Domain Name System

Discussion

• Could you explain DNS and why is it needed?

  An introduction to DNS. Source: PowerCert Animated Videos 2016.

  Because names are easier to remember than numbers, DNS is useful to refer to online resources by name. DNS is like a "phonebook for the Internet". Another benefit of DNS is that IP addresses of servers can be changed while retaining the same names. Moreover, a name can point to multiple IP addresses for redundancy and performance.

  Even before DNS was invented, names were used instead of IP addresses but those names were not organized in a hierarchy. The mapping of names to IP addresses was also kept in a file called HOSTS.TXT that was almost manually updated and synchronized across network nodes. Thus, the system was centralized and did not scale well when Internet started to grow exponentially through the 1980s. DNS came in as a scalable solution. The system was designed to be distributed. Domain names were organized into hierarchical namespaces.

  Two important aspects of DNS are zones and caching. Zones enable more flexible and granular management of domains. Caching improves response times by locally storing responses for future queries.

• Could you explain the DNS architecture and protocol flow?

  

  DNS protocol flow for accessing Medium.com. Source: Don 2018.

  DNS is a hierarchical system. It starts with a root name server below which are the top-level domain (TLD) servers. Examples of TLD are the traditional ones (.com, .net, .uk, .in, etc.) plus newer TLDs (.phone, .ieee, etc.) introduced since 2013. Below these are the second-level domain (SLD) servers, such as wikipedia.org, .co.uk, etc. Finally, domain name is mapped to IP address by the authoritative nameserver. For example, there will be an authoritative nameserver for bbc.co.uk.

  Client initiates a DNS query, let's say when trying to access bbc.co.uk. Between the client and the DNS servers is the recursive resolver. It's job is to resolve the domain name to its requested IP address. For bbc.co.uk, the resolver contacts the root name server, which points to the TLD server for .uk TLD; resolver contacts the TLD server, which points to the SLD server that manages .co.uk; resolver contacts the SLD server to obtain the IP address of bbc.co.uk. It then caches it for future queries and forwards it to the client. Client uses this IP address to communicate with BBC's server.

• Could you explain the different types of DNS servers?

  There are four types of DNS servers:

  • Recursive Resolver: Also called DNS Recursor, it's the first server to receive the DNS request. It mediates between the client and the nameservers. If it has cached data, it will use the cache. If not, it contacts a root server, then a TLD server, and finally the authoritative nameserver.
  • Root Server: Based on the TLD extension, it points the recursive server to the TLD server to contact. There are 13 root servers but due to redundancy there were actually 600+ servers back in October 2016.
  • TLD Server: Contains records for all domains belonging to that TLD. A TLD server will point the recursive server to contact the correct authoritative nameserver for the specific domain. TLD servers belong to one of two groups: Generic TLD (gTLD) (.com, .org, etc.) or Country Code TLD (ccTLD) (.uk, .in, etc.).
  • Authoritative Nameserver: This has the IP address of the requested domain name. If the domain has a alias record (CNAME), it will respond with the alias domain, which will make the recursive server to start a new DNS lookup.
• Which are the three Rs of DNS?

  Three entities are involved in DNS:

  • Registrant: Anyone wishing to own a domain name for a period of time must make an application to a registrar. Suppose you wish to start an online business with address myspecialcakes.co.uk, you are a registrant.
  • Registrar: A registrar processes applications from registrants to register a domain name on their behalf. A registrar can be an ICANN accredited registrar for some TLDs and a reseller for other TLDs. If accredited, the registrar will directly interface with registries. If reseller, the registrar will interface with registrars accredited for those specific TLDs.
  • Registry: A registry manages the registration of all domains in a specific TLD. Each registry manages a single TLD, though a single company may run multiple registries. A registry consists of a database of all registered domain names, rules for domains, and sets registration prices.
• What's a zone in the context of DNS?

  

  An illustration of DNS zones. Source: Cloudflare 2019a.

  A zone is really an administrative space so that organizations and administrators can manage domains in a granular way. Each zone can be managed independently of others. A DNS zone can contain multiple subdomains and multiple zones can be on the same server. Zones are not about physical or geographic separation. Rather, they are used for delegating control.

