DNS

Chapter 7

DNS
Contents
• Need of DNS
• Origin of DNS
• Understanding DNS
• Hierarchy of DNS
• Components of DNS
• Working of DNS

Objectives
After completion of this module you will be able to know:
• The need of DNS
• Origin of DNS
• Working method of DNS
• Hierarchy of DNS
• Components of DNS

86 Prepared by RGM TTC, Chennai

 DNS

DNS
While DNS is one of the least necessary technologies that make up the Internet as we
know it, it is also true that the Internet would never have become as popular as it is today
if DNS did not exist. Though this may sound like a bit of a contradiction, it is true, none
the less.

DNS stands for two things: Domain Name Service (or Domain Name System) and
Domain Name Servers. One acronym defines the protocol; the other defines the machines
that provide the service. The job that DNS performs is very simple: it takes the IP
addresses that computers connected to the Internet use to communicate with each other
and it maps them to hostnames.

Sounds pretty simple, doesn't it? Well, it is. But just because it's simple doesn't make it
any less important.

Human beings tend to have a difficult time remembering long strings of seemingly
arbitrary numbers. The way that our brains work, it's difficult to make information like
that stick. And that is where DNS comes in. It allows us to substitute words or phrases for
those strings of numbers. Words are a lot easier for people to remember than numbers,
especially when they can be tied to a specific idea that is linked to the website.

But how does DNS work? What makes it operate? How did it start?

7.1 Web site address

Before we get into DNS, let’s start off with breaking down a web address. It essentially
gives where the web page is, and how you need to talk to it. Lets use the example of:

http://www.bsnl.co.in/pages/cellone.htm

The first part is "http://", and that tells your PC what protocol (what language so to speak)
to use talking with this site. In this case, you are using HTTP (HyperText Transfer
Protocol). Another very common one for web designers to use is "ftp://" or File Transfer
Protocol. You would use it to connect to your web server to put the web pages you
created onto the server. You also see "https://" quite commonly. This simply means that
the connection between you and the web server is secure (meaning the information being
sent back and forth is encrypted). You should see "https://" when you are checking out,
especially when they are entering credit card information.

The next part, "www.bsnl.co.in" is called the Domain Name. The "www" used to be more
significant than it is today. Today, the "www" is, for the most part, assumed and you can
get to the same page regardless of whether or not you type in "www" your browser.

The part "/pages/cellone.htm" tells the web server to look in the directory called "pages"

87 Prepared by RGM TTC, Chennai

 DNS

and send the file called "cellone.htm" to your browser. It is just like the directories on
your PC.

The “in” of the Domain Name “www.bsnl.co.in” is called as Top Level Domain (TLD). It
is the right extreme portion of the domain name. For example the TLD of
www.yahoo.com is com.

7.2 IP address
Before we get into DNS, we need to explain what an IP address is. Every PC and server
has an IP address on the Internet. It has the format of 4 numbers, separated by periods,
and looks like "61.1.137.84". Each number should be between 0 and 255. Think of it as
your phone number on the internet, it must be unique. It would be bad to have 2 different
houses with the same phone number, and it would be bad to have 2 different machines
(more properly known as hosts) that have the same IP address on the Internet.

7.3 Why DNS needed?

For most people, it is much easier to remember "www.bsnl.co.in" than it is to remember
"61.1.137.84". When you enter a URL into your browser, you usually use the easy to
remember name. How does your PC know where to find "www.bsnl.co.in? Remember
that each machine has a IP address? There is a way to translate from the easy to
remember domain name, and the hard to remember IP address.

Enter DNS. DNS is an acronym for "Domain Name Service". It's whole purpose in life is
to translate between the friendly "www.bsnl.co.in" and the not-so-friendly 61.1.137.84. It
handles this translation for web sites, email, FTP servers, database servers, or any
machine within a domain name. Let's dig into the process of how that works.

DNS means Domain Name Service. It is actually a service that can keep large number of
machines’ IP addresses for huge network communication. Now the question arises why is
this needed. Let’s understand this with the help of an illustration.

Example: Let’s say rose1, rose2, rose3, rose4, and rose5 are the 5 machines in a network,
then for communication between each machine, each machine’s /etc/hosts in Unix (or
hosts.txt in Windows) file should have all the five entries of the machine name. Within
this small network there would be no problem if you add another machine say rose6 in
the network. But for this too, the network administrator has to go to each machine, add
the rose6 in /etc/hosts file and then comeback to the new comer rose6 machine and add
all the other entries (rose1...rose5) including its own name also in /etc/hosts (or hosts.txt)
file.

