DKIM record – Everything you need to know

DKIM record – What does it mean?

The DKIM record, or DomainKeys Identified Mail, is a security standard allowing domains to sign outgoing emails through cryptographic authentication. In this approach, domains can demonstrate that the emails arriving from their end are authentic. So they are trustworthy. The DKIM record also protects communications to stop tampering with them while in transit (sending server-recipient server).

How does it function?

In addition to collaborating with SPF and DMARC to create several layers of security for domains sending emails, DKIM is compatible with the current email infrastructure. When an email leaves the sender server, it is signed with a private key using public-key cryptography.

Then, in order to confirm the message’s origin and ensure that it was not altered in transit, recipient servers employ a public key that has been made available to a domain’s DNS. Finally, the email passes DKIM and is valid if the receiver server confirms the signature using the public key.

How to check DKIM record?

Advantages of utilizing DKIM record

  • DKIM is easily enabled. It is a self-certification mechanism. Therefore, three-party certification is not necessary for it to function.
  • It protects your users from forged emails. The DKIM record guards against forgery and modification of the emails you send from its email server. DKIM is an excellent tool for your business to build a trustworthy reputation by thwarting spoofing and phishing.
  • The bodies of emails remain unaffected. The header contains the information needed for validating and authenticating.
  • It works at the level of domain names. The DNS administrator signs all outgoing emails. Every user does not have to do that every time they send a message.
  • Additional security thanks to DMARC. More security tools are available that can help you become a better guard, such as the DMARC record. Additionally, the basis for it to function is a DKIM record.

Important DKIM TAGS

You will be able to use the following tags within the DKIM:

v – the DKIM’s version.

a – the employed signing algorithm is specified. It is compatible with RSA-SHA1 and RSA-SHA256.

b – a signature

bh – it stands for body hash.

c – Canonicalization of the message.

d – denotes the domain name.

h, header fields – this is a list of the signed header fields.

i – Unique identifier for the user or agent.

l – stands for body length.

q – DKIM’s default query method is DNS/TXT.

s – it denotes a selector.

t – is the signature timestamp.

x – the expiration date of the signature.

z – duplicated header fields.

Conclusion

Cybercriminals create spam and phishing campaigns by forging emails from reputable domains. So, hackers find it more challenging to impersonate businesses’ email domains, thanks to DKIM. Therefore, it’s crucial to comprehend and use this DNS record type. Best luck!

Easy guide for checking DNS propagation

You make some urgent modifications to your DNS records. An hour later, your boss calls you complaining because changes are not visible. There are two choices. You get very nervous, not understanding what’s wrong. Or you know perfectly what DNS propagation is, therefore you can totally confidently answer to your boss that he has to be patient and wait for this process to be completed.  

4 factors that affect the DNS propagation speed

For online business owners and administrators, DNS propagation can be a cause of constant headaches. Or not, if you learn its details. That’s why we prepared for you this easy guide for understanding and checking the DNS propagation process.

What is DNS propagation?

Your DNS infrastructure requires maintenance daily and changes every time you plan strategic moves for your business. To execute those tasks directly involves the addition, removal, or edition of different DNS records.

In that context, DNS propagation means the necessary process to update every single change and to spread it all across your DNS network.

Changes to DNS records will be made and stored directly on the authoritative DNS nameserver. But DNS networks involve not a single server but many more (DNS recursive), usually distributed globally. If they don’t have the last update, they will keep serving the previous one (stored in their cache memory) until DNS records’ time-to-live (TTL) values expire.

For all clients worldwide to get the newest update, the DNS update-spread process must reach every server on the whole network. Then DNS propagation will be completed. Remember that DNS recursive servers are the ones that take your clients’ requests to search for answers. Therefore, their work serving them can be affected if they are not up to date.

This is the answer for your impatient boss! Changes on DNS records will not necessarily be propagated with light speed. Actually, different factors can intervene, making the process faster or slower. A common reference of the time that can take to complete DNS propagation is up to 72 hours. It can be a lot less or even more.

And if your boss doesn’t believe you, no worries, you can get evidence to support your words. You can check how DNS propagation is going! 

Easy guide for checking DNS propagation.

Here you have three alternatives. Choose based on your operating system (OS) or preference.

Linux and macOS users, here you have:

Try the Dig command. 

First, open your Terminal, and then type: “dig domainname*.com*” command.

