DNS: The Internet's Directory Service

The Domain Name System (DNS) which functions as Internets's directory service. It runs on UDP on Port 53 that allows devices to query DNS servers.

DNS translates human-friendly domain names (like www.google.com) into the numerical IP addresses (like 142.250.200.78) that computers use to identify each other on the network and for routing data.

DNS is not a single server but a globally distributed and hierarchical database that is resilient, scalable, and efficient.

Core Services of DNS

While its primary job is translation, DNS provides several other critical services:

• Hostname to IP Translation: The most fundamental service, converting a domain name into an IP address.

• Host Aliasing: A single host can have multiple names. For example, www.example.com might be an alias for a more complex canonical hostname like srv-web-01.example.com. DNS uses CNAME records to manage these aliases.

• Mail Server Aliasing: DNS helps direct email to the correct mail server using MX records. This allows an organization's email address (like contact@example.com) to be simple, even if the actual mail server has a different name.

• Load Distribution: For high-traffic websites, DNS can distribute requests among a cluster of servers. When a query for a domain name is made, DNS can return different IP addresses in a round-robin fashion, spreading the load and improving performance and reliability.

How DNS Works: A Distributed, Hierarchical System

DNS servers are designed as a distributed databases with a clear hierarchy.

The main types of DNS servers are:

1. Root DNS Servers: At the top of the hierarchy, these 13 logical servers (replicated in hundreds of locations worldwide) direct queries to the appropriate Top-Level Domain (TLD) servers.

2. Top-Level Domain (TLD) Servers: These servers are responsible for top-level domains like .com, .org, .net, .gov, and country-specific domains like .in and .uk. They direct queries to the authoritative DNS servers for a specific domain.

3. Authoritative DNS Servers: This is the final source of truth for a specific domain. It holds the actual DNS records (like the IP address for www.google.com) and is managed by the domain's owner or their hosting provider.

4. Local DNS Server (or Resolver): This is the server that an end-user's device queries first. It is not part of the hierarchy, It is typically managed by an ISP or a private network. It doesn't have its own records but acts as a proxy. Local DNS receives the DNS queries from user device and performs the recursive lookup process in DNS hierarchy on behalf of the user.

Why Not Use a Single Central DNS Server?

A single, centralized DNS server would be impractical due to the immense traffic volume, the risk of a single point of failure, and the maintenance challenges.

• Single point of failure: If one server crashes, DNS stops working.
• High traffic volume: One server can't handle billions of DNS requests.
• Geographical distance: A central server would cause delays for far-away users.
• Maintenance difficulty: One server can't manage records for all Internet hosts.

The DNS Lookup Process

When a domain name is typed into browser, a multi-step process, called a recursive lookup, happens in the background:

1. Computer asks its local DNS server for the IP address of the domain (e.g., www.example.com). DNS client sends query via UDP to port 53.

2. The local server, not knowing the answer, queries one of the root DNS servers.

3. The root server responds by directing the local server to the appropriate TLD server for the .com domain.

4. The local server then queries the .com TLD server.

5. The TLD server responds with the address of the authoritative DNS server for example.com.

6. The local server queries the example.com authoritative server.

7. The authoritative server returns the final IP address for www.example.com.

8. The local DNS server sends this IP address back to computer. It also caches this record for a certain amount of time (defined by its TTL) to speed up future requests.

DNS Message Format

The Domain Name System (DNS) relies on a standardized message format for all communication between clients and servers. These messages, which are typically sent over UDP on port 53, can be either a query asking for information or a reply providing it.

DNS Message both query and reply share the same structure, which is divided into five main sections.

1. Header (12 bytes): The header contains control information, including:

   • A 16-bit Transaction ID to match queries with their replies.

   • Flags to indicate if the message is a query or a reply, if the answer is authoritative, and if recursion is desired/available.

   • Counters specifying the number of entries in each of the following sections.

2. Question Section: This section contains the query itself. It specifies the domain name being looked up and the type of record being requested (e.g., A, MX, etc.).

3. Answer Section: In a reply message, this section contains the Resource Records (RRs) that directly answer the query. For example, if the query was for the A record of www.example.com, this section would contain that IP address.

4. Authority Section: This section contains RRs that point to the authoritative DNS servers responsible for the queried domain. This is useful if the answer is not available in the Answer section.

5. Additional Section: This section provides extra information that might be helpful, such as the IP addresses of the authoritative servers listed in the Authority section.

DNS Resource Records (RRs)

The actual data within the DNS is stored in the form of Resource Records (RRs). Each record is a single piece of information and follows a standard format: (Name, Value, Type, TTL).

• Name: The domain name the record applies to.

• Value: The data for the record (e.g., an IP address or another hostname).

• Type: The type of the record. The most common types include:

  • A Record: Maps a hostname to an IPv4 address.

  • AAAA Record: Maps a hostname to an IPv6 address.

  • CNAME Record: (Canonical Name) Creates an alias, mapping one hostname to another.

  • MX Record: (Mail Exchanger) Specifies the mail server responsible for a domain.

  • NS Record: (Name Server) Indicates the authoritative DNS server for a domain.

• TTL (Time To Live): This value, in seconds, tells DNS resolvers how long they are allowed to cache the record. Once the TTL expires, the resolver must query for the record again to get the most up-to-date information.

Practical command-line tools like nslookup can be used to send DNS queries and view the returned records, while network analyzers like Wireshark can inspect the full structure of DNS messages.