Domain Name System (DNS): How Internet Address Books Work

A domain name system (DNS) acts as a bridge between us and the internet, translating the human-friendly domain names we type into the numeric IP addresses that computers understand. 

The process happens quickly, empowering you to browse the internet smoothly. However, security risks like DNS cache poisoning can compromise performance. Many organizations use DNS security solutions to fix vulnerabilities that might lead to larger cyber attacks. 

Let’s understand DNS in detail and explore how it simplifies working with the internet. 

While communication on the internet happens through IP addresses, these long numeric series can be tricky to remember. The domain name system eliminates the need to memorize these IP addresses by automatically connecting you to the site when you type in its name. 

When a user requests to visit a website, the DNS server translates the request into relevant IP addresses. They control the server an end user will reach when requesting. This request is called a query. When there are multiple user requests, the domain name system distributes the load to ensure the website is up and running. 

DNS also routes emails and other data to the right server, certifying information reaches the right destination. 

How does DNS work?

When you open a web browser and enter a website's name, your request goes through four servers before you get the IP address. These servers work together to make sure that the IP address you get is accurate. 

The four servers are: 

• A DNS recursor, or a DNS resolver, receives the initial query from the DNS client. It acts as a client on your behalf, sending queries to the next three DNS servers. The recursive DNS server will first check the cache memory to see if the IP address corresponds to the domain name. If not, it conducts the process of acquiring the accurate IP address. 
• Root nameservers answer requests for records in the root zone by directing the resolver to authoritative servers responsible for the correct TLD. 
• Top-level domain (TLD) nameservers hold the second-level domain’s IP address within the TLD name. The website's IP address is released when a query is sent to the domain's nameserver. 
• Authoritative nameservers finally answer your DNS query. There are two types: primary or master server and secondary or slave server, with the latter acting as a backup in case the master server collapses. Authoritative servers return necessary records to the DNS resolver to share with the client and cache them closer to the client for future queries. If you look at it in detail, the recursive server works between an authoritative server and an end-user. The authoritative name servers record domain names and the IP addresses that go with them. 

Types of DNS queries

There are three common types of DNS queries: 

• Recursive DNS queries are between recursive servers and the client. They are usually answered by a full name resolution or an error message stating that the domain could not be found. 
• Iterative DNS queries are between local DNS servers and nonlocal nameservers like authoritative nameservers and TLD. Iterative queries don’t demand a name resolution, but they may get a referral from the nameservers to the TLD or authoritative nameservers. 
• Nonrecursive DNS queries find their answers cached on the recursive server. Alternatively, the recursive server can skip the root and TLD servers and directly go to the authoritative nameservers. 

DNS security

Several vulnerabilities risk DNS security, one of the most concerning being DNS cache poisoning or DNS spoofing. The attackers insert a false address record in the resolver’s cache. Due to this, the resolver returns an incorrect IP address, redirecting users to malicious sites. 

There are various other security risks affecting DNS servers, including: 

• DNS amplification attacks are a type of distributed denial-of-service (DDoS) attack in which attackers send small queries to DNS servers that return addresses spoofed to a victim’s IP address. The servers respond with larger responses, sending ample traffic to the victim and exhausting DNS servers’ resources.
• DNS tunneling exploits the underlying DNS protocol. It relays malware commands or exfiltrates data from a compromised network. The malware payload is encoded within queries and responses that seem legitimate. 
• Domain hijacking allows an attacker to gain unauthorized access to a domain registrar account and modify a domain’s registration details. This technique lets threat actors redirect traffic to malicious servers.

Top 5 DNS security solutions

DNS security solutions redirect traffic through filters that detect malware signatures and other malicious threat actors. These solutions help businesses to protect employee’s endpoint devices and servers. They block harmful content encapsulated within domain traffic while preventing employees from accessing unapproved content. 

DNS security software detects and mitigates DDoS attacks, which often target DNS servers. However, DDoS comes in many forms, and you might need a comprehensive DDoS protection functionality to avoid major downtime. 

To be included in the DNS Security software list, a product must:

• Block high-risk traffic at the DNS level
• Monitor traffic for dangerous sites and scan content for malware
• Classify end users, endpoints, and digital content.

 * These are the leading DNS security solutions from G2’s Summer 2024 Grid Report. Some reviews might have been edited for clarity. 

1. Cisco Umbrella

Cisco Umbrella offers cloud-based DNS security that protects against malicious threats and internet activity by filtering traffic at the DNS level. It is the first line of defense, blocking threats before they reach the network. With real-time threat intelligence, it monitors and prevents access to malicious domains, IPs, and uniform resource locators (URLs).

