The DNS (Domain Name System) is central to the Internet. In fact the Internet as we know it wouldn't work if we didn’t have a DNS as it is used in practically every computer to computer connection. This guide isn’t intended to cover every aspect of the DNS but to give you a fairly good understanding of how DNS works.
Normal (Forward) Lookups
I will deal with forward lookups first because they are by far the most common and the simplest to understand.
Say you type www.crazysquirrel.com into your browsers address bar and hit return. How does your browser figure out which machine to go and get the page from? The first thing to understand is that the Internet works on IP address which are a bit like phone numbers for computers and not on domain names. Domain names are there purely because they are easier for humans to remember than IP addresses which look like this 184.108.40.206. A DNS server at the most abstract level just returns the IP for a domain name.
Now that you know basically what a DNS server does you might like to stop reading. Most people will never have need to know any more than that but how the query works is quite fascinating.
So in essence the DNS basically just queries a huge telephone book to get the IP address of for a particular domain or does it. Oh, if only it were that simple. The Internet is huge. I mean really huge. One DNS server couldn’t hope to record every domain name and the IP address that goes with it. Not to mention the fact that people move domains about (to other machines) and so the IP address of a domain sometimes changes. For this reason the DNS is built as a hierarchy with a small number of machines at the top that don’t change very frequently. By stepping though the hierarchy it is possible to resolve a domain. The process that is gone through to resolve a domain can be seen below.
- You www.crazysquirrel.com into your web browsers address bar and press return.
- Your web browser sends a request to the first DNS server listed in your network configuration settings asking for the IP address for www.crazysquirrel.com (I’ll call this the ISP DNS as that is what is normally is). Quite often these settings are automatically configured using DHCP but your ISP will usually also advertise the DNS IP address on their website for people who don’t want to or can’t use DHCP.
- The ISP DNS server will check its cache of lookups to see if it already knows the answer to the question. If it does it will tell your browser the answer and the DNS lookup is finished. If it doesn’t know the answer it continues to the next step.
- The ISP DNS server then checks all the domains it is authoritative for and checks to see if any of those match. If one does it sends the result back to the browser and all is done. If not is goes on to the next step.
- The ISP DNS server sends the query on to one of the root DNS servers. These sit at the top of the DNS hierarchy and don’t change very often. They know about the . (dot) domain and the com, edu, gov, net, org top level domains. Yes there is a level with the name . that is above all other level. It is almost always left off a domain name though but if it is included at the end of the domain name a browser should still return the correct result.
- The root DNS server checks the zone file for the com top level domain and finds an entry for crazysquirrel so it sends the NS record back to the ISP DNS server. An NS record contains, amongst other things, the IP addresses for the primary and secondary DNS servers that deal with the crazysquirrel.com domain.
- Now that the ISP DNS server knows which machine to ask about the crazysquirrel.com domain it sends the request for information on to the primary DNS server (or the secondary if the primary can’t be contacted for some reason).
- The crazysquirrel.com DNS server upon receiving the request will lookup the domain www.crazysquirrel.com and return the NS record for it which will contain the IP address for the machine.
- The ISP DNS caches the lookup result so that it can respond more quickly in future and sends the IP address back to the web browser.
In the case where the domain being requested is not one that is directly known about by the root level servers (such as a country level domain like uk or de) then the root servers know where to find the country level root servers and send so return that result instead. This means that the ISP DNS has to do an extra lookup.
It should be fairly obvious that that the lookup cycle can occur any number of times. A domain name such as one.two.three.four.example.com could require as many as five separate lookups as the DNS server digs its way down the DNS tree. In reality it is likely to only require two or maybe three lookups though – one at the root server to find example.com and one at example.com to resolve the whole address.
There can a step 2.5 in the above list where a forwarding DNS server is used. This is a DNS server that generally isn’t authoritative for any domain but is used to cache results to reduce network load and implement some security features. A forwarding DNS server is basically transparent to the end user which is why I didn’t mention it above. If a forwarding name server is queried and it doesn’t know the answer to a query it forwards the whole query onto another DNS server that will do the lookup for it. Not all DNS servers will accept a recursive query like this but many ISP DNS servers will. At first glace there doesn’t seem to be much point in doing this but there are a couple of plus points. Firstly, if the forwarding server can’t resolve the query from it’s cache only one message has to be sent across the network to resolve the name. Secondly, if hosts on the network need to resolve addresses but not have full Internet access they can do the resolutions via the forwarding DNS server. Finally, switching DNS servers for a whole network is as easy as updating which DNS servers the forwarder forwards to.
Note that although a forwarding DNS server appears on the surface to be the same as a caching DNS server it is subtly different. A caching DNS server does lookups itself a forwarding DNS server doesn’t.
Looking up email servers is a little different to resolving most addresses as they use MX rather than A records. MX records can be thought of as being like A records with a score. A mail server will deliver mail to the MX server with the lowest score. If it fails the mail server will try the next lowest and so on till it runs out of servers or the mail is delivered.
Reverse DNS is fairly similar to forward DNS in how it works but isn’t quite as flexible. The aim of reverse DNS is to turn an IP address such as 220.127.116.11 into a domain name such as www.crazysquirrel.com (this won’t work for this IP address at the minute). The problem is that reverse DNS only really works if there is only one thing to look up at the other end. If a server is configured to use virtual servers (a must now-a-days with such a shortage of IP address) then only one of the domain names host at that server will be returned by the reverse lookup. Historically this hasn’t been a problem because there aren’t many things that do reverse lookups but it is starting to become problematical when sending email to some domains. Spam originates, mostly, from machines that have been infected with spam sending software via a virus. Some ISPs (AOL for instance) will now not accept email that purports to come from a domain that can’t be looked up via reverse DNS. On the face of it this seems like quite a good idea but it’s actually a royal pain in the rear if you are using virtual hosting and can stop you dead in your tracks.
So how does reverse DNS work? Read on to find out.
In order to make reverse DNS work the designers of DNS added a special reserved domain called “in-addr.arpa” to which all IP addresses belong. With forward lookups the most generic part of the domain name is at the right (e.g. the com part of the name) and the most specific part is on the left (e.g. the www part of the name) In the case of an IP address this is completely back to front. The most generic part of the IP address 18.104.22.168 is the 81 and the most specific the 106. In order to make reverse DNS work like forward DNS the designers decided to reverse the IP address for the query so a reverse query will look like this “22.214.171.124.in-addr.arpa”.
So far so simple but there is a problem with this picture. The Internet is running short of IP addresses so while 10 years ago you could easily get hold of 256 address (a class C subnet) you now have to fight tooth and nail to get 8. The problem is that reverse DNS is based on the incorrect assumption that the Internet would be divided up only at 8 bit boundaries (an IP address is 32 bits long giving 3 boundaries). That was the case but it isn’t now with boundaries falling all over the place. At first glance this seems like an easy enough problem to solve, just allow the placing of boundaries on any bit. That can’t be done though because of a rule that says that IP addresses can only be delegated once and most IP addresses will already have been delegated to the ISP. If you have a static IP address you can sometimes get the address re-delegated but many places are reluctant to re-delegate less than a class C network. If you are lucky your ISP will enter reverse DNS details for you for free.
The way the actual query works is exactly the same as with a forward lookup just using the IP address rather than a domain name.