El system DNS It is one of the fundamental technologies in the functioning of the Internet as we know it now. Thanks to this system, we can access the IP address of the server we want to access through the Internet. It acts as if it were a phone book or platform that is dedicated to translating the names of a website into an IP with which to locate the web server. This allows users to quickly and easily access services hosted on servers connected to the Internet. DNS are also known as name server or name server.
When we connect to the Internet, our ISP (Internet service provider) assigns us a IP address. This address can be a series of 12 numbers (in the case of IPv4) or 32 characters in hexadecimal format (in the case of IPv6). In both cases, a pc can easily handle these address formats. On the other hand, for a person this would not be an easy task.
It is very difficult to memorize, for example, an address like 126.96.36.199which is the address Google IPv4. Or the address 188.8.131.52, which corresponds to the address Bit4Me Academy IPv2. Things get more complicated when, as users, we access various websites and services. And it becomes quite a challenge when the addresses of those services are dynamic (they change with the passing of the days).
Faced with this situation, the best way is to have a database of domain names to which it relates to an IP address. Domain names are easier to remember and make it easier for us to navigate the Internet. For example, writing Wikipedia.com is not the same as writing 184.108.40.206.
The operating infrastructure of this type of server is divided into a series of layers with well-defined functions. These layers are responsible for registering, requesting and resolving domain names.
These operating layers are as follows:
Layer # 1: Clients or resolvers
This is the first layer of DNS operation. This is the closest to the users' computers. The main role of DNS clients is to make queries to resolve domains to DNS servers.. That is, they are responsible for requesting the information so that we can navigate the Internet solving the domains.
Every operating system with the ability to connect to the Internet has the functions of these clients. This is so in order to facilitate navigation on the network. The tasks of these clients are:
Interrogate the DNS server for the domains that the user accesses.
Interpret DNS server responses on requested domains.
Return the information to the program that made the request (web browsers, P2P programs, among others).
Generally these clients apply certain techniques such as DNS cache, to allow browsing to be much faster. This is because the requests correctly answered by the DNS server are stored locally. In this way, name resolution takes much less time than sending information to a remote server and waiting for its response.
Other capabilities displayed by these clients are DNS-over-TLS (DNS using TLS) Y DNSSEC (DNS Security Extensions). Both are layers of security that depend on a bipartite operation (server and client must support the options). This seeks to prevent DNS traffic from being scanned or corrupted by malicious third parties. In the case of DNS-over-TLS, it encrypts the client's connection to remote servers. While DNSSEC cryptographically secures responses from DNS servers, thanks to an asymmetric encryption system.
Another function of clients is to serve as cache memory for DNS. With this feature, clients seek to more quickly resolve server addresses and provide users with a smoother browsing experience.
Layer # 2: Servers
DNS servers are computers that they answer requests and resolve domain names using a tree-structured system. These servers have a database with domain names and their corresponding registered IP address. In this way, each time a DNS client makes a request (query), the server receives it, searches the domain in question in its database and sends a response. This response is the IP address of the domain from which the client has requested information. Thanks to this operation, we can safely browse the Internet by writing simple names in our browsers.
These servers are generally connected to the Internet using static IP addresses (they never change). These IP addresses are the ones that are normally configured automatically when we connect to the Internet through our ISP. However, we can also change them to addresses of other IP servers of our liking. An example of this is the IP addresses 220.127.116.11 and 18.104.22.168. Both addresses correspond to the DNS of the service Google DNS. There is also the possibility of using the addresses 22.214.171.124 and 126.96.36.199 of Cloudflare DNS , the latter with support for DNSSEC and DNS-over-TLS. On the other hand, it is also important to highlight that there are public and private DNS servers.
In this case, we can see that the security options must be provided on the server side to have them. It is useless to have a DNS client with DNSSEC support, if the server does not offer support for it. This lack of features is just one of the many shortcomings of the client-server model. A centralized model that lends itself to actions such as espionage, phishing or censorship.
DNS servers are normally built by very simple software, so they lack a graphical control panel. This in order to create a robust piece of software, with very little consumption and that supports a large number of requests per second.
Layer # 3: Zones of Authority
Due to the tree structure on which the DNS system has been designed, it could be subdivided. Each of these divisions is called the Authority Zones. An authority zone is a complete database for a sub-tree that is part of the root tree of the DNS system.
Each zone is under one authority and can delegate the management of a part of the tree. The source of the DNS tree contains the root zone containing the delegations for the TLDs (top level domain). Each TLD would in turn constitute a DNS zone, as would second level domains, and so on. Each of these zones may be under a different authority. These servers or groups of them are the ones that, for example, handle the name resolution of subdomains like .es or .org. In a nutshell, these zones are the ones that delimit the record types and domains of a DNS server.
