| DNS: the What, the How and the Why |
|
Before DNS, there was another name-to-address resolution system, but DNS was introduced in order to make the distribution of the host table easier. It is much simpler to remember a hostname than four digits. As you can guess the domain name system is fairly complicated. In fact several books were written entirely on DNS. I can, however, give you a simple overview of DNS. The name-to-address resolution system, which ran before DNS came, consisted of a file known as the host file. It was a table of hostnames and their assigned IP addresses, and was maintained by the Stanford Research Institute's Network Information Center (SRI-NIC). Several times a week, SRI-NIC would update their table with new hostnames that popped up, and system administrators would update their own local tables by grabbing SRI-NIC's table via FTP. The system worked, but as the net began to grow faster and faster, this became an ineffective measure, and as the concern for the net's stability grew, there was need for a new system. There was need for a decentralized system. DNS does just that. DNS is decentralized. It means that there is no central system that is responsible for DNS. It's what's known as a distributed database - it exists on many servers, and every DNS server knows where to look when it needs a certain piece of information that it doesn't have in its own local tables. We'll get to that in just a second. The DNS Server A DNS Server is a computer, usually one that runs with a Unix or Unix-like operating system, and hence usually uses the Unix program BIND (Berkeley Internet Name Domain). There are similar programs for Windows and Mac too, of course, if one should choose to use either of those as a DNS server, but most people prefer Unix servers, since they are more stable and can take more load. A DNS program is made of two parts: the name server itself (the daemon program that listens to port 53) and another component called a resolver. The name server responds to browsers requesting name information. For example, when someone opens up a browser window, such as Internet Explorer, and types in www.securitywriters.org, his browser will ask the nearest DNS server (most likely the one at your ISP) for the IP address of the hostname www.securitywriters.org, because it needs this address to find the server that hosts this site and request the site's content from it. The DNS daemon will look up this address in its local tables, and if it cannot find a matching IP, it will turn to the resolver, which will in turn ask a higher-level DNS server for this information. The tree formation So, once your local DNS server can't find a matching IP for a given hostname, it will ask a higher-level DNS server for this information, which will in turn look at its own tables and see if it has that information. If it hasn't, it will ask another DNS server of a higher level, and so on and so forth. So, we've established that there is some kind of tree in here, right? But how does the tree look like? Well, let's take an example. Suppose your ISP is isp.co.uk. Naturally, your ISP's DNS server's hostname will be dns.isp.co.uk. Now, suppose you ask dns.isp.co.uk for the IP address of www.somehost.com. dns.isp.co.uk will look at its own local tables, to see if anyone else has requested the IP address of www.somehost.com and it has that address in its "memory". If it cannot find the address, it will query a higher-level DNS server called co.uk. This DNS server is in charge of every hostname under the co.uk hostname, but may also have the IP or www.somehost.com, since someone else may have already requested it from him. If he doesn't have the IP in his local tables, he will turn to the uk DNS server, the one which is in charge of everything that is under .uk (such as isp.co.uk, another-isp.net.uk, some-organization.org.uk, school.edu.uk, university.ac.uk, england.gov.uk, airforce.mil.uk and anything else that ends with .uk). If it cannot find the IP either, it will turn to the last resort - the DNS server of the highest level, called .root. This is a very powerful computer, and its DNS table contains every host name under every domain name in existence. When and why does DNS "hang" or fail? DNS resolution can be fast and can be slow. If your ISP has the IP address you requested, it could take just a few miliseconds to get it. If it needs to query higher-level DNS servers, it might take longer, sometimes up to 15 seconds. In the worst case, you'll get a dialog box from your browser saying that the address could not be found. This could happen either because the given address simply doesn't exist, or because the process took too long and your browser "timed out" and dropped the connection. If the latter occurs, you can press Refresh or Reload (depending on your browser), and this time things will go much faster because your ISP's DNS server will have the IP address you requested in its own tables, after it got it from the higher-level DNS servers. You can read some DNS-related RFCs here. |
| Credits: |
|
Author: Raven, founder of SWG. |