Learn how the DNS resolution process enables network communication.
What is DNS?
The Domain Name System (DNS) maps IP addresses to hosts connected to either the public or private internet via a process called DNS resolution, making it an essential part of an organization’s infrastructure. It not only allows users to easily search for and access websites or other publicly available services, but also facilitates communication between hosts on a local network. In this article, we’ll look at how DNS resolution works, discuss some of its benefits and challenges, and identify key features to look for when choosing a DNS monitoring tool.
How does DNS resolution work?
Most hosts on a network (internal or external) have both a unique IP address and a hostname. Hostnames comprise the host’s local or subdomain(s), its parent domain name, and its domain extension (e.g., .com, .org, .net). Together, these segments provide hosts with an accessible identity for clients to interact with.
There are a number of third-party DNS providers available for the internet, including internet service providers and platforms like Google and Cloudflare. Enterprise-level providers can support private networks, though organizations also have the ability to spin up local DNS servers for greater control over their internal requests. When a client searches for a hostname—typically through a web browser—their network’s DNS provider executes a multi-step resolution process via the following four servers in order to find and return the appropriate IP address:
- DNS recursorServes as the middleman between a client and the other DNS servers, following a chain of referrals from each one until it locates the requested host’s IP address. The recursor will also cache information in order to respond faster to subsequent client requests.
- Root nameserverReceives the first request from the DNS recursor and sends back the appropriate top level domain (TLD) server, based on the queried host’s domain extension.
- TLD serverMaintains information for all domain names with the same domain extension. A TLD server receives the next request from the DNS recursor and responds with the appropriate authoritative nameserver.
- Authoritative nameserverStores the DNS records that map domain names to IP addresses. The authoritative nameserver responds to a DNS recursor’s final request with the queried hostname’s IP address. If the IP address is not available, the nameserver will throw an error.
As a final step in the DNS resolution process, the DNS recursor sends the IP address back to the client’s browser, allowing it to connect to and load the appropriate website or application.
Why is DNS important?
DNS has long been at the center of the internet, but it has also become a critical part of internal communication across today’s highly distributed and dynamic infrastructure. For example, Kubernetes environments regularly churn out IP addresses with each new deployment or autoscaling event, so organizations need greater control over their network in order to ensure communication between containers. DNS technologies like KubeDNS and CoreDNS, along with cloud-based services like Amazon Route 53, allow teams to deploy cloud-based, multi-regional services that are not only easily accessible but also reach more customers.
Challenges with DNS
DNS resolution issues are often the root cause of network outages. As modern infrastructure creates more complex and interconnected networks, a misconfiguration in a single DNS server, such as a missing or mistyped IP address in an authoritative server, can lead to cascading failures for all of the services that communicate with it. But resolution problems have historically been difficult to troubleshoot. For example, teams may need to investigate each server involved in a DNS lookup in order to pinpoint the root cause of an error. To complicate the matter further, DNS resolution issues are not limited to a particular server or environment; they can also result from client-side settings (e.g., browser versions) that organizations may not have visibility into.
Another major challenge stems from the consolidation of third-party DNS providers in recent years. Many high-traffic applications rely on the same provider, creating a single point of failure that can disrupt service on a global scale. Because of their central role in supporting both internal and external communication for a vast majority of organizations, DNS providers are primary targets for DDoS and cache poisoning attacks. In these cases, organizations are limited in their ability to mitigate an outage, especially if they rely on a single provider.
DNS monitoring tools
Given the complexities of monitoring DNS performance, it’s important to have end-to-end visibility into your network. When evaluating DNS monitoring tools, consider choosing one that enables you to:
- assess the health of all of your internal DNS servers in one place
- investigate client-side and security-related DNS resolution issues
- troubleshoot latency and errors for specific DNS servers
- correlate DNS performance with monitoring data from other servers
- detect irregularities in DNS record mapping and resolution times
Datadog’s unified platform supports all of these use cases and more. With Datadog NPM, you can monitor DNS servers across your environment in a single view and quickly surface any sudden changes in DNS performance. You can also correlate NPM data with Datadog Cloud Workload Security’s DNS-based threat detection rules, giving you full context for any targeted attacks on your DNS servers.
Additionally, Datadog Synthetic Monitoring’s DNS tests enable you to proactively monitor lookups for all of your DNS records and detect when one is misconfigured. For example, a sudden spike in DNS resolution times for a particular record could indicate an issue with an underlying server. If a DNS test detects a problem, it will generate a notification with more details for troubleshooting.
Datadog also integrates with popular DNS technologies, such as CoreDNS and Route53, so you can easily correlate DNS data with performance metrics from other services within your environment. Together, these tools give you a multi-faceted view into the DNS resolution process alongside the health of both the internal and external DNS services that support your applications and infrastructure.