Domain Name System Basics
One thing that everyone that uses the Internet relies on is the ability to locate a given website or remote device using a simplified domain name (i.e.; http://www.google.com). The ability to use this simplified domain name is provided by the Domain Name System (DNS). Many Internet users do not realize that the traffic that they put onto the network is routed based on Internet Protocol (IP) addresses (i.e. 126.96.36.199). This is because it is the duty of DNS to take the simplified domain name from the user and translates it into an IP address for proper network routing. This article takes a look at how the DNS system operates and is able to maintain a list of updated domain name to IP mappings while maintaining performance.
What is a Domain Name?
As touched on above, a domain name is the simplified name that is used to reference a device on a network. This domain name is then translated by DNS into an IP address that is then used to route the intended traffic to the device. Most people are familiar with common domain names, like http://www.google.com or http://www.microsoft.com.
What most people do not pay attention to is that a domain name can be broken down into a list of authorized DNS zones. Each of these zones is responsible for the translations within its realm of authority. For example, Microsoft owns the microsoft.com domain name and is authorized to respond to translations within its domain names. Only the authorized DNS servers are allowed to change the contents of a DNS record within its delegated authority. So if Microsoft wanted to change the IP address translation for the http://www.microsoft.com domain it could, but Google or any other company cannot.
The DNS is structured hierarchically and is interpreted from right to left. Figure 1 displays an example of this hierarchy:
Figure 1 Example DNS Hierarchy
The dashed circles within Figure 1 denote an example how authority can be separated between the different domain names, this is referred to as a DNS zone. While in this example both google.com and yahoo.com and all of their sub-domains are managed under a single authority, the microsoft.com domain and http://www.microsoft.com sub-domain are separated into a separate authority then the technet.microsoft.com and social.technet.microsoft.com sub-domains. Only the DNS servers that are configured to be authoritative for each of these zones are able to make changes to the contents of the associated records.
How Does DNS Operate?
When a DNS server receives a request for a translation from a domain name to an IP address, it first must translate who to ask for the correct translation (who is authorized?). Every DNS server begins its operation with a list of DNS hints; this list of hints contains an up-to-date list of domain name to IP mappings for the main Internet root servers. At the time of this writing, there are 13 main root server addresses that are used by most DNS servers; keep in mind that each of these server addresses is not linked to one physical server but to a cluster of servers which manage the traffic into that specific address. The root servers contain a database of the root domains and the responsible DNS servers (authoritative).
For example, if a DNS server has been asked to translate the domain name http://www.google.com, it will begin to read the domain name from right to left to learn the root domain. In the case of http://www.google.com, the root domain is .com, it will then query one of the root servers for a translation. The .com root domain is currently managed by VeriSign (who has authority) so the root DNS server will respond with a link to the DNS servers for the .com domain. The server will then use this list of .com DNS servers and query one of them for a translation. The google.com domain is managed by Google directly (who has authority over the google.com domain), so when the initial DNS server queries the .com DNS servers for a translation it will return with a list of authorized google.com DNS servers. The server will then use this list of google.com DNS servers and query one of them for translation. This server is the authorized DNS server for the google.com domain and is able to respond with a translation for http://www.google.com (188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199) domain. Figure 2 below shows a capture of these conversations:
Figure 2 http://www.google.com lookup
The way that a DNS server responds to a client query depends on its specific configuration and whether it has already queried for that specific domain name previously. To speed up the process of domain name translation, a DNS server is able to cache the contents of a specific entry for a configured amount of time (the amount of time is configured on the authorized server and/or on the DNS server itself). If a request comes in for a translation that has already been cached, the server can simply respond with the cached contents without querying the authorized DNS server again; the type of response returned with is referred to as a non-authoritative; an example of the different responses is shown in Figure 3:
Figure 3 Authoritative vs Non-Authoritative
The response is the same from both the non-authoritative and authoritative source because they both originated at the same location.
Any trained network engineer knows that the DNS system is a vital part of the Internet as well as inside organizations using IP (most). It enables the easy use of a recognizable name that a novice user can use to access an intended destination. Just imagine the Internet without it, what if to have access to the Google homepage a user would need to know to enter in 188.8.131.52? The Internet would not be usable to novice users without it and without it the modern Internet would not exist. The intention of this article is to give the reader a basic idea of what DNS is used for and how it affects the day to day activities of all Internet users as well as provides a little background as to how it operates to achieve its results.