loading...

DNS Explained. Hierarchy and Architecture

blake profile image Blake Khan Updated on ・4 min read

This is an article in the DNS Explained. series. Click here to read the introduction post.

In the first post for this series, I described DNS being both hierarchical and decentralized. In this post, we will dive into what that really means.

DNS is Hierarchical

Hierarchy is obtained through levels of domains, starting at the root server (represented by a period ".").

A tree showcasing the levels of domains that DNS provides.

You may have heard of top-level domains (TLDs) before. Some examples of TLDs include:

  • .com
  • .net
  • .org
  • .us
  • .de
  • .coffee
  • .ninja

They are called top-level domains because well, they are at the top level (excluding the root)! Organizations can register second-level domains under any valid TLD.

Because DNS is hierarchical, that means that two separate second-level domains can both use the same third-level domain For example, mail.google.com and mail.yahoo.com are both allowed because the uniqueness of the third level domain is limited to the scope of the second-level domain. This was not possible under the predecessor hosts.txt system.

Root Zone Servers

In the above graphic, I introduced a new DNS concept called the root server. The root is the base of the DNS hierarchy tree. While I described it as a single point, it is actually more than that.

In reality, the root server is called the Root Zone servers. It's called the Root Zone because there are actually 13 Root servers. These servers are spread out geographically and are the starting place for traversing DNS via resolution.

ICANN appoints operators for these 13 root servers. There are 12 total operators.

Host name IP Addresses Operator
a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 Verisign, Inc.
b.root-servers.net 199.9.14.201, 2001:500:200::b University of Southern California, Information Sciences Institute
c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications
d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland
e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA (Ames Research Center)
f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc.
g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC)
h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab)
i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod
j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 Verisign, Inc.
k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC
l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN
m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project

You may be asking yourself, how do hosts and resolvers know about these 13 root servers? The answer is simple: they're hardcoded!

You can view the locations of all the root zone servers here.

DNS is Decentralized

This hierarchical structure of domain levels permits decentralization too. DNS is decentralized in terms of not a single party is responsible for providing the nameservers at each level.

A tree showcasing the different name server operators.

At each second-level domain, there are a set of nameservers. These nameservers are used during resolution to provide the IP addresses of third+ level domains within the scope of that specific second-level domain.

Since the scope is limited to that particular second-level domain, the registry of the TLD does not need to operate this, and instead, the responsibility is given to the second-level domain registrant to provide this functionality.

If the domain registrant does not want the responsibility of providing their own nameservers, there exist third-party companies that offer managed DNS services. Cloudflare is one of the largest managed DNS providers. Most registrars also offer this service.

Observations

We can make a few observations about DNS from the fact that it is both hierarchical and decentralized.

Firstly, DNS is scalable due to its hierarchy. By having "zones" of TLDs, the infrastructure for each zone can be spread out and independently scaled. This is great because some TLDs have more registrations than others.

Secondly, since the hierarchy begins with the root, and the root is represented by a period, the fully qualified domain name (FQDN) technically ends with a period too. This is official and was documented in RFC 1034. You can try it out in your browser and verify that it still works:

  • smile.amazon.com.
  • www.google.com.
  • dev.to./blake

Finally, FQDNs are parsed from right to left. This is because the root starts on the right-hand side, and the lowest level is on the left-hand side.

Posted on by:

blake profile

Blake Khan

@blake

Senior-standing Computer Science major at George Mason University in Fairfax, VA.

Discussion

pic
Editor guide