Buzz
An IT professional sketches a representation of the Domain Name System (DNS) on a digital whiteboard. Image credit: Godfried Edelman/Getty ImagesThe internet and the World Wide Web are vast realms powered by computer languages, codes, and web browsers, all designed to find and exchange data. One of the cornerstones of the internet is the Domain Name System, or DNS. (Though many people mistakenly believe "DNS" means "Domain Name Server," it actually stands for "Domain Name System.")
DNS operates as a protocol within the broader set of standards used for data exchange across the internet and private networks, referred to as the TCP/IP protocol suite. Its function is essential, as it translates user-friendly domain names like "Mytour.com" into Internet Protocol (IP) addresses, such as 70.42.251.42, which computers use to recognize one another on the network. In essence, it serves as a system that pairs names with numbers.
Think of the DNS system as the internet's version of a phone book. Without such a directory, you'd be left to navigate the vast, complex web of data scattered across the globe in much more convoluted ways... and trust me, it wouldn't be nearly as enjoyable, especially with the hundreds of millions of domain names in play [source: VeriSign].
Without DNS servers, the internet would quickly grind to a halt. But how does your device know which DNS server to use? Typically, when you connect to your home network, ISP, or WiFi, the modem or router that assigns your device's network address also provides crucial network settings, including one or more DNS servers for your device to use when translating DNS names to IP addresses.
You've already learned some essential DNS fundamentals. The remainder of this article explores domain name servers and the process of name resolution in more detail. It even introduces how you can manage your own DNS server. Let's start by examining how IP addresses are structured and why this structure is vital to name resolution.
DNS Servers and IP Addresses
You've just discovered that the primary function of a DNS server is to resolve (or translate) domain names into IP addresses. While this may seem like a straightforward task, it becomes more complex due to several factors:
- There are billions of IP addresses actively used, and the majority of machines also have a name that's easy for humans to read.
- DNS servers are collectively processing billions of DNS queries across the internet at any given moment.
- Millions of people add and modify domain names and IP addresses every day.
Given the sheer volume of data to manage, DNS servers rely heavily on network efficiency and internet protocols. Part of the power of the IP system is that each machine on a network has its own unique IP address, whether under the IPV4 or IPV6 standards, both overseen by the Internet Assigned Numbers Authority (IANA). Here are a few ways to identify an IP address:
- An IPV4 address consists of four numbers, separated by three periods, like this: 70.74.251.42
- An IPV6 address features eight hexadecimal digits (base-16), separated by colons, such as 2001:0cb8:85a3:0000:0000:8a2e:0370:7334. Since IPV6 is relatively new, we'll focus on the more common IPV4 format for this article.
- Each number in an IPV4 address is called an "octet" because it's the base-10 equivalent of an 8-digit binary number used for routing network traffic. For example, the octet "42" represents the binary number 00101010. Each binary digit corresponds to a power of two from 2 to 27, read from right to left. So, in 00101010, the values are 21, 23, and 25. To calculate the base-10 equivalent, add 21 + 23 + 25 = 2 + 8 + 32 = 42.
- There are only 256 possible values for each octet: from 0 to 255.
- Some IP addresses and ranges are reserved by the IANA for specific uses. For example, the IP address 127.0.0.1 is reserved to identify your own computer. So, when you interact with 127.0.0.1, you're effectively communicating with your own device [sources: Cisco, Lammele].
Web servers and other systems that require a constant point of contact use static IP addresses. This means that the same IP address is consistently assigned to the system's network interface whenever it connects to the internet. To ensure this, the IP address is linked to the Media Access Control (MAC) address of that interface. Each network interface, whether wired or wireless, has a unique MAC address set by the manufacturer.
Now, let's turn our attention to the other side of the DNS equation: domain names.
Here are some helpful steps for finding your computer's IP address. Keep in mind that this address changes periodically unless you’ve opted for a static IP, which is rare for most users:
- Windows — While you can navigate through the user interface to find your network settings, one quick method to locate your IP address is to open the Command Prompt application from Accessories and type: ipconfig
- Mac — Open System Preferences, click Network, ensure your active connection (indicated by a green dot) is selected, click Advanced, and then go to the TCP/IP tab.
- Linux or UNIX — If you don’t already have a terminal open, launch a terminal application like XTERM or iTerm. At the command prompt, type: ifconfig
- Smartphones with WiFi — Check your phone’s network settings. The process varies depending on the phone and operating system version.
