Network Protocol: DNS

DNS – Application Layer

DNS stands for Domain name system, it is a database that matches names with physical addresses.  In the case of the Internet when you type your machine queries a DNS server who returns  You computer can then contact my webserver and request my website.  IP routing requires a number address, developers found the numbers hard to rembemer and identify.  So the domain name system was created.  Names like, or even are all easier to remember than number sequences.  Originally users of the internet would download a file containing all DNS tables.  As the internet grew it became impossible to download all the names and keep a up to date copy of the files.  The sheer traffic for sending these tables alone would grind the internet to a halt.  Instead it was realized that the average user would only need a few DNS entries and could dynamically get those addresses when needed.

Top Level Domains:

DNS is divided into top level domains (TLD’s) the orginal TLD’s were:

  • .com
  • .org
  • .net
  • .edu
  • .mil
  • .gov
  • and country codes .us .ca .uk etc..

Each type of TLD is stored in a different database and groups inside government and private companies control the TLD names.  A single entity controls the whole TLD.  This entity also is always the authoritative answer for all TLD’s of it’s type.

A lot more TLD’s have been added since then.   A domain name consists of one TLD and one second level domain name.  The leftmost domain entry is normally the hostname.  The hostname could also be called a subdomain and these names can go 127 levels deep.  When looking up a domain name first the TLD is examined then the second level domain, this normally will connect you with a server that has access to more information about any subdomains.

Where are domain names stored?

Each Domain name is stored inside a “zone file”.  Each domain has it’s own “zone file” on it’s own domain server.  People on the internet can host their own “zone files” or pay someone else to host them.  Across the world there are about 13 root level DNS servers.  Between these 13 root servers all DNS records are stored.   Root servers do not always contain entries for every host they contain links to the TLD DNS server who then have the second level domain information, this could lead to a system or a additional dns server.  One advantage of having 13 root servers all over the world is they become fault tolerant based up geographical disaster.

How does your local PC Resolve DNS questions?

  1. First your PC consults it’s own hosts file (this is a relic to the days when everyone would download the full DNS list) it also allows you to manually force a DNS entry.  (Stored in /etc/hosts on linux or c:\windows\system32\drivers\etc\hosts)
  2. If it cannot resolve the hostname via localhost then it contacts your local dns server (ipconfig /all in windows or /etc/resolv.conf in Windows)
  3. If your local DNS server does not have the answer then it requests the information of it’s ISP’s DNS server.
  4. If the ISP does not have the answer it may consult a higher ISP or move to a TLD domain server.
  5. The TLD server should have the answer if not it know what server is authoritative for the information, then it passes it back down the line.  Each server in the line recieves the answer and caches the results for a set time.  (Each Authoritative server can set it’s own caching time known as time to live.)

How to perform non-automated DNS lookups

nslookup – performs a basic DNS lookup and provides the ip address to domain name mapping.  This command works on both Linux and windows


Non-authoritative answer:

dig – dig performs a more comphensive search of DNS and returns the full record from DNS:

# dig

; <<>> DiG 9.3.2 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44506
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4

;                    IN      A

;; ANSWER SECTION:             108     IN      A             108     IN      A             108     IN      A

;; AUTHORITY SECTION:             31118   IN      NS             31118   IN      NS             31118   IN      NS             31118   IN      NS

;; ADDITIONAL SECTION:         38856   IN      A         30976   IN      A         33194   IN      A         33194   IN      A

;; Query time: 31 msec
;; WHEN: Wed Nov 21 22:46:34 2007
;; MSG SIZE  rcvd: 212

As you can see dig returns alternate IP address for that domain name and DNS servers for

DNS Caching and Time to Live

Within your DNS you have the ability to set a Time to Live value: this represents the maxium time you would like a server to cache or store the information you provided about DNS lookup’s.   There is not guarentee that the DNS server will honor the TTL’s.  It seems most world wide DNS servers take 2 to 3 days before they will renew their caches.

Zone Files

The information gathered by DNS is normally stored inside zone files on unix or linux.  These files are read by BIND (Berkeley Internet Name Domain) and then BIND services DNS information to the world.  The BIND tutorial will cover bind topics in more detail.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.