wiki · home

DNS

The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network.

Its most common use is to translate domain names (example.com) to IP addresses (123.456.789.0). A reverse lookup, from IP address to domain name is also possible.

Structure

The structure of a domain name space is a tree data structure:

                        ┌────────┐
                        │   .    ├───────────────────┐
                 ┌──────│ (root) │───────┐           │
                 │      └────────┘       │           │
                 │           │           │           │
                 │           │           │           │
                 │           │           │           │
                 ▼           ▼           ▼           ▼
              ┌────┐      ┌────┐      ┌────┐      ┌────┐
         ┌────│com │      │org │      │edu │      │ br │
         │    └────┘      └────┘      └────┘      └────┘
         │                   │           │           │
         │                   │           │           │
         ▼                   │           │           ▼
     ┌──────┐                ▼           ▼        ┌────┐
   ┌─│google│           ┌─────────┐   ┌────┐   ┌──│com │
   │ └──────┘         ┌─│wikipedia│   │mit │   │  └────┘
   │                  │ └─────────┘   └────┘   │     │
   ▼                  │      │                 │     │
┌─────┐               │      │                 ▼     ▼
│inbox│               ▼      ▼              ┌────┐┌─────┐
└─────┘            ┌────┐ ┌────┐            │espn││apple│
                   │ en │ │ pt │            └────┘└─────┘
                   └────┘ └────┘

Each node in the tree has a label and zero or more resource records (RR), which hold information about the associated domain name. The system works as a distributed database where nodes called name servers answer questions about the domains it knows about.

Operation

Name resolution is done via a series of queries to name servers. If we assume that there are no information cached anywhere the resolution for a domain (blog.carlosgaldino.com for example) will take place as follows:

A query is made to one of the root servers¹.
The root server then replies with the location of name servers it knows for the com TLD (top-level domain).
Another query is then made to one of the com name servers which in turn will reply with name servers it knows for carlosgaldino.
The process continues until a name server gives an authoritative answer.

The queries for each name server is fully qualified, in other words, it will always query the servers for the address blog.carlosgaldino.com, instead of dropping a piece of the domain name (blog.carlosgaldino) because the com name server is handling it.

DNS resolvers

DNS resolvers are clients that are responsible for initiating and sequencing the queries that ultimately end up with a full name resolution. The queries might be of the following types:

Recursive: In this mode, the DNS resolver will query a server that in case it doesn’t have the record requested by the resolver, the server then queries another servers it knows about on behalf of the resolver. The process continues with other servers as well, until a server finds the final answer or give an error.
Iterative: In this mode, the DNS server replies to the resolver with a list of possible servers that might have more information about the domain in question and the resolver proceeds by querying one of these servers.

The difference between the recursive and the iterative method is that on the iterative, the resolver is responsible for querying the next servers, while in the recursive the subsequent queries are made by the servers on behalf of the resolver.

To avoid burdening the servers higher in the hierarchy, caching DNS servers are placed on the way, and the intermediary servers might also cache the information (in the recursive method) for a certain period (TTL) configured by the administrator of the DNS server that is the authoritative server for the domain in question.

Circular dependencies and glue records

When looking up a domain the query might eventually find a name server to continue the search. Name servers are also referenced by name instead of address. Let’s say the domain being searched is domain.com and a server points out that the authoritative name server for this domain is ns1.domain.com. Then, how the subdomain ns1 can be resolved if we don’t know domain.com?

That’s when glue records enter in the scene. In this case, the com TLD adds extra information about the name servers:

ns1.domain.com. [123.456.7.8]
ns2.domain.com. [198.216.9.0]
ns3.domain.com. [212.016.15.10]

Reverse lookup

When the query is made to find a domain name given an IP address the PTR record is used. If the IP address in question is 123.456.789.0, a query will be made to find the domain associated with 0.789.456.123.in-addr.arpa. This query will start at the root servers, then proceed to 123.in-addr.arpa, and so on, until it results in an authoritative response.

Other applications

DNS can also be used to discover specific types of services. The MX record holds information about the mail server responsible for accepting email messages on behalf’s of a recipient’s domain. Another type of resource record which might be used for more general services is the SRV record, using it for service discovery. So in this case, you could setup SRV records to point to servers whose job is to serve HTTP requests over TCP, or any other application protocol you might want. An example of such record would be the following:

_http._tcp.example.com. 86400 IN SRV 0 5 81 www1.example.com.
_http._tcp.example.com. 86400 IN SRV 0 5 80 www2.example.com.

For more information, look at [2].

`dig`

dig is a DNS lookup utility. It helps performing DNS lookups and giving the answers provided by the name servers contacted. A simple way to find all the name servers contacted to find the IP address of a given domain is as follows:

dig +trace domain.com

If we want to perform a reverse lookup, we can do it like the following:

dig -x 123.456.789.0

DNS record types

The table below presents some of the most common used record types:

Type	Description	Function
A	Address record	Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host.
AAAA	IPv6 address record	Same as above, but returning a 128-bit IPv6 address.
CNAME	Canonical name record	Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
MX	Mail exchange record	Maps a domain to a list of message transfer agents for that domain.
NS	Name server record	Delegates a DNS zone to use the given authoritative name servers.
PTR	Pointer record	Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups.
SRV	Service locator	Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
TXT	Text record	Used for arbitrary text strings in a DNS entry.

References

[1] Domain Name System, Wikipedia. https://en.wikipedia.org/wiki/Domain_Name_System
[2] SRV record, Wikipedia. https://en.wikipedia.org/wiki/SRV_record

Notes

There are 13 of these in the world. They are replicated so in case of failures another server can take over.↩︎