Dns /

Introduction to the Domain Name System

Why use names?

There are over 4 billion possible IP addresses and an astronomical number of IPv6 addresses. Since humans have a difficult time remembering numbers, the Internet uses names like example.com. Instead of typing IP addresses like 192.168.0.1 into our web browser, we type names like example.com. Computers take these hostnames and find their associated IP addresses, a process called name resolution.

host, usage, and nslookup(1) are three utilities that can perform name resolution.

How DNS works

To perform name resolution, the client (such as a web browser) needs a name resolver. The name resolver then queries (requests information from) a name server. This name server could be run by your ISP, your router, or a server in a data center.

For example, if you visit the webpage https://example.com, your web browser will resolve the name example.com into the IP address 93.184.215.14.

$ host example.com
example.com has address 93.184.215.14
example.com has IPv6 address 2606:2800:21f:cb07:6820:80da:af6b:8b2c
example.com mail is handled by 0 .

Distributed Name System

DNS is distributed. This means that there is no single name server that knows about every single domain on the Internet. Instead, this information is spread out across millions of servers all across the Internet.

We can find which nameservers provide the information for example.com as follows:

$ host -t ns example.com
example.com name server a.iana-servers.net.
example.com name server b.iana-servers.net.

The two nameservers that contain the DNS records for example.com are a.iana-servers.net and b.iana-servers.net. Internet RFCs require that each domain should be served by at least two nameservers.

A distributed name system is robust and practical. If -- instead of a distributed name system -- all DNS records were only put on a single name server, then if that one name server went offline, name resolution for the entire Internet would fail!

To achieve a distributed system, name servers are delegated authority over their own zones. For example, you might be delegated authority for the zone example.org. Your nameserver would control and define the records for everything within example.org. If you wanted to run a mail server, you might create a subdomain such as mail.example.org. Your nameservers for the zone might be ns1.example.org and ns2.example.org, and these nameservers would need to provide the correct DNS records so that mail.example.org would resolve to the correct IP addresses.

To further distribute the load, you might delegate control over the subdomain www.example.org to other nameservers (maybe to an outside organization), so that the other organization (and not ns1.example.org and ns2.example.org) would handle those records.

The outside organization would be responsible for the zone www.example.org, but that organization would have no direct control over example.org. The outside organization is not able to define records outside of its delegated zone.

This distributed design makes DNS more resilient and shares the workload and data storage across multiple servers. This makes it possible to scale up to the size of the global Internet.

Because DNS was designed to be distributed, we recommend running your own nameservers. In particular, it's recommended to avoid non-free service providers for DNS services. Relying on non-free 3rd-party providers may result in privacy and censorship issues.

Domains

The hierarchy of DNS is like an inverted tree. At the very top is the root domain, which all domains belong to. The root domain is represented by a single period . The root domain is at the very top of the DNS system. Next, you have top-level domains (TLDs) such as com, net, and org. After this come the second-level domains like example.org.

Usually, when you pay money to register a domain, you are registering a second-level domain. For example, example.org might be one such second-level domain you could register for an annual fee. [[dns/registrars|To register a domain]], you would go to a name registrar and pay a fee.

Once you purchase a (second-level) domain, you can create your own subdomains free of charge.

Setting up name server

If you register a domain, the registrar will usually let you specify your own name servers. By convention, the nameservers are often named ns1 and ns2, so the hostnames will be ns1.example.org, ns2.example.com, and so forth. There will often be a web panel where you can input the nameservers and their IP addresses (these are known as glue records). When someone on the Internet queries your domain name, these glue records provide the IP addresses for your nameservers. The resolver will query these nameservers directly to find the actual data for your domain.

Nameserver types

There are two types of nameservers.

One type of nameserver providers answers for zones it has been delegated. Because the nameserver has 'authority over the zone, it is known as an authoritative name server. OpenBSD provides the authoritative nameserver nsd in its base system.

The other type of nameserver helps resolve names it has no control over. Instead of providing authoritative answers, caching nameservers request DNS records from other nameservers, and caches the results to help speed up the lookup of common requests. This is a caching name server, and OpenBSD provides the caching nameserver unbound in its base system.

See Also: