What is DNS?
DNS problems are blamed for many of the Internet’s problems, yet many people don’t really understand what DNS is.
DNS is really, really simple. It’s a way to change human-readable domain names (like “google.com”) into machine-readable addresses (like 216.239.57.99).
The DNS hierarchy
The nice, trite statement above sounds all too easy, until you get down to working out how to do it. How can a system work for every domain in the world without excessively loading the infrastructure, and cope with random failures? The trick is to get many computers (called “name servers”) working on the problem, and give each one just a little work to do.
Take a look at the sort of hostname you might want to look up. I’ll use my mailserver name – mail.beer.org.uk.
The name is hierarchical in nature – “mail.beer.org.uk” is part of “beer.org.uk”, “beer.org.uk” is part of “org.uk”, and that in turn is part of “uk”. This relationship is how we go about finding the address of that host.
So the first part of our task (often called “name resolution”) is to find the start of the chain. Here we cheat – there are a number of machines (currently 13) called “root servers”, whose addresses are well-known. They don’t move very often, and the addresses of all of them can always be obtained from any one of them. Your computer will know where they are, so don’t worry too much about these yet.
Once we have a root server (any of them will do), we ask it a question – “where is mail.beer.org.uk?”. The root servers, of course, don’t know the answer – so they’ll respond with a computer-readable version of “I don’t know – but I know a man who does”. The root server will respond with a list of nameservers for the top-most part of the domain (the TLD) – in this case, it will return all the nameserver for “.uk” domains.
That’s a step forward – we’re closer to our goal of resolving the name. So the next thing we do – ask the same question of one of the “.uk” nameservers we’ve just been given. Again, it doesn’t matter which one – just pick one.
You might expect the “.uk” nameserver to reply with an “I don’t know” response, and give us a list of “.org.uk” nameservers. This would be a valid thing to do, but it doesn’t actually happen – the “.uk” nameservers happen to know about “beer.org.uk”. The response we actually get is indeed an “I don’t know”, but it hands back a list of nameservers for the domain “beer.org.uk”.
This is good. We now have a list of nameservers with specific knowledge about the domain in question; all we have to do is ask one of them the same question again. This time, we’ll get a response.
To see this process in action, you can try running
dig +trace mail.beer.org.uk
You should see a sequence of queries and respones. Each response is a list of nameservers that dig can contact to look up the next chunk, apart from the last response, which tells us that mail.beer.org.uk is a CNAME alias for the name beer.org.uk — DanPope
An entirely confusing but interesting note
Actually, while the DNS is almost always used to look up IP addresses from names, it’s actually much more flexible a database than that, and can contain all manner of interesting information. For example, a LOC record can contain the physical location (latitude, longitude, altitude and size) of a machine, or a TXT record can contain arbitrary text.
Some records you might come across:
DNS Record |
Meaning |
A |
Specifies an IPv4 address for a domain name |
CNAME |
Aliases one name with another name |
NS |
Lists the nameservers which host the domain |
SOA |
Start Of Authority: the nameserver which is authoritative for a domain |
MX |
Mail eXchanger – the mail server for a domain |
PTR |
Specifies a domain name for an IP address (reverse lookup), or Specifies an SRV for a service type |
LOC |
Geographic coordinates of the machine |
TXT |
Arbitrary text |
RP |
Person responsible for administration of the domain |
AAAA |
Specifies an IPv6 address for a domain (because IPv6 addresses are 4 times the length of IPv4, get it?) |
SRV |
Service record. Intended to provide information on available services |
Leave a Reply
You must be logged in to post a comment.