domain name system- internet.pdf

Domain Name System (DNS) Page 1

Internet Technology

Domain Name System (DNS) Name Server: a name server is a computer server that hosts a network service for providing responses to

queries against a directory service. It maps a human-recognizable identifier to a system-internal, often

numeric, identification or addressing component. This service is performed by the server according to a

network service protocol. Name servers do two things all day long:

They accept requests from programs to convert domain names into IP addresses.

They accept requests from other name servers to convert domain names into IP addresses.

The Domain Name System (DNS) is a Name server. It is an Internet service that translates domain names

into IP addresses. The DNS is a hierarchical distributed naming system for computers, services, or any

resource connected to the Internet or a private network. It associates various information with domain

names assigned to each of the participating entities. A Domain Name Service resolves queries for these

names into IP addresses for the purpose of locating computer services and devices worldwide. By

providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an

essential component of the functionality of the Internet.

The Internet maintains two principal namespaces the domain name hierarchy and the Internet Protocol

(IP) address spaces. The Domain Name System maintains the domain name hierarchy and provides

translation services between it and the address spaces. Internet name servers and a communication

protocol implement the Domain Name System. A DNS name server is a server that stores the DNS

records for a domain name, such as address (A) records, name server (NS) records, and mail exchanger

(MX) records); a DNS name server responds with answers to queries against its database.

An often-used analogy to explain the Domain Name System is that it serves as the phone book for the

Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain

name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6).

Unlike a phone book, however, DNS can be quickly updated and these updates distributed, allowing a

service's location on the network to change without affecting the end users, who continue to use the same

hostname. Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs)

and e-mail addresses without having to know how the computer actually locates the services.

DNS Architecture

DNS architecture is a hierarchical distributed database and an associated set of protocols that define:

A mechanism for querying and updating the database.

A mechanism for replicating the information in the database among servers.

A schema of the database.

DNS originated in the early days of the Internet when the Internet was a small network established by the

United States Department of Defense for research purposes. The host names of the computers in this

network were managed through the use of a single HOSTS file located on a centrally administered server.

Each site that needed to resolve host names on the network downloaded this file. As the number of hosts

on the Internet grew, the traffic generated by the update process increased, as well as the size of the


HOSTS file. The need for a new system, which would offer features such as scalability, decentralized

administration, support for various data types, became more and more obvious.

The Domain Name System introduced in 1984 became this new system. With DNS, the host names reside

in a database that can be distributed among multiple servers, decreasing the load on any one server and

providing the ability to administer this naming system on a per-partition basis. DNS supports hierarchical

names and allows registration of various data types in addition to host name to IP address mapping used

in HOSTS files. Because the DNS database is distributed, its potential size is unlimited and performance

is not degraded when more servers are added.

The original DNS was based on Request for Comment (RFC) 882 (Domain Names: Concepts and

Facilities) and RFC 883 (Domain NamesImplementation and Specification), which were superseded by

RFC 1034 (Domain NamesConcepts and Facilities), and RFC 1035 (Domain NamesImplementation

and Specification). Additional RFCs that describe DNS security, implementation, and administrative

issues later augmented the original design specifications.

DNS Domain Names

The Domain Name System is implemented as a hierarchical and distributed database containing various

types of data, including host names and domain names. The names in a DNS database form a hierarchical

tree structure called the domain namespace. Domain names consist of individual labels separated by dots,

for example: mydomain.microsoft.com.

A Fully Qualified Domain Name (FQDN) uniquely identifies the hosts position within the DNS

hierarchical tree by specifying a list of names separated by dots in the path from the referenced host to the

root. The next figure shows an example of a DNS tree with a host called mydomain within the

microsoft.com. domain. The FQDN for the host would be mydomain.microsoft.com.

Understanding the DNS Domain Namespace

The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more

resource records, which hold information associated with the domain name. The tree sub-divides into

zones beginning at the root zone. A DNS zone may consist of only one domain, or may consist of many

domains and sub-domains, depending on the administrative authority delegated to the manager.


The hierarchical Domain Name System, organized into zones, each served by a name server

The DNS domain namespace, as shown in the following figure, is based on the concept of a tree of named

domains. Each level of the tree can represent either a branch or a leaf of the tree. A branch is a level

where more than one name is used to identify a collection of named resources. A leaf represents a single

name used once at that level to indicate a specific resource.

