DNS (Domain Name System) is the system that translates an Internet or Host name (that is easier for people to remember) to an IP address. In this article we’ll describe how DNS works, what port numbers are used for DNS protocol etc so keep reading for all info below.
Table of Contents
What is DNS
A Domain Name could be for example http://networks-trainingwp.8rkhfrrwpy-e9249nqvk6kr.p.runcloud.link (i.e the website you are reading right now) that the DNS translates to an IP address (example 18.104.22.168).
Keep in mind that every domain name on the Internet must be associated with an IP address (either IPv4 or IPv6). This is required in order to reach this domain (i.e the webserver hosting the domain) over the Internet. Note that all TCP/IP communication is based on IP addresses.
If the address is registered in a reverse lookup zone, the IP address is translated back to the DNS name and it is called “reverse DNS lookup” or simply r-DNS.
A DNS system consists of two parts: a server and a resolver. The server keeps information about which DNS names correspond to which IP addresses. A Resolver is the software on the DNS client who is asking the server for information.
Therefore, a DNS server contains mappings/associations of Domain Names to IP addresses. If a specific DNS server does not know the IP address of a domain, it will ask a different DNS server (the authoritative server) to find out the correct IP-to-Domain mapping.
A DNS name consists of a host (e.g www means it is a webserver) and domain (e.g networkstraining.com). Domains are unique and are recorded in global databases.
How DNS Works
The image above shows a simple operation of how domain name system works to provide the IP address of a website.
Let’s see that below:
- A user (shown as computer host on the top left) opens a browser and wants to visit website
- Every computer as we know has some network settings configured. These network settings (configured to its Ethernet card or WiFi card) include the IP address of the computer itself and also the IP address of the DNS server (for example this DNS server address can be given to you from your ISP or you can use well known Internet DNS servers such as the Google server which is 22.214.171.124)
- The computer that wants to visit the above website does not know yet the IP address of
abcd.com. Therefore, it will ask its DNS server “what is the IP address of abcd.com ?” as shown on the picture above.
- The DNS server will reply back to the computer with an answer “The IP address of abcd.com is 126.96.36.199” for example.
- Therefore, now the user’s computer will start sending packets to the above IP address which corresponds to the website that the user wants to visit.
- Note that if the DNS server above does not know the IP address of the specific domain, it will ask other DNS servers on the Internet (authoritative servers) to learn the address and then forward it to the end user.
What is DNS Port Number
DNS uses both TCP and UDP port 53
The most frequently used port for DNS is UDP 53. This is used when a client device (e.g a computer, smartphone etc) communicates with a DNS server in order to resolve a specific domain name (as described above). Keep in mind that when using UDP 53 for DNS, the maximum size of the query packet is 512 bytes which might not be enough as we will see below.
TCP 53 is used mainly for Zone Transfers (see explanation below) and also when the query exceeds 512 bytes. This is valid when DNSSEC is used which adds extra overhead to the DNS query (cryptographic keys, signatures etc). Also, now with IPv6, the query reply packets can also get bigger than 512 bytes.
How to allow DNS through Firewall
From the internal network, you should allow outbound traffic on both TCP and UDP ports 53 towards a trusted external DNS server (e.g the server provided by your ISP).
If you manage a firewall protecting a DNS server, you should allow UDP 53 from your clients and restrict TCP 53 only from other trusted DNS servers that you want to have zone transfers.
What are Zone Transfers
A Zone Transfer is replication of DNS records from one DNS server to another. This communication uses TCP port 53. Basically it is a fast way to replicate the DNS database of one server across to other servers. The DNS query type used for zone transfer is AXFR.
For security reasons, you must configure the DNS server (e.g BIND) to allow only zone transfers from other trusted servers ONLY. If you allow zone transfers from anyone, a hacker can request a zone transfer to your server and replicate all of its database to itself.
Different DNS Server Software
Here are the most popular DNS server software used in networks:
- BIND (open source and free)
- Microsoft DNS
- Big-IP DNS (from F5)
- CNR DNS (from Cisco)