DNS is probably the hardest technology to understand in regard to web hosting. Is quite simple but requires some effort and testing to see with your own eyes what happens under the hood.
The Domain Name System (DNS) began as a translator of IPs to domain names and the other way around. Nowadays is more than that, it is used to secure the internet, specially the email exchange activity.
First of all, is important to clarify that DNS and NS are differente things but almost the same thing at the same time. A Name Server (NS) is a server that stores records and responds to queries and also do queries to other name servers if necessary. DNS is the system of multiple NS communicating between each other. A correct system of name servers always have two or more name servers for the same purpose to reduce the probability of having the internet down.
The DNS communication is a sequence of questions and answers in order to find the final result. The final result is IP of the machine that serves the service we are asking for. It can be HTTP, FTP, IMAP, SMTP or any other internet service. So lets dig into the sequence of requests.
Firstly a device (computer, mobile phone or other) requests a domain name throught its browser, that request goes to the closest router in the network that is configured with a DNS server to speak with. The router looks at the TLD of the domain name and asks the DNS server for the Authoritative Name Server of that TLD. Let’s supose the domain we are talking about is example.com, the Router will ask the DNS (usually the ISP DNS) which Name Server is the owner of the .COM termination. Each TLD is owned by some entity that knows throught their name servers database exactly who is the Domain Name Registrar that currently owns a specific domain name. In this case the authoritative name server of .COM will tell the ISP DNS which DNS Registrar contains the information about the domain name example.com. In its turn the ISP DNS will let the router know the IP of the Registrar and another request will be done by the router to the registrar in order to know the final name servers for the website itself. After receiving a response with their IPs a final step is done from the router, asking the domain name servers where is the domain web server IP. The most common steps (requests) are the following but can vary:
- Browser -> Router
- Router -> ISP
- ISP -> .COM
- .COM -> ISP (responds the Registrar IP)
- ISP -> Router
- Router -> Registrar
- Registrar -> Router (responds the domain name servers)
- Router -> domain NS
- domain NS -> Router (responds the web server)
- Router -> Web Server
- Web Server -> Router (responds the content of website)
- Router -> Browser
When registering a domain name there is an obligation to set it with two name servers or more. Each name server must have its own IP address and should be in different geographical locations in the globe. The reason why multiple name servers are used is for redundancy, because if for some reason one name server is down the other can still respond to the requests.
With this information we can understand that by asking the browser to open example.com we are generating a few requests forth and back until the browser starts “speaking” to the web hosting server, being the last step the request to the name servers associated to the domain name and provided by the registrar.
When configuring a web hosting server it has an associated IP address where the website will be hosted and can also run a DNS service or use an external DNS service like CloudFlare. A web hosting server can be managed by command line or with help of a control panel like HestiaCP or other. The control panel has its own DNS server service that can be used to resolve the requests but some system administrators prefer to use CloudFlare because of its anti DDOS capabilities. As stated before, upon a domain name purchase the name servers must be set, but they can be updated any time, however it might take up to 72 hours to propagate the change to all the authoritative name servers around the world. Usually four to six hours is enough for that propagation but you should allways keep in mind that can take up to three days. To check if the propagation is done, the use of DNS Checker is recommended.
If you configure your domain name with CloudFlare name servers the HestiaCP name server will not be used because they are in different networks and do not communicate to each other. CloudFlare has its own network (cluster) of name servers that will respond to the queries about the location of your web hosting server with possibility to use their proxy server to hide your server IP, protecting the server even more from possible attackers. This means that any DNS records in the control panel are not used at all, so if you need to deploy a sub domain or configure a mail domain, you have to create the respective DNS records on CloudFlare.
If you want to use your own name server custom names to provide your customers a more professional look, a DNS cluster must be setup. A DNS cluster is your own network of DNS like CloudFlare. For such network you will need two or more servers with the control panel installed and configure them as a cluster. Each control panel as its own way to be configured but also have documentation for it so make sure you read the DNS docs of your control panel and you should be fine. It usually requires a small configuration on each server by selecting a specific DNS template and open an API communication between the name servers and the hosting server for DNS zone replication.
The DNS system works with records that have different terminologies depending on the purpose of the request. For example, to open a website, a query is done with an A record for IPv4 or AAAA record for IPv6 depending if the server is configured for one or other technology or both. Since the born of internet that emails are the main human communication tool to exchange text and data between each other but with such tool a minor issue also appeared. The name of that issue is email SPAM and to mitigate such incovinience some rules been defined. DNS has a very important role in protecting the internet from SPAM, by setting some DNS specific records on its TXT variation. Those records contain information about which servers are allowed to send emails on behalf of a specific domain name so please always use SPF, DKIM and DMARC TXT records when configuring your email server for a better internet for all of us.
If you have any questions, just comment and I will do my best to help you.
Join our Discord Server 
Leave a Reply