Welcome to the “DNS Deep Dive” series! In this comprehensive exploration, we will immerse ourselves in the intricacies of DNS (Domain Name System), unraveling its inner workings to shed light on this fundamental aspect of the internet. Whether you’re a tech-savvy individual or someone with limited technical background, our goal is to provide clear and concise explanations that will enhance your understanding of DNS. Join us on this enlightening journey as we bridge the gap between technical and non-technical realms, empowering you to grasp the key concepts behind DNS with ease. Let’s dive in and demystify the world of DNS together.
Before you start
About this post:
- 10 – 20 min average reading time
- Suitable for intermediate through to advanced
What you will gain reading this post:
- A comprehensive understanding of all parts DNS
What you can do to help support:
- Like, comment and share this article
- Follow this blog to receive notifications of new postings
Now, let’s get started.
What is DNS?
The acronym DNS stands for “Domain Name System”.
To better relate to this you can think of it as a “address book” where you lookup a name that is tied to a unique address that you use for communicating with an individual, however this “address book” is for the internet and when you enter a domain name such as robertleggett.blog into a browser, it will be translated to the tied unique IP address which it will use to communicate to a machine and serve up content that is hosted on it, in this instance my blog.
Why do we need DNS?
Without DNS the Internet would be much more difficult to navigate.
We would need to remember what the IP address is to access a particular device and with dynamic IP addresses continuously changing, we would not be able to rely on the IP address that we have remembered. This is where DNS plays a fundamental part in the way that we use the Internet.
How does DNS work?
Imagine you are working for an Organisation and require the contact address for a particular individual in another Organisation to be able to communicate with them and extract out information you are seeking.
You know the particular individuals name but you do not have their contact address, so you contact the Organisation representative.
The Organisation representative does not have the individuals contact address, but can provide you with the Department representative contact address the individual works for.
You contact the Departments representative and they do not have the individuals contact address but they do have the individuals manager contact address.
You contact the individuals manager, who does have the contact address of the individual you are seeking and is able to supply you with the individuals contact address, you can now go to that address of that individual and extract the information you are seeking.
For a more detailed and technical way to understand how DNS works, then please continue.
- The user enters robertleggett.blog in the address bar of the browser.
- The request for robertleggett.blog is forwarded to a DNS resolver.
- The DNS resolver forwards the request for robertleggett.blog to a Root Nameserver.
- The Root Nameserver for . domain responds to the request with the names of the TLD Nameservers.
- The DNS resolver then forwards the request for robertleggett.blog to an TLD Nameserver that is associated to .blog domain.
- The TLD Nameserver for .blog domain responds to the request with the names of the Authoritative Nameservers that are associated with the robertleggett.blog.
- The DNS resolver selects an Authoritative Nameserver and forwards the request for robertleggett.blog.
- The Authoritative Nameserver looks in the robertleggett.blog hosted zone for the record, it then gets the associated IP address for a server, 192.145.82.18, and returns the IP address to the DNS resolver.
- The DNS resolver now has the IP address that the browser needs. The DNS resolver will cache the IP address for robertleggett.blog for an amount of time that is specified for a quicker retrieval the next time robertleggett.blog is requested.
- The browser sends a request for robertleggett.blog to the IP address that it got from the DNS resolver.
- The server or other resource at 192.145.82.18 returns the website for robertleggett.blog to the browser which displays the page.
Okay, what terminology do I need to understand before progressing?
What is a Domain Name?
A domain name is a human readable name that is used to represent an identity or brand and is used to identity Internet resources.
For a domain name to work it must be registered and unique.
What is a Domain Name Hierarchy?
A domain name has an hierarchical order, the number of levels is determined by the number of full stops the domain name has.
If you take http://www.robertleggett.blog as an example excluding the root level domain, that domain name has three domain levels.
Below is a simple domain name hierarchy diagram to demonstrate that order as well as a short description explaining the different levels levels.
What are the different Domain Name Hierarchy levels?
What is a Root Domain?
All domains begin with a root domain, referring to the domain name hierarchy diagram above it is represented as a full stop.
The root domain is handled by the Root Nameserver.
What is a Top Level Domain (TLD)?
The top level domain is what comes after the root domain, referring to the domain name hierarchy diagram above this would be gov, blog, com, org, … The top level domain is handled by the TLD Nameserver.
What is a Lower Level Domain?
The lower level domain is any other level after the top level domain, referring to the domain name hierarchy diagram above the second level domain would be robertleggett, google, amazon, … and the third level domain also knows as a subdomain would be the www.
The lower level domain, second to the nth, is handled by the TLD Nameserver, until the final lower level domain which is handled by the Authoritative Nameserver.
What is a IP address?
A IP address is a unique address for identifying a device on a network. Having an IP address allows different devices to communicate with one another that support the Internet Protocol.
Presented in a human readable format, an IP address can be static which is a non changing address or dynamic which is a changing address, in most cases IP addresses are dynamic and often changing.
IP addresses are represented in two possible standards, IPv4 or IPv6.
IPv4 consists of 32 binary bits (2^32) and is presented as four decimal numbers with each number ranging from 0 to 255 and with each number separated by a dot.
