How domain name system is controlled?

I do not know how domain name system can avoid duplicate entries of same domain name across globe.

Say I start a domain name server and map domain google.com to my ip address, how other domain name servers detect the ambiguity? Who is responsible for avoiding such duplicates?


Solution 1:

The reason it wouldn't matter is because no one will ever ask your personal DNS server to resolve google.com.

Let's say I ask my browser for google.com. Here are the steps my ISP's recursive nameserver goes through, assuming google's A record is not locally cached:

  1. I request the DNS A record for google.com from my ISP's nameserver (and it's not in my personal DNS cache).
  2. If it's not recently cached, the nameserver knows it's not authoritative for the google.com zone, so it can't look it up in the local zone database. Thus, it asks a random one of the 13 root nameservers about google.com.
  3. The root server sends the ISP's nameserver to the Global Top-Level Domain server for the .COM TLD, using their NS records.
  4. The GTLD nameserver also doesn't know where google.com is, but it sends the nameserver the records for nameservers that are authoritative for the google.com zone.
  5. Now our nameserver asks the authoritative server, and it returns the A record for google.com, which is returned to us (and cached on the ISP's nameserver to avoid having to go through all this again).

As you can see, at no point in that process will I or my nameserver ask your DNS server where google.com is.

Now, there are potential vulnerabilities, through cache poisoning and other similar attacks. One of the most famous is the Kaminsky vulnerability.

For an awesome step-by-step guide to DNS resolution, plus descriptions of the serious issues and vulnerabilities, check out this illustrated guide.

Solution 2:

A small point of contention here: Your ISP's DNS servers don't query the root servers for Google's A record. The root servers answer queries regarding the gTLD's. Ignoring any cacheing, here's how it would go:

  1. Your ISP's DNS server will query a root server to find the authorative name server(s) for the .com gTLD

  2. Your ISP's DNS server will then query one of the gTLD servers responsible for the .com domain to find the authorative name server(s) for Google

  3. Your ISP's DNS server will then query one of Googles name servers for the A record

The root servers are responsible for the . domain and the gTLD servers are responsible for the .com, .edu, etc. domains. The root servers don't know anything about any domain under .com, .edu, etc.

There are two levels of hierarchy at work here:

a.root-servers.net through m.root-servers.net - responsible for the . domain

a.gtld-servers.net through m.gtld-servers.net - responsible for the .com, .edu, etc. domains