DNS 101

Posted: July 9, 2007 in DNS

DNS 101

Contributed by Dru Lavigne, DNSstuff Contributing Writer

Friday, 23 March 2007

While you probably use DNS every day, in fact you used DNS to find the webserver hosting this article, you may not be

clear on how DNS works.

This article will cover some of the terminology used in DNS. ICANN Think of DNS as a global telephone book that

computers know how to access. But instead of matching names to phone numbers, the global DNS keeps matches

computer hostnames to IP addresses. This allows you to type a name such as http://www.google.com into your web browser

and make a connection to the IP address 72.14.203.104. It’s important to ensure that the global DNS contains accurate

information and that it avoids duplicate IP addresses or hostnames. This is the job of ICANN. From their FAQ page:

“The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing and

coordinating the DNS to ensure that every address is unique and that all users of the Internet can find all valid

addresses. It does this by overseeing the distribution of unique IP addresses and domain names. It also ensures that

each domain name maps to the correct IP address.” root servers and TLDs While the DNS is a global

database, its contents have been distributed using a hierarchical format. The format looks like this: Root . Top level

domain . Second level domain . Hostname When you compare that format to a Fully Qualified Domain Name (FQDN) it

appears backwards. For example, in the FQDN http://www.google.com:- www is the hostname- google is the second level

domain (SLD)- com is the top level domain (TLD)

While resolving that FDQN to find its IP address, DNS will:

– query a root DNS server to find the IP address of the DNS server hosting the com portion of the database

– query the com DNS server to find the IP addresss of the DNS server hosting the google portion of the database

– query the google DNS server to find the IP address assocated with teh host named www The list of DNS root servers

can be found at root-servers.org; all DNS servers contain a copy of the file listing the root servers. You don’t see the root

in a FQDN as it is considered to be a silent or implicit dot at the end. The Internet Assigned Numbers Authority (IANA)

maintains the lists of TLDs. Some of the TLDs are by country name, such as us, uk, de, and jp. Others are the original

TLDs such as com and org, and the newer TLDs such as biz and name. Remember, the TLD is always the last part of a

FQDN. zone and resource records The SLD, or the middle part of a FQDN, is the portion that is purchased from a

Registrar. For example, Google had to purchase and register the google name. (You can see who purchased the name

and when by querying WHOIS—see the WHOIS article for details). When a name is registered, the Registrar is

responsible for adding the new entry to the TLD database. In other words, when google was registered, the Registrar

added an entry to the com database pointing to the address of the google DNS server. Once an SLD is registered, the

registrant becomes responsible for maintaining that portion of the DNS database and it will contain the DNS entries for

the hosts belonging to the SLD. That area of responsibility is known as a DNS zone which is why you’ll often see DNS

configuration files referred to as zone files. When configuring the zone, the DNS administrator adds entries describing

the hosts that need to be found via DNS. These entries are known as resource records as they describe the type of

resource. For example, an A resource record matches an IP address to a hostname, an MX resource record indicates

that the host is a mail server for the domain, and an NS record indicates that the host is a DNS server for the domain.

(additional resource records are described in detail in the resource records article) TCP vs UDP on port 53

The DNS protocol uses port 53 for communications. Interestingly, it uses both the UDP and TCP transports. As a general

rule of thumb:

– UDP is used when an FQDN needs to be resolved into an IP address

– TCP is used by the DNS servers within a zone to make sure they all have the most recent copy of the zone file; if a

DNS server has an out-dated version, it will request a zone transfer over TCP 53

– Occassionaly the information needed to resolve an IP address is too large to ship in a UDP packet and is sent in a TCP

packet instead When configuring a firewall, UDP 53 has to be left open so FQDNs can be resolved to IP addresses.

However, many administrators block TCP 53 entirely or restrict it to the IP addresses of that zone’s DNS servers. This is

because a DNS server outside of the zone has no legitimate reason to ask for a zone transfer. However, blocking TCP

53 will prevent the occasional name resolution packet that used TCP from entering the network. This is the reason why

you will see a warning in “TCP Allowed” section of the DNS Report if TCP 53 is being blocked by a firewall.

member.dnsstuff.com

http://member.dnsstuff.com/rc Powered by Joomla! Generated: 9 July, 2007, 00:20

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s