Domain Name System: Concepts
(this post if part of the material I cover in my devops course)
What is DNS
- Informally, we could say that DNS (Domain Name System) allows users to use names instead of IP addresses.
- The initial thinking was that names are easier to remember and work with, so users will find it easier to use them.
- In fact, DNS is part of the network itself.
For example, you could run a single web-server (single IP address), that hosts multiple "web sites", by using multiple domain names that refer to the same IP address.
The HTTP protocol uses a Host header that can be used for that.
DNS Zones
- DNS is a distributes protocol.
It means that different parts of the data are stored in different places. - The domain name system uses a tree structure.
Here is the example from [rfc 1034]:
1 |
2 |
3 +---------------------+------------------+
4 | | |
5 MIL EDU ARPA
6 | | |
7 | | |
8 +-----+-----+ | +------+-----+-----+
9 | | | | | | |
10 BRL NOSC DARPA | IN-ADDR SRI-NIC ACC
11 |
12 +--------+------------------+---------------+--------+
13 | | | | |
14 UCI MIT | UDEL YALE
15 | ISI
16 | |
17 +---+---+ |
18 | | |
19 LCS ACHILLES +--+-----+-----+--------+
20 | | | | | |
21 XX A C VAXA VENERA Mockapetris
- This is a rather old example, but the concepts are the same:
- We can see that edu is a TLD(Top Level Domain).
- All of the names registered under edu are considerred one DNS Zone (the edu zone) So names that ends with edu like mit.edu or ucla.edu are part of that zone, but... -..but architecture.mit.edu or meche.mit.edu (mechanical engeeniring) are not!!
- This is because these names belong to the mit.edu zone, that is handled by *MIT.
- To sum-up:
- A DNS zone is a portion of the DNS namespace that is managed by a specific administrative entity or organization.
- The name of the zone is a sequence of names (e.g mit.edu)
- Part of that sequence can be higher order zones (for example: edu)
- When you try to resolve a dns name, there will be just one place who is responsible to this name, but many other dns servers can keep cache of this data
- Read the official description here.
Zones - practical example (yuval.guide)
- Creating this site, I "purchased" the domain name yuval.guide
- If you understand everything just explained, what I really purchased is a Zone:
- guide is a gTLD (generic Top Level Domain)
- It is handled by someone that does not want their name to be disclosed (they answer"REDACTED FOR PRIVACY" on most questions in the whois query)
- The ICANN page for guide say that this is a company that specializes in DNS TLDs, called (after many mergers and name changes) Identity Digital
- So, these guyd run the name server that is in charge for guide DNS zone
- If you ask their name servers about yuval.guide, they will tell you that yuval.guide is a zone, and the name servers for that zone are in AWS.
(true, I use AWS Route53 for this) - It also means that I can create other names under my zone (theatre.yuval.guide, or dave.yuval.guide, and yes, even www.yuval.guide)
- I can even delegate a subdomain (say dave.yuval.guide) to another zone, and let Dave handle his own domain - wherever he wants
DNS CONCEPTS
- NAME SERVERS are server programs which hold information about the domain tree's structure and set information.
- a name server is said to be an AUTHORITY for part of the network they have complete information
- RESOLVERS are programs that extract information from name servers in response to client requests. A resolver will typically be a system routine that is directly accessible to user programs
- clients are all programs that use a resolver to get DNS data.
In othe DNS posts we'll explore queries and tools.