Domain Name System (DNS)

botond published 2018/06/22, p - 21:26 time

Content

 

Overview

The DNS (Domain Name System, or domain name system) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. The system associates information allocated to the units participating in the network domain names. It translates mostly human-readable and memorable names into numeric numbers assigned to network devices (IP addresses) so that computers on the network can identify each other. Through its worldwide distributed directory service, the Domain Name System is an essential component of Internet features that have been in operation since 1985.

The DNS system delegates the responsibility of assigning domain names and mapping names to Internet resources by enabling authoritative name servers for each domain. These name servers are responsible for their own domains. Network administrators can delegate this responsibility so that sub-domains can be managed by another name server. This mechanism ensures distributed and fault tolerant operation and avoids the use of a single large central database.

Assigning domain names to Internet resources allows the names not to depend on the physical location of the resources, so that Internet addresses, hyperlinks, etc. used on the Web remain constant even if there is a change in the physical system in the meantime. Another purpose of the DNS system is to make it easier for users to remember these Internet addresses and use them without having to know about the communication between computers running in the background.

 

history

Previously, on the ARPANET, the predecessor of today’s Internet, a list of hostnames and their associated IP addresses was stored in a text file called HOSTS.TXT, which was managed centrally and routed to all stations on the network. With the increase in the number of stations, this static station register table was soon no longer reasonably sustainable. The use of DNS was suggested by Paul Mockapetris to solve the problems of the static host registry table. DNA is officially a 882and 883was documented in RFC in which two ideas emerged:

  • Use hierarchical domain names such as www.google.com or www.debian.org
  • Using DNS servers on all parts of the Internet - a kind of shared responsibility - as a way to manage a host database

The first DNS server was written by four Berkeley students (Douglas Terry, Mark Painter, David Riggle, and Songnian Zhou) in 1984 for a Unix system, which BIND (Berkeley Internet Name Domain) was named. THE BINDwas rewritten for Windows NT in the early 1990s. It is widely distributed, mainly on Unix systems, and has become the most used DNS software on the Internet. It became the target of frequent attacks, so it was later rewritten from the ground up, in which many security holes were eliminated. Thus, version 9 of BIND, which is still known today, already has strong security.

Today, DNS is a documented Internet standard that has been updated and expanded. Earlier updates dealt with data encryption, and later updates improved DNA security. These and other RFCs can also be found at IETF (Internet Engineering Task Force) on the RFCs website, a www.ietf.org/rfc.html address.

Today, all Internet-connected hosts rely on DNS to access various Internet services and remote hosts. ISPs provide their users with the IP addresses of the DNS servers that the system can access when it comes to resolving domain names to IP addresses.

 

structure

Hierarchical domain names

DNS uses a hierarchical tree of domains in the namespace - to arrange the complete set of names. Each higher-level domain has authority over its lower-level subdomains. Each domain represents a separate block in the namespace and is managed by a single administrator.

The root of a tree is the so-called root range, denoted by a single dot (.). This is followed by the top or root level domains. The top-level domains are further subdivided into second-level domains, which can then be further subdivided into subdomains.

Top-level domains are relatively fixed and include well-known domains such as COM, NET, ORG, EDU, GOV, MIL. The COM, NET, ORG domains are widely used in all parts of the world, while the use of EDU, GOV, and MIL is more common in the United States. Top-level domains emerged when the Internet became widespread in the early 1990s.

Another group of top-level domains denotes countries. These domain names are the ISO (International Organization for Standardization) www.iso.org page) uses the two-letter country code assigned by you. For example, the top-level country code region of Hungary is HU. Most organizations and companies in Hungary use the HU domain. For example, google.com is the Hungarian domain of Google search.

The full domain name (fully qualified domain name, FQDN) is created by associating the names of the subdomains from the lower level domains to the higher levels, separated by dots (.). For example, UBUNTU.HU is a full domain name; just like HU.OPENSUSE.ORG. All of these may indicate a specific host.

Domain names are not case-sensitive. Thus, UBUNTU.HU and ubuntu.hu represent the same domain. However, the rule is that domain names are written in all lowercase letters.

zones

DNS zone a contiguous part of the hierarchy treated as a separate entity, which may consist of a single domain, but may also cover multiple domains and subdomains, depending on the administrative rights assigned by the manager.

