What is a Domain Name System and How it Works?

Think of a phone directory and the number of listings it has. Did you ever try to remember a whole bunch of list other than a few phone numbers which belong to your family?

It might sound complicated as it is nearly impossible to do so.

However, you must be quite aware of lots of website names. This is because a Domain Name Server turns an IP address into a more human-friendly name which is easier to read, understand and remember.

Hence a Domain Name System simply converts these names into numbers which makes it easier to communicate with a computer system. Therefore an IP address 176.317.34.196 with the help of a DNS may turn this entire number into a more human-friendly and, easy to remember the name (such as www.thevpnexperts.com). This acts vice versa.

But here’s the catch, what numbers or IP address go with which name is decided by a DNS. And in the case of a user, this DNS server is provided ISP (Internet Service Provider). Therefore an Internet Service Provider finds an IP address for your desired domain name and renders the results on your screen in the form of a website.

To make it more understandable, the process always ensures the following takes place:

  1. You type a web address in your browser, which passes on the details to the ISP regarding the website you are trying to access.
  2. Your computer will contact the DNS server which then brings the IP address for that domain name.
  3. The time when this activity happens is also recorded.

Therefore an ISP can see the following:

  1. Your IP address.
  2. The website you are trying to visit.
  3. The time you have conducted that activity.

Types of DNS servers and records

types-of-DNS-servers

In order to resolve an IP address into a hostname (website name) there are 3 types of Domain Name Servers in use:

  1. DNS Resolver
  2. DNS Root Server
  3. Authoritative DNS Server

1. DNS Resolver/Recursive Resolver

The recursive resolver is responsible for receiving the Domain Name Server queries (DNS queries) which include the website name and tracks back the IP address for that hostname.

2. DNS Root Server

It begins with the root server, travelling from hostname to the IP address. For example, www.thevpnexperts.com; the details are provided for .com via TLD Name Server. There are in total 13 root servers across the globe.

3. Authoritative DNS Server

It is the last step in the whole journey where the name server query is given the hostname which returns the correct IP address to the DNS Resolver.

How to conduct a DNS leak test?

Only if you have sound knowledge about how the internet and domain name servers work, then only conducting a DNS leak test will come in handy. In order to conduct a DNS leak test, paste the URL https://www.dnsleaktest.com/; in your Chrome, Firefox or any browser you are using.

Usually, your ISP dedicates their users a DNS server which is controlled and logged by them. And obviously, you wouldn’t want your activity to be monitored or recorded. This DNS server is contacted by your computer whenever you try to open a website on your desktop or mobile browser.

dns leak test

The standard test will determine your IP address, hostname, your current location and the location of your ISP. Considering if you are using a VPN service, then you must ensure the test does not shows your current location but the virtual server location provided by the VPN service you are using.

How to ensure protection if a DNS leaks data?

So far you must have the idea that a lot of what you do over the internet is either logged or monitored willingly or unwillingly. Therefore the only two possible way outs to ensure protection if your DNS leaks data are:

  1. Using Smart DNS
  2. Using a VPN

1. Using Smart DNS for encrypting your internet activity

Smart DNS is kind of a proxy, which is attained by paying to companies who directs a user’s traffic through a virtual location to access the content the user is trying to access.

But this does not change or mask the user’s IP address, from the ISP.

2. Using a VPN to protect from DNS leaks

Virtual Private Network is a software program that provides security and privacy. When a VPN is in place, the IP address and the DNS server dedicated to a user are masked by a virtual location picked by the user. Therefore a VPN creates an encrypted tunnel between the user and the ISP, and whatever happens within the tunnel stays in the tunnel.

However, among the two, VPN and Smart DNS, a VPN service always comes in handy when privacy, encryption, and geo-blocking are a major concern. But a service like this will slow down your internet speed as your entire traffic will be routed through a totally different location.

Whereas a Smart DNS does not ensure privacy and security but will help in unblocking geo-restricted content without affecting your connection speed. This is because a Smart DNS will only route certain parts of your internet traffic through a Domain Name Server.

It must be noted that not always VPNs act as a silver bullet while protecting your identity. As found out by a paper published in 2015;

“A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients”

It clearly suggests that there are IPv6 leaks and DNS hijacking possible within popular VPN services.

There do your due diligence in picking up a secure VPN service for maximum online privacy.

About Sebastian Riley

Sebastian Riley is a cyberlibertarian activist and an internet freedom fighter who strongly believes in an unsegregated and uncensored internet. With a cybersecurity degree, Sebastian is a professional bug hunter and a freelance opensource penetration tester.