What users like best:

“Cisco Umbrella offers an intuitive and easy-to-use management platform. The policies are easy to build and construct, and deploying to on-prem and mobile users can be done in minutes.” 

- Cisco Umbrella Review, Kevin A. 

What users dislike:

“Cisco Umbrella can be costly, particularly for small to medium-sized businesses with limited budgets. The pricing model may be prohibitive for some organizations.”

- Cisco Umbrella Review, Goutam D.

2. Cloudflare Application Security and Performance

Cloudflare Application Security and Performance protects websites against DDoS attacks while improving a website's performance with a content delivery network (CDN). It ensures fast load time while safeguarding sensitive information. 

What users like best:

“Cloudflare has been great in securing and managing our domains and sites from one simple dashboard. It has reliably provided great uptime and performance analytics to our websites. Many more tools, like speed testing, DNS records, caching, routes, and more, help us monitor our site and user experience. Their customer support is also as fast as their speed.”

- Cloudflare Application Security and Performance Review, Rahul S.

What users dislike:

“If your implementation goes well, it's fine. However, if you are in trouble, the support doc is useless. You pay for the pro plan to try to get some technician support. No one cares about your business or service, even if you identify it as a P1 urgency. My project was down, and could not get anyone to help me when I identified it as a high-impact ticket.”

- Cloudflare Application Security and Performance Review, Andrew Z.

3. DNSFilter

DNSFilter identifies and blocks malicious websites in real time, helping users protect against phishing attacks, malware, and ransomware. The software offers detailed reporting and analytics, giving in-depth insights into website traffic and security threats. 

What users like best:

“DNSFilter is extremely quick. Configuration was easy, and the universal block/allow lists were great. Can upload domain names in CSV format. Reports are detailed and have a very nice layout. A lot of design went into DNSFilter, and it shows. Way better than its competitors. Last but not least, DNSFilter's support staff is excellent. I've chatted with them online several times, and they promptly respond to emails. DNSFilter also maintains a feature list with updates to show where in development certain feature requests are.”

- DNSFilter Review, Marvin Eric N.

What users dislike:

“DNSFilter doesn't seem to have it all together. They do not seem to care about MSPs, at least not us. Billing is a pain, and when I attempt to work with their billing department or my account rep, I don't get a solid answer. Based on how much money is going into marketing, I assume they're trying to boost revenue for a sale shortly. VPN use with the agent is a hard no. 

This causes users to have issues accessing sites they usually would. Support does not provide a workaround for this. Overall, the support is pretty good and quick to respond to; however, if an issue has to be worked on by the developers, you're pretty much out of luck for a quick fix. Overall, I wouldn't recommend it to other MSPs.”

- DNSFilter Review, Matt C. 

4. Infoblox NIOS

Infoblox NIOS offers DNS and IP address management solutions to improve network security and reliability. The solution integrates security features that detect and mitigate DNS-based attacks, such as cache poisoning and DDoS. With real-time data and automation, organizations reduce configuration errors, improving overall security posture. 

What users like best:

“It is a flexible tool that can be integrated into any network environment. Its reports are complete and editable. It also has a very friendly environment that lets you see what is connected to your network.”

- Infoblox NIOS Review, Erick Salvador P.

What users dislike:

“Even though Infoblox provides robust DNS, Dynamic Host Configuration Protocol (DHCP), and IP address management (DDI) services and in terms of functionality, they are much farther from their competitors. The drawback here is how they price their product. The cost of their solution is directly proportional to their development. We are having difficulty positioning their product because of the higher cost. Sometimes, we prefer to offer another solution that can comply with clients' budgets.”

- Infoblox NIOS Review, Mark Razel M. 

5. BloxOne DDI

BloxOne DDI is Infoblox's cloud-native DNS, DHCP, and IP address management (IPAM) solution. It improves network security and agility and offers centralized management across hybrid environments, helping to streamline network operations.  

What users like best:

“BloxOne is easy to manage and user-friendly. Unlike other top DDI products like BlueCat and InfoBlock, It stands out.”

- BloxOne DDI Review, Narayan D. 

What users dislike:

“Its ability to retrieve DDI configuration from on-premise gridmaster.”

- BloxOne DDI Review, Sanchit M.

Keep DNS safe and secure

Secure DNS keeps our online activities smooth and safe. It allows us to get the correct and genuine IP addresses for servers we look for in our DNS queries. Security improvements for DNS infrastructure will support a better and safer internet experience for everyone. 

Ready to safeguard DNS from malicious exploits? 

Discover the top free DNS security solutions for mitigating DNS attacks and security threats in your company.

Edited by Monishka Agrawal