How DNS Works?

Domain Name System (DNS) is used to resolve website names (or host-names) example www.testdomain.com into IP addresses 90.1.1.1.

Importance and requirement of DNS


Let's discuss a network issue to understand the importance of DNS. 

You are a Network Engineer in an organization and a customer reports an issue about dis-connectivity to a destination server. To begin troubleshooting, you would ask the customer some initial information helpful to resolve the issue.

For example:
Source Subnet/IP from which the customer is experiencing the issue.
Destination IP of the server which is unreachable.

You would definitely need important info i.e. destination server IP of the server for which issue is reported otherwise you cannot troubleshoot the issue.

Same is the case while you browse a website on the internet.

Each website/server/URL hosted on the internet has a public IP and it is your destination IP which you want to reach.

While you browse a website/mail server on the internet, you don't generally put an IP address in the URL. You only write the URL name for example "www.testdomain.com". This is because you don't generally remember the IP address for this URL or website.

There are millions of similar URLs/organizations on the internet and you cannot remember IP addresses of all.

DNS is a service that acts as a go-between/middleman that helps to resolve the Hostnames to IP addresses.

Another example:

You can consider DNS as Telephone Directory or phone book for the Internet URLs/Hosts/Websites. If you know a person’s name (Website/URL)but you don’t know his telephone number(IP address), you trace the phone book to find the phone number of the person. DNS also provides the same service of tracing hostnames and identifying/resolving them to IP addresses.

DNS service works at the Application layer on UDP Port No. -  53

An organization that manages the Domain Names: ICANN (Internet Corporation for Assigned Names and Numbers).


Important DNS Terminologies:


The Domain Name System is a hierarchical and distributed database containing various types of data /records, including hostnames and domain names. The names in a DNS database form a hierarchical tree structure called the domain namespace. A Domain name consists of various entities separated by dots, for example, knowledgebase.mydomain.testdomain.com. This is also called a Fully Qualified Domain Name (FQDN) that exactly identifies the location of the host in DNS Hierarchy.

The DNS Hierarchy is shown in the figure below. There are few Terminologies to understand this hierarchy. Let's take the FQDN  "knowledgebase.mydomain.testdomain.com."


The Hierarchy starts from the top i.e. from the Root. The Root is the last dot(.) in this name.

Top-Level Domain is the last part of the domain. It is the name used to indicate a country/region/type of organization etc. 

Examples of Top Level Domains:

.com   For Commercial Organizations.edu    For Educational Institutions
.org     For Non-profit Organizations
.net     For Networks
.gov    For Non-military Government Organizations
.mil    For Military government Organizations


Second Level Domain:
Variable-length name registered to an individual or organization. These names are always based upon an appropriate top-level domain, depending on the type of organization or geographic location where a name is used. For example: testdomain.com.

Subdomain:
Additional name an organization can create that are derived from the registered second-level domain name. These include names added to grow the DNS tree of names in an organization and divide it into departments or geographic locations. For example:  mydomain.testdomain.com.

Hostname:
Actualy name that represents a host in the DNS hierarchy of  names and identify a specific resource. Typically, the leftmost label of a DNS domain name identifies a specific computer or a server on the network. For example: knowlegebase.mydomain.testdomain.com.

Resource Record(RR)
A DNS database consists of various resource records (RRs) and describe the characteristics of a domain (or a zone). These characterstics are used during DNS query and response messages. Some of the common RRs are listed below:

A Record:  It is an IPv4 Address record.  i.e. an IPv4 address for a host. It has Value 1.  It also means that when a DNS query is raised for A record, an IPv4 address of Public Host/Server is sent as a response.

AAAA Record:  It is an IPv6 Address record. i.e. an IPv6 address for a host. It has value 28.

CNAME Record (Canonical Name):  CName is an alias name for a host/server. For example, you have created a new domain name for a host but you want all all of the traffic to this new domain should be addressed by the old domain server. It has value 5.

MX Record: It is the Mail Exchange Record. This record will redirect a domain’s email to the servers hosting the domain’s user accounts. It has value 15.

SOA Record: Start of Authority. Defines the zone name, an e-mail contact and various time and refresh values applicable to the zone. It has value 6.

NS Record:  It is a Name Server Record. It Defines the authoritative Name Server(s) for the domain or the subdomain ( as per info given in SOA record). It has value 2.

PTR Record: This Record is used to info about hostname from the know IP address of domain using reverse lookup. It has a value of 12.

What is a Zone file?
When a DNS query is raised for a Domain, the response is fetched from the info given in the Zone file for a particular Domain or Subdomain.