If you're connected to a home or local network, your address is likely to be in one of these formats: 192.168.x.x, 172.16.x.x, or 10.x.x.x (where x is a number between 0 and 255). These addresses are reserved for use within local networks, with a router linking you to the internet [sources: Modi, Price, Rusen].
Domain Names
The Amazon.co.uk logo appears on a cardboard shipping box from Amazon. Amazon.co.uk is the domain name representing Amazon in the United Kingdom. Image credit: nkbimages/Getty ImagesIf we had to memorize the IP addresses of all our favorite websites, it would be a nightmare! Humans aren't great at recalling long strings of numbers. However, we're quite skilled at remembering words, which is where domain names come into play. You likely have hundreds of domain names stored in your mind, such as:
- Mytour.com — our favorite domain name
- google.com — one of the most popular domain names worldwide
- mit.edu — a widely recognized educational domain
- bbc.co.uk — a three-part domain name utilizing the UK country code
Domain names typically consist of strings of characters separated by dots (periods). The final segment in a domain name corresponds to the top-level domain. These top-level domains are managed by the IANA within the Root Zone Database, which we’ll explore in more detail later [source: IANA]. There are over 1,000 top-level domains, and here are some of the most familiar:
- COM — originally for commercial websites, but available to everyone
- NET — initially for network-related websites, but open to all
- ORG — originally for non-profit organizations, but available to anyone
- EDU — restricted to educational institutions
- MIL — limited to the U.S. military
- GOV — designated for U.S. government entities
- US, UK, RU and other two-letter country codes — each managed by a domain authority in the respective country
In a domain name, every word and dot combination you add before the top-level domain represents a level in the domain hierarchy. Each level refers to a specific server or a set of servers responsible for managing that domain. For example, "Mytour" in the domain name is a second-level domain within the COM top-level domain.
An organization may have a hierarchy of sub-domains to better structure its online presence. For instance, "bbc.co.uk" is the BBC's domain under the CO second-level domain, a level created by the domain authority that oversees the U.K.'s country code.
The first part of a domain name, like www or mail, is referred to as the host name. This designates a particular machine (with a unique IP address) within the domain, often assigned a specific function. A domain can house millions of distinct host names, provided each one is unique to that domain.
The 'http' stands for Hypertext Transfer Protocol, which is the method used to send information from a user to the website they are accessing. Today, however, you're more likely to encounter 'https,' which indicates a secure version of the protocol, ensuring the data sent is encrypted. This is especially crucial when entering sensitive information like a credit card number on a website [source: EasyNews].
When we discuss how to create a domain name later, one of the steps involves selecting one or more name servers (DNS servers) that hold the authority to resolve the host names and sub-domains within that domain. This process is typically done through a hosting provider, which operates its own DNS servers. Up next, we’ll explore how these DNS servers manage your domain and how DNS servers across the internet collaborate to ensure proper traffic routing between IP addresses.
The Distributed System
The 'www' in a domain name stands for 'World Wide Web' and indicates that you're searching for something online (as opposed to other areas of the internet, such as email). While it used to be essential to include 'www,' it's now less of a requirement in modern web addresses. Hemera Technologies/Getty ImagesEvery domain is associated with a domain name server (DNS) that handles its requests. A dedicated person or IT team manages the records stored in that server's database. No other database on Earth handles as many requests as DNS servers, as they manage queries and updates from millions of users daily. What makes DNS truly remarkable is its distributed nature — it's spread across millions of machines, operated by millions of people, but still functions as if it's a single, unified database!
Managing DNS can seem like an overwhelming task, which is why many leave it to IT professionals. However, by understanding the basics of how DNS functions and how servers are distributed throughout the internet, you can confidently manage DNS on your own. The first step is understanding the role of the DNS server within the network it belongs to. A DNS server will typically have one of these two primary functions:
- Maintain a local database of frequently used domain names and IP addresses, while forwarding requests for other names to external DNS servers on the internet.
- Pair IP addresses with all the hosts and sub-domains over which the DNS server has authority.
When you type a URL into your browser, the DNS server works to translate the domain name into the corresponding IP address of the web server you're trying to reach. ©Mytour.comDNS servers that handle the first task are typically operated by your internet service provider (ISP). As mentioned previously, the ISP’s DNS server is part of your network configuration, provided by DHCP when you connect to the internet. These servers are housed in your ISP's data centers, and they process requests in the following manner:
- If the server has the domain name and corresponding IP address in its database, it resolves the request directly.
