โน๏ธ Definitions
Domain Name System
A distributed computer system for obtaining information about domains. The system is built as a hierarchy of DNS servers. Most often, it is used to obtain an IP address by a host name, to get mail routing information, or to find service nodes for protocols within a domain.
DNS server
A program that accepts and processes DNS queries using the DNS protocol. The term DNS server is also commonly used to refer to the host on which this program is running.
DNS protocol
An application-level requestโresponse protocol that defines the rules for communication between clients and DNS servers to obtain domain information.
โ๏ธ DNS as a System
Key Characteristics
- Distributed administration Responsibility for different parts of the system is delegated to different people or organizations.
- Distributed information storage Each node in the system stores only the data for its zone of responsibility and (possibly) the addresses of root DNS servers.
- Information caching A node can store cached data outside its own zone of responsibility to reduce network load.
- Hierarchical structure All nodes are organized into a tree, where each node can either perform the work itself or delegate it to other nodes.
- Redundancy The storage and maintenance of nodes is usually handled by several servers, typically separated both logically and physically, ensuring data preservation and continued operation even in the event of some server failures.
๐ Security
Initially, security concerns were not a major consideration in the development of DNS software. However, the growth of the Internet made addressing these issues necessary. To do so, a set of protocol extensions for DNS โ DNSSEC โ was introduced. The operation of DNSSEC is based on the use of digital signatures.
๐ Recursion
The term recursion in DNS refers to the behavior of a DNS server where it โperforms a full search for the requested information throughout the entire DNS on behalf of the client, querying other DNS servers if necessary.โ
A DNS query can be recursive โ requiring a full search โ or non-recursive (also called iterative) โ not requiring a full search.
Similarly, a DNS server can be recursive (capable of performing a full search) or non-recursive (incapable of performing a full search).
Thus, in the case of a recursive query, the DNS server (if it is recursive) queries other servers until it finds the answer or determines that the domain does not exist.
When responding to a non-recursive query, or if recursion is not supported or is disabled, the DNS server either returns data for the zone it is authoritative for, or returns an error.
Recursive queries require more server resources (and generate more traffic), so they are usually only accepted from nodes โknownโ to the server owner (for example, an ISP may allow recursive queries only from its own customers, and in a corporate network recursive queries may be accepted only from the local segment).
Non-recursive queries are usually accepted from all network nodes (and a meaningful answer is only given for queries about zones hosted on the server; for DNS queries about other zones, the server will typically return the addresses of other servers).
๐ DNS Records
DNS records, or resource records, are the units of storage and transmission of information in DNS.
Each such record consists of several fields. Some of them include:
- NAME โ the domain name to which this resource record is bound.
- TTL (Time To Live) โ the permissible duration for which the record can be stored in the cache.
- TYPE โ the format and purpose of the record.
Examples of record types:
- A record (address record) โ maps a host name to an IPv4 address.
- AAAA record (IPv6 address record) โ maps a host name to an IPv6 address.
- MX record (mail exchange) โ specifies the mail exchange server for the given domain.
๐ซ Just an interesting fact
Many problems with access to websites and network resources are usually related to DNS. So the phrase "It was DNS" has become a sort of joke "default response" to any network problems, such as when something doesn't work - it's DNS's fault.
Top comments (0)