A lookup for A or AAAA will be triggered. As a result, you will be able to see the IPs of your website. Have they changed or not yet? If they changed, DNS propagation already succeeded. If they haven’t, it should still be on its way.

*Type your domain name and corresponding TLD instead of those in the example.

Windows 10 users.

Open the Command Prompt.

Once there, you can use Nslookup on your domain name. Only type: nslookup domainname*.com*

Again, the lookup result will point out if your website’s IP addresses have changed or not.

*Type your domain name and corresponding TLD instead of those in the example.

Online DNS propagation checkers.

There are online tools for performing DNS lookups to check information related to domains located in different countries. Through them, you can check if the DNS changes you made have been updated. 

Conclusion.

DNS propagation will be needed after every modification you try on DNS records. From routing the e-mail, changing TTL values on records, redirecting clients to subdomains, etc. Go deeper into how it works to learn how to influence it in your favor!

What is CMS?

What does CMS stand for?

CMS means Content Management System, and it is a software program that allows you to generate and edit the content on your website. A CMS typically serves multiple users in a shared collaborative environment. Each of them has access to all or some basic content creation, reading, updating, and removal (CRUD) functionalities.

In certain situations, a CMS will function as a web content management system (also known as WCM or WCMS), which means handling website content. This indicates you can use this system to manage all of your web content. This includes text, graphics, video, and audio, all of which you can control and publish to your website using your CMS.

The advantages of Content Management System 

CMS is really helpful. Some of the benefits of using it are as follow:

  1. Simple to use – Users do not need to learn HTML or CSS when using a CMS. Employees at all company levels can develop and publish material, regardless of their skill level. Uploading content to web pages and updating it with an editor is simple with a Content Management System.
  2. Better cooperation and organization – Marketing team members can develop and assist in publishing content using a CMS. The system’s workflow management, content storage, and scheduling capabilities support them in keeping everything coordinated.
  3. Tools and plugins for SEO and content optimization – You can use a CMS to add plugins and tools to improve your search engine ranking. The front-end interface of these tools may contain choices for adding web page titles, meta descriptions, and alt tags.

Examples of CMS platforms

Choosing a good Content Management System is the key to saving time, effort, and money. With these considerations in mind, let’s look at the top CMS platforms available.

  • WordPress is the most widely using content management system on the planet. It is entirely free and open-source software. You can choose from thousands of WordPress themes to customize the look of your website. It also provides over 55,000 free plugins to help you expand the site’s functionality.
  • Drupal is another famous open source content management system that competes with WordPress. It excels at organizing sites with vast volumes of content thanks to its flexible categorization system. It also includes a customer access system that allows you to limit what registered users can do within the CMS.
  • Joomla is the third CMS program. It includes vast marketplaces for templates and plugins, allowing you to build a website that meets your requirements. Joomla is a good compromise between WordPress and Drupal in terms of technical understanding.

What kinds of websites can you create with CMS?

Nowadays, most content management systems are pretty adaptable. While some focus on a particular usage, the majority of popular Content Management Systems, like WordPress, may be used to develop almost any form of the website. 

You can use it for:

Conclusion

You can now say that you are already familiar with a Content Management System. However, when selecting a good one, be careful. Generally, it depends on your business needs. Wish you good luck!

DNS Spoofing: Why is it so dangerous?

DNS Spoofing is an absolutely dangerous and harmful attack. In this article, we will explore its purpose, the different DNS Spoofing methods, and the ways to protect yourself against it. If this matches your desire, let’s start.

DNS Spoofing purpose

Cache poisoning, often known as DNS Spoofing, is a hacking attack. To respond to users’ queries by transmitting a forged record, such as a phony IP address, malicious DNS data or files (forged records, forged entries) are placed into the DNS cache of a resolution server. The goal is simple: redirect visitors to a site where attackers will attempt to steal users’ passwords and sensitive information.

The falsified data fools consumers’ devices into thinking they’re visiting the legitimate website they requested. Instead, they’re on their way to an unsafe location controlled by assailants. When users arrive, the website may resemble the one they expected. They are, however, in a forgery.

Methods types of DNS Spoofing

Attackers might employ a variety of strategies to achieve their illegitimate goals.

The purpose, as previously stated, is to redirect traffic to fake websites.

