|
DNS stands for Domain Name System. A DNS server listens to
port 53 by default (meaning that if you'll want to connect to one
and use its DNS service, you will connect via port 53), and
translates alphabetical hostnames (such as www.securitywriters.org)
into IP addresses (such as 212.1.134.138) and vice versa.
Before DNS, there was another name-to-address resolution
system, but DNS was introduced in order to make the distribution of
the host table easier. It is much simpler to remember a hostname
than four digits.
As you can guess the domain name system is fairly
complicated. In fact several books were written entirely on DNS. I
can, however, give you a simple overview of DNS.
The name-to-address resolution system, which ran before DNS
came, consisted of a file known as the host file.
It was a table of
hostnames and their assigned IP addresses, and was maintained by the
Stanford Research Institute's Network Information Center (SRI-NIC).
Several times a week, SRI-NIC would update their table with new
hostnames that popped up, and system administrators would update
their own local tables by grabbing SRI-NIC's table via FTP.
The system worked, but as the net began to grow faster and
faster, this became an ineffective measure, and as the concern for
the net's stability grew, there was need for a new system. There was
need for a decentralized system. DNS does just that.
DNS is decentralized. It means that there is no central
system that is responsible for DNS. It's what's known as a
distributed database - it exists on many servers, and every DNS
server knows where to look when it needs a certain piece of
information that it doesn't have in its own local tables. We'll get
to that in just a second.
The DNS Server
A DNS Server is a computer, usually one that runs with a
Unix or Unix-like operating system, and hence usually uses the Unix
program BIND (Berkeley Internet Name Domain). There are similar
programs for Windows and Mac too, of course, if one should choose to
use either of those as a DNS server, but most people prefer Unix
servers, since they are more stable and can take more load.
A DNS program is made of two parts: the name server itself
(the daemon program that listens to port 53) and another component
called a resolver. The name server responds to browsers requesting
name information. For example, when someone opens up a browser
window, such as Internet Explorer, and types in
www.securitywriters.org, his browser will ask the nearest DNS server
(most likely the one at your ISP) for the IP address of the hostname
www.securitywriters.org, because it needs this address to find the
server that hosts this site and request the site's content from it.
The DNS daemon will look up this address in its local tables, and if
it cannot find a matching IP, it will turn to the resolver, which
will in turn ask a higher-level DNS server for this information.
The tree
formation
So, once your local DNS server can't find a matching IP for
a given hostname, it will ask a higher-level DNS server for this
information, which will in turn look at its own tables and see if it
has that information. If it hasn't, it will ask another DNS server
of a higher level, and so on and so forth.
So, we've established that there is some kind of tree in
here, right? But how does the tree look like? Well, let's take an
example. Suppose your ISP is isp.co.uk. Naturally, your ISP's DNS
server's hostname will be dns.isp.co.uk. Now, suppose you ask
dns.isp.co.uk for the IP address of www.somehost.com. dns.isp.co.uk
will look at its own local tables, to see if anyone else has
requested the IP address of www.somehost.com and it has that address
in its "memory". If it cannot find the address, it will query a
higher-level DNS server called co.uk. This DNS server is in charge
of every hostname under the co.uk hostname, but may also have the IP
or www.somehost.com, since someone else may have already requested
it from him.
If he doesn't have the IP in his local tables, he will turn
to the uk DNS server, the one which is in charge of everything that
is under .uk (such as isp.co.uk, another-isp.net.uk,
some-organization.org.uk, school.edu.uk, university.ac.uk,
england.gov.uk, airforce.mil.uk and anything else that ends with
.uk). If it cannot find the IP either, it will turn to the last
resort - the DNS server of the highest level, called .root. This is
a very powerful computer, and its DNS table contains every host name
under every domain name in existence.
When and why
does DNS "hang" or fail?
DNS resolution can be fast and can be slow. If your ISP has
the IP address you requested, it could take just a few miliseconds
to get it. If it needs to query higher-level DNS servers, it might
take longer, sometimes up to 15 seconds. In the worst case, you'll
get a dialog box from your browser saying that the address could not
be found. This could happen either because the given address simply
doesn't exist, or because the process took too long and your browser
"timed out" and dropped the connection.
If the latter occurs, you can press Refresh or Reload
(depending on your browser), and this time things will go much
faster because your ISP's DNS server will have the IP address you
requested in its own tables, after it got it from the higher-level
DNS servers.
You can read some DNS-related RFCs here.
More information about DNS can be found at the DNS Resource
Directory.
Credits:
Author: Raven, founder of SWG.
URL: http://www.securitywriters.org/
|