The D-N-What: A Layman's Guide to the Domain Naming System
January 18, 2001
The Domain Naming System used on the Internet is a very complex. For most users, if the server that controls the names for Web sites, such as yahoo.com, goes down, the Internet connection is useless because 99.99% of Internet work is driven by domain names, and not IP addresses. The Domain Naming System (DNS) is so complicated that only very few system administrators know it well. However, an understanding of the DNS is becoming more and more of a requirement for system admin jobs as the use of computer networks rises.
If you don't know anything about DNS now, it's time to learn.
When someone wants to visit the PC Mechanic Web site, for example, he or she will type "http://www.pcmech.com" into the Internet browser because that's how it's set up, no questions asked. But it's set up that way for humans. PC Mechanic's IP address, which computers use to communicate with each other, is 126.96.36.199. It is a DNS translating between the two. Because of DNS, www.pcmech.com=188.8.131.52, similar to programming variables. www.pcmech.com can be used in place of 184.108.40.206, instead of typing in that number every time. This is obviously much easier for people to remember, and therefore increases the chances of visitors coming back to the site.
DNS isn't quite that simple. However, from a basic standpoint, DNS is just a shared database of domain names and their appropriate IP address. Name servers, more commonly and ironically called DNS servers, hold these databases. Most of the time, they are Unix-type machines running a version of Berkley Internet Naming Software (BIND). In this tutorial we will try to explain how these servers work.
The first type of DNS server is a root domain server. Root domain servers control everything of a certain domain extension, such as .com, .net, and .org. The servers that control those domain extensions are owned by the Network Information Center (InterNIC).
These special servers provide that any computer, or any other DNS server that we will talk about later, has access to a full database for these domain extensions. If you've ever thought about getting your own .com domain name, you'll have to buy one from InterNIC for $70. That covers the first two-year lease; the price will be $35 per year after that.
The second type of DNS server is the authoritative name server. Authoritative name servers are basically mini root domain servers that control only a single domain name, such as webservercompare.com, serverwatch.com, internet.com, or pcmech.com. These servers control the separate names on these domains, such as the commonly used www, mail, and ftp. When these names are paired with the domain names, we get actual mappings to computers. www.pcmech.com, mail.pcmech.com, and ftp.pcmech.com are all the same computer, but can be accessed differently via the different domain names for it. It's as if a single person is being called John Doe, Jim Doe, and Bob Doe; different names for the same person. If you haven't noticed already, there are different names for the server you are reading this from, webservercompare.internet.com is the preferred one, but webcompare.internet.com also works. Same computer, different name.
We now know how DNS works without discussing all the nasty things like protocols and how to deal with the software end. If you're a sys admin, it's crucial that you know these things.
The process begins with the client submitting a DNS query to a DNS server. This is because client software, such as Web browsers, are not designed to hunt down IP addresses for themselves. If they did, the Internet would be full of DNS queries.
Most DNS servers belong to ISPs. They hold little information about a domain, but simply look up information for you and I, the client computers. These machines are no different from many machines we use hardware wise, they simply have special Software that does most of the work.
A client can get an IP address two different ways. The first way, and the fastest, is called iterative resolution. Iterative resolution works in a fairly straightforward manner. Clients simply ask the server to resolve a domain name for them. The server accesses its local database, finds the IP address, and sends it back. If the server doesn't find the address, it sends back a "DNS not found" error.
The second DNS resolution method is a little more complicated. The client requests a name resolved by the server. The server will first do a normal iterative look up, checking its own local database.
The next step comes in when the name isn't found in the DNS server's local database and is explained best through example:
Using the made-up name computer.lan.wan.com, the DNS server will first query the root domain server for the .com portion for the IP address of the wan.com name server. Then, the DNS server will query that name server for the name server of lan.wan.com. Next, the DNS server will query that name server for the IP address of the computer name "computer". The DNS server will finally return the IP address of computer.lan.wan.com to the client, and then save the IP in its database for future reference.
Now that we've explained how DNS works, you may be wondering if you need a DNS server of your own. If you're thinking about getting DNS on your home computer, the answer is an emphatic NO!.
If you're evaluating a DNS for enterprise use, there are decisions to be made. If you use one computer for Web serving, another for e-mail, and still another for FTP, you do need a DNS server. However, you might not need your own DNS server.
With a new service called UltraDNS, you can simply order a DNS server the way you order ISP service. The UltraDNS databases will store your resource record data for you and become the authorities name server for your domain.
A similar product is DNS2Go from Deerfield.com. DNS2Go provides basically the same service as UltraDNS, but with a dynamic IP address, hence the need of a client.
QuickDNS Pro is basically the same as UltraDNS, but targeted more toward MacOS users.
Dyndns.org offers the same dynamic DNS services that DNS2Go offers with a much wider range of root domain choices; however, it has no standard client. This leads to enterprises coding their own clients and offering them to users, yielding many nonstandard but small Dyndns clients.
If you feel the need to build your own DNS server, the only way to go is to use BIND software and a Unix-based operating system. Of course, you could implement a Windows 2000 server with Active Directory, but the costs would be much higher for nothing more than improved ease-of-use and a GUI.