Administrative responsibility over any zone may be divided by creating additional zones. Authority is

said to be delegated for a portion of the old space, usually in the form of sub-domains, to another

nameserver and administrative entity. The old zone ceases to be authoritative for the new zone

DNS Domain Name Hierarchy


How the DNS Domain Namespace Is Organized

Any DNS domain name used in the tree is technically a domain. Most DNS discussions, however,

identify names in one of five ways, based on the level and the way a name is commonly used. For

example, the DNS domain name registered to Microsoft (microsoft.com.) is known as a second-level

domain. This is because the name has two parts (known as labels) that indicate it is located two levels

below the root or top of the tree. Most DNS domain names have two or more labels, each of which

indicates a new level in the tree. Periods are used in names to separate labels.

The five categories used to describe DNS domain names by their function in the namespace are described

in the following table, along with an example of each name type.

Types of DNS Domain Names

Name Type Description Example

Root domain This is the top of the tree, representing an unnamed

level; it is sometimes shown as two empty quotation

marks (""), indicating a null value. When used in a

DNS domain name, it is stated by a trailing period (.)

to designate that the name is located at the root or

highest level of the domain hierarchy. In this instance,

the DNS domain name is considered to be complete

and points to an exact location in the tree of names.

Names stated this way are called fully qualified

domain names (FQDNs).

A single period (.) or a period

used at the end of a name, such

as example.microsoft.com.

Top level

domain

A name used to indicate a country/region or the type

of organization using a name.

.com, which indicates a name

registered to a business for

commercial use on the Internet.

Second level

domain

Variable-length names registered to an individual or

organization for use on the Internet. These names are

always based upon an appropriate top-level domain,

depending on the type of organization or geographic

location where a name is used.

microsoft.com. , which is the

second-level domain name

registered to Microsoft by the

Internet DNS domain name

registrar.

Subdomain Additional names that an organization can create that

are derived from the registered second-level domain

name. These include names added to grow the DNS

tree of names in an organization and divide it into

departments or geographic locations.

example.microsoft.com. ,

which is a fictitious subdomain

assigned by Microsoft for use in

documentation example names.

Host or

resource

name

Names that represent a leaf in the DNS tree of names

and identify a specific resource. Typically, the

leftmost label of a DNS domain name identifies a

specific computer on the network. For example, if a

name at this level is used in a host (A) RR, it is used

to look up the IP address of computer based on its

host name.

host-

a.example.microsoft.com.,

where the first label (host-a) is

the DNS host name for a specific

computer on the network.


DNS and Internet Domains

The Internet Domain Name System is managed by a Name Registration Authority on the Internet,

responsible for maintaining top-level domains that are assigned by organization and by country/region.

These domain names follow the International Standard 3166. Some of the many existing abbreviations,

reserved for use by organizations, as well as two-letter and three-letter abbreviations used for

countries/regions are shown in the following table:

Some DNS Top-level Domain Names (TLDs).

DNS Domain Name Type of Organization

com Commercial organizations

edu Educational institutions

org Non-profit organizations

net Networks (the backbone of the Internet)

gov Non-military government organizations

mil Military government organizations

arpa Reverse DNS

xx Two-letter country code (i.e. us, au, ca, fr)

Other level Domains

Below these top-level domains in the DNS hierarchy are the second-level and third-level domain names.

These are the names directly to the left of .com, .net, and the other top-level domains. These domain

names are typically open for reservation by end-users who wish to connect local area networks to the

Internet, create other publicly accessible Internet resources or run web sites. The registration of these

domain names is usually administered by domain name registrars who sell their services to the public.

Second-level domains.

Top-level Internet domains like ".com" are shared by all the organizations in the domain. Second-level

domain names like "yahoo.com" and "livinginternet.com" are registered by individuals and organizations.

Second-level domains are the addresses commonly used to host Internet applications like web hosting and

email addressing

Excluding the top-level domain portion, second-level domain names can have up to 61 characters. For

many years, character were restricted to the 26 letters, 10 numbers, or the hyphen character, except the

hyphen can't be the first or last character. Under these conditions, there are 36 possibilities for the first

and last character of the domain name, and 37 possibilities for the other 59 characters. Therefore, the total

number of possible different second level domain names was:

37^59 x 36 x 36

Third-level domains.

Third-level Internet domain names are created by those that own second-level domains. Third-level

domains can be used to set up individual domains for specific purposes, such as a domain for web access

and one for mail, or a separate site for a special purpose:

www.livinginternet.com

mail.livinginternet.com


rareorchids.livinginternet.com

Domain Name Syntax

The definitive descriptions of the rules for forming domain names appear in RFC 1035, RFC 1123, and

RFC 2181. A domain name consists of one or more parts, technically called labels, that are

conventionally concatenated, and delimited by dots, such as example.com.

