Open in app

Sign in

Write

Sign in

DNS (Domain Name System)

Broken Code
8 min readSep 27, 2023

--

1) Introduction:

DNS stands for Domain Name System. DNS is used for converting a domain name into an IP address. The purpose of DNS is to eliminate the need for humans to memorize IP addresses.

DNS is an application layer protocol which uses UDP and TCP port number 53. DNS uses UDP port 53 to connect to the server. TCP can be employed in situations where response data size surpasses 512 bytes or for specific purposes, such as zone transfers.

IP Address: Each device connected to the Internet has a unique IP address which is used by other devices on the internet to communicate with that device. Simply put, IP address is the address of a machine which uniquely identifies that machine on the internet. Example of IP address is: 172.217.204.102 (one of Google’s IP addresses).

Domain Name: Domain name is the name of a website. It is the text form of the IP address. Domain name is more human friendly and easy to remember than an IP address. It would have been very difficult to remember an IP address for each site than remembering the domain name.

In order to find the IP address of a website, you can use the commands like ping, nslookup etc. in terminal/command prompt.

For further information regarding the domain name, you can refer to my article titled ‘Anatomy of URL.

2) DNS Infrastructure (Types of DNS Servers):

When a request is made by the host for domain name resolution, the computer first checks its own local cache to see if it can resolve it . If it couldn’t resolve it, the request is then sent to DNS resolver.

DNS Resolver: The DNS resolver is a server designed to receive queries from client machines. The resolver server is basically ISP (Internet Service Provider). When resolver receives a query, it will check its own cache memory to find an IP address of the domain name. If it finds IP address for the domain name, it will send it to client. However if it could not find it, then it will forward the query to the root name server from where the actual DNS resolution process starts.

The DNS resolver does not provide IP address resolution for every domain name. It only resolves those domain names which are popular or have been recently visited.

Root Name Server: The root name server is the first step in translating (resolving) human readable domain names into IP addresses. The root name server does not have information about “IP address — domain name” mapping, but it directs the resolver to the TLD name server. For example, if you request www.example.com, the root name server will recognize the top-level domain (“.com” in this case) and will direct the query to appropriate TLD name server.

There are 13 different IP addresses for root name servers. Every DNS resolver has a list of these 13 IP addresses built into it. Whenever a DNS lookup is initiated, the resolver’s first communication is with one of those 13 IP addresses.

TLD Name Server: The TLD (top level domain) name server stores information for domain names that share a common TLD. For example, a “.com” TLD name server contains information about domain names that ends in ‘.com’. The TLD server then responds with the IP address of the domain’s nameserver, example.com.

Authoritative Name Server: The authoritative name server contains domain name and IP address mapping. When the authoritative name server receives a query from the resolver, If the authoritative name server has access to the requested record, it will return the IP address for the requested domain name back to the DNS Resolver that made the initial request.

In instances where the query is for a subdomain such as ftp.example.com, an additional server will be added to the sequence after the authoritative name server which is responsible for storing the subdomain’s CNAME record.

In case DNS information is cached, steps are skipped from the DNS lookup process which makes DNS resolution process quicker.

3) Format of DNS Query and DNS Response:

The DNS message can have five sections: the DNS Header, the Question, the Answer Resource Record, the Authority Resource Record and the Additional Resource Record.

  • Identification: The identification field is used to match the response with the request sent from the client-side.
  • Flags:

QR (query/response) Flag: If its value is 0, the message is of request type and if its value is 1, the message is of response type.

opcode: It defines the type of query carried by a message.

  • Query (0): If the value of the opcode subfield is 0 then it is a standard query (Forward DNS lookup).
  • IQuery (1): The value 1 corresponds to finding the domain name from the IP Address (Reverse DNS lookup)
  • Notify (4): It is used by a primary (authoritative) server to tell secondary servers that data for a zone has changed and prompt them to request a zone transfer.
  • Update(5): It allows resource records to be added, deleted or updated selectively.

AA (Authoritative Answer): If the value is 1, it indicates that the name server is an authoritative name server; otherwise, it is non-authoritative. It is used only in a response message.

If a DNS server that doesn’t have the original zone file responds to a DNS query , it is a Non-authoritative answer. Non-authoritative name servers do not contain the original zone files. They may have a cache with previously requested DNS records from all the DNS lookups done previously.

