This short post is about how a DNS resolver works. I also quickly cover the best way to obtain a DNS resolving service.
Please note that I am not going into the specifics on how to setup a DNS resolver. There are plenty of online tutorials for you to follow if you wish to pursue that option.
What is a DNS resolver? Simply put, a DNS resolver contacts a domain name’s DNS server and asks it for information.
A DNS resolver will also do something called caching. When a DNS resolver caches, it is “remembering” the information it previously obtained from a DNS server.
A DNS resolver that caches can save a lot of time that would be wasted looking up a domain name that had just been looked up earlier.
DNS caching is like writing down information on a sticky note, so you can quickly look at it later, instead of having to ask the person for the info all over again.
Here is a simplified example of how a DNS resolver works:
1. Alex types into his web browser example.com
2. Alex’s web browser then contacts the DNS resolver (that his computer is set to use).
3. The DNS resolver goes to a root server and get the IP address for the TLD (e.g. com, net, org, etc.) server it needs to access.
3. The DNS resolver then goes to ns1.example.com (the DNS name-server that the TLD server provided), and asks the name-server for the IP address of example.com
4. The DNS resolver then relays the information it receives to Alex’s computer. In addition, the DNS resolver caches the retrieved information for later use.
5. Alex’s web browser now knows where example.com is located (the IP address), and starts retrieving the website.
There are typically three different ways people get a DNS resolving service.
ISP: People can make use of their ISP’s (Internet Service Provider’s) DNS resolver. I suspect most home users use this option.
Free Third Party: People can use a free third-party DNS resolver (e.g. Google [126.96.36.199, 188.8.131.52] or CloudFlare DNS [184.108.40.206, 220.127.116.11] resolver services). This can be a good alternative for people who have slow, unreliable ISP resolvers.
Self-Hosted: People can also choose to host their own DNS resolver at their home/office (e.g. Unbound DNS server on a Linux or FreeBSD box, and yes, Windows boxes too 🙂 ).
Now which way is the best? Well that is ultimately up to you, but here are my opinions on the matter.
Using your ISP’s DNS resolver is the “best choice” for most home internet users, since they are already using it anyway and their ISP can give direct support if their customers ever experience issues resolving domain names.
Using a third party DNS resolver can potentially help resolve domain names faster than your local ISP’s servers (e.g. CloudFlare’s DNS resolver is considered fast when compared to other ISP’s and third party services).
However, something to keep in mind is that if you have any issues with a third-party DNS resolver, your ISP has no obligation to help you troubleshoot your issues you may encounter.
Also any non-self-hosted DNS resolver can potentially be logging your DNS lookups. Even if they claim that they do not keep personally identifying logs, you can not be totally sure of that, and you are taking their word for it.
Finally about self-hosted DNS resolvers. These are the trickiest of the three to use for the average home Internet user, since they have to maintain a server. However a properly setup self-hosted DNS resolver, in my opinion, is the most secured setup.
You have the control over the server that looks up domain names for you, not someone else who may have malicious intentions. However hosting your own DNS resolver may cause the initial DNS lookup (before the caching takes place) to be slower than using a fast third-party DNS resolver.
ISP/Third-Party DNS Resolver: faster lookups / less secure
Self-Hosted DNS Resolver: slower lookups / more secure
Posted in Computers, Internet and Servers, Operating Systems