture

The main components of DNS architecture are:

  • Domain Namespace : A hierarchical tree structure of domain names, with each node representing a domain.
  • DNS Server : A server that stores and manages domain name records.
  • DNS Resolver : Software running on a client device that queries DNS servers to resolve domain names.
  • Resource Record (RR) : A database entry that maps a domain name to an IP address and related information.

2.2. Types of DNS Servers

There are three main types of DNS servers.

  • Root Server : The server at the top of the DNS hierarchy that manages top-level domains (TLDs) such as .com, .org, and .net.
  • Top Level Domain (TLD) Server : A server that manages domain information for a specific TLD such as .com, .org, .net.
  • Authoritative nameserver : A server that holds complete information for a particular domain. Also includes subdomains and related IP addresses.

3. DNS query and resolution process

The process of translating domain names into IP addresses is called DNS resolution. This section describes the steps involved in the DNS resolution process.

3.1. Recursive DNS Queries

When a client tries to resolve a domain name, it sends a DNS query to a DNS resolver. Resolvers go through a series of steps to find the IP address of a requested domain. This is called a recursive query. This is because resolvers perform all the steps necessary to resolve a domain name.

  • Ask Root Servers : The resolver will ask the root servers for the TLD servers for the requested domain.
  • Ask TLD Server : The resolver will ask the TLD server for authoritative nameservers for the requested domain.
  • Ask authoritative nameservers : The resolver will ask authoritative nameservers for the IP address of the requested domain.
  • Return IP address : The resolver returns an IP address to the client.

3.2. Repetitive DNS Queries

Instead of recursive queries, we have iterative queries. The client performs each step of the resolution process. This reduces the load on the DNS resolver, but requires more effort from the client.

  • Ask Root Servers : The client will ask the root servers for the TLD servers for the requested domain.
  • Ask TLD Server : The client asks the TLD server for authoritative nameservers for the requested domain.
  • Ask authoritative nameserver : The client asks an authoritative nameserver for the IP address of the requested domain.
  • Return IP address : The authoritative name server returns the IP address to the client.

4. DNS cache

To improve the efficiency of the DNS resolution process and reduce the load on DNS servers, DNS resolvers and clients cache the results of previous queries. This allows subsequent requests to the same domain to respond quickly without repeating the entire resolution process.

4.1. Resolver Cache

When a DNS resolver successfully resolves a domain name, it caches the result. If the resolver receives a request to the same domain within the cached record’s Time to Live (TTL) period, it can return the cached IP address instead of making a new resolution.

4.2. Client Cache

Client devices can also cache DNS results locally. This reduces the need to contact DNS resolvers on subsequent requests to the same domain. Like resolver caches, client caches respect the TTL of cached records.

5. DNS security

As a critical component of the Internet infrastructure, DNS is subject to various security threats. This section describes major security concerns related to DNS and measures to mitigate them.

5.1. DNS Spoofing and Cache Poisoning

DNS spoofing, or cache poisoning, is an attack in which a malicious actor provides bogus DNS information to resolvers to cache and return incorrect IP addresses to clients. To mitigate this risk, DNS resolvers implement security measures such as randomizing query IDs and using DNSSEC (Domain Name System Security Extensions) to verify the authenticity of DNS data.


DNSSEC is an extension that digitally signs DNS, allowing you to verify the authenticity of DNS data. This allows DNS resolvers to verify the authenticity of DNS data received from authoritative nameservers, ensuring that the data has not been tampered with.

6. Summary

The Domain Name System (DNS) is an important part of the Internet, making it possible to access websites with human-readable domain names. By understanding DNS system design concepts, you can better understand how DNS supports the smooth functioning of the Internet.

By implementing security measures such as DNSSEC and leveraging caching to improve efficiency, DNS continues to adapt to the changing conditions of the Internet. As the Internet grows and evolves, DNS will continue to be a key factor in connecting users to the wealth of resources available online.


I am always indebted. I hope you enjoyed this article and learned something new.

See you in the next article! If you like this article, please hit “LIKE” and subscribe to support me. thank you very much.


Share the news now

Source : Viblo