DNS
The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network.
Its most common use is to translate domain names (example.com
) to IP addresses (123.456.789.0). A reverse lookup, from IP address to domain name is also possible.
Structure
The structure of a domain name space is a tree data structure:
┌────────┐
│ . ├───────────────────┐
┌──────│ (root) │───────┐ │
│ └────────┘ │ │
│ │ │ │
│ │ │ │
│ │ │ │
▼ ▼ ▼ ▼
┌────┐ ┌────┐ ┌────┐ ┌────┐
┌────│com │ │org │ │edu │ │ br │
│ └────┘ └────┘ └────┘ └────┘
│ │ │ │
│ │ │ │
▼ │ │ ▼
┌──────┐ ▼ ▼ ┌────┐
┌─│google│ ┌─────────┐ ┌────┐ ┌──│com │
│ └──────┘ ┌─│wikipedia│ │mit │ │ └────┘
│ │ └─────────┘ └────┘ │ │
▼ │ │ │ │
┌─────┐ │ │ ▼ ▼
│inbox│ ▼ ▼ ┌────┐┌─────┐
└─────┘ ┌────┐ ┌────┐ │espn││apple│
│ en │ │ pt │ └────┘└─────┘
└────┘ └────┘
Each node in the tree has a label and zero or more resource records (RR), which hold information about the associated domain name. The system works as a distributed database where nodes called name servers answer questions about the domains it knows about.
Operation
Name resolution is done via a series of queries to name servers. If we assume that there are no information cached anywhere the resolution for a domain (blog.carlosgaldino.com
for example) will take place as follows:
- A query is made to one of the root servers1.
- The root server then replies with the location of name servers it knows for the
com
TLD (top-level domain). - Another query is then made to one of the
com
name servers which in turn will reply with name servers it knows forcarlosgaldino
. - The process continues until a name server gives an authoritative answer.
The queries for each name server is fully qualified, in other words, it will always query the servers for the address blog.carlosgaldino.com
, instead of dropping a piece of the domain name (blog.carlosgaldino
) because the com
name server is handling it.
DNS resolvers
DNS resolvers are clients that are responsible for initiating and sequencing the queries that ultimately end up with a full name resolution. The queries might be of the following types:
- Recursive: In this mode, the DNS resolver will query a server that in case it doesn’t have the record requested by the resolver, the server then queries another servers it knows about on behalf of the resolver. The process continues with other servers as well, until a server finds the final answer or give an error.
- Iterative: In this mode, the DNS server replies to the resolver with a list of possible servers that might have more information about the domain in question and the resolver proceeds by querying one of these servers.
The difference between the recursive and the iterative method is that on the iterative, the resolver is responsible for querying the next servers, while in the recursive the subsequent queries are made by the servers on behalf of the resolver.
To avoid burdening the servers higher in the hierarchy, caching DNS servers are placed on the way, and the intermediary servers might also cache the information (in the recursive method) for a certain period (TTL) configured by the administrator of the DNS server that is the authoritative server for the domain in question.
Circular dependencies and glue records
When looking up a domain the query might eventually find a name server to continue the search. Name servers are also referenced by name instead of address. Let’s say the domain being searched is domain.com
and a server points out that the authoritative name server for this domain is ns1.domain.com
. Then, how the subdomain ns1
can be resolved if we don’t know domain.com
?
That’s when glue records enter in the scene. In this case, the com
TLD adds extra information about the name servers:
ns1.domain.com. [123.456.7.8]
ns2.domain.com. [198.216.9.0]
ns3.domain.com. [212.016.15.10]
Reverse lookup
When the query is made to find a domain name given an IP address the PTR
record is used. If the IP address in question is 123.456.789.0
, a query will be made to find the domain associated with 0.789.456.123.in-addr.arpa
. This query will start at the root servers, then proceed to 123.in-addr.arpa
, and so on, until it results in an authoritative response.
Other applications
DNS can also be used to discover specific types of services. The MX
record holds information about the mail server responsible for accepting email messages on behalf’s of a recipient’s domain. Another type of resource record which might be used for more general services is the SRV
record, using it for service discovery. So in this case, you could setup SRV records to point to servers whose job is to serve HTTP requests over TCP, or any other application protocol you might want. An example of such record would be the following:
_http._tcp.example.com. 86400 IN SRV 0 5 81 www1.example.com.
_http._tcp.example.com. 86400 IN SRV 0 5 80 www2.example.com.
For more information, look at [2].
dig
dig
is a DNS lookup utility. It helps performing DNS lookups and giving the answers provided by the name servers contacted. A simple way to find all the name servers contacted to find the IP address of a given domain is as follows:
dig +trace domain.com
If we want to perform a reverse lookup, we can do it like the following:
dig -x 123.456.789.0
DNS record types
The table below presents some of the most common used record types:
Type | Description | Function |
---|---|---|
A | Address record | Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host. |
AAAA | IPv6 address record | Same as above, but returning a 128-bit IPv6 address. |
CNAME | Canonical name record | Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
MX | Mail exchange record | Maps a domain to a list of message transfer agents for that domain. |
NS | Name server record | Delegates a DNS zone to use the given authoritative name servers. |
PTR | Pointer record | Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups. |
SRV | Service locator | Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. |
TXT | Text record | Used for arbitrary text strings in a DNS entry. |
References
- [1] Domain Name System, Wikipedia. https://en.wikipedia.org/wiki/Domain_Name_System
- [2] SRV record, Wikipedia. https://en.wikipedia.org/wiki/SRV_record
Notes
There are 13 of these in the world. They are replicated so in case of failures another server can take over.↩︎