Domain Name System (DNS)
DNS is an application layer protocol that (1) translates human readable domain names to machine readable IP address and (2) defines how application processes running on different systems pass messages to each other.
All computers on the Internet find & communicate with each other through IP numbers. Since people can't remember each and every long number, we can enter the domain name as queries instead and DNS will direct us to the corresponding IP address.
Each node in a tree has a domain name, and a full domain name is a sequence of symbols specified by dots. Domain name space is divided into three different sections: generic domains, country domains, and inverse domains.
Domains
Generic domains
- defines registered hosts according to their generic behavior
- each node in a tree defines the domain name
- domain name is an index to the DNS database
- uses three-character labels that describes the organization type
- (ex) com - commercial organizations, int - international organizations, mil - military groups
Country domain
format of country domain uses two-character country abbreviations
(ex) us - United States
Inverse domain
- used for mapping an address to a name
Types of DNS Servers
Recursive DNS
- aka DNS resolver
- first stop in a DNS query
- clients typically connect to recursive DNS services that ultimately reach authoritative DNS services
- does not own any DNS records
- acts as intermediary that can get DNS info on your behalf
- can cache DNS references & reply to DNS query w/ source/IP info
- if DNS reference isn't cached, it passes the query to one or more authoritative DNS servers
DNS root nameserver
- known to every recursive resolver
- first stop in a recursive resolver's quest for DNS records
- accepts a recursive resolver's query that includes a domain name
- responds by directing the recursive resolver to a TLD name server based on the extension of that domain (.com, .net, .org, etc.)
- overseen by ICANN (Internet Corporation for Assigned Names and Numbers)
- 13 types of root nameservers & many more copies of each one
TLD nameserver
- maintains info for all domain names that share a common domain extension
- (ex) .com TLD nameserver contains info for every website that ends in .com
- managed by IANA (Internet Assigned Numbers Authority, a branch of ICANN)
- IANA breaks TLD servers into 2 groups: generic top-level domains & country code top-level domains
- Generic top-level domains: domains that are not country-specific
- (ex) .com, .org, .net, .edu, .gov, etc.
- Country code top-level domains: country/state-specific domains
- (ex) .uk, .us, .ru, .jp, etc.
Authoritative nameserver
- is reached after recursive resolver receives a response from a TLD nameserver
- provides an update mechanism that developers use to manage their public DNS names
- answers DNS queries: translates domain names into IP addresses
- has final authority over a domain
- responsible for providing answers to recursive DNS servers w/ IP address info
- contains info specific to domain name & can provide IP address of that server
Types of DNS queries
Recursive query
DNS client requires that DNS server will respond to client w/ either the requested resource record or an error message if resolver can't find the record
Iterative query
DNS client allows DNS server to return the best answer it can.
- If queried DNS server does not have a match for query name, it returns a referral to a DNS server authoritative for a lower level of domain namespace
- Then client repeats making queries to referral address and receving referral addresses until either an error/timeout occurs
Non-recursive query
DNS resolver client queries a DNS server for a record that it has access
How DNS works
- User enters
www.example.comin the address bar - Request for
www.example.comis routed to a DNS resolver - DNS resolver for the ISP forwards the request to a DNS root name server
- Root server responds to resolver w/ the address of the corresponding TLD DNS server
- DNS resolver forwards the request again to one of the .com TLD
- TLD server responds to request w/ the IP address of the domain's nameserver (
example.com) - Recursive resolver sends a query to domain's nameserver
- IP address for
example.comis returned from nameserver to resolver - DNS resolver responds to web browser w/ IP address of the domain requested
- Browser makes a HTTP request to the IP address
- Server at that IP returns the webpage to be rendered in the browser
DNS Record
DNS record
- aka zone files
- instructions that live in authoritative DNS servers
- provides info about domain
- what IP address is associated with which domain
- how to hand requests for that domain
- etc.
- consists of a series of text files written in DNS syntax
- DNS syntax: string of characters used as commands that tell DNS server what to do
- all DNS records have a TTL that indicates how often a DNS server will refresh that record
Types of DNS Record
A
- stands for address
- holds IPv4 address of a domain
- contains domain, record type (A), value (IP address), and TTL
AAAA
- contains domain, record type(AAAA), value (IPv6 address), and TTL
CNAME
- forwards one domain or subdomain to another domain
- points to a domain (NOT an IP address)
- does NOT provide an IP address
- used when a domain or subdomain is an alias of another domain
- CNAME record can point to another CNAME record
- but inefficient b/c it causes multiple DNS lookups
- MX/NS records can't point to a CNAME record
How it works
- If
blog.example.comhas a CNAME record w/ value ofexample.com: - When a DNS server hits the DNS records for
blog.example.com, it triggers another DNS lookup toexample.com, returningexample.com's IP address via A record
MX
- mail exchange record
- directs mail to an email server
- indicates how email messages should be reouted in accordance w/ SMTP(Simple Mail Transfer Protocol)
- must point to another domain
- contains domain, record type (MX), priority, value(mail server), and TTL
- lower prioriy value is preferred
TXT
- lets a domain admin store text notes in the record
- often used for email security
- contains domain, record type(TXT), value(text), and TTL
TXT records help prevent email spam:
- Spammers try to fake/forge domains from which they send their email messages
- TXT records are a key component of several different email authentication methods that help an email server determine if a message is from a trusted source
- common email authentication: DKIM (Domain Keys Identified Mail), SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting & Conformance)
- SPF records: SPF TXT records list all the servers that are authorized to send email messages from a domain
- DKIM records: digitally signs each email using a public-private key
- helps verify that email is actually from the domain it claims to be from
- public key is hosted in a TXT record associated w/ domain
- DMARC records: references the domain's SPF & DKIM policies
TXT records help verify domain ownership b/c an admin can prove they control the domain by uploading a TXT record w/ specific information
Chrome 검색창에 google.com을 검색했을 때 무슨일이 일어나는가?
If a user was searching for google.com, after receiving a response from a root nameserver, the recursive resolver would then send a query to a .com TLD nameserver, which would respond by pointing to the authoritative nameserver (see below) for that domain.
references
