What is the process of DNS

DNS - Domain Name System

The Domain Name System, or DNS for short, is also known as the "telephone book of the Internet". Similar to how you look for a name in a telephone directory to get the phone number, you look in the DNS for a computer name to get the corresponding IP address. The IP address is required in order to be able to establish a connection to a server through which only the computer name is known.

The Domain Name System is a system for resolving computer names into IP addresses and vice versa. DNS does not have a central database. The information is distributed on many thousands of name servers (DNS servers).
For example, if you want to visit the website www.elektronik-kompendium.de, the browser asks a DNS server that is stored in the IP configuration. This is usually the Internet access router. Depending on whether the DNS query can be answered or not, a chain of other DNS servers is queried until the query is answered positively and an IP address can be returned to the browser.

If a computer name or domain name cannot be resolved, then no connection to the host concerned can be established either. Unless the user has the knowledge of the IP address. This means that communication in the network and in the Internet is practically impossible without DNS. That is why there are many thousands of DNS servers all over the world, which are also arranged hierarchically and inform each other about changes.

Name resolution before DNS

DNS goes back to the "hosts" file, the content of which was used for name resolution in the ARPANET (predecessor of the Internet) and was maintained manually. With the increasing number of hosts in the ARPANET, the need for a distributed and hierarchical system for resolving computer names into IP addresses and vice versa grew.

Another disadvantage of the hosts file is its lack of uniqueness. What is meant is that whatever the administrator thinks is right can be in the file. The content could be manipulated. To avoid this, the DNS provides for authoritative name servers and, with DNSSEC, a procedure with the possibility of checking whether a DNS response originates from a trustworthy DNS server and whether the transport has taken place correctly.

Domain or domain name

A domain name, or domain for short, is used to give computers that are addressed with hardly noticeable IP addresses correct names and at the same time to subdivide them into a hierarchical structure. Domain names are also often part of a Uniform Resource Locator (URL). The URL (not the) is a "uniform form of specification for resources" in networks. A URL begins with a prefixed abbreviation that identifies the service used (e.g. http: // or ftp: //). This is an optional information that is only important for application programs and is not part of the domain name.

The structure used for domain names consists of three or more parts. The individual parts or levels are separated from one another by points.
It should be noted that a domain name begins on the far right with a period at the end. This point is the root. As a rule, the point is simply left out because it is only symbolic.

Computer name (host or service)Second level domain (SLD)Top-level domain (TLD)
www.
ftp.
electronics compendium.
electronics compendium.
de
de

Sometimes there is a sub-level domain (subdomain) between the second-level domain (SLD) and the computer name.

Computer name (host or service)Sub-level domain (subdomain)Second level domain (SLD)Top-level domain (TLD)
www.dse-faq.electronics compendium.de

A domain name is always read from back to front. There the address begins with the top-level domain (TLD). A distinction is made between two types of top-level domains. Geographic top-level domains, the country codes defined in accordance with ISO 3166-1 and referred to as country code top-level domains (ccTLD). Then there are the organizational or generic top-level domains (generic top-level domains, gTLD).

The second-level domain can be applied for and used by a person or organization. The second-level domain forms a domain name space under the top-level domain, which enables the organization to operate a server with the name "www", which can then be found on the Internet under "www.elektronik-kompendium.de, for example "can be achieved.
There is also a third-level domain for further subdivisions, which is also referred to as a sub-level domain or subdomain. The optional host name of the computer is then inserted at the very end of the chain (at the beginning of the domain name).

An address composed in this way (for example www.elektronik-kompendium.de) is a so-called fully qualified domain name (FQDN).

Organizational top-level domains (excerpt)

Domain (gTLD)Organizational form
.aeroAir transportation industry
.arpaOld Arpanet domain
.bizBusiness, for large and small companies
.comCommercial domain
.coopCooperations, cooperatives
.eduSchools, universities, educational institutions
.govUnited States Government Agencies
.infoInformation services
.intInternationally active institutions
.milUnited States military
.museumMuseums
.SurnamePrivate individuals
.netNetwork-specific services and offers
.orgNon-commercial ventures and projects
.PerProfessionals, special professional groups
...

Geographic top-level domains (excerpt)

Domain (ccTLD)country
.atAustria
.auAustralia
.ccCoconut Islands
.chSwitzerland
.deGermany
.frFrance
.gbGreat Britain
.ieIreland
.itItaly
.liLichtenstein
.nlNetherlands
.noNorway
.ruRussia
.toTonga
.ukUnited Kingdom
...

The top-level domain (TLD) is followed by the second-level domain (SLD), which can have any name that is unique to the top-level domain. The respective NIC responsible for the top-level domain manages the second-level domains. For .de (Germany) this is DENIC.
In some countries, such as Great Britain, there are defined second-level domains (for example .co.uk., .Ac.uk. Or .gov.uk.) For better differentiation. Below the second-level domain there may be further sub-level domains (subdomains) for which the owner of the second-level domain is responsible.

Division of tasks in the DNS

One task in the Domain Name System is name resolution. Another task is the administration of the DNS zones. At the top are the so-called root servers, which store information on the top-level domains (TLD).
On the levels below, there are other name servers that are responsible for domains or subdomains and authorized to provide information.
And then there are DNS servers that only deal with name resolution and forward requests and cache the responses to successful requests.
Or to put it another way, not all DNS servers are created equal. Everyone has a different role and responsibility in the DNS.

DNS zones

A DNS zone is an area of ​​responsibility or an administrative unit that is usually tied to part of a domain name. An authoritative DNS server is responsible for one or more of these DNS zones. This means that he is the one from whom a DNS request can be answered unambiguously and correctly for his zone.
The data of a zone are in a local zone file that must be maintained by the responsible administrator.

Entries in a DNS zone or zone file

The entries in a DNS zone are known as resource records. Each resource record relates to a different record type that contains specific information. For example an IP address or the mail server address of a domain name or the zone.

  • Record type / entry
  • A / IPv4 address
  • AAAA / IPv6 address
  • CNAME / referral, forwarding, or alias
  • MX / responsible mail server for the zone (Mail Exchange)
  • NS / responsible name server for the zone
  • SRV / Server for a service in Windows AD
  • TXT / returns a text
  • SOA / contact person and parameters for the requested zone (SOA: Start of Authority)

DNS server / name server

The terms DNS server and name server have the same name. While the name server is a general term for a server that is responsible for name resolution, the DNS server designates a name server in the domain name system.

There is no one DNS server. A distinction is made between different types of DNS servers, which have different areas of responsibility, tasks and functions.

  • DNS root server
  • Authoritative name server (for a DNS zone)
  • Non-authoritative name server

DNS root server: DNS root server, root name server or even just root server are authoritative name servers for the root zone. They answer queries about the root zone (".") Or return a list of authoritative name servers for a specific top-level domain (TLD) (".de", ".com", ".org", etc.) .
To prevent manipulation of the root zone, there are over a hundred root name servers worldwide that are subordinate to ICANN's DNS Root Server System Advisory Committee.

Authoritative name server: An authoritative name server is responsible for one (or more) zones and only answers queries for these zones. Authoritative means that the information on this name server is considered binding.

Non-authoritative name server: A non-authoritative name server is not responsible for a DNS zone itself and must therefore determine the information about a zone from a second or third hand with a recursive or iterative DNS query. This name server and its DNS information is therefore non-authoritative.

In practice, a rough distinction is made between authoritative and recursive DNS servers. A recursive DNS server is only a proxy server. It collects the requested information and makes the result available to the hosts. It keeps the information for a while so that it does not have to be sent back to the network when a new request is made. From a recursive DNS server you always get "non-authoritative", that is, unauthorized answers. This means that the content of the answer does not have to be correct. Because in principle he is only parroting what he has determined from elsewhere.

Further properties of name servers are caching (saving) and forwarding (forwarding).

Caching server: A caching server receives information from another name server and stores the information temporarily. This server does not have to obtain the information again until it is no longer available. The service life (Time-To-Live, TTL) is determined by the authoritative name server.

Forwarding server: A forwarding server forwards all DNS requests without exception to another name server.

Resolver: Most DNS servers are not authoritative DNS servers, but only DNS resolvers with caching and / or forwarding functions. Typically, DNS resolvers in a local network are responsible for the name resolution of the clients. A DNS server acting as a resolver is located locally on a computer or as a server function in a router in the local network. The DNS server entered in the IP configuration is therefore such a DNS resolver. The local DNS client is also referred to as a resolver.

Resolver (DNS client)

A resolver ("to resolve") is a program that gets information from the Domain Name System. The program is a kind of intermediary between an application and the DNS.
The resolver is directly integrated in TCP / IP and is available there as a software library for name resolution. The resolver is addressed with the functions "gethostbyname" and "gethostbyaddr". It returns the IP address of a domain name or the main domain name of an IP address.
In order for the resolver to work, it needs the IP address of one, better two, DNS servers, which must be entered in the IP configuration. As a rule, an IP host receives the IP address of the DNS server (s) via DHCP or the IP address must be entered manually.

Primary and secondary DNS server / primary and secondary name server

So that a DNS server does not have to carry the entire load of the DNS request alone, there are so-called primary and secondary name servers. They are designed to be independent and redundant so that at least one server is always available. The secondary name server compares its data with the primary name server at regular intervals and thus serves as a backup server. A second name server makes sense because a failure of the primary name server means that Internet connections without name resolution are no longer possible. In order to still be able to establish connections, the user would have to know the IP addresses of the contacted servers. But that is not the rule.

Name resolution process with DNS (DNS query)

A basic distinction is made between recursive and iterative name resolution. One of the two query types is transmitted together with the domain name from any host to the responsible resolver or DNS server.
How exactly the name resolution (recursive or iterative) is carried out cannot be determined in advance. It depends on how the name server reacts when it receives a DNS request.

Recursion

The client transfers its DNS request to its responsible resolver (1.). If this cannot resolve the domain name, it would query other DNS servers with recursive name resolution (2.) until the domain name is resolved (3.) and return the response to the client (4.). In this case, the resolver would act as a proxy for the client. The client would transfer the received IP address to the application program.

iteration

The iterative name resolution usually takes place between DNS servers. Most clients and resolvers cannot handle this.
The responsible DNS server forwards its DNS request to a higher DNS server in the hierarchy (1.). The replies to the DNS request with a reference to other name servers (2.) that can resolve the name (e.g. authoritative name servers). The DNS server then has to take care of a new DNS request (3.) until the domain name is completely resolved (4.).

DNS protocol

DNS is arranged on the application layer of the OSI layer model. This is why it uses TCP and UDP on port 53 for transmission. The resolver usually uses the UDP protocol. If the response is larger than 512 bytes, only 512 bytes are transmitted. The resolver then has to repeat its request again via TCP so that the response can be divided into several segments. The data exchange between the primary and secondary DNS server is controlled exclusively with TCP.

OpenDNS

OpenDNS is a free service that answers DNS queries. OpenDNS offers DNS name resolution for individuals and companies. It is an alternative to using the DNS server of your own Internet Service Provider (ISP).

DNSSEC

In the regular communication between a DNS client and DNS server, it is not intended to encrypt the communication or to check whether a DNS response originates from a trustworthy DNS server. There is a risk of DNS spoofing here. This means that an attacker intercepts DNS requests and answers them before the DNS server actually contacted.

With the extension DNSSEC it is possible to check whether a DNS response originates from a trustworthy DNS server and whether the transport has taken place without corruption.

Overview: name resolution

Other related topics:

share

Product recommendations

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!