The manager of a zone may transfer administrative rights over a part of its zone to other parties. In this case, delegation delegates virtually unrestricted autonomy over the allocated namespace; administrators and name servers of the old zone are no longer authoritative for the new zone. Zones a zone files describe it.

zone Files

A zone file is a text file that describes line-by-line assignments between domain names and IP addresses and other resources resource recordscalled. A zone file can be a DNS master file that authoritively describes a zone, or it can contain only the elements of a DNS cache.

record types

Multiple records can be stored in one zone. Some of the most common types are:

  • "A": IPv4 tag record.
    Function: Most often, to associate the host name with its 32-bit IPv4 address.
  • "YYYY": IPv6 tag record. 
    Function: Most often, to associate the hostname with its 128-bit IPv6 address.
  • "CNAME": Canonical name record.
    Function: The canonical or primary name of the owner. Pointing from one name to another (alias): The DNS query will continue with the new name query.
  • "MX": mail exchange record.
    Function: List of Mail Transfer Agents (MTAs) assigned to the domain name
  • "NS": name server record.
    Function: Designates authoritative name servers that can be used for a DNS zone.
  • "SOA": start of authority record.
    Function: Guiding information about the DNS zone; the primary name server, the domain administrator email address, the domain serial number, and the zone update intervals.
  • "TXT": Text record
    Function: Originally intended to store any text intended for human consumption. Since the early 1990s, more and more machine data has been stored in it RFC 1464 According to.

 

SOA record

Among the records - due to its importance - it is worth highlighting the SOA record. The SOA record is called in several ways, for example Source Of Authority, Start Of Authority vagy Service Of Authority. You can find all three names if you search for them on the net, but the essence is the same: a record indicating the source of the domain name, which is a record containing the basic settings of the domain's operation. This record includes, for example:

  • Primary name server
  • Admin contact email address (converted to dots), for example: admin.linuxportal.eu.
  • Update time. The secondary name server tries to copy the zone every so often.
  • Time to try again. Secondary DNS will try again after this time if it fails to copy the zone.
  • Expiration date. Secondary DNS deletes the zone after this time if it failed to query.
  • Serial Number: This is incremented with each change, so secondary nameservers know when to update their zones.
  • Minimum TTL. Negative cache time. If a domain fails to be resolved, the DNS resolver records the negative response for that long.
  • Zone transfer. This is the mechanism by which the zone forwards data to the secondary name servers for replication. It uses the TCP protocol for this.

These parameters define the domain names.

 

Ways to redirect a domain name

A domain name can be redirected to a web server in two ways: with records or with name servers.

Domain redirection with records

If we redirect the domain name with records, it means that the management of the DNS zone and also the SOA record remain with the registrar, so the records must be managed on their interface. In this case, for example, we can set an "A" record that points to the IP address of our server, and then the website becomes available. Or we can create an "MX" record and direct it to our server, if it has a mail server. But, for example, we can also leave the correspondence with the registrar, and then they will handle the correspondence for us. In most places, this service is already available for free.

Advantages:

  • It does not require complex infrastructure on the server side. For example, a simple one is enough LAMP server operation to make a website available.
  • It's easy to set up

Disadvantages:

  • Limited DNS management capabilities, making many services unavailable or only limitedly available that require a website authentication process based on automatic DNS management. In such cases, manual modification of the DNS records is required to complete the authentication.
  • Services are not in one place. So, for example, correspondence, etc. can be handled on other interfaces, not as part of our own system.
  • To perform all record operations, the registrar interface must be used.

Domain redirection with name servers

Another way to redirect is when you specify name servers at the registrar. In this case, the destination referred to by the name servers must have DNS service, as well as the SOA record belonging to the domain, which describes the parameters of the domain name in the same way as if it were at the registrar. In this case, the entire DNS management is transferred to the destination.

Advantages:

  • Unlimited DNS management options. Thanks to this, for example, the Let's Encrypt SSL issuing authority can easily verify the ownership of our domain name ACME with the help of a client.
  • The services are concentrated in one place, so we can manage correspondence, DNS management, subdomains, etc. from one place.
  • DNS operations do not require the use of the registrar's interface, because the destination referred to by the name servers in the SOA record is already the manager of the domain.
  • There are web-based control panels that take the burden of manually configuring the DNS server off the shoulders of system administrators. Such is the case, for example ISPConfig is.

Disadvantages:

  • It requires a more complex infrastructure, so for example a simple LAMP server is not suitable for handling this.
  • Manually configuring it is complicated