But what if the network is setup with say 60 machines and a 61st machine has to be
added? Then administrator will have to go to each machine again and write the new
machine’s name at /etc/hosts/ (or hosts.txt) file and again comeback and write all the 60
machines name on the 61st machine’s etc/hosts file which is a tedious and time taking

88 Prepared by RGM TTC, Chennai

 DNS

job. Thus, it is better to keep a centralized server, where all the IP addresses will stay and
if a new one does enter into the network then the change will have to be done at the
server and not on the client’s machine.

7.4 The Origin of DNS

Like almost everything else originally associated with the Internet, DNS traces its origins
to ARPANET. Alphabetic hostnames were introduced shortly after its inception as a
means of allowing users greater functionality, since the numeric addresses proved
difficult to remember.

Originally, every site connected to ARPANET maintained a file called ‘HOSTS.TXT'

which contained the mapping information for all of the numeric addresses used there.
That information was shared through ARPANET. Unfortunately, there were many
problems that arose from that setup. Errors were commonplace and it was inefficient to
make changes considering they needed to be made on each and every copy of the
HOSTS.TXT file.

By November of 1983, a plan was laid out in RFCs 881, 882, and 883, also known as
‘The Domain Names Plan and Schedule,' ‘Domain Names -- Concepts And Facilities,'
and ‘Domain Names -- Implementation And Specification.' These three RFCs defined
what has developed into DNS as we know it today. Surprisingly, not a whole lot has
changed since that time.

7.5 Understanding DNS

DNS organizes groups of computers into domains. These domains are organized into a
hierarchical structure, which can be defined on an Internet-wide basis for public networks
or on an enterprise-wide basis for private networks (also known as intranets and
extranets). The various levels within the hierarchy identify individual computers,
organizational domains, and top-level domains. For the fully qualified host name
omega.microsoft.com, omega represents the host name for an individual computer,
microsoft is the organizational domain, and com is the top-level domain.

Top-level domains are at the root of the DNS hierarchy and are therefore also called root
domains. These domains are organized geographically, by organization type, and by
function. Normal domains, such as microsoft.com, are also referred to as parent domains.
They’re called parent domains because they’re the parents of an organizational structure.
Parent domains can be divided into sub-domains, which can be used for groups or
departments within an organization.

There are three types of TLDs. They are:

1. Generic or Organization based TLD (e.g com, edu, gov, mil, net, org, int, aero,
museum, etc)

89 Prepared by RGM TTC, Chennai

 DNS

2. Geographical or country based TLD (e.g. in, us, au, etc). This TLS is having 2
letters.
3. Inverse (e.g. arpa). This TLD is to find domain name from IP address.

Sub-domains are often referred to as child domains. For example, the fully qualified
domain name (FQDN) for a computer within a human resources group could be
designated as jacob.hr.microsoft.com. Here, jacob is the host name, hr is the child
domain, and microsoft.com is the parent domain.

Domain Name System (DNS) is an Internet service that translates domain names into IP
addresses. DNS provides a database that stores a list of host names and their
corresponding IP address. This process is called name resolution or mapping. Name
resolution occurs when a program on a local computer requests a remote host for
resources. The local computer sends the host name of the server as part of the request. By
using the host name as an index, the DNS database is searched to resolve the IP address
of the host.

7.6 Domain Name Space Hierarchy

DNS is organized in a hierarchical tree structure. Each branch in the tree represents a
domain and each sub-branch in the tree represents a sub-domain. DNS consists of
multiple levels of domains. The domains are identified based on the level at which they
are placed in the hierarchical tree structure. The various levels of domains in a domain
name space hierarchy are:

• Domain root: This is the node at the highest point of the hierarchical DNS tree. In
a DNS domain name, a trailing period represents the domain root tree (.). It is also
shown as two empty quotation marks representing a null value.
• Top-level domain: This is the next level in the hierarchical tree structure. It
represents the region or the type of organization to which a domain belongs. A
top-level domain name contains two or three letters such as com, edu, and mil.
• Second-level domain: This is a domain name registered under a specific top-level
domain, such as organizations based on type and geographical locations The
Second-level domain names have names with variable length. For example,
example.com is a second-level domain name.
• Subdomain: This is a domain created under a second-level domain. Organizations
need to create additional domains to represent organizational hierarchy and
various functional groups. A second-level domain also contains a name with
variable length.
• Host or resource: A host or resource computer is the last in the DNS hierarchy. It
helps find the IP address of the computer based on its host name.

7.7 Components of DNS

The building blocks of DNS are the domain namespace, resource records, DNS server,
and DNS clients. Figure 7-1 lists the various components of the DNS:

90 Prepared by RGM TTC, Chennai

 DNS

Figure 7-1: Various Components of the DNS

7.7.1 Domain Namespace

A DNS domain is a logical group of computers that either request for DNS service or
respond to a service request. However, this logical group might also represent the
physical network. A DNS domain can represent all the computers internetworked in a
small business network. At the same time, DNS domain can also comprise physical
network that is spread across geographical locations. This logical grouping of computers
network is further grouped into smaller administrative units, called administrative
domains. An administrative domain is a group of computers in a single administrative
unit. Each administrative domain has two or more name servers for name resolution. All
administrative domains registered with the Internet form a hierarchical structure, called
the DNS domain namespace.

The domain namespace follows a hierarchical tree structure. Each node and leaf on the
tree represents either a set of resource or a DNS host. Based on the position in the
namespace hierarchy, each node is assigned a label. The root at the top of the hierarchy is
assigned the null label and is called the root domain. The nodes below the root are called
the top-level domains. The nodes below the top-level domain are called second-level
domain. An example of a second-level domain is example.com where ‘com’ is the top-
level domain. Domain created under an existing domain node is called a subdomain. For
example, resource.example.com is a subdomain of example.com. The name of a
subdomain is followed by the name of the domain that contains it. In a namespace,
domain name are read from left to right. Each label in a domain name is separated by a
dot ("."). A complete domain name also includes the root label ends with a dot.

Figure 7-2 shows the domain namespace hierarchy:

91 Prepared by RGM TTC, Chennai

 DNS

Figure 7-2: Domain Namespace Hierarchy

When an organization registers for the second-level domain, a top-level domain label is
assigned based on the type of organization. Table 7-1 lists the commonly uses top-level
domains:

Table 7-1: Commonly Uses Top-Level Domains

Top-Level Description
Domain
arpa Used by resources that belongs to the Advanced Research Project
Agency (ARPA).
com Used by businesses that uses the Internet for the commercial purposes.
edu Used by schools, colleges, and universities.
gov Used by all types of government organizations.
int Reserved for international usage.
mil Used by all types of military organizations, such as Department of
Defense (DoD).
net Used by Internet and telephone service providers.
org Used by charitable institutions.
biz Used by businesses.
name Used for registration by individuals.
info Offers unrestricted use.
Note Apart from these top-level domains, country region codes, such as uk, are used in
conjunction with the listed top-level domain names.

7.7.2 Resource Records

Resource Records (RRs) store and map domain names to the type of resources stored
within a domain. Each node in the hierarchical tree is associated with a set of resource
information.

92 Prepared by RGM TTC, Chennai

 DNS

Resource records contain information, such as the type, class, TTL, and RDATA. The
owner information is not maintained because it is very implicit to a resource record. The
variable part of the resource records maintained in a domain is the RDATA. This
differentiates between the resource records.

Note Short TTLs should be used to reduce caching in the resolver. To prohibit caching, a
zero value can be assigned to the TTL.

7.7.3 DNS Server

DNS servers, also called as name servers, are responsible for name resolution in a
domain. Each domain normally has two or more DNS name servers. The domain-specific
information, such as the list of IP addresses along with their host names, is stored in a
distributed database called the domain database. This information is distributed across the
name servers available in the domain. Name servers use this information to process
queries received from a DNS client. Each DNS server is responsible for a specific part of
the domain database. The DNS server becomes authoritative for that part of the database.
As an output, name server either sends back the IP address of the desired host or sends
referral that closely match to the address. However, the entire domain database is
replicated among the name servers to help name server continue the name resolution
process in case of communication link failure or inaccessibility of DNS hosts.

The various types of name servers are:

• Primary server: Stores the master copy of the domain-specific information.

Changes in the domain-specific information are updated on the primary name
server. As per the DNS design specification, each administrative domain should
have two authoritative name servers. One of the authoritative name servers is
designated as the primary server.

It stores the DNS database for its zone of authority. It is responsible for answering a
query from client. It is an authenticated server; hence called as Authoritative Sever

• Secondary server: Stores the copy of the master data file stored in the primary
name server. Each domain has one or more secondary name servers. A secondary
name sever is also authoritative for a domain. Secondary name servers are
delegated authority by the primary name server to perform name resolution. The
secondary name sever are immediately updated in case of a change in the master
data file.

It stores a copy of the database of the Primary server. Periodically it will collect the
database information from the Primary server. It is also an authenticated server hence
called as Authoritative Sever.

93 Prepared by RGM TTC, Chennai

 DNS

If primary server fails, then this will answer the query. Once in 3 hours (normally), it will
be updated automatically.