A DNS zone file is constructed using Resource Records (explained above), Directives and Comments. Resource Records have two representations, Text and Binary(or Wire) format. Example of text format is showing below int this article.

Syntax of text format of a an RR as given below:

          Owner-name  TTL  Class   Type   Type-specific-data

Comments in Zone file start with ";" (Semi Colon) and are assumed to continue to the end of the line.

Directives start with '$' and are standardized - $ORIGIN and $INCLUDE (defined in RFC 1035) and $TTL (defined in RFC 2308).  Below are a few directives:
  • $ORIGIN: Defines the base name (aka label) to be used for 'unqualified' name substitution. 
  • $TTL: Defines the default Resource Record TTL value, used if no TTL is defined in a resource record.
There are a number of Resource Record (RR) types defined in RFC 1035 and augmented by subsequent RFCs. The first Resource Record must be the SOA (Start of Authority) record.

Example of a Zone file:
-------------------------------------------------------------------------
; Domain: testdomain.com
; Exported (y-m-d hh:mm:ss): 2017-11-02 01:47:46
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.

$ORIGIN   testdomain.com.

$TTL   5d    ; 216000 secs default TTL for zone
; SOA Record
testdomain.com.    600    IN    SOA    ns23.domaincontrol.com.    dns.jomax.net (
                2017100406
                28800
                7200
                604800
                600
                )

; A Records
@    3600    IN    A    201.121.18.41
@    600      IN    A    201.121.12.41
@    3600    IN    A    201.121.14.41
@    3600    IN    A    201.121.16.41

; CNAME Records
lbtq76udpdg8           3600       IN    CNAME    gv-efchvpgirilg3c.dv.googlehosted.com
_domainconnect       3600       IN    CNAME    _domainconnect.gd.domaincontrol.com
 www                        3600       IN    CNAME    ghs.google.com
  ftp                           3600       IN    CNAME    @

; NS Records
@    3600    IN    NS    ns24.domaincontrol.com
@    3600    IN    NS    ns23.domaincontrol.com
-------------------------------------------------------------------------


Let's combine all above information and understand How DNS works.

1. DNS uses Query/Response messages for resolving hostnames/domain names to IP address.
Kindly see the article "How to Configure a Router as DNS server"

2. To start with, you typed www.testdomain.com. on your web browser. Your PC tries to resolve the IP for testdomain.com by searching its local cache.

If you have a  windows machine, type command "ipconfig /displaydns" on windows command prompt to see the local DNS cache.

C:\\My Documents>ipconfig /displaydns

Windows IP Configuration
    www.yahoo.com
    ----------------------------------------
    Record Name . . . . . : www.yahoo.com
    Record Type . . . . . : 5
    Time To Live  . . . . : 48
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    CNAME Record  . . . . : atsv2-fp.wg1.b.yahoo.com

To flush the DNS cache, use command "ipconfig /flushdns"

3.  If you PC has a entry of domain name in DNS cache, there is no need to send a DNS query. As your PC can immediately get the IP for the URL name you typed from the local DNS cache. If there is no entry in the local cache, a DNS query will be raised for a configured DNS server (command to check : ipconfig /all) provided by your ISP. The ISP DNS servers are called recursive DNS. i.e. they may further query some other regional DNS servers(called root name servers) if they also don't have the required Host to IP info.

4. The root name servers read the name of the domain starting from right to left. For example: testdomain.com.  They can further direct the query to Top Level Domain name servers (TLDs). For this example, the root name server will direct the query to ".com" TLD name server. Similarly queries can be raised to other defined TLD name servers for .org, .edu TLDs.

5. Once the Top Level Domain name servers receive the DNS queries, they forward the queries to Authoritative DNS servers for a particular domain. This Authoritative DNS have all the info about a particular Domain which is store in a DNS record (RRs and Zone file). The information is fetched from this zone file which has info of various Resource Records. For example you queried for an A-Record info for domain www.testdomain.com. The A Record is lookedup from the zone file and 'DNS Response' message is sent back.

6. All the servers (say Recursive DNS, Name Servers) who forwarded the DNS query in the path, with retrieve IP address from DNS response message and store it in thier DNS cache. Each DNS entry in the cache has a TTL (Time to Live) which tells till how long the record entry will be cached and it will erased from the cache once the TTL expires. Once your PC gets the DNS response message, it means you DNS query is resolved with an IP of the URL/Domain name you typed. Now your browser establishes a connection with the IP of the domain server/host.