How does DNS work?
Thanks to the operation of DNS we are able to access the large number of resources that are available on the Internet. Understanding how this system works will help us to understand a little more the technological wonder that interconnects the world.
Importance of DNS in Internet infrastructure
At this point we can say that the usefulness and importance of DNS is unquestionable. Thanks to the DNS infrastructure, we can enjoy the Internet and its services. Facilitating user access to platforms is key to their massification, and at this point DNS has perfectly complied with this premise. The fact that we only have to write the name of a domain (for example, bit2me.com) and reach the site is very relevant. Especially, when the initial option is to write a series of numbers or very cryptic hexadecimal characters.
In addition, the opening and distribution of the system allows the Internet to grow continuously. For example, a company can create a DNS server that can be used to resolve its internal resources. But at the same time, it is capable of solving (or not) the external resources of that same company (own or not). This flexibility is unique and is one of the reasons for the rapid and continuous growth of the network.
However, despite its importance, the centralized and authoritative scheme has caused serious problems. For example, tampering with DNS records is the most common form of censorship in the world. Governments around the world apply it to prevent certain websites or services from being accessed from a certain territory. Faced with this situation, we can see why it is also important to have decentralized options that avoid this type of action. Not only in order to grant freedom, but also to provide more transparency and more universal access.
Decentralized or distributed?
We usually say that DNS is'centralized'because it has a centralized client-server component. It also has a central point through which to fail. This weak point lies in the management of its root structure, carried out by IANA/ICANN.
On the other hand, DNS is also a system distributed since it involves a multitude of computers throughout the world. This is why, like most networks, DNS is a distributed system.
How the blockchain can help improve them?
Technology blockchain It has demonstrated great abilities to transform different scenarios in today's world. And precisely one of those scenarios is the technology behind DNS. The centralized, authority-based and cryptographically weak structure of the current system has proven to be insufficient. The ease of carrying out attacks denial of services it's creepy. But it is not the only thing that can be done. The fact, for example, that normally the requests of our teams are made in plain text and without the use of the cryptography, is already of concern. Anyone with knowledge can spy on what we do with our equipment (computers or smartphones). In fact, they can redirect our navigation to sites with the ability to steal our data without realizing it until it is too late. Faced with this situation, the blockchain stands as a way to definitively solve these problems.
A DNS service over blockchain would be cryptographically secure, decentralized, authorityless, attack resistant, immutable, and non-censurable. That is by far better than what we have now with the current DNS service. A good example of this type of system can be seen in Namecoin, a blockchain dedicated to becoming a DNS system working on blockchain technology.
Considering this it is understandable to say that blockchain technology can help improve DNS technology. Improvements in favor of security, privacy and non-censorship by power groups.
How much do you know, cryptonuta?
Was the creation of DNS services crucial for the massification of the Internet and the services associated with it?
Thanks to the creation and implementation of DNS services, the Internet had the necessary tools to become a massive network. The fact of being able to locate websites, services and more using simple and easy to remember names was vital to massify the Internet and make it what it is today.
Advantages and disadvantages
The system is easy to implement and scale. The ability to create replicas, balance network loads, and be fault tolerant has made DNS a cornerstone of the Internet.
It requires little computing power. Receiving and replying to DNS clients is not computationally expensive work. Due to this, the hardware needs to establish massive DNS services is low.
The impact on navigation is minimal. Normally a well configured DNS service takes less than 1 second to respond. In this way, the impact in time for the connection establishment between the user and the final machine is kept to a minimum.
It offers a service that “stabilizes” access to services on the Internet. Many servers on the Internet offer their services using dynamic IP addresses. This means that their IP addresses change within a few hours or days. However, despite this the service can update the IP records of a domain. Thanks to this, the domain name will point to the new IP and we can continue accessing it using it.
Its centralized scheme makes it especially vulnerable. A malicious actor for example can intercept the communications between the client and the server and alter it. With this, it manages to redirect the client (user) to where they want and can steal data.
The system by default sends information in plain text without encryption. When DNS was born the concern for security was minimal and the use of encryption was reserved. For this reason, DNS is a protocol that sends and receives information in plain text. Anyone can intercept the communication and know what we ask (as clients) and what the server responds to us.
It is not decentralized and its cryptographic security is complex to implement. This means, for example, that the system is not resistant to denial of service attacks. In addition, its protection capacity is complex and this prevents its use from becoming widespread. This is the main reason why DNS-over-TLS and DNSSEC are not widely used.