TC (Truncation): When using UDP services, if the length of the message exceeds the allowed length of 512 bytes, the message is truncated.

TCP doesn’t have a length limit for messages, while UDP messages are limited to 512 bytes, so this bit usually is an indication that the message was sent using UDP and was too long to fit. The client may need to establish a TCP session to get the full message.

RD (Recursion Desired): When the value of RD is set to 1 in the query message, it directs the name server to pursue the query recursively. Its value is copied to the response message.

RA (Recursion Available): Indicates if the replying DNS server supports recursion.

rCode (Response Code): This subfield is used to denote whether the query was answered successfully or not. Following is the list of values with their error status:

  • The value 0 of rcode indicates no error.
  • Value 2 indicates server failure.
  • Value 3 refers to the Name Error that implies the name given by the query does not exist in the domain.

Question: The question is made up of three parts: name, type and class (which is almost always 1 or IN for internet).

Answer Resource Record: The answer resource record answers the question.

4) Resource Record:

A resource record, commonly referred to as an RR, is the DNS data record.

Different types of RRs have different formats as they contain different data. In general, however, many RRs share a common format with most important fields as: Name, Type, Data, TTL and class

The name is the domain name to which the resource data corresponds.

The type specifies the type of resource record.

The class is normally 1 for Internet data.

The time-to-live field is the number of seconds that the RR can be cached by the client.

Resource Data: The data portion of the resource record.

5) DNS records:

A Record: A record is a record that maps a domain name directly to its corresponding IP address.

Type     Name           Value
A        example.com    10.0.2.11

PTR record: A PTR (pointer) record provides the domain name associated with an IP address. A DNS PTR record is exactly the opposite of the ‘A’ record, which provides the IP address associated with a domain name. PTR records are used in reverse DNS lookups.

CNAME Record: A CNAME (Canonical Name) record is a record that points to another domain rather than an IP address. All CNAME records must point to a domain, never to an IP address. For instance, let’s imagine that blog.example.com has a CNAME record with a value of example.com. In this case we would say that example.com is the canonical name (or true name) of blog.example.com.

Type        Name           Value
CNAME   blog.example.com   example.com

AAAA record: AAAA record is a record that maps a domain name to an IPv6 address. AAAA records are similar to A records in a way that they store a domain’s IPv6 address instead of its IPv4 address.

Type     Name            Value
AAAA     example.com     2001:0db8::8a2e:0370:7334

MX record: MX (mail exchange) record directs email to a mail server. The MX record indicates how email should be routed in accordance with the Simple Mail Transfer Protocol. Like CNAME records, an MX record must always point to another domain.

Type   Name          Value                   priority
MX   example.com     mailhost1.example.com   10
MX   example.com     mailhost2.example.com   20

6) DNS zone:

A DNS zone is a portion of the domain name system that is managed by a specific organization or administrator. DNS zones are not necessarily physically separated from one another, zones are strictly used for delegating control. A common mistake is to associate a DNS zone with a domain name or a single DNS server. In fact, a DNS zone can contain multiple subdomains and multiple zones can also co-exist on the same server.

example.com with all its subdomains may be a zone.

However, second.example.com may also be a separate zone.

Zone file: All of the information for a zone is stored in a file known as a DNS zone file. The zone file contains comprehensive details about the domain or domains within the zone, including the identity of the domain administrator.

Primary DNS Server: A Primary DNS Server is a server that hosts a primary zone file. Primary Zone file is a Read-Write copy of Zone file.

Secondary DNS Server: A Secondary DNS Server is a server that holds the Secondary Zone file, which is a Read-Only copy of the Primary Zone file. In other words, secondary DNS servers contain zone file copies that are read-only, meaning they cannot be modified.

Zone Transfer: Zone transfer is the process of copying the contents of the zone file on a primary DNS server to a secondary DNS server.

Advantages of Primary and Secondary DNS Servers:

• Redundancy: If the primary name server goes down, the secondary name server has a complete, up-to-date copy of the zone file so can handle name resolution requests by DNS clients on the network.

• Load balancing: If a large number of DNS clients on the local network are making name resolution requests, you can load balance these requests between the primary name server and its secondary name servers.

DNS
Domain Name System
Dns Servers
Networking

--

--

Broken Code

Written by Broken Code

15 Followers

Network Security Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams