The Domain Name System (DNS) is the method by which Internet addresses in mnemonic form sUCh as sunc.scit.wlv.ac.uk.
are converted into the equivalent numeric IP address such as 134.220.4.1
. To the user and application process this translation is a service provided either by the local host or from a remote host via the Internet. The DNS server (or resolver) may communicate with other Internet DNS servers if it cannot translate the address itself. These notes will discuss
- The form of mnemonic addresses understood by DNS
- The hierarchichal structure of DNS servers and their databases
- How DNS servers communicate with each other
- The user and program interfaces to DNS
DNS name structure
DNS names are constructed hierarchichally. The highest level of the hierarchy being the last component or label of the DNS address. Labels can be up to 63 characters long and are case insensitive. A maximum length of 255 characters is allowed. Labels must start with a letter and can only consist of letters, digits and hyphens. [Unfortunately some administrators construct names that start with digits. This is wrong and can easily cause problems with software that simply inspects the first character of a host address to determine whether a DNS name or an IP address has been quoted.]
Note In the early days of the Internet users in at least one country (the United Kingdom) adopted a similar scheme with the highest hierarchical level appearing first rather than last. I.e. uk.ac.wlv.scit.sun
rather than sunc.scit.wlv.ac.uk
. This practice is, fortunately, obsolete.
DNS addresses can be relative or fully qualified. A fully qualified address includes all the labels and is globally unique. A relative address can be converted by appending the local domain information. For example sunc.scit.wlv.ac.uk
is a fully qualified name for the host sunc
in the domain scit.wlv.ac.uk
. Strictly there should be a stop at the end of a fully qualified name but this is often overlooked.
The final most significant label of a fully qualified name can fall into one of three classes
- arpa
This is a special facility used for reverse translation, i.e. going from IP address to fully qualified domain address. If everything is properly configured a suitably framed query for
1.4.220.134.in-addr.arpa
will returnsunc.scit.wlv.ac.uk
. Details of this will be described later. - 3 letter codes
The DNS was orginally introduced in the United States of America and the final component of an address was intended to indicate the type of organisation hosting the computer. Some of the three letter final labels (edu, gov, mil) are still only used by organisations based in the USA, others can be used anywhere in the world.
The three letter codes arecode meaning com Commercial. Now international. edu Educational. gov Government. int International Organisiation. mil Military. net Network related. org Miscellaneous Organisation. - Two letter codes
The final two letter codes indicate the country of origin and are defined in ISO 3166 with the minor exception that
uk
is used for the United Kingdom rather thangb
although there are some.gb
sites. [This apparently happened because the ISO committee was unaware that Northern Ireland was part of the United Kingdom but not part of Great Britain.]The two letter code
us
is used by some sites in the United States of America.In some countries there are sub-domains indicating the type of organisation such as
ac.uk
,co.uk
,sch.uk
in the United Kingdom andedu.au
andcom.au
in Australia. Most European countries have not adopted this useful practice. A fuller discussion of the United Kingdom DNS domains is provided by the UK Network Information Centre.To oBTain a domain address it is necessary to identify the administrator of the required domain and then all that is basically necessary is to send the administrator the required code and the associated IP address and they will, if they accept the request, include the details in their databases. Conditions for acceptance vary widely between administrators, the administrators for the
com
andorg
being, apparently, quite happy to accept anything from anywhere.DNS servers and their databases
For any group of computers partaking of the DNS naming scheme there is likely to be a single definitive list of DNS names and associated IP addresses. The group of computers included in this list is called a zone. A zone could be a top level national domain or a university department. Within a zone DNS service for subsidiary zones may be delegated along with a subsidiary domain. The computer that maintains the master list for a zone is said to have authority for that zone and will be the primary name server for that zone, there will also be secondaries for that zone.
When any process needs to determine an IP address given a DNS address it calls upon the local host to resolve the address. This can be done in a variety of ways
- Table lookup. On Unix hosts the table is called
/etc/hosts
- The process communicates with a local name server process. This is commonly called
named
on a Unix system.named
initially obtains information from/etc/hosts
but also maintains a cache of recent requests.
