DNS – Application Layer
DNS stands for Domain name system, it is a database that matches names with physical addresses. In the case of the Internet when you type www.jgriffiths.org your machine queries a DNS server who returns 22.214.171.124. You computer can then contact my webserver and request my website. IP routing requires a number address, developers found the numbers hard to rembemer and identify. So the domain name system was created. Names like google.com, jgriffiths.org or even yast-tastic.com are all easier to remember than number sequences. Originally users of the internet would download a file containing all DNS tables. As the internet grew it became impossible to download all the names and keep a up to date copy of the files. The sheer traffic for sending these tables alone would grind the internet to a halt. Instead it was realized that the average user would only need a few DNS entries and could dynamically get those addresses when needed.
Top Level Domains:
DNS is divided into top level domains (TLD’s) the orginal TLD’s were:
- and country codes .us .ca .uk etc..
Each type of TLD is stored in a different database and groups inside government and private companies control the TLD names. A single entity controls the whole TLD. This entity also is always the authoritative answer for all TLD’s of it’s type.
A lot more TLD’s have been added since then. A domain name consists of one TLD and one second level domain name. The leftmost domain entry is normally the hostname. The hostname could also be called a subdomain and these names can go 127 levels deep. When looking up a domain name first the TLD is examined then the second level domain, this normally will connect you with a server that has access to more information about any subdomains.
Where are domain names stored?
Each Domain name is stored inside a “zone file”. Each domain has it’s own “zone file” on it’s own domain server. People on the internet can host their own “zone files” or pay someone else to host them. Across the world there are about 13 root level DNS servers. Between these 13 root servers all DNS records are stored. Root servers do not always contain entries for every host they contain links to the TLD DNS server who then have the second level domain information, this could lead to a system or a additional dns server. One advantage of having 13 root servers all over the world is they become fault tolerant based up geographical disaster.
How does your local PC Resolve DNS questions?
- First your PC consults it’s own hosts file (this is a relic to the days when everyone would download the full DNS list) it also allows you to manually force a DNS entry. (Stored in /etc/hosts on linux or c:\windows\system32\drivers\etc\hosts)
- If it cannot resolve the hostname via localhost then it contacts your local dns server (ipconfig /all in windows or /etc/resolv.conf in Windows)
- If your local DNS server does not have the answer then it requests the information of it’s ISP’s DNS server.
- If the ISP does not have the answer it may consult a higher ISP or move to a TLD domain server.
- The TLD server should have the answer if not it know what server is authoritative for the information, then it passes it back down the line. Each server in the line recieves the answer and caches the results for a set time. (Each Authoritative server can set it’s own caching time known as time to live.)
How to perform non-automated DNS lookups
nslookup – performs a basic DNS lookup and provides the ip address to domain name mapping. This command works on both Linux and windows
dig – dig performs a more comphensive search of DNS and returns the full record from DNS:
# dig google.com
; <<>> DiG 9.3.2 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44506
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 108 IN A 126.96.36.199
google.com. 108 IN A 188.8.131.52
google.com. 108 IN A 184.108.40.206
;; AUTHORITY SECTION:
google.com. 31118 IN NS ns1.google.com.
google.com. 31118 IN NS ns3.google.com.
google.com. 31118 IN NS ns2.google.com.
google.com. 31118 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 38856 IN A 220.127.116.11
ns2.google.com. 30976 IN A 18.104.22.168
ns3.google.com. 33194 IN A 22.214.171.124
ns4.google.com. 33194 IN A 126.96.36.199
;; Query time: 31 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Nov 21 22:46:34 2007
;; MSG SIZE rcvd: 212
As you can see dig returns alternate IP address for that domain name and DNS servers for google.com.
DNS Caching and Time to Live
Within your DNS you have the ability to set a Time to Live value: this represents the maxium time you would like a server to cache or store the information you provided about DNS lookup’s. There is not guarentee that the DNS server will honor the TTL’s. It seems most world wide DNS servers take 2 to 3 days before they will renew their caches.
The information gathered by DNS is normally stored inside zone files on unix or linux. These files are read by BIND (Berkeley Internet Name Domain) and then BIND services DNS information to the world. The BIND tutorial will cover bind topics in more detail.