Dns /

Domain Name System

Too Many IPs

There are over 4 billion possible IP addresses?, and an astronomical number of IPv6 addresses?. No human can memorize them all. So, instead of typing IPs like into our web browser, we use hostnames like ircnow.org, which are far easier to remember. Our computers take these hostnames and tries to find their IP addresses; this process is called name resolution.

How DNS works

To perform name resolution, the client (such as a phone or a laptop) needs a name resolver. The name resolver then queries (requests information from) a name server. This name server could be run by your ISP or in a data center somewhere.

DNS is distributed. This means that there is no single name server that knows about every single domain on the Internet. Instead, this information is spread out all across millions of servers all across the Internet.

A distributed name system is more robust and more practical. Imagine if all the information were only put on a single name server: if that one name server went offline, the entire Internet would stop working.

To achieve this distributed system, name servers are delegated authority over their own zones. For example, you might be given authority over the zone username.ircnow.org. Your server can then provide data for that hostname and any other subdomains like mail.username.ircnow.org or www.username.ircnow.org. Your server would control all subdomains within that zone (anything that contains username.ircnow.org). However, you would not be in control of example.com. This zone is delegated to another name server elsewhere. You would not be able to set up subdomains like mail.example.com unless you were delegated authority by the owner of example.com.

This distributed design makes DNS more resilient and shares the workload and data storage across multiple servers. This makes it possible to scale up to the size of the global Internet.

Because DNS was designed to be distributed, we can and should run our own nameservers for our own zones. We don't want to depend upon CloudFlare? or other non-free networks for DNS services.


Let's take a look at a hostname like example.ircnow.org:

At the very top is the root domain, which is represented by just a single period . The root domain is the very top of the DNS system. Next, you have top-level domains (TLDs) such as com, net, and org. After this come the second-level domains like ircnow.org.

Usually, when you purchase a domain, you are purchasing a second-level domain. For example, you might purchase coolchatclub.com for your team for $20USD per year. To purchase the domain?, you would go to a name registrar and pay a registration fee.

Once you purchase a (second-level) domain, you can then create your own subdomains free of charge. For example, if you own ircnow.org, you can create example.ircnow.org free of charge by setting up your own name server and zone file. Some providers will offer subdomains free of charge.

Setting up name server

If you register your own domain, the registrar will let you specify your own name servers. They will probably offer you a web panel to put in the IP addresses. By convention, these nameservers are usually referred to as ns1 and ns2, so the hostnames will be ns1.example.com, ns2.example.com, and so forth. You'll need to provide glue records. When someone on the Internet queries your domain name, these glue records provide the IP addresses for your nameservers, which then contain the actual data for your servers.

For the nameserver, we recommend using nsd because it comes as part of OpenBSD's base system.

See Also:

DNS RecordsDNS Zone Filesvhostdighost
unboundNSDBIND Resolver