  • Poisining via DNS cache. In spam e-mails, corrupted code can be found in advertising, graphics, or URLs. Users’ devices are poisoned after they click the URL. After that, the malware directs users to fake websites.
  • Man-in-the-middle attack (spoofing DNS answers). This strategy aims to poison both the server and the user’s device simultaneously. The criminal is located between your browser and the DNS server in this case. Through software that injects the code, the communication is poisoned.
  • Hijack of a DNS server. The hacker gains access to the server, exploiting flaws, modifying its settings, adding a bogus entry, etc. What is the outcome? Every IP request that tries to access a specific website (the one that has been spoofed) will end up at the counterfeit website.

Prevention mechanisms

There are several techniques to defend yourself against such an attack. The following are a few of them:

  • Encryption. To keep DNS data, such as queries and responses, safe, encrypt it. A copy of the original web site’s security certificate cannot be forged.
  • Links that are unfamiliar to you. On the spur of the moment, don’t click on dubious URLs. These URLs are usually attached to spam or social media messages and come from unknown senders. By avoiding clicking on them, users may secure their data.
  • VPS (Virtual Private System) (VPN). Connecting to public networks carries more risks. You can safely interact with servers and communicate with domains using a VPN.
  • Detection. Use tools to analyze DNSSEC data received. It helps to authenticate data by employing digitally signed DNS records. As a result, DNSSEC ensures that DNS lookups are legitimate.
  • DNS cache. DNS data from frequently visited sites is retained for some time. As a result, it’s possible that only the user’s device, rather than the server, has been hacked. Cleaning the DNS cache regularly is a smart way to avoid the browser’s phony sites being routed.

Conclusion

Let’s review. DNS Spoofing can be highly inconvenient for both web users and site owners. An attacker’s primary motivation for carrying out a DNS Spoofing attack is either self-interest or the expansion of malware. DNS Spoofing impacts the server’s DNS registry, consciously rerouting the customer during a request to a suspicious IP address. How does your company defend itself from spoofing actions? By Encryption, Detection, VPS, etc.

Cheat sheet with the most common DNS records

The Domain Name System (DNS) is pretty extensive, and DNS records help for its easier management. So, for every beginner it is essential to know and understand the fundamental ones. Here is a short but very useful cheat sheet with the most common DNS records! 

A brief introduction to DNS records 

DNS record is a simple instruction related to a particular domain name. The entire collection of records is gathered in a zone file in the DNS zone. The authoritative DNS server of the specific domain name stores all of this information. Each record has its purpose and function. That is why all of them are very fundamental for the proper operation of the domain.

What is the purpose of RP record?

DNS records – Cheat sheet

SOA record: The Start of Authority record shows administrative data about the domain, plus contact info for the DNS administrator. Additionally, it also contains some fundamental parameters, such as Refresh rate and Retry rate.

A record: This record points a domain name to its corresponding IPv4 address. 

AAAA record: It is similar to the A record. However, it points a domain name to its associated IPv6 address.

MX record: The mail exchange record has the purpose of showing which is the mail server responsible for receiving email messages for the domain name.

CNAME record: This record is commonly used for subdomains. It shows which is the actual canonical domain. Thanks to it, you could manage your subdomains very easily.

NS record: This is also another very fundamental DNS record. Its goal is to indicate which is the authoritative name server for the domain name.

TXT record: This type of DNS record allows you to associate some text with a host, including human-readable information about a server, network, data center, etc. In most cases, it is used for email security.

PTR record: It is oftentimes called pointer record, and its purpose is exactly the opposite of the A record and AAAA record. The PTR record links an IP address to its associated domain name. The good news about it is that it operates perfectly both with IPv4 addresses and IPv6 addresses.

How to check them?

You could see all of the available DNS records for a particular domain name by using just one simple command – the Dig command. It has a command-line interface (CLI), and it works on almost every Operating System (OS), such as Linux, Windows, and macOS.

First, you should open the Terminal app if you are a Linux or macOS user. In case you are using Windows, you should open the Command Prompt.

Next, in case you want to view all of the DNS records that are available for a domain, you should type the following:

dig yourwebsite.com ANY

*Make sure to replace the example domain name with the one you desire to check.

You are going to receive the complete pack of DNS records and detailed information!

What does DNS cache mean?

The Domain Name System (DNS) is a keystone for the Internet to work as well and easily as it does for users. But to be vital means, it’s always busy, hard demanded and sometimes, even stressed.

Balancing this and not risking the important mission DNS has, different mechanisms and technology have been developed to make some tasks easier. The objective is to reduce work for the system and devices and accelerate the answer to users’ requests. 

And that is the case with DNS cache!

How to flush the DNS cache?

