When you type "http://www.hackepedia.org" into the URL bar of your browser, you are using the Domain Name System (DNS). This makes things a little easier for us, considering things actually use IPs instead. It would be a lot more difficult to memorize http://22.214.171.124 which would actually be a little faster for you as then you don't have to resolve DNS, but then again, that IP could change so DNS makes things more easy.
DNS was explained in RFC 1034 and RFC 1035 written in 1987 and has many modifications, see RFC Index.
DNS is a distributed database. It is build like a tree and does delegations from the root up to organization dns servers. Here is how a DNS tree would look like.
The tree set-up of delegating nameservers is intended to keep loads managable on the entire internet. If you have an organization named "skankyreggae" and wanted to be on the internet then you could take skankyreggae.tld as your domain name. The root would point to .tld and .tld would point to the nameservers serving skankyreggae. You can host skankyreggae on your own computers, by means of a DNS Server, provided they are reliably on the Internet all the time. When others seek skankyreggae.tld they would speak directly with your nameservers to get the IP of the www servers if they were seeking web. They would look up MX records if they tried to send mail to [email protected] and so on.
DNS is best explained in RFC's 1034 and 1035.
gTLD and ccTLD domains
These can be viewed here in the Root Zone database.
Let's try and find out what the IP of hackepedia.org is at the time of writing this:
$ nslookup hackepedia.org Server: 126.96.36.199 Address: 188.8.131.52#53 Non-authoritative answer: Name: hackepedia.org Address: 184.108.40.206
This means we asked the DNS server 220.127.116.11 what IP hackepedia.org has. That server answered back, I'm not the authoriatative answer, but it was 18.104.22.168 last I checked. Why did we ask 22.214.171.124? Well, that is the first nameserver line in /etc/resolv.conf (On Windows it's under your TCP/IP properties in Network configuration). You can have up to three listed, and it will try them in order. If the first one isn't answering, it will try the second. If we don't get a reply from the 2nd, we'll try the third. You want to all of your DNS servers to be as few hops away from you as possible, as you can imagine, you make a lot of requests to them if you're an avid websurfer. If you're really impatient, you should look at running your own caching nameserver.
If there is too much output for you there, or you don't care which DNS server you're querying, you can use host instead of nslookup:
$ host hackepedia.org hackepedia.org has address 126.96.36.199
But when we asked 188.8.131.52, it said it wasn't the authoritative answer.. out of curiousity, who is?
$ whois hackepedia.org | grep "Name Server" Name Server:NS1.DREAMHOST.COM Name Server:NS2.DREAMHOST.COM Name Server:NS3.DREAMHOST.COM
If you don't include the | grep "Name Server" part, you will get a lot of other information about that domain, like who owns it, where they are located, contact information etc, although the whois information is often faked for privacy reasons.
Now we will ask NS1.DREAMHOST.COM what the ip is:
$ nslookup hackepedia.org ns1.dreamhost.com Server: ns1.dreamhost.com Address: 184.108.40.206#53 Name: hackepedia.org Address: 220.127.116.11
You can see the "Non-authoritative answer" bit is no longer there, as they are the authoritative DNS server for that domain name. How to find the authoritative source is interesting to know, but for all practical purposes, you will probably never have to do this manually as it all happens behind the scenes. See the Manual gethostbyname(3) to see how programs make this call in the background.
DNS is transported over TCP port 53 and/or primarily over UDP port 53. Initially a length of 512 bytes was the maximum length of a UDP DNS packet. This has changed with EDNS0. With TCP the maximum length of a DNS packet is 65535 bytes. TCP is primarily used for AXFR queries.
A sample DNS answer
I took this from a packet dump (tcpdump) of a lookup of my domain, it shows in detail the individual sections inside a UDP DNS packet.
List of DNS Server Software
DNS used as DoS
DNS is increasingly used as DoS. Here are some solutions that could make DNS more DoS resistant.
- elegant DNS software rate limits queries from an arbitrary source to an arbitrary DNS record of arbitrary type. Perhaps large memory footprints are needed for such a thing, but it's not 1987 anymore, it's 25 years later and RAM has become cheaper.
- TCP has never been explored as a resolver really, even though it's not impossible, it just requires better handling of stream based protocols in software.
I personally think DNS is the achilles heel of the Internet.