- If it doesn't have the domain name and IP address, it queries another DNS server on the internet, possibly needing to contact multiple servers.
- When it contacts another server, it stores the results temporarily so future requests for the same domain can be resolved faster.
- If the server is unable to locate the domain name after extensive searching, it will return an error indicating that the name is invalid or non-existent.
The second type of DNS server, typically linked to web, mail, and other hosting services, is easier for non-technical users to manage, though some advanced IT professionals still set up their own DNS servers. Hosting services have simplified DNS management for everyday users.
A DNS server that manages a particular domain is known as the Start of Authority (SOA) for that domain. The information from the SOA regarding host lookups gradually propagates to other DNS servers, which then propagate it further across the internet.
The vast network of DNS servers includes the root name servers, which are positioned at the top of the domain hierarchy for each top-level domain. For every top-level domain, there are hundreds of root name servers available. Although DNS lookups don't always begin with a root name server, it can be contacted as a last resort to help locate the Start of Authority (SOA) for a domain.
Now that you understand how DNS servers are interlinked to streamline the process of name resolution, let's explore how you can configure a DNS server to be the authoritative server for your domain.
Creating a New Domain Name
A catchy domain name is crucial if you're running an e-commerce site. skaman306/Getty ImagesTo create a new domain name, follow these steps:
- Check the Whois database for a unique domain name that hasn't been registered yet. Free Whois database searches are available on various sites, such as Network Solutions. If the search returns no results, the domain name is up for grabs.
- Register the domain name through a registrar. There are numerous registrars to choose from, and some offer deals like discounted rates for registering COM, NET, and ORG domains together, for registering multiple years at once, or for hosting your domain with the same service provider.
- If you're using a different company to host the domain, configure your registrar to point the domain name to the correct host name or IP address of your hosting company (see A records below) [source: Wilson and Randall].
Whether your SOA is hosted elsewhere or on your system, you can adjust your DNS settings to add sub-domains, redirect emails, and manage other services. This data is stored in a zone file on the DNS server. If you're running your own server, you’ll likely need to manually update the zone file using a text editor. Many registrars now offer web interfaces for DNS management. Each modification you make is referred to as a record, and here are the most common record types you can configure for your DNS server [source: GoDaddy.com].
- Host (A) — The core mapping of an IP address to a host name, essential for any domain name.
- Canonical Name (CNAME) — An alias for your domain. Accessing this alias automatically redirects to the server specified in the A record.
- Mail Exchanger (MX) — This directs email traffic to a specific server, either by host name or IP address. For instance, those using Google for their domain's email would create an MX record pointing to ghs.google.com.
- Name Server (NS) — This contains name server info for the zone. Configuring this means your server will inform other DNS servers that it’s the authoritative source (SOA) for your domain when caching lookup info from DNS servers globally.
- Start of Authority (SOA) — This is a major record at the start of every zone file, containing primary name server information and additional details. If your registrar or hosting company manages your DNS server, you won’t need to handle this. If you manage your own DNS, you can refer to tips on managing a DNS SOA Record structure in this article [source: Burch].
Here’s an example of how a zone file might appear if you’re editing it directly in a text editor. Note that the second column (middle item on each line) specifies the record type, such as those listed above. When you see an "@" in the first column, it means the record applies universally unless otherwise noted:
@ NS primary-auth-server.Mytour.com
@ NS secondary-auth-server.Mytour.com
@ MX priority 10 email-service
mail A record 209.170.137.42
vip1 A record 216.183.103.150
www CNAME vip1-server
For most users, MX and CNAME records will be the most practical. MX records allow you to direct your email services to another provider, such as Google Apps, instead of using your web host's default service. CNAME records, on the other hand, allow you to assign host names within your domain to other locations. For example, you can make google.example.com redirect to google.com, or direct traffic for a gaming server to a dedicated IP address like gameserver.example.com.
The Ever-Evolving DNS
DNS is always changing. In late 2018, ICANN introduced new security features for DNS, particularly modifying the cryptographic keys used in DNSSEC (Domain Name System Security Extensions). Known as the root zone key signing key (KSK), this update was essential to enhance security, especially considering the rapid growth of the Internet of Things (IoT) and its millions of new connected devices [source: Cooney].
These security updates are crucial because hackers often target DNS to steal data or cause disruptions, such as with DNS hijacking. Both security-conscious users and IT experts must remain informed about preventive strategies to defend against DNS poisoning, denial-of-service attacks, and similar threats [sources: Greenberg].