The right-most label conveys the top-level domain; for example, the domain name

www.example.com belongs to the top-level domain com.

The hierarchy of domains descends from right to left; each label to the left specifies a

subdivision, or subdomain of the domain to the right. For example: the label example specifies a

subdomain of the com domain, and www is a sub domain of example.com. This tree of

subdivisions may have up to 127 levels.

Each label may contain up to 63 characters. The full domain name may not exceed a total length

of 253 characters in its external dotted-label specification. In the internal binary representation of

the DNS the maximum length requires 255 octets of storage.

DNS names may technically consist of any character representable in an octet. However, the allowed

formulation of domain names in the DNS root zone, and most other sub domains, uses a preferred format

and character set.

The characters allowed in a label are a subset of the ASCII character set, and includes the characters a

through z, A through Z, digits 0 through 9, and the hyphen. This rule is known as the LDH rule

(letters, digits, hyphen). Domain names are interpreted in case-independent Operation

Creating a New Domain Name

When someone wants to create a new domain, he or she has to do two things:

Find a name server for the domain name to live on.

Register the domain name.

Technically, there does not need to be a machine in the domain -- there just needs to be a name server that

can handle the requests for the domain name.

There are two ways to get a name server for a domain:

You can create and administer it yourself.

You can pay an ISP or hosting company to handle it for you.


How does DNS work?

DNS clients and servers use queries as the fundamental method of resolving names in the tree to specific

types of resource information. This information is provided by DNS servers in query responses to DNS

clients, who then extract the information and pass it to a requesting program for resolving the queried

name. In the process of resolving a name, keep in mind that DNS servers often function as DNS clients,

querying other servers in order to fully resolve a queried name.

Address resolution mechanism

Domain name resolvers determine the appropriate domain name servers responsible for the domain name

in question by a sequence of queries starting with the right-most (top-level) domain label.

A DNS recursor consults three nameservers to resolve the address www.wikipedia.org.

When you visit a domain such as dyn.com, your computer follows a series of steps to turn the human-

readable web address into a machine-readable IP address. This happens every time you use a domain

name, whether you are viewing websites, sending email or listening to Internet radio stations like

Pandora.

Step 1: Request information

The process begins when you ask your computer to resolve a hostname, such as visiting http://dyn.com.

The first place your computer looks is its local DNS cache, which stores information that your computer

has recently retrieved.

If your computer doesnt already know the answer, it needs to perform a DNS query to find out.


Step 2: Ask the recursive DNS servers

If the information is not stored locally, your computer queries (contacts) your ISPs recursive DNS

servers. These specialized computers perform the legwork of a DNS query on your behalf. Recursive

servers have their own caches, so the process usually ends here and the information is returned to the user.

Step 3: Ask the root nameservers

If the recursive servers dont have the answer, they query the root nameservers. A nameserver is a

computer that answers questions about domain names, such as IP addresses. The thirteen root

nameservers act as a kind of telephone switchboard for DNS. They dont know the answer, but they can

direct our query to someone that knows where to find it

Step 4: Ask the TLD nameservers

The root nameservers will look at the first part of our request, reading from right to left www.dyn.com

and direct our query to the Top-Level Domain (TLD) nameservers for .com. Each TLD, such as

.com, .org, and .us, have their own set of nameservers, which act like a receptionist for each TLD. These

servers dont have the information we need, but they can refer us directly to the servers that do have the

information.

Step 5: Ask the authoritative DNS servers

The TLD nameservers review the next part of our request www.dyn.com and direct our query to the

nameservers responsible for this specific domain. These authoritative nameservers are responsible for

knowing all the information about a specific domain, which are stored in DNS records. There are many

types of records, which each contain a different kind of information. In this example, we want to know

the IP address for www.dyndns.com, so we ask the authoritative nameserver for the Address Record (A).

Step 6: Retrieve the record

The recursive server retrieves the A record for dyn.com from the authoritative nameservers and stores the

record in its local cache. If anyone else requests the host record for dyn.com, the recursive servers will

already have the answer and will not need to go through the lookup process again. All records have a

time-to-live value, which is like an expiration date. After a while, the recursive server will need to ask for

a new copy of the record to make sure the information doesnt become out-of-date.

Step 7: Receive the answer

Armed with the answer, recursive server returns the A record back to your computer. Your computer

stores the record in its cache, reads the IP address from the record, then passes this information to your

browser. The browser then opens a connection to the webserver and receives the website.

This entire process, from start to finish, takes only milliseconds to complete

domain name system- internet.pdf

Documents