DNS
The Domain Name System.
Contents ๐︎
What is DNS ๐︎
You type in wikipedia.org into your browser. What happens next?
First, your browser needs to work out which IP address corresponds to the domain name.
This is DNS.
You understand a hostname like wikipedia.org, but your device only understands IP addresses.
DNS created a mapping between hostnames and IP addresses.
The History of DNS ๐︎
The Hosts File ๐︎
On your computer, you might have seen your /etc/hosts file.
This contains a mapping between a hostname and an ip addresses.
My /etc/hosts looks like this:
> cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
# Added by Docker Desktop
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
What you might not know, is that the existence of this file goes back to the history of DNS.
A Need for DNS ๐︎
In the Development of the Domain Name System1, we know that way back in 1983, the way that users of computers would get the IP address of another computer, was by looking in the HOSTS.txt file.
This text file contained all computers on the internet. When a new device needed to be added to the internet, the IP address and the hostname would be added to the HOSTS.txt file, and the new version of the file would be distributed to all consumers.
This works well for a small number of devices, but not even the creators of DNS could have seen how large the internet would become.
Current Day DNS ๐︎
When you make a DNS request, you provide the hostname, and you would like to receive an IP address.
Your device creates a DNS request according to the specs, described in RFC 1034 and RFC 1035 .
Next, your request is sent to a DNS server. This is typically your ISP, or you can also manually set this to something like 8.8.8.8 which is a service provided by Google.
Image: K&R2
So, a DNS server has your request and wants to find the IP.
Let’s say I want to find the IP address of my site, www.jfricker.com.
To do this, it needs to ask some questions.
First, we ask the root servers, a question.
Run dig to find the root servers
.
โฏ dig
; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12373
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 37713 IN NS g.root-servers.net.
. 37713 IN NS e.root-servers.net.
. 37713 IN NS i.root-servers.net.
. 37713 IN NS k.root-servers.net.
. 37713 IN NS f.root-servers.net.
. 37713 IN NS d.root-servers.net.
. 37713 IN NS m.root-servers.net.
. 37713 IN NS j.root-servers.net.
. 37713 IN NS c.root-servers.net.
. 37713 IN NS l.root-servers.net.
. 37713 IN NS a.root-servers.net.
. 37713 IN NS b.root-servers.net.
. 37713 IN NS h.root-servers.net.
;; Query time: 14 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Sep 23 12:23:35 AEST 2023
;; MSG SIZE rcvd: 239
There are only 13 root DNS servers worldwide, however, these are replicated across the world. So even though there aren’t many servers, we can still get a good response time.
Root servers contain the IP address of the top-level domain servers. These are the servers for .com, .org and more. The IP addresses of all these servers are hardcoded. So if you wanted to add a new TLD, you would need to add a new IP address entry into a root server.
Image: K&R2
The NS records above
Next, we want to find .com, from a root server. So we can try this command
โฏ dig @a.root-servers.net. com. NS
; <<>> DiG 9.10.6 <<>> @a.root-servers.net. com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8679
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; AUTHORITY SECTION:
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
;; ADDITIONAL SECTION:
e.gtld-servers.net. 172800 IN A 192.12.94.30
e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
b.gtld-servers.net. 172800 IN A 192.33.14.30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
j.gtld-servers.net. 172800 IN A 192.48.79.30
j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
m.gtld-servers.net. 172800 IN A 192.55.83.30
m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30
i.gtld-servers.net. 172800 IN A 192.43.172.30
i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
f.gtld-servers.net. 172800 IN A 192.35.51.30
f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
a.gtld-servers.net. 172800 IN A 192.5.6.30
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
g.gtld-servers.net. 172800 IN A 192.42.93.30
g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172800 IN A 192.54.112.30
h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
l.gtld-servers.net. 172800 IN A 192.41.162.30
l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
k.gtld-servers.net. 172800 IN A 192.52.178.30
k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
c.gtld-servers.net. 172800 IN A 192.26.92.30
c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172800 IN A 192.31.80.30
d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
;; Query time: 119 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sat Sep 23 12:25:41 AEST 2023
;; MSG SIZE rcvd: 828
Here, we are querying for the NS records. The NS records in this case are those DNS servers that are authoritative for that domain.