  Domains within a zone have to be contiguous. For example, a zone cannot contain only domains "admin.coatbank.com" and "finance.coatbank.com" without also including "coatbank.com". In another example, "blog.cloudflare.com" can be in a separate zone while all other subdomains of Cloudflare can be in another zone.

  A DNS Zone File is a plain text file saved on a DNS server. This file contains all records for every domain within the zone. A DNS Record is a single entry that maps a name to its IP address. A zone file stores different types of records but always starts with SOA (Start of Authority) record. A zone file can contain only one SOA record.

• What are primary and secondary DNS servers?

  DNS is a critical aspect of the Internet. If it fails, many Internet services will be affected for any given company: its website, support services, email servers, sales portals, online resource libraries, databases, multiplayer games, etc.

  In one test that queried 100,000 authoritative servers for .ca domains, 93% failed to respond at least once. This implies that for reliable Internet services we need redundancy. For this reason, we have secondary servers to take over in case primary servers are down. Secondary servers also help with load balancing to prevent denial-of-service situations.

  Each zone can have only one primary DNS server but any number of secondary servers. The controlling zone file is on the primary server. Secondary servers store read-only copies of the controlling zone file via a communication procedure called Zone Transfer. A primary server of one zone can also be a secondary server for another zone.

• What are the different types of DNS Records?

  Among the different types are Start of Authority (SOA), Name Server (NS), Mail Exchange (MX), Address (A), AAAA, Canonical Name (CNAME), Alias (ALIAS), Text (TXT), Service Locator (SRV), Pointer (PTR), and more.

  When recursive name servers need to contact authoritative name servers NS records become useful. The IP address of a domain comes from A. Likewise, for IPv6 address, AAAA records are used. Sometimes a domain name may be redirected to another name, such as wikipedia.com redirecting to wikipedia.org. CNAME and ALIAS records help in implementing these aliases.

• What are some practical challenges with DNS?

  Managing DNS is not trivial. DNS is a combination of system administration and network management. Expert IT staff are needed. While DNS was designed for addressing, it's becoming overloaded. It's getting tied to applications and application protocols. The original design assumed DNS would be deeply hierarchical with high ratio of physical hosts to second-level domains. However, it's turned out to be much flatter with SOA count possibly exceeding number of physical hosts.

  DNS has security issues. DNS Spoofing can direct users to malicious websites by tampering the cache entries. This can be fixed by deploying DNSSEC.

  When changes happen in a DNS zone, such as a website moving to another data centre, other servers may not get the update for as much as 24 hours.

  Although DNS is a distributed system, the approval of TLD names is done by the ICANN. Until 2016, this entity was influenced by the U.S. government. Even today, it's said that DNS servers are controlled by governments and large corporations. For this reason, .bit domain names have been created. Dot-Bit domains bypass DNS. They are powered by Namecoin, which is based on Bitcoin.

• What are the RFCs and specifications relating to DNS?

  DNS is defined by Request for Comments (RFC) documents published by the Internet Engineering Task Force (IETF). A list of DNS RFCs is available online. We mention a few important ones:

  • RFC 920: Domain Requirements
  • RFC 1034: Domain Names — Concepts and Facilities
  • RFC 1035: Domain Names — Implementation and Specification
  • RFC 1123: Requirements for Internet Hosts — Application and Support

Milestones

Nov
1983

RFC 882 illustrates the hierarchical nature of domain name spaces. Source: Mockapetris 1983, pg. 7.

Paul Mockapetris invents DNS since he finds that other proposals do not meet the requirements of the Internet. He also starts writing Jeeves, the first DNS server implementation. IETF publishes two documents on DNS: RFC 882 for concepts and facilities; and RFC 883 for implementation and specification. These early documents are replaced with RFC 1034 and RFC 1035 in November 1987.

Oct
1984

With the publication of RFC 920: Domain Requirements, this is the "official" beginning of DNS. This document mentions top-level domain names GOV, EDU, COM, MIL, and ORG. It gives example names: CCN.OAC.LA.UC.EDU, DASH.MIT.EDU, HP-LABS.CSNET.

1985

Around the mid-1980s, Berkeley Internet Name Domain (BIND) is created at the University of California at Berkeley. It's an implementation of a DNS server for the UNIX platform. In subsequent years, BIND goes on to become the most widely used DNS software. In September 2000, BIND version 9 is released. This is a major rewrite and leads to deprecation of versions 4 and 8.

Mar
1985

Computer manufacturer Symbolics registers symbolic.com, making it the world's first registered domain within DNS. The name is sold almost 25 years later in 2009. While many older hosts continue to use HOSTS.TXT even in the late 1980s, by 1985, some hosts use DNS as the sole means of accessing names.

1995

Network Solutions Inc. (NSI) that manages domain names starts charging for domain name registration. Earlier, domain name registration was free and managed by the U.S. government.

Nov
1998

The Internet Corporation for Assigned Names and Numbers (ICANN) is formed to coordinate DNS addressing structure including managing the top-level domain (TLD) name space. ICANN takes over from the Internet Assigned Numbers Authority (IANA). While ICANN is a private entity, its operations are overseen by the US Department of Commerce (DoC).

2012

Mike Mann registers 14,962 domain names in 24 hours, spending about $100,000. It's speculative but buying and selling domain names is big business.

Apr
2013

The original creator of DNS, Paul Mockapetris, says in an interview that it's time for DNS 2.0 that includes security,

We need to get to the next level of naming, which combines authentication, but more importantly, a reputation system.

Oct
2013

The first four new generic Top-Level Domains (gTLDs) are announced. This is followed by another 69 names in 2013, 406 names in 2014, 391 names in 2015, and 340 names in 2016. Generic top-level domains (gTLDs) are known to users as the text coming at the end of a URL such as COM, ORG, or EDU. Some examples of new gTLDs are PHONE, IEEE, SONG, HYUNDAI, GUIDE.

2014

A study of a regulatory filing reveals Cars.com as the most expensive domain name to be sold, valued at $872 million. Other record sales publicly reported till October 2018 include CarInsurance.com ($49.7m), Insurance.com ($35.6m), and VacationRentals.com ($35m).

Sep
2016

ICANN's contract with the U.S Department of Commerce expires. This completes the privatization of ICANN that was envisioned in 1998.

References

1. Bilal, Mohamed Ali. 2018. "What is a DNS Server?" July 08. Accessed 2019-02-11.
2. Brown, Richard. 2014. "A Brief History of the Domain Name System (DNS)." Web Hosting Search, May 14. Updated 2016-10-10. Accessed 2019-02-09.
3. CIRA. 2016. "How many applications rely on the DNS?" Canadian Internet Registration Authority (CIRA), July 25. Updated 2016-08-08. Accessed 2018-11-01.
4. Caudle, Joseph. 2016. "The Three R's of Domain Names." Blog, DNSimple, October 25. Accessed 2019-02-11.
5. Chunko, Jeramy. 2018. "DNS Zones Explained." Liquid Web, August 30. Accessed 2019-02-11.
6. Cloudflare. 2019a. "DNS Zone." Accessed 2019-02-11.
7. Cloudflare. 2019b. "Primary vs Secondary DNS." Accessed 2019-02-11.
8. Cloudflare. 2019c. "DNS Server Types." Accessed 2019-02-11.
9. DomainGang. 2015. "Cars.com domain name sale valued at $872 million dollars!" DomainGang, February 26. Accessed 2019-02-11.
10. Don, Cher. 2018. "An introduction to HTTP: Domain Name System servers." freeCodeCamp, August 28. Accessed 2019-02-11.
11. Dot-Bit. 2019. "Homepage." Accessed 2019-02-11.
12. Gonyea, Chris. 2010. "DNS: Why It’s Important & How It Works." Dyn Blog, Oracle, August 25. Accessed 2018-07-28.
13. Hoffman, Chris. 2017. "What is DNS Cache Poisoning?" How-To Geek, March 08. Accessed 2019-02-11.
14. ICANN. 2016. "Stewardship of IANA Functions Transitions to Global Internet Community as Contract with U.S. Government Ends." Internet Corporation For Assigned Names and Numbers, October 01. Accessed 2019-02-11.
15. ICANN. 2019. "Delegated Strings." New gTLDs, Internet Corporation For Assigned Names and Numbers. Accessed 2019-02-11.
16. ISC. 2015. "BIND 9 Administrator Reference Manual." BIND Version 9.9.7rc2, February. Accessed 2019-02-09.
17. ISC. 2017. "DNS RFC." Internet Systems Consortium, February 07 Accessed 2019-02-09.
18. Klensin, J. 2003. "Role of the Domain Name System (DNS)." RFC 3467, IETF, February. Accessed 2019-02-11.
19. Liu, Cricket. 2004. "What are the main challenges facing DNS management today?" TechTarget, August. Accessed 2019-02-11.
20. Mockapetris, P. 1983. "Domain Names - Concepts and Facilities." RFC 883, IETF, November. Accessed 2019-02-09.
21. Mockapetris, Paul V. and Kevin J. Dunlap. 1988. "Development of the Domain Name System." Proceedings of SIGCOMM '88, Computer Communication Review, vol. 18, no. 4, August, pp. 123–133. Accessed 2019-02-11.
22. Moore, Matthew. 2009. "Oldest domain name on the internet symbolics.com is finally sold." The Telegraph, September 01. Accessed 2019-02-09.
23. NS1. 2018. "DNS Failover: Basic Concepts and Limitations." NS1, August 6. Accessed 2021-03-28.
24. Pohle, Julia, and Luciano Morganti. 2012. "The Internet Corporation for Assigned Names and Numbers (ICANN): Origins, Stakes and Tensions." Revue française d’études américaines, vol. 134, no. 4, pp. 29-46. Accessed 2019-02-11.
25. Postel, J. and J. Reynolds. 1984. "Domain Requirements." RFC 920, IETF, October. Accessed 2019-02-09.
26. PowerCert Animated Videos. 2016. "How a DNS Server (Domain Name System) works." PowerCert Animated Videos, on YouTube, May 27. Accessed 2021-03-28.
27. SQA. 2019. "DNS Zones." Outcome 2: Configuring and Monitoring DNS , HN Computing. Accessed 2019-02-11.
28. Sloan, Paul. 2012. "Meet the 'Mann' who registered 14,962 domains in 24 hours." CNet, April 21. Accessed 2019-02-11.
29. Styler, Joe. 2018. "The top 25 most expensive domain names." GoDaddy, October 29. Accessed 2019-02-11.
30. Thapa, Damar. 2017. "Domain Name System (DNS) Architecture." DT's Den Blog, June 16. Accessed 2018-07-28.
31. Warner, Bernhard. 2013. "Q&A: Paul Mockapetris, Inventor of the Domain Name System, Wants to Filter the Web." Bloomberg, April 04. Accessed 2019-02-11.
32. Wikipedia. 2019. "Domain Name System." Wikipedia, February 09. Accessed 2019-02-10.

Further Reading

1. DNS RFC
2. DNS tools and resources
3. Mockapetris, Paul V. and Kevin J. Dunlap. 1988. "Development of the Domain Name System." Proceedings of SIGCOMM '88, Computer Communication Review, vol. 18, no. 4, August, pp. 123–133. Accessed 2019-02-11.
4. Loeb, Larry. 2017. "The Past, Present and Future of DNS Security." Security Intelligence, December 22. Accessed 2018-11-01.
5. Gediminas B. 2018. "What is a Domain Name? Domains Explained for Beginners." Tutorials, Hostinger, July 12. Accessed 2018-11-01.

Article Stats

Author-wise Stats for Article Edits

Author

No. of Edits

No. of Chats

DevCoins

arvindpdmn

7

1

1926

giri.subhra

4

0

1769

devbot5S

1

2

54

DevCoins due to articles, chats, their likes and article hits are included.

Cite As