• Cache-only server: Stores the information received by the name servers in the
memory till it expires. This cached information is used to resolve queries. A
caching server that is not authoritative for a domain is called a cache-only server.
However, all name servers are caching servers.

To avoid response delay for a query, Cache server is used. It is a Non-authority server.
The TTL (Time To Live) parameter is related to this server. For example TTL duration
can be a maximum of 2 days.

7.7.4 DNS Client

DNS clients are local computers that are configured to receive DNS services from a DNS
server. DNS clients are configured with a resolver that queries DNS servers. The resolver
in a DNS client works as an interface between the applications installed on the DNS
client and the DNS server. Resolver receives requests from applications such as email
programs and sends a query to the DNS server. After the DNS server resolves the query
using the resource records, the desired information is returned to the DNS client in a data
format that is compatible with the local computer. To resolve a query, DNS client either
consults several DNS servers or retrieves the information from local cache.

DNS client and enduser program reside on a single computer. The interface that works
between a DNS client and enduser program is dependent on the local DNS server.

The functions of a DNS client are:

• Name to address translation: DNS client translates user-friendly domain names to

IP addresses.
• Address to name translation: DNS client also translates IP addresses to user-
friendly computer name.
• General lookup function: DNS clients help enduser programs to retrieve arbitrary
information from a DNS server. Instead of querying a DNS server against IP
addresses or user-friendly name, DNS client can also request information
mapping to the specified type or class of a resource records.

7.8 Name Space Hierarchy on the Internet

The DNS name space hierarchy for the Internet contains two extra levels of domains than
a local domain name space hierarchy. These two extra levels form the topmost layers of
the Internet name space hierarchy are called the root domain. In the name space, the root
domain is represented by a dot (.). The root domain contains two types of subdomains,
organizational and geographical. These subdomains are called top-level domains. The
organizational top-level domains are com, net, org, mil, gov, edu, and int. The geographic
top-level domains determine the location of domains and are assigned a two-lettered or a

94 Prepared by RGM TTC, Chennai

 DNS

three-lettered word. For example, subdomains in Britain contain uk as a part of their

domain name. Figure 7-2 shows the name space hierarchies of domains on the Internet:

Figure 7-2: Name Space Hierarchies on the Internet

The governing bodies of the Internet maintain the Internet root domain, top-level
organizational and geographic domains. An organization needs to apply for membership
to join the Internet under the organizational or the geographical hierarchy.

7.9 How DNS Works?

In a nutshell, DNS translates IP addresses into hostnames and back again. The hostnames
are for the benefit of human end users. The IP addresses are the only essential thing, as
far as the computers are concerned. In a longer form, we need to begin by looking at the
different types of DNS servers.

The first type of server is called a ‘Root Name Server.' Each Top Level Domain (such as
.com, .edu, .us, .in, .sg etc) has one or more Root Name Servers which are responsible for
determining where the individual records are held. These servers are fairly static and
every machine on the internet has the capability of reaching any of them, as needed.

The servers that the Root Name Servers direct queries to are called ‘Authoritative Name
Servers'. These are the servers which hold the actual information on an individual
domain. This information is stored in a file called a ‘Zone File.' Zone files are the updated
versions of the original HOSTS.TXT file.

The final type of name server is called a ‘Resolving Name Server'. These are the servers
that do the majority of the work when you are trying to get to a machine with a certain
host name. Besides being responsible for looking up data, they also temporarily store the
data for hostnames that they have searched out in a cache, which allows them to speed up
the resolution for hostnames that are frequently visited.

The manner in which these servers work together is fairly straightforward. When you
attempt to go to a website, you type in a hostname in your web browser. Let's say, for
convenience, that you are going to www.foo.org. In your computers' settings is a list of
resolving name servers which it queries to find out what www.foo.org's IP address is.

95 Prepared by RGM TTC, Chennai

 DNS

The first thing that the resolving name servers will do is check their caches to see if the
DNS information for www.foo.org is already there. If it isn't, they will go and check with
the .org root name server to see which authoritative name server holds the zone file for
foo.org. Once they have that server's IP address, they connect to it.

Once the resolving name server has queried the authoritative name server, it replies back
to your computer with one of a number of different things. Ideally, it will report back
with the correct IP address and allow your computer to connect to the web server and
show you the web page that you were looking for. However, if the authoritative server is
down, doesn't have a record for the specific hostname that you are looking up, or if the
root server doesn't have a record that the domain name even exists, the resolving name
server will report an error to your computer.

Example:

Let's use the example that Ram types "www.bsnl.co.in" into his web browser. How does
his PC find the web server that has the page he is looking for, among the thousands of
web servers out there?