An example of this is as follows 129.167.25.7
IPv6 consists of 128 binary bits (2^128) and is presented as eight groups of hexadecimal numbers with each number separated by a colon.
An example of this is as follows 2001:0dbf:4321:0000:0000:0000:0000:0000 or it could also be represented as 2001:dbf:4321::
Due to the increase of devices on the Internet there was a concern of exhausting the number of IP addresses that IPv4 can produce, therefore IPv6 was developed with the vision to replace IPv4.
While this has been the vision it is important to know that for the foreseeable future the Internet is expected to be running both IPv4 and IPv6 IP addresses.
Okay, now what are the different components that make up DNS?
What is a DNS resolver?
When we enter a domain name into the browser, the browser will forward on the request to the DNS Resolver which is sometimes referred to as a DNS lookup or DNS recursive resolver.
The DNS resolver is typically configured by the Internet Service Provider (ISP) but it can also be configured separately as to which DNS resolver to use.
The DNS resolver is responsible for returning an IP address to the browser which had the domain name entered into it.
- Either from the cache in which where it was stored from a previous query of the same domain name
- Or through querying the different servers to translate the domain name to a IP address.
The order of the servers the DNS resolver queries are:
- The root nameserver
- Followed by the TLD nameserver
- Then finally the authoritative nameserver
You can see the flow as described in the diagram below by running the command: dig a robertleggett.blog +trace
- The request for robertleggett.blog is forwarded to a DNS resolver.
- The DNS resolver forwards the request for robertleggett.blog to a-m.root-servers.net which are the Root Nameservers.
- The Root Nameserver for . domain responds to the request with the names of the TLD Nameservers.
- The DNS resolver then forwards the request for robertleggett.blog to a-d.nic.blog. which are the TLD Nameservers that is associated to .blog domain.
- The TLD Nameserver for .blog domain responds to the request with the names of the Authoritative Nameservers that are associated with the robertleggett.blog.
- The DNS resolver selects an ns1.wordpress.com which is a Authoritative Nameserver and forwards the request for robertleggett.blog.
- The Authoritative Nameserver looks in the robertleggett.blog hosted zone for the record, it then gets the associated IP address for a server, 192.145.82.18, and returns the IP address to the DNS resolver.
- The DNS resolver now has the IP address that the browser needs. The DNS resolver will cache the IP address for robertleggett.blog for an amount of time that is specified for a quicker retrieval the next time robertleggett.blog is requested.
What is a DNS cache?
A DNS cache is a temporary database, containing records of all the recent and attempted visits for requested domains names.
- The Local DNS Cache performs a “lookup” to see if the result has been previously cached, and if it has been previously cached that is retrieved and returned.
- If the local DNS cache is empty, the resolver may have a cached copy of the requested information therefore, avoiding the need to go through the entire DNS “lookup” process, if that is not the case the DNS resolver then goes through the standard DNS “lookup” process and caches and returns the result once completed.
- The result now becomes cached in the Local DNS Cache.
Is it important to also be aware that there are DNS caches for every hierarchy level of the “lookup” process, which is to fulfil its purpose of speeding up the name resolution process.
What is a DNS query?
A DNS query also known as DNS request, are requests made to resolve the domain name to the IP address.
What is a DNS Zone?
A DNS zone always starts at a domain boundary, and it ends at the boundary of another independently managed zone.
As each domain is further divided into sub-domains. Each becomes a DNS zone itself with its own set of administrators and DNS servers.
To help visually represent the different domain boundaries, please refer to the diagram below.
Briefly touching on DNS hosting but still related to DNS zones.
By running the command: dig soa robertleggett.blog +trace, a section of information I get back is:
robertleggett.blog. 86400 IN SOA ns1.wordpress.com. hostmaster.wordpress.com. 2005071858 14400 7200 604800 300
The ns1.wordpress.com. is the primary. This is not enforced unless through dynamic updates, but the recommended approach is to put the primary name server there. The primary ns1.wordpress.com. will notify ns2.wordpress.com. and ns3.wordpress.com. keeping them all in sync.
By running the command: dig ns robertleggett.blog +trace, a section of information I get back is:
robertleggett.blog. 86400 IN NS ns3.wordpress.com. robertleggett.blog. 86400 IN NS ns1.wordpress.com. robertleggett.blog. 86400 IN NS ns2.wordpress.com.
These could be primary or secondary DNS zones.
What is a DNS server?
A DNS Server also referred to as a Nameserver, is a machine that is registered as part of the DNS system, it is a server that has DNS software installed on it, and the software installed on the server it is what makes it a DNS server.
Each DNS server contains a public IP address as well as a database of domain names and IP addresses. When requested, it can try to determine the IP address associated with the domain name.
If it can’t determine it, it will then try to find out from other DNS servers, or possibly a Root Nameserver.
What is a Root Hint File?
Root hint files are used to configure DNS Resolvers to know how to locate Root Nameservers.
Root hints are a list of Authoritative Nameservers, typically the Root Nameservers, stored in a root hint file configured in the DNS Resolver
- They are used to resolve queries for zones that do not exist on the DNS server
- Also only when forwarders are not configured or it has a failure to respond
What are the different types of DNS servers?
