Introduction to DNS

This article will take you through a very basic crash course around DNS, what it is, and how it’s used.

What is DNS?

DNS stands for ‘Domain Name System’ and it is the system which computers use to locate one another over networks. In the most basic sense, you can think of DNS as a phone book which ties human readable names like ‘www.google.com’ to an IP address. Servers, computers, etc can then establish the connection to the other device after having determined it’s name.

Terminology

It is important to be familiar with some of the terminology used in DNS. Here are the most common, and useful, terms related to DNS.

• DNS (Domain Name System) – The system of technology designed to convert human-readable domain names into a corresponding IP addresses.

• Domain Name – A broader term given to the human-readable names which are tied to a specific resource on the network. For example ‘yahoo.com’ or ‘google.com’

• TLD (Top-Level Domain) – Top-level domains are the part of the domain name which is situated furthest to the right and separated by a period. The top-level domain you most commonly see is likely to be ‘.com’, but there are many more possible top-level domains such as .org, .gov, and .us.

• Subdomain – A subdomain is a domain that is part of another domain name. For example, ‘www.google.com’ could be considered a subdomain of ‘google.com’. It can become more complicated, for example an internal network might have a subdomain name ‘mx1.mail.domain.com’. In this case, ‘mx1’ is a subdomain of ‘mail.domain.com’, and ‘mail.domain.com’ is a subdomain of ‘domain.com’. For the sake of simplicity, you can consider anything prepended onto the domain name as a subdomain.

• IP Address – IP addresses are the actual numeric ( and alphanumeric in the case of IPv6) addresses of devices that the DNS servers translate domain names into via Domain Name System technology.

• Name Server – A name server is the device which translates the human readable domain name into an IP Address.

• Zone File – Zone files are basic text files which contain the correlations between domain names and IP addresses. This is the file that the nameserver uses to find out which IP address corresponds to the host name it is requested to resolve.

• DNS Record – Within the zone file, are there are usually many DNS records, which are one line entries that define a hostname to an IP address.

• Domain Name Registrar – The Domain Name Registrar (sometimes just called Domain Registrar) is the entity with which you purchase, and register your domain name. Some well-known registrars include GoDaddy, Namecheap, and HostGator. Registrars are also important to DNS, because it is at your registrar that you most often set your Name Servers. Each registrar will usually have a handful of nameservers that they provide you by default, but you also can change these on most platforms to utilize nameservers from other providers or parties.

• DNS Resolution – Resolution is the actual process of translating IP addresses to domain names, or vice versa. Commonly, if a hostname cannot be reached to determine it’s IP address, it will be said that it ‘cannot be resolved.’

• TTL – TTL is a setting for each DNS record that tells the name server for how long it should cache the query before it needs to expire it and fetch a new one.

How does DNS work?

When you type ‘google.com’ into your browser, the browser sends a query over the web in order to find the IP address corresponding to ‘google.com’. The first place the query will go, is to what’s known as the ‘Recursive Resolver.’ It is likely operated by your ISP, mobile phone provider, or some third party. The recursive resolver will then ask the ‘Root Server’ for information correlating the hostname google.com to an IP address. The Root Server will then correspond the TLD to a ‘Top Level Domain Name Server’, which will store information for the domain name below the TLD, ‘google’ in this case. The TLD server will answer with the IP address of the domain’s name server, which the recursive resolver sends it’s next query to. The domain name server knows the IP address for the full google.com domain and directs traffic to the appropriate IP address. At this point, your web browser will load the requested website.

DNS Records

There are a number of DNS records which can be used for different purposes. Below are some of the most common record types that you may encounter, and their use cases.

• A – A records are one of the basic DNS record types, responsible for converting hostnames into their corresponding IPv4 addresses. Within a zone file, the record would look similar to this:

domain.com IN A 12.34.56.78

• AAAA – AAAA records are identical to A records, except that they are responsible for converting hostnames into their corresponding IPv6 addresses. Within a zone file, the record would look similar to this:

domain.com IN A 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• CNAME – CNAME records (Canonical Name Record) is a type of record which maps one domain name to another. This is useful for running multiple services on a single IP address. Within a zone file, the record would look similar to this:

www IN CNAME domain.com

This would route www.domain.com to the same IP address domain.com routes to.

• MX – MX Records are used for specifying the mail exchange servers used by a domain. This helps route mail destined for your hostname to the proper mail server. Most mail providers will tell you which MX records to use when utilizing their mail service. Within a zone file, the record would look similar to this:

IN MX 10 mail.domain.com.

In this example, the 10 denotes the priority. If there are multiple MX records, their priority can be adjusted using numerical values with a lower number being a higher priority.

• NS – Nameserver records can delegate a specific domain or subdomain to use another nameserver entirely. Within a zone file, the record would look similar to this:

IN NS namesrv1.domain.com.

• PTR – PTR records are the inverse of A/AAAA records. Instead of associating a hostname to an IP, they associate an IP to a hostname. If you performed a ‘dig -x’ lookup on an IP address with a PTR record configured, it would return to you the hostname. Within a zone file, the record would look similar to this:

78.56.34.12.in-addr.arpa. 900 IN PTR domain.com.

• SOA – SOA records are the one record which is mandatory within the zone file. It must also be the first real record in the file. This record contains information pertaining to which nameserver the domain uses, what email address is on file for the administrator of the zone, a serial number, and TTL related values. Within a zone file, the record would look similar to this:

domain.com.  IN SOA namesrv1.domain.com. administrator.domain.com. (
                                            80544   ; serial number
                                            21600s      ; refresh interval
                                            3600s     ; retry interval
                                            1814400s      ; expiry period
                                            500s      ; negative TTL
)

This is more difficult to breakdown, but you can see first your domain name. Followed by IN which means internet, then SOA to indicate record type. Following this you see the nameserver defined for the domain, and then the adminstrators email address. There is no @ symbol, but first period is indicative of where the @ would be placed. The serial number is a number which counts up with each change made to the zonefile. The secondary nameservers will check this to determine if they need to request a new copy of the zone file. The refresh interval determines how long the secondary nameservers will wait before checking the serial number for changes. The retry interval determines how long the secondary name server will wait before trying to poll the primary name server in the case of it being unreachable. The expiry period tells the secondary name server to no longer consider this the primary name server for this domain if it fails to reach it beyond this period. The negative TTL indicates how long the name server will cache an error if it cannot find it’s sought after entry in the zone file.

• TXT – TXT records are different from the other DNS records as they are used mainly for informative purposes. The most common usage for the TXT record is setting an SPF (Sender Policy Framework) record. SPF Records are used to indicate to mail exchange servers which servers can send mail for that domain.

Conclusion

DNS goes far beyond what’s been covered in this guide, but knowing the basics will go a long way in assisting you in understanding what needs to be configured, what problems may occur, and serve as a foundation for understanding DNS at more complex levels.

Leave a Reply

Your email address will not be published. Required fields are marked *