What does DNS cache mean?

The DNS cache or DNS resolver cache means the temporary cache memory that DNS recursive servers (resolvers) and devices like your computer or mobile have to save the DNS records from the domain names you have already requested. 

Those DNS records are domain names’ and subdomains’ IP addresses (A for IPv4 addresses and AAAA for IPv6). Records related to their verification, authentication, mail servers, etc. They will remain in the DNS cache only the time that their TTL (time-to-live) establishes, not permanently. 

Let’s say it is a mechanism to avoid the multiple repetitions of a DNS lookup to get the necessary IP address for loading its corresponding domain name every time the user requests it. Instead, they could be multiple DNS lookups to serve the same domain name.

Think about the time and effort that can be saved if that information remains handy for a while. The answer to the users’ requests can be executed faster and resources better optimized.

How does it work?

Simply, the operating system (OS) keeps a temporary database on the memory of the server or other devices. 

Then, a user requests a domain name for the first time. The DNS resolution process gets triggered. The user’s browser sends the request. A resolver DNS server gets this to look for its corresponding IP address. 

This search will start with the resolver asking the root server, which will point to the TLD server for the requested domain. The resolver will then ask that TLD server, which will answer, pointing the authoritative name server in charge of the requested domain. This last will be the provider of the IP address for the resolver. Then, finally, the resolver will answer the user’s request while sending its corresponding IP address for the domain to be served and visited by the user.

Together with more domain DNS records, this IP address will be saved on the database we mentioned (cache). Both in the resolver cache and in the device cache. The next time the user requests the same domain name, to load it will be faster and easier. A new DNS lookup won’t be needed. The information will be found directly in the DNS cache.

This will happen with every domain requested. And based on the TTL value established on each DNS record, they will be more or less time available directly on the cache. Once the TTL expires, a new lookup will occur if the domain is requested again, and its results will be kept in the cache. 

What is DNS cache poisoning?

Unfortunately, cybercriminals already know very well how useful DNS cache is, and they have created a way to take advantage of its functionality.

DNS can be poisoned by inserting IP addresses or domain names into it for directing users to dangerous destinations, usually malicious websites. 

The DNS cache can get corrupted due to technical issues or administrative errors, but sometimes its corruption means criminal activity in progress. You can clear the cache regularly to prevent this risk. 

​What is a Smurf DDoS Attack?

The Smurf DDoS attack takes its name from the malware used to execute the attack. Smurf malware was created by an adolescent, Dan Moschuk (1997). First, he shared the original software just with his friends, but the smurf.c was crashing Internet Relay Chat (IRC) servers a bit later.

History of Smurf DDoS attack

For Dan, this was an achievement. For the world, it was another threat to be worried about. 

The Smurf malware proved to work, and that encouraged him to enhance it for being more harmful. And he got it. Years later, he released his Fraggle.c., a UDP version of the Smurf software.

What is a Smurf DDoS attack?

Smurf Distributed Denial of Service (DDoS) attack belongs to the protocol-based type of attacks. Its goal is to shut down computer networks for their resources not to be available for genuine clients. 

Smurf DDoS attack is a strike that takes advantage of the Internet Control Message Protocol (ICMP). Through it, many ping data packets with a forged IP address of the target are sent to defined or multiple computers. As a result, those computers will respond to the server. Traffic will increase so that the resources of this server will be over faster than normal. Then, the target will be shut down, and not being available represents money loss for your business.

How does it work?

There are variants, but we will mention the general steps this attack follows.

Everything begins with the Smurf malware replacing the genuine data packets’ IP address with the fake IP address of the target. This first step is meant to direct considerable traffic to the targeted server. 

Then, to amplify its might (traffic), data packets go to a broadcast IP address of a router. By doing this, they will be sent to each machine connected to the network. 

And finally, as a result of these actions, all devices that got the data packets will respond to the targeted server because of the fake IP address. So you can imagine the number of devices that a large network can include, therefore the increase of traffic this will produce. 

The arrival of all these not-requested queries will create a conflict on the server: the more queries, the more difficult it is to handle them. The server can get sluggish due to the abnormal consumption of essential resources like bandwidth. The ping traffic generated through the ICMP echoes can take over the whole bandwidth. As a result, there won’t be enough resources to serve genuine clients’ queries. With the server’s defeat, the criminal objective is reached. The denial of the service will be displayed for users.

Can a Smurf DDoS attack be prevented or mitigated?

