DNS is obviously a very important component of the Internet. Many people understand DNS works much like a phone book, where finding a phone number for a person requires looking for their name in an alphabetical list and then using the number adjacent.
In a broad sense that is exactly how DNS works, however, there are some interesting details that are generally left out of the phone book analogy.
Zone Files - Whois record and Nameservers
The first step is getting the Whois record for a domain. The Whois record is managed by the registrar for a domain and filed with the root servers that are operated by the Domain Name Registry.
The registrar is usually the entity that sold the domain, the Domain Name Registry is the organisation that keeps track of all domain names.
This Whois record is also known as the Parent Zone for a domain.
Along with information about who owns the domain the Whois record contains a list of nameservers responsible for the domain.
These nameservers are important, they are the Authoritative Nameservers for the domain - meaning they are the authorities that hold the truest set of data for the domain.
There needs to be primary and secondary nameservers listed as the authorities for a domain for redundancy. If one of the authoritative nameservers for a domain is down there is an option to query the other nameserver for the information.
Nameservers are also specified in the zone file for a domain, so both the Whois record (parent zone) and the zone file (child zone) specify the nameservers for a domain. The nameservers in both the whois record and the zone file MUST MATCH.
The primary nameserver is the machine that the zone file for a domain is edited on, it is the true authority for the domain name. The records (A, MX, TXT, SOA, NS etc.) for the domain are stored in this zone file.
All the authoritative nameservers need to have a matching copy of this zone file so that any of them can be queried about the domain. This requires the secondary nameservers to transfer or copy the zone file from the primary nameserver. To manage this process the SOA record in the zone file is used.
Communication between nameservers is controlled by the top section of a zone file: the SOA and NS records.
When a change is made to the zone file on the primary authoritative nameserver, that nameserver pings the other authority nameservers for a domain (which it finds in the NS records) by sending a "notify packet". When the other nameservers receive this notification they reload the zone file from the primary nameserver to keep their zone file up to date.
The SOA record first supplies the primary nameserver and the email address of the admin for the domain. It then contains some information important for controlling how the other nameservers update their records.
The serial number is incremented each time the zone file is updated on the primary. This acts like a version number really, when secondary nameservers check the serial number they can see if their zone file is up to date.
Tells the nameserver how long to wait before it tries to find fresh information on the primary.
Tells nameserver how long to wait before retrying to get fresh info from the primary in the instance that the first attempt did not succeed.
In effect the expiry date of the zone file, so that a nameserver knows when the information in the zone file is too old to use.
Also known as TTL or time to live, determines how long local resolution nameservers keep the domain's info in a cache before looking for new information.
If the nameservers for a domain happen to be subdomains of that same domain, glue records are provided with the Whois record. This is to avoid the chicken egg problem of needing the zone file in order to resolve the nameserver addresses in order to find the zone file. The glue record provides the IP address to prevent this from happening basically.
Resolving a domain name
The job of local resolution nameservers is to get the info for a domain from the authoritative nameservers and pass that info back to the machine that asked for it - a process known as domain name resolution.
During this process of resolving a domain name address the local resolution nameservers might cache the info they get from the authoritative nameservers so that future requests will not require the round trip.
- The local resolution nameservers will check the whois record in order to get the nameservers for the domain.
- They find the nameserver and get the zone file for the records that they need
- They optionally cache the information (take note of the Minimum or TTL specified in the SOA record)
- They return the IP address for the domain name to the computer that queried them about it
Excellent tutorial on DNS basics - main "inspiration" for this article
Great tool for looking up DNS records
List of DNS record types