- It sends a message to a remote system that is identified from the information in the file
/etc/resolv.conf
. - Finally if a network information system (NIS) is in use DNS service may be one of the facilities provided by the network information system. Most SUN systems work this way although the NIS master will use one or more of the techniques described above to build and maintain the master database.
If a
named
process cannot resolve an address locally it will call upon higher authority. Ultimately it will attempt to contact the system that is authoritative for the zone in question, however, unless the information is cached or in the hosts local files then it will not know the address of the authoritative server. This problem is resolved by recursive resolution of requests, i.e. any DNS server will pass requests it cannot handle to a higher level server and so on until either the request can be handled (either by sending a message to the identified authoritative host) or until the root of the DNS name space is reached.There are eight servers that can serve requests at the root of the DNS name space, all servers should know their IP addresses so that DNS service can be offered even if there are no cached addresses and no local servers indicated by the
/etc/resolv.conf
file. The root servers will know the IP addresses of the servers for all the national DNS zones and the three letter zones.Communication between servers
The message formats used for exchange of queries and responses between hosts and DNS servers is specified in RFC1035. Queries and responses can be transferred either via TCP or via UDP. There are "well-known" port numbers for DNS service using either protocol.
The format of a DNS query and response is
Bits 0-15 Bits 16-31 Identification flags number of questions number of answer RRs number of authority RRs number of additional RRs questions answers (RRs) authority (RRs) additional information RRs are Resource Records
The 16 flag bits provide further information about the query
- QR bit.
A single indicating a query (0) or a response (1)
- opcode
4 bits whose value means
Value Meaning 0 Standard Query 1 Inverse Query 2 Server status request - AA bit
If set, this means that the server is authoritative for the domain in question.
- TC bit
If set this means that the reply size exceeded 512 bytes and only the first 512 bytes were actually returned. This will only be used if the response is being returend via UDP.
- RD bit.
If this bit is not set then recursion is denied. This means that if the responding server cannot resolve the query itself rather than passing it on to "higher authority" and returning the result it eventually receives, it will simply return a list of other servers to try.
- RA bit.
If this bit is set by a responding server then that server is indicating that it can handle queries recusively.- 3 unused bits.
These must be zero.
- 4 rcode bits.
This indicates the status
Value Meaning 0 No error 1 Malformed Query 2 Server Failed 3 Name Does not Exist 4 Query type unsupported by server 5 Server refused to answer After the 12 byte header the DNS query message consists of a block of questions which in turn consist of query name, query type and query class.
Typically the query name is the name of site, each component of the name is sent a sequence of characters preceded by a byte holding the binary count of the number of characters in the component. The name is terminated by a zero byte.
The query type indicates the type of information required encoded in a 16 bit field. Common values are
Name Value Description A 1 IPv4 Address (32 bits) NS 2 Name Server CNAME 5 Canonical Name PTR 12 Pointer Record HINFO 13 Host Information MX 15 Mail Exchange Record TXT 16 Text String AAAA 28 IPv6 Address (128 bits) AXFR 252 Request for Zone Transfer ANY 255 Request for All Records Query class is usually 1 meaning an Internet domain query, other values could be used for different addressing domains.
Response Records known as RRs form the body of the reply to a DNS query. They are used for the answers, authority and additional information fields.
The form is
Bits 0-15 Bits 16-31 Domain Name type class Time to live Resource Data length Resource Data Resource data (continued) The domain name is the query name from the query. The type is the query type. The class is 1 for the Internet domain. The time to live is the time for which the information can be cached by the client, typically two days, eXPressed in seconds. The resource data length specifies the number of bytes of resource data.
