The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names (identification strings) assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.
The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over subdomains of their allocated name space to other name servers. This mechanism provides distributed and fault-tolerant service and was designed to avoid a single large central database. In addition, the DNS specifies the technical functionality of the database service that is at its core. It defines the DNS protocol, a detailed specification of the data structures and data communication exchanges used in the DNS, as part of the Internet protocol suite.
The Internet maintains two principal namespaces, the domain name hierarchy and the IP address spaces. The Domain Name System maintains the domain name hierarchy and provides translation services between it and the address spaces. Internet name servers and a communication protocol implement the Domain Name System. A DNS name server is a server that stores the DNS records for a domain; a DNS name server responds with answers to queries against its database.
The Domain Name System originally used the User Datagram Protocol (UDP) as transport over IP. Reliability, security, and privacy concerns spawned the use of the Transmission Control Protocol (TCP) as well as numerous other protocol developments.
Let’s consider the example of a mobile phone where a unique number is associated with each user. We can initially try to memorize some of the phone numbers to make calls to friends. However, as the number of contacts grows, we’ll have to use a phone book to keep track of all our contacts. This way, whenever we need to call, we’ll refer to the phone book and dial the number we need.
Similarly, IP addresses uniquely identify computers—for example, 104.18.2.119 is an IP address. We use IP addresses to visit a website hosted on a machine. Since humans cannot easily remember IP addresses when visiting domain names (an example domain name being educative.io), we need a phone book-like repository to maintain all domain name mappings to IP addresses.
The domain name system (DNS) is the Internet’s naming service that maps human-friendly domain names to machine-readable IP addresses. The service of DNS is transparent to users. When a user enters a domain name in the browser, the browser has to translate the domain name to the IP address by asking the DNS infrastructure. Once the desired IP address is obtained, the user’s request is forwarded to the destination web server.
DNS hierarchy
The DNS isn’t a single server that accepts requests and responds to user queries. It’s a complete infrastructure with name servers at different hierarchies.
There are mainly four types of servers in the DNS hierarchy:
- DNS resolver: Resolvers initiate the querying sequence and forward requests to the other DNS name servers. Typically, DNS resolvers lie within the premise of the user’s network. However, DNS resolvers can also cater to users’ DNS queries through caching techniques, as we will see shortly. These servers can also be called local or default servers.
- Root-level name servers: These servers receive requests from local servers. Root name servers maintain name servers based on top-level domain names, such as
.com,.edu,.us, and so on. For instance, when a user requests the IP address of educative.io, root-level name servers will return a list of top-level domain (TLD) servers that hold the IP addresses of the.iodomain. - Top-level domain (TLD) name servers: These servers hold the IP addresses of authoritative name servers. The querying party will get a list of IP addresses belonging to the organization's authoritative servers.
- Authoritative name servers: These are the organization’s DNS name servers that provide the IP addresses of the web or application servers.
Typically, DNS uses UDP. However, DNS can use TCP when its message size exceeds the original packet size of 512 Bytes.
This is because largpackets are more prone ge in congested networks. DNS always uses TCP for zone transfers.
Some clients prefer DNS over TCP to employ transport layer security for privacy reasons.
nslookup
root@soumendra:/# nslookup www.soumendrak.com
Server: 169.254.169.254
Address: 169.254.169.254#53
Non-authoritative answer:
Name: www.soumendrak.com
Address: 172.67.221.9
Name: www.soumendrak.com
Address: 104.21.24.238
Name: www.soumendrak.com
Address: 2606:4700:3030::ac43:dd09
Name: www.soumendrak.com
Address: 2606:4700:3030::6815:18ee
-
The
Non-authoritative answer, as the name suggests, is the answer provided by a server that is not the authoritative server of Google. It isn’t in the list of authoritative nameservers that Google maintains. So, where does the answer come from? The answer is provided by second, third, and fourth-hand name servers configured to reply to our DNS query—for example, our university or office DNS resolver, our ISP nameserver, our ISP’s ISP nameserver, and so on. In short, it can be considered as a cached version of Google’s authoritative nameservers response. If we try multiple domain names, we’ll realize that we receive a cached response most of the time. -
If we run the same command multiple times, we’ll receive the same IP addresses list but in a different order each time. The reason for that is DNS is indirectly performing load balancing. It’s an important term that we’ll gain familiarity with in the coming lessons.
dig
root@soumendra:/# dig www.soumendrak.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.soumendrak.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46021
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.soumendrak.com. IN A
;; ANSWER SECTION:
www.soumendrak.com. 300 IN A 104.21.24.238
www.soumendrak.com. 300 IN A 172.67.221.9
;; Query time: 32 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Thu Mar 14 18:28:41 UTC 2024
;; MSG SIZE rcvd: 79
- The
Query time: 4 msecrepresents the time it takes to get a response from the DNS server. For various reasons, these numbers may be different in our case. - The
300value in theANSWER SECTIONrepresents the number of seconds the cache is maintained in the DNS resolver. This means that Google’s ADNS keeps a TTL value of five minutes (300sec/60).
