Is there a good overview of the DNS system?

domain-name-system

I want to get an understanding of how the DNS system works. How domain names actually get resolved and how admins setup a domain name so it is resolved correctly to a target machine.

The sources you find with Google are either very very technical and so hard to get a proper feel for the whole system or so dumbed down they are not very useful. Anyone have a good source that explains it as a whole but without be having to become an expert in the process of reading it?


None of the answers given so far make these distinctions, but they're worth documenting:

The Different Types of DNS Server:

Authoritative Server

This is the server that holds the definitive (authoritative) information about a domain name. Authoritative answers from such a server have the AA bit set.

The answers from authoritative servers always contain the actual configured TTL from the zone file. i.e., if the TTL is set to 86400s, that's the value that'll be in the responses.

ISPs run authoritative servers to host the domains that they manage on behalf of their customers. The name servers run by the TLDs and ccTLDs are also authoritative servers, as are the root name servers.

Recursive Server

A recursive resolver only receives requests from stub resolvers. If the answer is in its cache it will return it immediately. If the answer is not in the cache it will iteratively ask the relevant **authoritative servers** for the answer, and then return it to the stub resolver.

Caching is a fundamental feature of recursive servers. The TTL received from the authoritative server continues to tick down, and when it reaches zero the entry is purged from the cache.

Similarly answers received from the recursive server show the decreasing value, not the original value from the zone. Per the example above, if a record was received with a TTL of 7200s exactly an hour ago, the answer from the recursive server will say 3600s.

ISPs run recursive resolvers for your PCs talk to, albeit most consumers actually rely on the DNS proxy in their home gateway, which forwards the query to the ISPs resolvers.

Stub Resolver

A stub resolver isn't a server in the normal sense, it's typically a library, and calls to `gethostbyname()` and related functions just invoke the code in that library.

The stub can't do anything except talk to a recursive resolver, relying on that recursive resolver to obtain all of its answers for it. All such upstream requests have the RD (Recursion Desired) bit set.

Some (but by no means all) stub resolvers have a cache.

Forwarding Server

A forwarding (or proxy) server doesn't (usually) cache. They're used to proxy packets between one network and another, typically sitting between a stub resolver and the recursive resolvers.

I'm having trouble finding a really good resource online. O'Reilly's cricket book ("DNS and BIND, 5th Edition") has good coverage, but not exactly freely available...

(TL;DR version: it's complicated, that's why sysadmins get all the good biscuits at morning tea time)

The answer to "how does a name get looked up" is basically that the entire system is like a big tree -- each part of the name you're trying to lookup is another level. At the top, the "root" servers know which DNS servers are responsible for each of the "top level" domains (.com, .net, .org, .us, .eu, .uk, .au, etc), and the servers responsible for each of those names knows which DNS servers are responsible for each of the domains under them (so the .com servers know which DNS servers are responsible for serverfault.com and stackoverflow.com, but they don't know who is responsible for hezmatt.org -- the .org nameservers know that).

When you want to know what a given name corresponds to, you start by asking the root servers. They'll "refer" you to the right servers for the "top level" name you want, and then the appropriate "top level" servers will point you where to go from there. Eventually (usually after just a couple of hops, but there's no reason why it couldn't be more) you'll get pointed to a server that knows the actual answer to the question you're asking, and you'll get your answer.

If you want to watch this process at work, you can use a tool like http://squish.net/dnscheck/ to look up a name and see all the queries that can get done.

As far as how an admin sets up a DNS server and integrates it into the whole thing, that kind of falls out of the above. Once you've setup a DNS server to answer for a given domain, you need to ask the DNS servers for the level above you to "delegate" that domain name to your servers. In practice, this done by your domain registrar on your behalf, when you tell them what DNS servers to use for a domain that you "own".

Related

linux command to prevent dos attack by using netstat and iptables
Migrate user accounts from Azure AD to on-premise AD?
MongoDB and datasets that don't fit in RAM no matter how hard you shove
Basic openldap setup using slapd.d configuration
How can I control which IP address IIS7 uses?
Any freeware IIS log analyzer? [closed]
What are the main points to avoid RAID5 with SSD?
How would you send syslog *securely* over the public Internet?
nginx as reverse proxy with upstream SSL
What is the IPv6 equivalent to IPv4 RFC1918 addresses?
Question marks showing in ls of directory. IO errors too
I accidentaly forbid SSH connection to a remote server... What's next?