Table of Contents
- How DNS works?
- Name Space:
- Domain Name Space:
- What is Label and Domain name?
- Fully Qualified Domain Name (FQDN):
- Partially Qualified Domain Name (PQDN):
- Domain
- Distribution of Name Space
- Zones:
- Root Server:
- Primary and Secondary Servers:
- Types of Domain Name
- DNS Messages
- Dynamic Domain Name System (DDNS)
In terms of TCP/IP protocols, the identification of entities relies on IP addresses, which serve as unique markers for a host's connection to the Internet. Bridging the gap between human-friendly alphanumeric domain names and these numerical IP addresses is the role of the Domain Name System (DNS).
The DNS functions as a comprehensive system, comprising numerous servers and databases. Through a series of lookups involving various caches, it transforms domain names into corresponding IP addresses. DNS operates hierarchically with a distributed database and a hierarchy of Name Servers. These servers play a pivotal role in resolving Internet host names to the essential IP addresses needed for efficient packet routing. This resolution process involves issuing a DNS query to a name server.
The primary objective of the DNS is to introduce a layer of abstraction between Internet services, such as web browsing and email, and the numeric IP addresses that uniquely identify each machine on the Internet. DNS accomplishes this by associating a wealth of information with assigned domain names and, crucially, by translating human-readable domain names into the numerical identifiers vital for pinpointing the desired destination.
While human preference leans toward using names rather than addresses, the domain name system becomes indispensable. In the context of TCP/IP, DNS facilitates the mapping of names to addresses and vice versa.
DNS in the Internet: DNS stands as a versatile protocol applicable across various platforms.
How DNS works?
DNS is a fundamental component of the Internet's architecture. Understanding how the DNS works is required to comprehend how attacks on the system can affect the entire Internet and how criminal infrastructure can exploit it.
Let's have a look at an example to illustrate how DNS works:
1. Request Initiation: Suppose a user wants to visit the website "www.example.com" by typing it into their web browser.
2. Local DNS Cache: The user's device checks its local DNS cache for a previously resolved IP address for "www.example.com". If the domain name is found and has not expired, the corresponding IP address is retrieved from the cache.
3. Recursive DNS Servers: If the IP address is not found in the local DNS cache, the user's device contacts a recursive DNS server. This server may be provided by the Internet Service Provider (ISP) or configured manually.
4. Root DNS Servers: The recursive DNS server starts the resolution process by contacting a root DNS server. The server is asked, " Do you know the IP address for 'www.example.com'? "
5. Top-Level Domain (TLD) Servers: The root DNS server responds to the recursive DNS server with the IP address of the TLD server responsible for the " .com " domain. The recursive DNS server then contacts the ".com" TLD server with the same query.
6. Authoritative DNS Servers: The ".com" TLD server provides the IP address of the authoritative DNS server responsible for the "example.com" domain to the recursive DNS server. The recursive DNS server queries the authoritative DNS server.
7. DNS Response: The authoritative DNS server for "example.com" responds to the recursive DNS server with the IP address associated with "www.example.com". The recursive DNS server receives the response.
8. Caching: The recursive DNS server caches the IP address received from the authoritative DNS server for a specified period. This caching helps expedite future requests for the same domain name.
9. Application Communication: The recursive DNS server sends the IP address of "www.example.com" back to the user's device. The device can now establish a connection to the web server associated with that IP address, allowing the user to access the website.
This DNS resolution procedure often takes a fraction of a second, allowing users to browse websites and networked apps using familiar domain names. At the same time, the underlying DNS infrastructure executes the IP address translation behind the scenes.
Name Space:
The names assigned to machines must be distinct, and the connection between names and IP addresses needs to be flawless. There are two ways to organize a namespace that maps each address to a unique name:
1. Flat Name Space:
In a flat namespace, a name is given to an address. Names in this space are sequences of characters without any inherent structure. These names may or may not share a common section, and if they do, they hold no specific meaning. The primary drawback of a flat namespace is its impracticality for large systems like the Internet, as it requires central control to prevent ambiguity and duplication.
2. Hierarchical Name Space:
DNS employs a hierarchical namespace for Internet domains. Hierarchical naming allows the use of the same sub-domain name in different domains. Domain names are case-insensitive and can be up to 63 characters long. DNS names are processed from right to left and use periods (.) as separators. DNS serves the purpose of mapping names to values, not exclusively domain names to IP addresses.
|
| DNS Hierarchy |
Domain Name Space:
To establish a hierarchical namespace, a domain name space was devised. This design organizes names in an inverted tree structure with the root positioned at the top. The tree encompasses 128 levels, from level 0 (root) to level 127.
What is Label and Domain name?
- Label: Every node in the tree is assigned a label, constituting a string with a maximum length of 63 characters. The root label is represented as a null string (empty string). DNS stipulates that children of a node must possess distinct labels, ensuring the uniqueness of domain names within the structure.