All DNS servers fall into one of the following four categories. Recursive resolver, Root Nameserver, TLD Nameserver, and Authoritative Nameserver.
What is the difference between a Recursive Nameserver and an Authoritative Nameserver?
A Recursive Nameserver is as you would expect by the name, it refers back to itself. Recursive Nameserver are responsible for providing the IP address to the requested Domain Name.
An Authoritative Nameserver is responsible for providing answers to Recursive Nameserver with the IP Address of the intended destination.
The Authoritative Nameserver responses to the Recursive Nameserver containing information for each Domain Name. Such as the IP address and other necessary DNS records.
What is a Root Nameserver?
A root name server plays a vital role when it comes to translating domain names into IP addresses. It will answer DNS queries in the DNS root zone.
The root name server doesn’t resolve the Domain Name itself and instead informs the requestor about which other DNS Nameservers that needs to be queried in order to obtain the next level of information from to resolve the desired IP address.
The DNS root servers described here refer to the Root Nameserver from the DNS System. This is not the same as the dedicated Root Nameservers that can be rented through webhosting providers.
For a list of root servers refer to https://www.iana.org/domains/root/servers
What is a TLD Nameserver?
A TLD Nameserver contains information for the Domain Names that share a common TLD, such as .com, .org, .blog, etc.
An example is a .blog TLD Nameserver contains information for every Domain Name that ends in .blog.
What is a Authoritative Nameserver?
An Authoritative Nameserver holds the actual DNS records, such as A, CNAME, PTR, etc for a particular Domain Name and IP address.
A DNS Resolver queries an Authoritative Nameserver to resolve a Domain Name with an IP Address.
What is a DNS record?
A DNS record acts as instructions for the DNS server.
It knows which Domain Name each IP address is mapped with.
A DNS record contain a lot of different syntax and commands for how the DNS server should respond to the request.
What is a Glue record?
A Glue record is A record or IP address that are mapped to a Domain Name or a subdomain. Glue records are important when the DNS Nameserver for a Domain Name are the subdomains of the domain name itself.
For example, given the Authoritative Nameservers for robertleggett.blog are ns1.robertleggett.blog and ns2.robertleggett.blog.
When ns1.robertleggett.blog is being resolved it would first require the resolution of robertleggett.blog which again returns the Authoritative Nameservers as ns1.robertleggett.blog and ns2.robertleggett.blog.
This creates a loop or circular dependency.
Glue records help in breaking this circular dependency by providing the IP Address for ns1.robertleggett.blog and ns2.robertleggett.blog.
These IP addresses records are known as Glue records.
What are the different types of DNS records?
The types of DNS records is quite extensive and can be found here https://en.wikipedia.org/wiki/List_of_DNS_record_types
A Record (Address Record)
An A record is what points the Domain Name to an IPv4 IP address. It stands for Address Record and is the purest form of DNS.
AAAA Record (IPv6 Address Record)
This record is the same as an A record, but it points a Domain Name to an IPv6 address instead of an IPv4 one.
CNAME (Canonical Name Record)
A CNAME, or Canonical Name, redirects one Domain Name to another Domain Name, allowing only update to one A record is required each time you make a change.
For example, the CNAME record allows “robertleggett.blog” to resolve “www.robertleggett.blog” with the “www” in front.
CAA (Certification Authority Authorization)
A Certification Authority Authorization record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a Domain Name.
The purpose of the CAA record is to allow Domain Name owners to declare which certificate authorities are allowed to issue a certificate for a Domain Name.
MX Entry (Mail Exchange Record)
A mail exchanger entry directs emails to a different server despite being a subdomain of the Domain Name requested.
NAPTR (Name Authority Pointer Record)
A Name Authority Pointer is a type of resource record, they are most commonly used for applications in Internet telephony.
NS (Name Server Record)
A NS stands for Name Server and this record indicates which DNS server is Authoritative for that Domain Name.
A Domain Name will often have multiple NS records which can indicate primary and backup name servers for that Domain Name.
PTR (Pointer Record)
A Pointer is a type of record that resolves an IP address to a Domain Name, unlike an A record which points a Domain Name to an IP address.
PTR records are used for the reverse DNS lookup.
SOA (Start of Authority Record)
A Start of Authority record is a type of resource record containing administrative information about the zone, especially regarding zone transfers.
SPF (Sender Policy Framework)
A Sender Policy Framework record is used to indicate to mail exchanges which hosts are authorized to send mail for a Domain Name.
SRV (Service Locator)
A Service record is a specification of data defining the location, i.e., the hostname and port number, of servers for specified services.
TXT Record (Text Record)
This is a bit of a catch-all record, not intended to direct any traffic, but instead to provide information to external sources. It serves several different purposes depending on your needs.
Finally, we made it, did this help?
If you found this to be helpful, have any questions or want to provide feedback, please let me know.
Don’t worry if all of this seems overwhelming.
- Like, comment and share this article
- Follow this blog to receive notifications of new postings
- View previous postings