1. Ram types in www.bsnl.co.in to his browser.

2. Ram's PC looks at it's configuration. It will find something called "DNS Server"
or "name server" and there will be an IP address associated with that. Let's say it
is 198.6.1.1. Ram's PC sends a message to 198.6.1.1 and asks "I am looking for
the IP address of www.bsnl.co.in, can you tell me what it is?"

3. The DNS Server (198.6.1.1) gets the message, and assuming that the server
already knows what the IP address of www.bsnl.co.in is, it tells Ram's PC that the
IP address is 61.1.137.84.

4. Ram's PC gets the message that the IP address of www.bsnl.co.in is 61.1.137.84.

So his PC sends a message to 61.1.137.84 and asks "send me the default web page
at 61.1.137.84".

5. The web server (whose IP address is 61.1.137.84) sends the web page to Ram’s
browser.

That is a simplistic example of how your PC finds a particular web-server and web page.
The process of matching a domain name to a IP address is called resolving. So your PC
resolves the IP address from the domain name. Let's get into a little more detail.

For step 2, how does Ram's PC know that the IP address of the DNS Server is? There are
2 ways it learns what the address is. The first is that Ram asked his ISP what the address
was, and entered it himself. There are times manually entering (also known as statically

96 Prepared by RGM TTC, Chennai

 DNS

entering) the address is necessary or desirable, but usually the ISP automatically tells
your PC what the IP address of the DNS server is. This process is called "DHCP" or
Dynamic Host Configuration Protocol. When you select "Obtain IP address
automatically" in your Windows Network connections page, you are telling your PC to
use DHCP and to ask the ISP to give you the DNS Server address (among a bunch of
other things).

In step 3, we assumed that the DNS server already knew what the IP address of
www.bsnl.co.in was. What if it didn't already know? Let's assume that the DNS server
Ram's PC sent a request to, doesn't know where www.bsnl.co.in is.

Have you ever noticed that there are only so many variations of the end of the domain
name? There are .com, .gov, .net, .org, .us, .in, .biz, among others. When a DNS server
receives a request to resolve an IP address (translate from a domain name to a IP address)
for a domain that it doesn't know the answer to, it sends a message to any one of a small
number of servers. That small number of servers are responsible for knowing what the
"authoritative server" is for EVERY domain name. A realm would be .com, or .org for
example, and is properly called a top-level domain.

What is an authoritative server? An authoritative server is a DNS server that has a

Statement of Authority configured for a particular domain name. That means that the
server has absolute and total knowledge of the domain, any information that contradicts
the information that the server has is wrong, it is the final word. This becomes more
important a little later. For purposes of this discussion, let's ignore backup authoritative
servers.

The message that Ram's DNS server sends to the top-level domain server "what is the
authoritative server for bsnl.co.in?". It is important to understand, that Ram's DNS Server
is NOT asking "what is the IP address of the web server for only one creations?". It is
only asking "where do I go to find out where the web server for bsnl.co.in is?"

Once Ram's DNS server knows where to go to get the answer for Ram's request, it sends
a message to the authoritative server asking "what is the IP address of the web server for
bsnl.co.in?". The authoritative server responds, and Ram's DNS Server tells Ram's PC the
IP address it needs to connect Ram to the webpage he is looking for.

To summarize the past few paragraphs, Ram's DNS server receives a request for an IP
address that it doesn't know. That server makes a request of a top-level domain server,
and gets a response with where to go to get the information that Ram is requesting. The
DNS server then makes a request of the authoritative server, and forwards the answer it
receives to the PC that made the first request. It sounds long and complex, but it happens
very quickly. One way to speed up the process is called caching. Caching is where the
DNS server remembers the response from the authoritative server for a period of time. So
if Babu makes the same request 5 minutes after Ram did, the DNS server doesn't have to
repeat the whole process. Caching will be brought up again in a bit.

97 Prepared by RGM TTC, Chennai

 DNS

Remember that Ram's DNS server cached the address for the web server of
www.bsnl.co.in, meaning that it remembers that www.bsnl.co.in is has the IP address of
61.1.137.84. Most DNS servers are set to remember that information for 24 hours. So if
Ram requests your web page at noon on Monday, Ram's DNS server will cache the IP
address of your web server until noon on Tuesday. If you change hosts at 1pm on
Monday, Ram will get your old website until at least noon on Tuesday. His DNS server is
giving Ram's PC the information it remembers, it doesn't check to see if that is still
accurate. So if your old website is down (maybe you have moved hosts, for example),
Ram can't get to your new website, until his DNS server refreshes the information (which
will point to the new web site).

98 Prepared by RGM TTC, Chennai