It is important to note that queries can be made for information relating to both individual hosts and for zones/domains. Most of the query types are fairly obvious. The MX query is used specifically for mail handling and can return information about hosts not directly or regularly connected to the Internet. The result of an MX query for such a host is the address of an Internet host that will receive mail for such a host and make its own arrangements for forwarding the mail via non-Internet means or when the host does connect. An MX query response for a domain provides the address of the host that will handle mail for that domain allowing email addresses of the form User@domain_name. The NS query can be used to identify the name servers for a particular domain.
User Interfaces
On Unix systems the normal user interface is the program
/usr/sbin/nslookup
. [The actual path may be different on some hosts]. This can be used to perform almost any DNS function and display the results to the user.Here is an example of its use on scitsc.wlv.ac.uk. Note. This example was prepared before the
scit.wlv.ac.uk
zone was delegated, scitsc is now known as sunc although the old name still works.bash$ /usr/etc/nslookup Default Server: scitsc.wlv.ac.uk Address: 134.220.4.1 > set q=A > ccub.wlv.ac.uk. Server: scitsc.wlv.ac.uk Address: 134.220.4.1 Name: ccub.wlv.ac.uk Address: 134.220.1.20 > set q=CNAME > www.wlv.ac.uk. Server: scitsc.wlv.ac.uk Address: 134.220.4.1 www.wlv.ac.uk canonical name = ccuf.wlv.ac.uk > set q=MX > wlv.ac.uk. Server: scitsc.wlv.ac.uk Address: 134.220.4.1 wlv.ac.uk preference = 1, mail exchanger = wlv.ac.uk wlv.ac.uk inet address = 134.220.1.12 > set q=HINFO > ccub.wlv.ac.uk. Server: scitsc.wlv.ac.uk Address: 134.220.4.1 ccub.wlv.ac.uk CPU=SUN 690MP OS=Solaris 2.4 > set q=PTR > 12.1.220.134.in-addr.arpa Server: scitsc.wlv.ac.uk Address: 134.220.4.1 12.1.220.134.in-addr.arpa host name = ccug.wlv.ac.uk
Here it shows that sunc was providing DNS service. A number of queries were made. The query type was specified using
nslookup
sset q=
command.- Type A
A simple query for the IP address corresponding to
ccub.wlv.ac.uk.
- Type CNAME
A given host can have several DNS names. One of these is the canonical or reference name. This query reveals that
www.wlv.ac.uk
is reallyccuf.wlv.ac.uk
. - Type MX
A mail exchanger query, this time for the domain
wlv.ac.uk
which reveals that mail sent touser@wlv.ac.uk
is actually sent to134.220.1.12
which is reallyccug.wlv.ac.uk
. (see below). - Type HINFO
An HINFO query. This is only useful if the DNS domain administrator has bothered to create the relevant records and keep them up to date.
- Type PTR
A PTR query. This shows "inverse" or "reverse" resolution. Notice the very clumsy way the query has to be entered, this is partly because IP addresses have the most sigificant part first whereas DNS addresses have the most significant part last. There are plenty of pieces of software that do reverse resolution without this clumsy interface.
Program Interface
The commonest program interface to DNS uses the library functions
gethostbyname()
andgethostbyaddr()
. These are discussed in more detail elsewhere.Exploring a zone
The
nslookup
program can be used to obtain a listing of all the hosts in a zone. To do this it is first necessary to identify the name server for the zone. This is done using an NS query, setting theserver
parameter to one or other of the identified name servers and then usingnslookup
sls
command. Note that in this example the user was careful to include the final dot on the domain name, this preventednslookup
from trying to append the local default domain name (scit.wlv.ac.uk.
