How DNS Works
Director of Engineering Operations
NCC Group Domain Services
- Host Files: Why DNS was created
- DNS Today
- Root Nameservers
- Top Level Domains (TLDs)
- Common DNS Setup
- Walk through: Resolving www.greenfly.net
- Common DNS record types
- DNS Caching and TTL
- DNS load balancing and failover
- rDNS: The Internet's caller ID
- Fun Exercise: How to take down the Internet
Not On Agenda
- Specific implementations of DNS (ie. BIND, djbdns)
- DNS diagnostic tools (dig, nslookup, whois)
- DNS security practices
Host Files: Why DNS was created
In the olden days... (1970s)
- ARPAnet (precursor to the Internet) had a few hundred hosts
- All Name-to-address mappings inside single HOSTS.TXT
- Any new ARPAnet host = new entry in HOSTS.TXT
- Traffic/load on main HOSTS.TXT distributor (called SRI-NIC)
- Name collisions
Host Files: Why DNS was created
DNS is born (1984)
- Paul Mockapetris released RFCs 882 and 883 (later 1034 and 1035)
- Described specs for a "Domain Name System" (DNS)
- Specifications continually revised in later RFCs
- These specs still used today
- 13 servers scattered across the world
- Majority (these days) outside of US
- Use various OSs, DNS servers, versions within them
- 11 of 13 use "anycast" to decentralize DNS
- All uncached DNS queries start here
- Aware of the nameservers for all Top Level Domains
Top Level Domains (TLDs)
- Typically the last section of a URL (com, net, biz)
- Way to segregate organizations on the Internet:
- com = commercial, edu = educational, mil = military, etc.
- Not always strictly followed anymore (company.com company.net company.org, etc)
- Later Country-code TLDs added:
- .uk = United Kingdom, .au = Austrailia, .de = Germany, etc
- Further segregated into organizations: co.uk, com.au, co.de, etc
- Each TLD has nameservers to manage all subdomains
Common DNS Setup
External or Internal (or both):
- One primary "master" DNS server: ns1.example.com
- One or more secondary "slave" DNS servers: ns2.example.com, ns3.example.com
Walk through: Setup
What happens between typing in www.greenfly.net in a browser and getting back 126.96.36.199?
- Personal Computer on a home DSL line
- Using 1 of 2 DNS servers provided by ISP: ns1.someisp.com
Walk through: OS to ISP
- User to web browser: www.greenfly.net?
- web browser to OS: www.greenfly.net?
- OS: Hmm not in my hosts file or cache, must ask the nameserver
- OS to ns1.someisp.com: www.greenfly.net?
- ns1.someisp.com: Not in my records, I better ask a root nameserver
Walk through: ISP to world
- ns1.someisp.com to root: www.greenfly.net?
- root to ns1.someisp.com: I don't know, ask a net nameserver. Here are their addresses...
- ns1.someisp.com to net: www.greenfly.net?
- net to ns1.someisp.com: No clue, but ns1.greenfly.net and ns2.greenfly.net know about it. Here are their addresses...
- ns1.someisp.com to ns2.greenfly.net: www.greenfly.net?
- ns2.greenfly.net to ns1.someisp.com: 188.8.131.52
- ns1.someisp.com to OS: 184.108.40.206
- OS to browser: 220.127.116.11
DNS Caching and TTL
- Seems like a lot of steps, in practice it's less due to caching
- Based on Time to Live (TTL). What's TTL?
- OS caching:
- Windows ME and older: No DNS Caching
- Windows 2k and above: positive responses cached for TTL or 1 day, whichever is less
- Windows 2k and above: negative responses cached for 15 minutes
- Linux using nscd: positive responses cached for 60 minutes
- Linux using nscd: negative responses cached for 20 seconds
- ISP nameserver caching
- All domains according to TTL
- Starts searches from closest cached nameserver
DNS load balacing and failover
- Domains automatically have at least 2 authoritative nameservers
- Nameserver lists are returned in random order
- If one nameserver doesn't reply, automatically queries the next in the list
- Scales to as many nameservers as you set up
Common DNS record types
- "A" record
- Most common
- Assigns an IP address to a hostname (ie www.greenfly.net = 18.104.22.168)
- Load balance with multiple A records for a single IP (google does this)
- Canonical Name (CNAME) record
- Acts as an alias to point one hostname to another (ie ben.greenfly.net = benjamin.greenfly.net
- Used to assign many functional names to single server
- NS records define nameservers for a domain or subdomains
- MX records define mailservers for a domain in order of preference
rDNS: The Internet's caller ID
- Reverse DNS uses "pointer" (PTR) records
- PTR records assign one IP to a hostname
- Only one PTR record allowed per IP
- Not always implemented
How to take down the Internet
- Take out all 13 root DNS servers
- There is no second step!
- How this works...
Some Useful Resources on DNS