- Domain Name: Each node in the tree carries a domain name. A complete domain name comprises a sequence of labels separated by dots (.). Domain names are conventionally read from the node up to the root.
|
|
Domain names and labels
|
Fully Qualified Domain Name (FQDN):
When a label concludes with a null string, it earns the designation of a fully qualified domain name (FQDN). An FQDN represents a domain name containing the comprehensive title of a host. It encompasses all labels, from the most specific to the most general, that singularly define the host's name. For instance, the domain name "challenger.ate.tbda.edu." is the FQDN for a computer named " challenger " situated at the Advanced Technology Center (ATC) at De Anza College. A DNS server can only correlate an FQDN with an address. Note that the name must conclude with a null label, denoted by a dot (.) due to its insignificance.
Partially Qualified Domain Name (PQDN):
If a label lacks termination by a null string, it earns the designation of a partially qualified domain name (PQDN) . A PQDN originates from a node but does not extend to the root. It finds utility when resolving names within the same site as the client. Here, the resolver can provide the missing part, the suffix, to formulate an FQDN.
|
| FQDN and PQDN |
Domain
A domain is a branch within the broader domain name space, and the domain title corresponds to the domain name assigned to the topmost node within that specific branch.
 |
| Domain Tree |
 |
| Domain Structure |
Distribution of Name Space
Storing the information within the domain name space on a single computer is both inefficient and unreliable due to the global nature of requests, placing a considerable burden on the system and risking data inaccessibility in case of any failure. To address these challenges, the solution involves distributing the information among multiple computers known as DNS servers. One effective strategy is to divide the entire space into various domains based on the first level.
|
|
Hierarchy of Name Servers
|
Zones:
Recognizing that the complete domain name hierarchy cannot be accommodated on a single server, it is distributed among multiple servers. A server's responsibility or authority is termed a zone, representing a contiguous segment of the entire tree. The domain hierarchy is systematically partitioned into zones, with the topmost domains managed by entities like NIC. Each zone functions as the central authority for its corresponding part of the sub-tree and can be further subdivided, and managed by their own set of name servers.
|
|
Zones
and
Domains
|
Root Server:
A root server oversees the entire tree, encompassing its zone. Typically, a root server does not store specific domain information but delegates its authority to other servers while maintaining references to them. Multiple root servers are strategically distributed globally to cover the entire domain name space.
Primary and Secondary Servers:
DNS delineates two server types: primary and secondary. A primary server stores a file about the zone for which it holds authority and is responsible for creating, maintaining, and updating the zone file stored locally on its disk. In contrast, a secondary server transfers complete zone information from another server (primary or secondary), storing the file on its local disk. Notably, the secondary server neither creates nor updates the zone files.
Types of Domain Name
DNS serves as a versatile protocol applicable across various platforms. Within the Internet, the domain name space, represented as a tree structure, is categorized into three distinct sections:
1. Generic Domain:
- This category defines registered hosts based on their generic behavior. Each node in the tree represents a domain, serving as an index to the domain name space database.
2. Country Domain:
- Following a format similar to the generic domain, the country domain employs two-character country abbreviations (e.g., IN for India ) instead of three characters.
.png)
3. Inverse Domain:
- The inverse domain serves the purpose of mapping an address to a name.
Table: Domain Names with Descriptions
|
Label |
Description |
|
Aero |
Airlines and aerospace companies |
|
Biz |
Businesses or firms (similar to “com”) |
|
Com |
Commercial organizations |
|
Coop |
Cooperative business organizations |
|
Edu |
Educational institutions |
|
Gov |
Government institutions |
|
Info |
Information service providers |
|
Int |
International organizations |
|
Mil |
Military groups |
|
Museum |
Museums and other non-profit organizations |
|
Name |
Personal names (individuals) |
|
Net |
Network support centers |
|
Org |
Nonprofit organizations |
|
Pro |
Professional individual organizations |
DNS Messages
DNS messages encompass two primary types: query and response. The query message includes a header and question records, while the response message comprises a header, question records, answer records, authoritative records, and additional records.
|
| Query and Response Message |
Header
Both query and response messages share a 12-byte header format. The header fields are adjusted to zero for query messages.
Question Section
Present in both query and response messages, this section contains one or more question records. Further details about question records will be explored in the subsequent section.
Answer Section
Exclusive to response messages, this section incorporates one or more resource records. It delivers the server's response to the client (resolver), providing answers to the query.
Authoritative Section
Also exclusive to response messages, this section contains one or more resource records offering information, specifically the domain name, about authoritative servers associated with the query.
Additional Information Section:
Found solely in response messages, this section comprises one or more resource records that offer supplemental information aiding the resolver. For instance, it might include the domain name of an authoritative server in the authoritative section and provide the corresponding IP address in the additional information section.
Types of Records:
Question Record:
Utilized by the client to request information from a server, the question record contains the domain name.
Resource Record:
Every domain name (each node on the tree) is linked to a record known as the resource record. These records populate the server database and are the information the server returns. New domains are incorporated into DNS through registrars and commercial entities accredited by ICANN. Registrars verify the uniqueness of the requested domain name before adding it to the DNS database.
Dynamic Domain Name System (DDNS)
In the DNS framework, implementing changes like adding or removing a host or altering an IP address traditionally requires manual updates to the DNS master file. However, in the expansive landscape of today's Internet, characterized by constant changes, a manual approach becomes impractical. Dynamic Domain Name System (DDNS) addresses this challenge by automating the process, ensuring the DNS master file is updated automatically in response to dynamic changes in the network configuration.
