Domain Name Service (DNS)

Domain Name Service (DNS) is a distributed system, it provides the mapping between DNS name and IP address. DNS is a very important Internet infrastructure service.

DNS hierarchy:

DNS is a typical tree data-structure. The information is stored in different layer of the servers as below:

DNS query process:

The whole query process can be illustrated as below:

Usually the process can be two steps:

1.       recursion query: it happens between the client and local DNS server. Local DNS server will contact other DNS server on behalf of client with multiple times, it will return a record or failure message

2.       iteration query: usually it happens between DNS servers, the DNS server will query another DNS server and get the a third DNS server which may contain more detailed/closer information.

Details steps are:

client (sandy) wants to find what’s the IP of ‘ftp.fin.example.com.’

1.       it queries the local DNS (name server).

2.       name server does not have the information. So it queries the root DNS server (.)

3.       root DNS server recommends DNS server (com) may have the information, so it returns com ‘s IP address

4.       name server queries com who is ‘ftp.fin.example.com.’ against com

5.       DNS server com does not have the information. But it recommends probably DNS server of example.com will have the information. And it returns the IP of example.com.

6.       name server queries com who is ‘ftp.fin.example.com.’ against example.com

7.       DNS server example.com does not have the information. But it recommends probably DNS server of fin.example.com will have the information. And it returns the IP of fin.example.com.

8.       name server queries com who is ‘ftp.fin.example.com.’ against fin.example.com

9.       fin.example.com knows the IP and return it to the name server

10.   name server returns it to the client.

There are three types of DNS server:

l         Primary name server: a primary DNS server holds the "master copy" of the data for a zone,

l         Secondary name server: have copies of this data which they synchronize with the primary through zone transfers at intervals or when prompted by the primary.

l         Cache-only name server: no configuration file is required, only caches the result to speed up the query process.

DNS other useful information.

In Linux. DNS is usually provided by program called BIND. In Windows, it is usually combined with windows AD.

DNS is running at port 53. zone transfer is using TCP and normal query is using UDP.

we can use two useful commands : nslookup and dig to get the DNS records. also there are some online tools such as http://www.simpledns.com/lookup-dg.aspx to trace the name record delegation process.