Note here that ANSWER: 0, we didn’t get an actual answer because we are asking who is responsible for the .com. top-level domain. .com. has no IP address, you can’t browse to this website.
The .com. servers know all of the hostnames in .com. They should know something about jfricker.com.
To continue our search, we can query one of these and ask about jfricker.com.
โฏ dig @a.gtld-servers.net. jfricker.com
; <<>> DiG 9.10.6 <<>> @a.gtld-servers.net. jfricker.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40521
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 13
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jfricker.com. IN A
;; AUTHORITY SECTION:
jfricker.com. 172800 IN NS karsyn.ns.cloudflare.com.
jfricker.com. 172800 IN NS maciej.ns.cloudflare.com.
;; ADDITIONAL SECTION:
karsyn.ns.cloudflare.com. 172800 IN A 108.162.194.194
karsyn.ns.cloudflare.com. 172800 IN A 162.159.38.194
karsyn.ns.cloudflare.com. 172800 IN A 172.64.34.194
karsyn.ns.cloudflare.com. 172800 IN AAAA 2606:4700:50::a29f:26c2
karsyn.ns.cloudflare.com. 172800 IN AAAA 2803:f800:50::6ca2:c2c2
karsyn.ns.cloudflare.com. 172800 IN AAAA 2a06:98c1:50::ac40:22c2
maciej.ns.cloudflare.com. 172800 IN A 108.162.195.42
maciej.ns.cloudflare.com. 172800 IN A 162.159.44.42
maciej.ns.cloudflare.com. 172800 IN A 172.64.35.42
maciej.ns.cloudflare.com. 172800 IN AAAA 2606:4700:58::a29f:2c2a
maciej.ns.cloudflare.com. 172800 IN AAAA 2803:f800:50::6ca2:c32a
maciej.ns.cloudflare.com. 172800 IN AAAA 2a06:98c1:50::ac40:232a
;; Query time: 25 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Sat Sep 23 12:35:04 AEST 2023
;; MSG SIZE rcvd: 361
Here we go! Now we’ve got some information about jfricker.com. The site is hosted by cloudflare, and now we’ve got some servers to help us find the IP address.
Next, let’s query one of these and get our site IP.
โฏ dig @karsyn.ns.cloudflare.com. www.jfricker.com
; <<>> DiG 9.10.6 <<>> @karsyn.ns.cloudflare.com. www.jfricker.com
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64879
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.jfricker.com. IN A
;; ANSWER SECTION:
www.jfricker.com. 300 IN A 172.67.152.241
www.jfricker.com. 300 IN A 104.21.56.156
;; Query time: 15 msec
;; SERVER: 108.162.194.194#53(108.162.194.194)
;; WHEN: Sat Sep 23 12:36:22 AEST 2023
;; MSG SIZE rcvd: 77
There we go! We have two answers. One is 172.67.152.241, and if you navigate to that page, you will land at www.jfricker.com.
Finally, this IP is returned to your ISP and you can start to create your HTTP request for the site content.
Caching ๐︎
If we had to query the 13 root servers for every DNS request, things would get pretty crazy.
Fortunately, each server has caches for requests.
For example, the root servers cache requests the TLD’s, so it will very rarely actually need to go into the database and grab a record.
Similarly, caching will occur at the DNS server completing the request. So even going to the other servers to fetch records will be rare.
Mappings between hosts and address can change though, so each record in the cache also has a TTL. To ensure that the cache can also be refreshed when the underlying records change.
Conclusion and Further Reading ๐︎
DNS is a very interesting piece of software. It’s amazing that something designed so long ago is functioning so well today.
Further Resources
-
Development of the Domain Name System: https://cseweb.ucsd.edu/classes/wi01/cse222/papers/mockapetris-dns-sigcomm88.pdf ↩︎
-
Computer Networking: A Top Down Approach, Kurose and Ross (2021) ↩︎ ↩︎