The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network.
Its most common use is to translate domain names (
example.com) to IP addresses (123.456.789.0). A reverse lookup, from IP address to domain name is also possible.
The structure of a domain name space is a tree data structure:
┌────────┐ │ . ├───────────────────┐ ┌──────│ (root) │───────┐ │ │ └────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ▼ ▼ ▼ ▼ ┌────┐ ┌────┐ ┌────┐ ┌────┐ ┌────│com │ │org │ │edu │ │ br │ │ └────┘ └────┘ └────┘ └────┘ │ │ │ │ │ │ │ │ ▼ │ │ ▼ ┌──────┐ ▼ ▼ ┌────┐ ┌─│google│ ┌─────────┐ ┌────┐ ┌──│com │ │ └──────┘ ┌─│wikipedia│ │mit │ │ └────┘ │ │ └─────────┘ └────┘ │ │ ▼ │ │ │ │ ┌─────┐ │ │ ▼ ▼ │inbox│ ▼ ▼ ┌────┐┌─────┐ └─────┘ ┌────┐ ┌────┐ │espn││apple│ │ en │ │ pt │ └────┘└─────┘ └────┘ └────┘
Each node in the tree has a label and zero or more resource records (RR), which hold information about the associated domain name. The system works as a distributed database where nodes called name servers answer questions about the domains it knows about.
Name resolution is done via a series of queries to name servers. If we assume that there are no information cached anywhere the resolution for a domain (
blog.carlosgaldino.com for example) will take place as follows:
comTLD (top-level domain).
comname servers which in turn will reply with name servers it knows for
The queries for each name server is fully qualified, in other words, it will always query the servers for the address
blog.carlosgaldino.com, instead of dropping a piece of the domain name (
blog.carlosgaldino) because the
com name server is handling it.
DNS resolvers are clients that are responsible for initiating and sequencing the queries that ultimately end up with a full name resolution. The queries might be of the following types:
The difference between the recursive and the iterative method is that on the iterative, the resolver is responsible for querying the next servers, while in the recursive the subsequent queries are made by the servers on behalf of the resolver.
To avoid burdening the servers higher in the hierarchy, caching DNS servers are placed on the way, and the intermediary servers might also cache the information (in the recursive method) for a certain period (TTL) configured by the administrator of the DNS server that is the authoritative server for the domain in question.
When looking up a domain the query might eventually find a name server to continue the search. Name servers are also referenced by name instead of address. Let’s say the domain being searched is
domain.com and a server points out that the authoritative name server for this domain is
ns1.domain.com. Then, how the subdomain
ns1 can be resolved if we don’t know
That’s when glue records enter in the scene. In this case, the
com TLD adds extra information about the name servers:
ns1.domain.com. [123.456.7.8] ns2.domain.com. [188.8.131.52] ns3.domain.com. [212.016.15.10]
When the query is made to find a domain name given an IP address the
PTR record is used. If the IP address in question is
123.456.789.0, a query will be made to find the domain associated with
0.789.456.123.in-addr.arpa. This query will start at the root servers, then proceed to
123.in-addr.arpa, and so on, until it results in an authoritative response.
DNS can also be used to discover specific types of services. The
MX record holds information about the mail server responsible for accepting email messages on behalf’s of a recipient’s domain. Another type of resource record which might be used for more general services is the
SRV record, using it for service discovery. So in this case, you could setup SRV records to point to servers whose job is to serve HTTP requests over TCP, or any other application protocol you might want. An example of such record would be the following:
_http._tcp.example.com. 86400 IN SRV 0 5 81 www1.example.com. _http._tcp.example.com. 86400 IN SRV 0 5 80 www2.example.com.
For more information, look at .
dig is a DNS lookup utility. It helps performing DNS lookups and giving the answers provided by the name servers contacted. A simple way to find all the name servers contacted to find the IP address of a given domain is as follows:
dig +trace domain.com
If we want to perform a reverse lookup, we can do it like the following:
dig -x 123.456.789.0
The table below presents some of the most common used record types:
|A||Address record||Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host.|
|AAAA||IPv6 address record||Same as above, but returning a 128-bit IPv6 address.|
|CNAME||Canonical name record||Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.|
|MX||Mail exchange record||Maps a domain to a list of message transfer agents for that domain.|
|NS||Name server record||Delegates a DNS zone to use the given authoritative name servers.|
|PTR||Pointer record||Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups.|
|SRV||Service locator||Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.|
|TXT||Text record||Used for arbitrary text strings in a DNS entry.|
There are 13 of these in the world. They are replicated so in case of failures another server can take over.↩