) to the required domain name. For large domains thels
command has an option to write its results to a file.
bash$ /usr/sbin/nslookup Default Server: sunc.scit.wlv.ac.uk Address: 134.220.4.1 > set q=NS > bilston.ac.uk. Server: sunc.scit.wlv.ac.uk Address: 134.220.4.1 Non-authoritative answer: bilston.ac.uk nameserver = unad1.wlv.ac.uk bilston.ac.uk nameserver = ccua.wlv.ac.uk bilston.ac.uk nameserver = ccub.wlv.ac.uk Authoritative answers can be found from: unad1.wlv.ac.uk internet address = 134.220.192.26 ccua.wlv.ac.uk internet address = 134.220.1.39 ccub.wlv.ac.uk internet address = 134.220.1.20 > server ccub.wlv.ac.uk Default Server: ccub.wlv.ac.uk Address: 134.220.1.20 > ls bilston.ac.uk. [ccub.wlv.ac.uk] bilston.ac.uk. server = ccub.wlv.ac.uk bilston.ac.uk. server = unad1.wlv.ac.uk bilston.ac.uk. server = ccua.wlv.ac.uk gw 194.62.148.1 novix1 195.188.205.2 www 194.62.148.4 fc 194.62.148.5 student1 195.18.205.3
The session above was logged in March 1998. It reveals 5 hosts in the
bilston.ac.uk
domain. Surprisingly three different class C IP network addresses appear in the output. This was because the organisation was in the process of changing its Internet Service Provider accounting for two of the network addresses, the third (195.18.205) is, apparently, a typographical error for 195.188.205.Furthre information on identifying the ownership of an IP network and, implicitly, a DNS domain can be found in the notes on IP routing.
Alternative DNS hierarchies
With the rapid commercialisation of the Internet in the late 1990 s disputes over DNS names arose from time to time and suggestions have been made for the creation of extra top level domains. The root of the current DNS hierarchy is maintained by the Network Information Center on a contract from the government of the United States of America. There have been several attempts to set up alternative hierarchies. The most succesful (at the time of writing - April 1998) is probably Alternic.
To use the Alternic DNS service you need to know the address of their root servers, one of these is
mx.alternic.net
. Here s an example showing that it does work for DNS resolution ofwww.alternic.nic
.bash$ /usr/sbin/nslookup Default Server: sunc.scit.wlv.ac.uk Address: 134.220.4.1 > server mx.alternic.net Default Server: mx.alternic.net Address: 206.191.128.47 > www.alternic.nic. Server: mx.alternic.net Address: 206.191.128.47 Name: www.alternic.nic Address: 206.191.128.47
Alternic uses three letter top level domains for countries (such as
jpn
andger
) and has a large number of commercially oriented top level domains. At the time of writing the only domains with significant populations areporno
andxxx
.
A normal name server can only resolve Alternic addresses if they re already in its cache. Most DNS implementations with a list of root servers consult them in random order or consistently consult the first one in the list. Including one of the Alternic servers in amongst the list of root servers will not provide consistent resolution of addresses in both hierarchies.[Note: this particular aberration seems to have fizzled out (May 1999)]
Zones of Convenience
It is tempting to think that an Internet host with a name ending in ".uk" is actually located in the United Kingdom. There is no requirement that this should be so. For example the well known host www.yahoo.co.uk is actually located in southern Germany. In the case of the United Kingdom it is simply necessary to present the organisation that runs the ".co.uk" domain with an IP address (and a suitable sum of money !) and the DNS address will be registered. The top-level administration of the ".uk" domain will only delegate to specifically UK based organisations.
Some administrations are distinctly less fussy and a number of "zones of convenience" along the same lines as "flags of convenience" have come into fairly common usage. These are mostly poor third world countries or tiny groups of islands desperate for some hard cash, they also tend to sell un-necessary sets of stamps and coins to guillible collectors.
The most common ones seem to be ".cc" (the Cocos-Keeling Islands), ".to" (Tonga) and ".nu" (Niue). At one time both ".is" (Iceland) and ".tm" (Turkmenistan) allowed their top level domains to be used in this fashion, but they now seem to adopt a more rational approach.
Some of the blame must attach to Internic who have created some pretty unlikely top-level domains. It is difficult to imagine anybody using ".bv", the allocated top-level domain for Bouvet Island, an uninhabited (an uninhabitable !) Norwegian Dependency about half-way between South Africa and Antarctica whose only claim to fame is that it is the most isolated piece of land in the world.
- AA bit
- Two letter codes