How DNS Works

Kyle Rankin

Systems Architect

QuinStreet Inc.

Author of Knoppix Hacks, Ubuntu Hacks, and The Official Ubuntu Server Book

http://greenfly.org/talks/misc/how_dns_works.html

Agenda

• Host Files: Why DNS was created
• DNS Today
• Root Nameservers
• Top Level Domains (TLDs)
• Common DNS Setup
• Walk through: Resolving www.greenfly.net
• Common DNS record types
• DNS Caching and TTL
• DNS load balancing and failover
• rDNS: The Internet's caller ID
• Fun Exercise: How to take down the Internet
• Questions

Not On Agenda

• Specific implementations of DNS (ie. BIND, djbdns)
• TCP/IP
• DNS diagnostic tools (dig, nslookup, whois)
• DNS security practices

Host Files: Why DNS was created

In the olden days... (1970s)

• ARPAnet (precursor to the Internet) had a few hundred hosts
• All Name-to-address mappings inside single HOSTS.TXT
• Any new ARPAnet host = new entry in HOSTS.TXT
• Problems:
• Traffic/load on main HOSTS.TXT distributor (called SRI-NIC)
• Name collisions
• Consistency

Host Files: Why DNS was created

DNS is born (1984)

• Paul Mockapetris released RFCs 882 and 883 (later 1034 and 1035)
• Described specs for a "Domain Name System" (DNS)
• Specifications continually revised in later RFCs
• These specs still used today

DNS Today

• All of Internet uses DNS for name resolution
• Most intranets use DNS for name resolution
• BIND most common DNS server
• 13 root nameservers A.ROOT-SERVERS.NET - M.ROOT-SERVERS.NET (http://en.wikipedia.org/wiki/Root_nameserver)
• 267 Top Level Domains (TLDs) (http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains)

Root Nameservers

• 13 servers scattered across the world
• Majority (these days) outside of US
• Use various OSs, DNS servers, versions within them
• 6 of 13 use "anycast" to decentralize DNS
• All uncached DNS queries start here
• Aware of the nameservers for all Top Level Domains

Top Level Domains (TLDs)

• Typically the last section of a URL (com, net, biz)
• Way to segregate organizations on the Internet:
• com = commercial, edu = educational, mil = military, etc.
• Not always strictly followed anymore (company.com company.net company.org, etc)
• Later Country-code TLDs added:
• .uk = United Kingdom, .au = Austrailia, .de = Germany, etc
• Further segregated into organizations: co.uk, com.au, co.de, etc
• Each TLD has nameservers to manage all subdomains

Common DNS Setup

External or Internal (or both):

• One primary "master" DNS server: ns1.example.com
• One or more secondary "slave" DNS servers: ns2.example.com, ns3.example.com

Walk through: Setup

What happens between typing in www.greenfly.net in a browser and getting back 216.246.127.101?

The Setup:

• Personal Computer on a home DSL line
• Using 1 of 2 DNS servers provided by ISP: ns1.someisp.com

Walk through: OS to ISP

1. User to web browser: www.greenfly.net?
2. web browser to OS: www.greenfly.net?
3. OS: Hmm not in my hosts file or cache, must ask the nameserver
4. OS to ns1.someisp.com: www.greenfly.net?
5. ns1.someisp.com: Not in my records, I better ask a root nameserver

Walk through: ISP to world

1. ns1.someisp.com to root: www.greenfly.net?
2. root to ns1.someisp.com: I don't know, ask a net nameserver. Here are their addresses...
3. ns1.someisp.com to net: www.greenfly.net?
4. net to ns1.someisp.com: No clue, but ns1.greenfly.net and ns2.greenfly.net know about it. Here are their addresses...
5. ns1.someisp.com to ns2.greenfly.net: www.greenfly.net?
6. ns2.greenfly.net to ns1.someisp.com: 216.246.127.101
7. ns1.someisp.com to OS: 216.246.127.101
8. OS to browser: 216.246.127.101

DNS Caching and TTL

• Seems like a lot of steps, in practice it's less due to caching
• Based on Time to Live (TTL). What's TTL?
• OS caching:
• Windows ME and older: No DNS Caching
• Windows 2k and above: positive responses cached for TTL or 1 day, whichever is less
• Windows 2k and above: negative responses cached for 15 minutes
• Linux using nscd: positive responses cached for 60 minutes
• Linux using nscd: negative responses cached for 20 seconds
• ISP nameserver caching
• All domains according to TTL
• Starts searches from closest cached nameserver

DNS load balacing and failover

• Domains automatically have at least 2 authoritative nameservers
• Nameserver lists are returned in random order
• If one nameserver doesn't reply, automatically queries the next in the list
• Scales to as many nameservers as you set up

Common DNS record types

• "A" record
• Most common
• Assigns an IP address to a hostname (ie www.greenfly.net = 216.246.127.101)
• Load balance with multiple A records for a single IP (google does this)
• Canonical Name (CNAME) record
• Acts as an alias to point one hostname to another (ie ben.greenfly.net = benjamin.greenfly.net
• Used to assign many functional names to single server
• NS records define nameservers for a domain or subdomains
• MX records define mailservers for a domain in order of preference

rDNS: The Internet's caller ID

• Reverse DNS uses "pointer" (PTR) records
• PTR records assign one IP to a hostname
• Only one PTR record allowed per IP
• Not always implemented

Fun Exercise

How to take down the Internet

1. Take out all 13 root DNS servers
2. There is no second step!
3. How this works...

Questions?

Some Useful Resources on DNS

• 
• http://en.wikipedia.org/wiki/Domain_Name_System
• Your friendly neighborhood UNIX admin