Yes, there are actions you can execute to prevent or mitigate a Smurf DDoS attack.

  • Get an anti-DDoS solution for your servers.
  • Monitoring your traffic in detail to detect strange traffic loads and spikes and to check data packets’ volume and signature is key to preventing an event.
  • Be aware of bandwidth behavior. For example, an uncommon fast consumption could be an indicator of a Smurf DDoS attack attempt.
  • Get redundancy and a load balancing solution to distribute traffic. Big loads won’t be a threat if they get directed to different servers.
  • Configure hosts and routers not to respond to ICMP echo requests.
  • Configure the operating system not to allow IP broadcast queries.
  • Configure the perimeter of the firewall for blocking pings that come from outside the network.

Conclusion.

Don’t underestimate the danger of the Smurf DDoS attack. Consider measures to prevent it or mitigate it before it hits you.

​How DNSSEC works Step by Step

The DNS protocol is over 30 years old. It is amazing that it is still working so well. But it has a massive flaw, the security. So here comes the security extension called DNSSEC that provides digital signatures (keys) that let DNS clients validate and prove that the DNS data was not modified on the way, and it can also prove a negative answer (the requested item does not exist).

​What is DNSSEC? 

DNSSEC is Domain Name System Security Extensions. It is a compilation of different security measures that provide cryptographic authentication of DNS data. It proves that the DNS data has not been modified but still does not encrypt the DNS records. It works like a chain of trust that helps verify each step that a query takes. 

​Step by step DNSSEC

The following steps are universal, no matter if you are using Windows, Linux, another OS, or a SaaS solution. The interface will be different, but you must perform the same actions, so you can follow this step-by-step guide and check another one for your particular case.

​Choosing the algorithm for encryption

One of the first decisions that you will face is choosing the exact algorithm you want to use. Your options are:

  • RSASHA256
  • RSASHA512
  • DSA
  • ECC-GOST
  • ECDSA
  • ED25519
  • ED448

​The size of the key

It is connected to the last step, but it is very important to choose the right algorithm because it will affect the size of the keys. It is recommended to use at least 2048-bit KSK (key signing keys) and 1024-bit ZSK (zone signing keys). Larger keys mean better protection, but more computer power for signing too. Also, think about the limits when it comes to the size of the queries. More than 4096 bytes could be a problem. 

​Generating the DNSSEC keys

Now, when we have chosen the algorithm, we must create the ZSK and KSK keys. You need to create them and put them in the correct directory (if you are not using a SaaS solution). With the private ZSK, you will sign the zone, and technically, you will already use DNSSEC. This process will group similar records in resource records sets, which will be encrypted. Not the individual records. The process will create RRSIG records and DNSKEY public key for the resolvers to open the records.  

Because it is a chain of trust, the upper level needs to be able to verify the sub-zone. This is why we need the next steps in the DNSSEC process. 

​Creating the DS record

The DS record is the DNS record that you need to put in the higher level zone (parent) to prove the chain of trust. It will contain the hash, the value of the DNSKEY (the public key) that validates the signature.

​Put the DS record in the parent zone.

Now that you have successfully created the DS record, it is time to put it in the parent zone. Go to your registrar’s site. There you need to put the newly created record so it can authenticate the zone below.

​DNSSEC query

When a DNS client requests a record, the DNS recursive server will ask for the RRset of the requested type of record, the RRSIG record, and the public ZSK record to unlock them. If the key matches, the zone can be trusted, and the records can be used. 

SPF record – What is it?

SPF record explained.

SPF record stands for Sender Policy Framework record is a DNS (Domain Name System) record that specifies essential information for a domain name. It points to the outgoing mail server that is responsible for the particular domain. The MX (Mail eXchanger) record serves to show which email servers are responsible for the incoming emails for the domain. On the other hand, SPF records indicate which email servers qualified for sending emails on behalf of the domain name.

Benefits of using SPF record

Let’s say you want to send an email to James@example.com. But, first, the incoming mail servers of example.com are going to check your domain name. Then, they are going to look for the SPF record and follow the rules that are set by it. Your email is going to be successfully received only in the case the SPF record is present. In another case, your email could end in the SPAM box of your recipient.  

How does it work?

With SPF records, domain owners are able to make a public list containing all of their authorized senders, which are the outgoing mail servers and their IP addresses. Thanks to that list, servers that receive emails are able to verify if the email is delivered from an authorized server to communicate on your company’s behalf. If that message is not received from some of the servers included in the list, the server receiving the email will consider it fake. 

Establishing rules with SPF record

The rules are based on two main groups. The first one is the qualifiers, and the second one is the mechanisms of the SPF record.

The SPF qualifiers are:

  • “-” That minus symbol indicates FAIL. It is a warning that messages coming from the domain must be rejected. 
  • “~” That tilde symbol indicates SOFT FAIL. The signal here is when a message comes from the domain, it should get a failed tag, although it can also be allowed.
  • “?” The question mark symbol indicates NEUTRAL. The signal, in this case, is that there are no policies involved (none).
  • “+” The plus symbol indicates PASS. Messages, which are coming from the domain are signalized that they should be accepted. 

The SPF mechanisms are: 

  • ” all” – All mechanisms after that it will be ignored.
  • ” include” – It provides you the opportunity to include more other domains that are able to send emails from the mail servers of the domain. You can unite example.itexample.co.uk, and example.de to send from example.com.
  • ” a” – When you pick it, then the A or AAAA records will require to get a match with the return path, and emails can be allowed.
  • ” mx” – When you select it, then an MX query requires to be completed and to get a match with the return path. If there is a match, then it is going to be allowed. 
  • ” ptr” – When you select it, then a PTR query requires to be completed and to get a match with the return path. It is allowed only if they match.
  • ” ip4” – This is going to review only A records (IPv4 addresses) to examine if they correspond to the domain.
  • ” ip6” – This is going to review only AAAA records (IPv6 addresses) to examine if the IP addresses match the domain.
  • exists” – This is for more complex queries.

DNS resolution – overview

Have you ever wondered how you can access so easy, so fast, a website on the Internet? 

If you get curious about how this magic happens, DNS resolution is the clue you need to follow.

What is DNS resolution?

Domain name system (DNS) resolution is the process of translating the domain name you type into your browser into the corresponding IP address of that domain. Without the IP address, the domain you search for can’t be located and loaded.

What to do if the DNS resolution is not working?

A domain name can have more than one IP address. For instance, it can have one IPv4 and one IPv6. During the DNS resolution, both will be requested. Or it can have multiple IPv4 (or IPv6) addresses, and when the DNS resolution process gets triggered, it will be enough to get one of those addresses to serve the domain.

The reason for this necessary translation emerged decades ago. When the Internet was young, hosts were searched using their IP addresses and stored in a manually updated Host file. Humans could still memorize those numbers (example: 230.115.1.16), but it was not simple. Still, to search this way was possible because there were a lot fewer devices than currently. 

The Internet succeeded, domains got multiplied, and the use of IP addresses got really hard for humans. Therefore, the domain name system (DNS) was created (1983). Instead of using a manually updated Host file with IP addresses, humans could type a name like todaynews.com. 

Then, IP addresses are used by machines, domain names by humans. 

How does DNS resolution work?

Fasten your belt because we are about to get inside the big DNS machinery, and the trip will take milliseconds!

Everything starts when a user requests a domain name (todaynews.com) inside the browser. The DNS resolution is triggered! The domain name has to be translated into its associated IP address to be loaded. The request will be taken by the expert searcher of IP addresses: a DNS recursive server.

If it’s not the first time the user visits this domain, there’s a chance that the DNS recursive server still has it on its cache. These servers’ cache gets configured with a specific TTL (time-to-live) value that establishes the period of time to store data. Once the TTL expires, an update will replace the previously stored data. Then, if the DNS recursive server has the IP address, the process will last a blink of an eye. The translation will happen immediately, and the requested domain (todaynews.com) will be loaded. 

But, if it’s the first time this domain is requested, or if its IP address is not available in the recursive server’s cache, it will have to ask other servers for it. 

First, the DNS recursive server will ask the Root server. It will check the TLD (top-level domain) of the requested domain (.com in our example). Then it will point to the DNS recursive server, the corresponding TLD server for the domain. Both servers will communicate, and the TLD server will point to the right authoritative nameserver, so the recursive can request the IP address.

The recursive server will reach the authoritative one, and this last will provide the IP address. The user’s request will finally be answered by properly loading todaynews.com. The DNS recursive server will store the IP address in its cache. 

Conclusion.

We are very used to the web, and sometimes we take it for granted. But behind every search, there’s a massive process taking place for loading your domain or for you to access that e-shop, news site, social network, etc. And the complete DNS resolution process happens in milliseconds! Amazing, isn’t it?