What is DNS?
The Domain Name System (DNS) is a hierarchical naming system that enables communication across devices in a network. It translates human-readable domain names (like google.com) to an Internet Protocol (IP) address that a computer can understand (like 10.432.56.94).
This naming system was designed to facilitate communication between devices and services connected to the internet or a private network. The functional purpose of the system is name resolution, to resolve a fully qualified domain name (FQDN) to a readable IP address.
Essentially, DNS allows us to connect to websites without having to memorize a string of numbers – all we need to know is the website’s name.
A Brief History of DNS
The protocol originated with ARPANET (Advanced Research Projects Agency Network), which was built to enable faster information sharing across research centers in the United States. To do this, it used a huge directory of websites and their corresponding IP addresses – sort of like a digital yellow pages.
By the 1970s, the number of computers on this network was growing rapidly, and IP addresses became increasingly long and impossible to memorize. Thus came the need for one united system to simplify networking.
This task fell on Paul Mockapetris, an American computer scientist and internet pioneer. Together with his team, they invented the Domain Name System. Mockapetris described it like this:
“It was created to let people use names for anything. But we had to figure out how to organize the distribution of domain names and how to ensure the system could accommodate diversity without unnecessary restrictions.”
DNS was born in 1983 and was certified as one of the original Internet Standards in 1986. Two documents describe the functionality of this protocol and data types it can carry: RFC 1034 and RFC 1035.
Components of a domain name (hostname) hierarchy
Here are the components of any domain address:
- Top-level domain (TLD): The last part of a web address. Common examples are .com or .org and newer ones include .io or .academy. This part can be referred to as domain name extensions as well.
- Second-level Domain: It precedes the top-level domain and is the most customizable part of a web address. Sometimes referred to as mid-level domain, it comes second in the domain name hierarchy. Examples include ‘bluecatnetworks’ of com, or ‘google’ of google.com.
- Third-level Domain Name: It precedes the second-level domain in a web address and is also customizable. Also known as a sub domain, this is used to organize a website with dedicated areas for specific purposes and help take the load off the main landing page. ‘Careers’ in careers.abc.com is an example of third-level domain names.
A step-by-step of how DNS works
- Your computer asks for information and tries to find the answer locally
- If it cannot find it there, it asks the recursive DNS server
- If it still cannot find the answer, it asks the root name server
- The root server asks the TLD name servers
- The TLD name server asks the authoritative DNS servers
- The recursive server retrieves the record
- You get your answer
The hierarchy of DNS zones
A DNS zone is a portion of the namespace that is managed by a specific entity – either an organization or an individual administrator. It is also an administrative function that allows for more granular control of DNS components, like authoritative name servers.
When a device starts its search for the IP address for a domain name, it performs a DNS lookup, which is basically a zone check. It is then taken to the domain name server that manages that zone, which is called the authoritative name server for that domain.
Each level of a domain name that was discussed above is a separate zone. However, above the Top Level Domain zone, there is the root zone, which is managed by ICANN & IANA. It is represented by a dot at the end of the domain name, for example: www.bluecatnetworks.com.
Here’s an example of what the hierarchy of zones look like:
What are DNS queries?
When a client device needs to go to a website, it sends out a DNS query or request. A DNS resolver is the part of a client device that facilitates these requests. A DNS server is an external computer that stores DNS records and communicates with other servers. Resolvers and servers work together to provide the relevant records for a query.
There are generally three types of DNS queries:
- Recursive query: Occurs between a client device and local DNS server or resolver. The client demands a name resolution and the server must provide an IP address. If the server can’t provide an answer, then it starts an iterative query.
- Iterative query: Occurs between a local DNS server and other DNS servers. The local server does not demand a name resolution. The other servers can respond either with an IP address or a referral to another server.
- Non-recursive query: Occurs when the local DNS server has the IP address in its cache. That means it can immediate return a response without the need for additional queries.
An iterative query starts with the local DNS server querying the root name server. Root servers have a large role because it is responsible for the first step in name resolution.
What are DNS query commands?
Queries, also known as DNS lookups, are happening all the time. Some of these activities take place within your network – these “internal DNS” queries never make it to the outside internet. In a business setting, there is a dedicated internal DNS server that resolves all of the defined points inside the network.
External DNS sends queries outside of the corporate network and relies on external servers for resolutions.
When a DNS query resolves, the remote server comes back with responses which correspond to the type of information it is sending back. Here are examples of common response codes and what they mean:
- A Records: Short for Address Mapping Record, it contains the hostname and correlating IPv4 address. Also known as a host record.
- AAAA records: It contains the hostname and the correlating IPv6 address.
- CNAME records: Short for Canonical Name Record, it contains an alias for a hostname. A CNAME Record points to an A Record plus contain other CNAME Records.
- MX records: Short for Mail Exchanger Record, it identifies the SMTP email server that accepts emails for a specific domain.
Servers cache DNS responses to help resolve queries efficiently. DNS cache records include a time to live (TTL) which indicates a period of time the response can be stored. This acts as a short-term memory for the server. Once the TTL expires, the server needs to resolve the query again. (See our piece on DNS poisoning for more information about the importance of TTL settings.)
The relationship between DNS and DDI
DNS is commonly referred to as part of the term DDI, which stands for DNS, DHCP, and IPAM. DDI is used to describe the integration of all three technologies in a single solution. DNS provides IP addresses, Dynamic Host Configuration Protocol (DHCP) assigns IP addresses, and IP address management (IPAM) handles IP resources. Our DDI page covers this in more depth.
Best practices for DNS Deployment
Network administrators will have to look at each layer of DNS information to make well-informed choices on how to build out their DNS, DHCP, and IPAM infrastructures. Here are several layers that they would have to consider:
- Internal recursive: Queries will first point to this layer for resolution. The internal recursive will then recurse, either internally or externally, to find the answer.
- Internal authoritative: This layer is comprised of several servers which contain a definitive answer for specific DNS zones. The internal recursive and authoritative are typically separated.
- External recursive: The external recursive resolves queries on the internet if the internal recursive layer cannot locate an authoritative answer. It can either be separated or configured together with the internal recursive.
- External authoritative: As this layer is often used as an attack vector, it is standard practice to separate the three other DNS service layers above from the external authoritative layer.
There are pros and cons of how each of these layers can be configured. For a complete guide on DNS infrastructure deployment best practices, including deployment options for DHCP and their impacts, check out our DNS infrastructure deployment best practices guide.