Networking Essentials: DNS
This is the fifth in a series of class notes as I go through the free Udacity Computer Networking Basics course.
The purpose of DNS is to map IP addresses to human-readable names:
- The client wants to looks up a domain name
- The client’s stub resolver takes the name and issues a query. The resolver may have cached the name.
- If not in cache, query gets sent to Local DNS Resolver (usually configured when your machine gets assigned its IP address, using the Domain Host Control Protocol)
- If the first Local DNS Resolver doesn’t respond within a preset timeout, it will try the second.
- The query is recursive, so redirects and referrals spawn further queries and the client only wants the end result.
- But Local Resolvers work iteratively, only answering the specific query in front of them.
So a query/resolution sequence might go:
A "www.gatech.edu"(to root server)
NS "k.edu.servers.net" (NS` records are referrals)
- Response: `NS “dns1.gatech.edu”
This process is rather slow due to all the round trips, so the Local Resolvers keep a cache of all the
NS mappings for a particular TTL (Time to Live). You may also want to store more frequently accessed domains like the root or
google.com for days and weeks, but a local name like
www.gatech.edu might change more frequently and so deserve a shorter TTL.
What are those
NS notations above? They are record types indicating level of authority in the response:
Arecords map Names to IP addresses
NS(aka referrals) records map Names to authoritative nameservers
In plain English, if you ask the root server for a specific name, it probably doesn’t specifically know the IP, but it will know who knows, and tells you to go ask that “authoritative nameserver”. And so on down the line until you find the final nameserver that knows the exact IP of the domain you are looking for. This lets the Domain Name System be implemented as a hierarchy.
Other record types:
MXmaps Names to Mail Servers
CNAMEsets a Canonical name, or alias, to another domain name that needs to be looked up
PT Rmaps IP addresses to domain names (reverse lookup)
AAAAmaps Names to IPv6 addresses
You can run your own traces in your terminal! try
; <<>> DiG 9.8.3-P1 <<>> www.gatech.edu ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40374 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.gatech.edu. IN A ;; ANSWER SECTION: www.gatech.edu. 59 IN CNAME tlweb.gtm.gatech.edu. tlweb.gtm.gatech.edu. 29 IN A 184.108.40.206 ;; Query time: 267 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Wed Sep 26 00:01:01 2018 ;; MSG SIZE rcvd: 72
The QUESTION SECTION shows our A record query for
The ANSWER SECTION shows the answer with a CNAME swapping
tlweb.gtm.gatech.edu with a 59 second TTL.
So we issue another A request for
tlweb.gtm.gatech.edu, and this time get back
; <<>> DiG 9.8.3-P1 <<>> nytimes.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23334 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;nytimes.com. IN A ;; ANSWER SECTION: nytimes.com. 319 IN A 22.214.171.124 nytimes.com. 319 IN A 126.96.36.199 nytimes.com. 319 IN A 188.8.131.52 nytimes.com. 319 IN A 184.108.40.206 ;; Query time: 128 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Wed Sep 26 00:03:49 2018 ;; MSG SIZE rcvd: 93
The 4 parallel addresses in the ANSWER SECTION are all the same, but if for example
22.214.171.124 gets overloaded the next response will swap that out for one of its other siblings.
What if you tried to look up an IP address?
dig -x 126.96.36.199:
; <<>> DiG 9.8.3-P1 <<>> -x 188.8.131.52 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3657 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;184.108.40.206.in-addr.arpa. IN PTR ;; ANSWER SECTION: 220.127.116.11.in-addr.arpa. 299 IN PTR granite.cc.gatech.edu. ;; Query time: 449 msec ;; SERVER: 18.104.22.168#53(22.214.171.124) ;; WHEN: Wed Sep 26 00:09:13 2018 ;; MSG SIZE rcvd: 78
You get the
PTR record type pointing you back to the human readable domain. Note the reversed IP octets as the IP address moves from higher to lower parts in the domain name hierarchy.
Hopefully this has been a good high level overview of the Domain Name System and you can ping your own domains to see where records are held. I am planning more primers and would love your feedback and questions on: