Domain Name System

From TheBestLinks.com

The Domain Name System or DNS is a system that stores information about host names and domain names on networks, such as the Internet. Most importantly, it provides an IP address for each host name, and lists the mail exchange servers accepting e-mail for each domain.

The DNS forms a vital part of the Internet, because hardware requires IP addresses to perform routing, but humans use host names and domain names, for example in URLs and e-mail addresses.

Paul Mockapetris invented the DNS in 1983; the original specifications appear in RFC 882. In 1987 the publication of RFC 1034 and RFC 1035 updated the DNS specification and made RFC 882 and RFC 883 obsolete. Several more recent RFCs have proposed various extensions to the core protocols.

Table of contents

1 How the DNS works 2 DNS records 3 International domain names 4 DNS software 5 Ownership of domains 6 Politics 6.1 US Truth in Domain Names Act 7 External links

How the DNS works

A domain name usually consists of two or more parts (technically labels) separated by dots. The rightmost label conveys the top-level domain (for example, the address www.wikipedia.org has the top-level domain org). Each label to the left specifies a subdivision or subdomain (for example, wikipedia.org is a subdomain of org and www.wikipedia.org is a subdomain of wikipedia.org). In theory, this subdivision can go down to 127 levels deep, and each label can contain up to 63 characters, as long as the whole domain name does not exceed a total length of 254 characters. But in practice some domain registries have shorter limits than that.

The DNS consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root servers: the servers to query when looking up (resolving) a domain name.

An example may clarify this. Suppose an application needs to find the IP address of www.wikipedia.org. Before starting, the local system has to know where to find the root servers. It starts by asking one of these root servers -- for example, the server with the IP address "198.41.0.4". The root server replies with a delegation meaning roughly, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 204.74.112.1 has information on the org domain." The local DNS client then asks that DNS server, which replies, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 207.142.131.234 has information on the wikipedia.org domain." Finally the request goes to this third DNS server (207.142.131.234), which replies with the required IP address. The whole process thus utilises recursive searching.

When an application (such as a web browser), wants to find the IP address of a domain name, it doesn't necessarily follow all these steps. The web browser will contact a DNS cache, which provides the working horsepower of the Domain Name System. The DNS cache will receive a query for a domain, follow all the steps needed to find the IP, as described above, and only return the final result to the application. However, it will also remember all the results for a period of time, thereby speeding up queries that overlap and repeated queries. When many people use the same DNS cache, chances of finding the results already in the cache increase, and often subsequent queries generate no external network calls at all. Organisations or Internet service provider commonly run a DNS cache for all their users. A TTL value specified by the authoritative name servers governs the maximum length of time a DNS cache may remember the request results.

The system outlined above provides a somewhat simplified scenario. The DNS includes several other functions:

• Host names and IP addresses do not necessarily match on a one-to-one basis. Many host names may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. Alternatively a single host name may correspond to many IP addresses: this can facilitate fault tolerance and load distribution, and also allows a site to move physical location seamlessly.
• There are many uses of DNS besides translating names to IP addresses. For instance, Mail transfer agents use DNS to find out where to deliver E-mail for a particular address. The domain to mail exchanger mapping provided by MX records accommodates another layer of fault tolerance and load distribution on top of the name to IP address mapping.
• To provide resilience in the event of computer failure, multiple DNS servers provide coverage of each domain. In particular, thirteen root servers exist worldwide. DNS programs or operating systems have the IP addresses of these servers built in. The USA hosts, at least nominally, all but three of the root servers. However, because many root servers actually implement anycast, where many different computers can share the same IP address to deliver a single service over a large geographic region, most of the physical (rather than nominal) root servers now operate outside the USA.

The DNS uses TCP and UDP ports 53 to serve requests. Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP is typically used only when the response data size exceeds 512 bytes, or for such tasks as AXFR.

DNS records

Important categories of data stored in the DNS include the following:

• An A record or address record maps a host name to its 32-bit IPv4 address.
• An AAAA record or IPv6 address record maps a host name to its 128-bit IPv6 address.
• A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
• An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
• A PTR record or pointer record maps a host name to the canonical name for that host. Setting up a PTR record for a host name in the in-addr.arpa domain that corresponds to an IP address implements Reverse DNS lookup for that address. For example (at the time of writing), www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-addr.arpa to its canonical name, referrals.icann.org.
• An NS record or name server record maps a domain name to a list of DNS servers for that domain.
• An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain.

Other kinds of records simply provide information (for example, an LOC record gives the physical location of a host), or experimental data (for example, a WKS record gives a list of servers offering some well-known service such as HTTP or POP3 for a domain).

International domain names

Domain names must use only a subset of ASCII characters, preventing many languages from representing their names and words natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue, and some registries have adopted IDNA.

DNS software

Various flavors of DNS software implement the DNS, including:

• BIND (Berkeley Internet Name Domain)
• DJBDNS (Daniel J. Bernstein's DNS)
• MaraDNS
• QIP (Lucent Technologies)
• NSD (Name Server Daemon)
• PowerDNS [1] (http://www.powerdns.com/)
• Microsoft DNS (in the server editions of Windows 2000 and Windows 2003)

Ownership of domains

One can find the owner of a domain name by looking in the whois database: for most gTLDs ICANN holds a basic WHOIS, with the detailed WHOIS maintained by the domain registry which controls that domain.

For each of the 240+ Country Code top-level domains (ccTLDs) the registry (as part of its many functions) usually holds the entire authoritative WHOIS database for that extension.

Politics

Many investigators have voiced criticism of the methods used currently to control ownership of domains. Most commonly, critics claim abuse by monopolies or near-monopolies, such as VeriSign, Inc., and problems with assignment of top-level domains. The international body ICANN (the Internet Corporation For Assigned Names and Numbers) oversees the domain name industry.

US Truth in Domain Names Act

The US "Truth in Domain Names Act", in combination with the PROTECT Act, forbids knowingly using a misleading domain name with the intent of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet.

See also: cybersquatting, dynamic DNS, ICANN, DNSSEC

External links

• DNS Resources Directory (http://www.dns.net/dnsrd/)
• DNS & BIND Resources (http://www.bind9.net/)
• CircleID DNS Community (http://www.circleid.com)
• DNS Security Extensions (DNSSEC) (http://www.dnssec.net/)
• http://www.root-servers.org/
• RFC 1034 - DOMAIN NAMES - CONCEPTS AND FACILITIES (http://ietf.org/rfc/rfc1034)
• RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (http://ietf.org/rfc/rfc1035)
• Tutorials for Beginning Computer Users: The Domain Name System (http://www.bleepingcomputer.com/forums/tutorial28.html)

bg:Domain Name System da:DNS de:Domain Name System eo:DNS es:DNS fr:Domain Name System it:DNS ja:Domain Name System nl:Domeinnaam pl:DNS ru:DNS fi:DNS sv:DNS zh:DNS

Related links

---

Top visited 0 of 0 links

[no links posted yet]

>> place link >>

Discussion

Last posted 0 of 0 messages

[no messages posted yet]

>> post message >>

Watch

You can add this article to your own "watchlist" and receive e-mail notification about all changes in this page.