DNS Primer – Guide to understanding the DNS resolution process.
By Thomas Tremain, http://LiveHost.net
DNS is not a single protocol, but several pieces that all work together to create domain name to IP address resolution.
In other words, it’s a suite of utilities that take a user-friendly domain name like www.LiveHost.net and convert it into a computer friendly address like 10.232.11.54
For ease of communication, we will refer to the requesting computer as a ‘PC’, even though it may be a server, or other piece of Internet equipment.
DNS Cache
The PC, when asked to make a DNS translation will first check it’s own cache for the answer. If it finds a result, it checks to see if the result is fresh. Each DNS entry in it’s cache caries a TTL setting, or Time-To-Live. If TTL is set to 14400 seconds, that’s 4 hours. If the DNS record is less than four hours old, this record is what is returned as our answer.
If TTL has expired, then the record is considered stale, and the request is passed to a DNS server.
Your ISP’s DNS servers
A PC or server will have two or more DNS servers it’s configured to use. On most user workstations, these addresses will be assigned when you first connect to the Internet through a protocol called DHCP (which we will not discuss further in this primer.)
Some machines will use DNS server addresses that are hard coded into the TCP/IP configuration. This is great for situations where you know the DNS server is not going to be changing any time soon, but can be trouble for a dial up client, who may decide to change ISPs and therefore change the DNS servers you use.
After the PC looks to it’s own DNS cache, it randomly polls one of your DNS servers. The DNS server will respond that it is functioning. If it does not, the PC will try another DNS server. This process will stop, and use the first DNS server that responds to the handshake, even if the results it gives are wrong (important note.)
A “handshake”, is the mutual greeting between two computers. It consists of a greeting, and acknowledgement, sometimes it also includes a return acknowledgement. In this case it’s like sending a message that says “Hello, I’m at this location, are you a DNS server?” and the reply could be a simple “Yes I am, what do you want?”
If no DNS servers respond, the query will fail.
After the handshake between the PC and DNS server, the PC will tell the DNS server what it wants. This will be something like “Please give me the IP address for www.LiveHost.net.” Of course the DNS protocol has it’s own language, and they don’t exactly talk in English sentences.
The DNS server then checks it’s own DNS cache. If it finds an entry, and the entry is fresh (younger than the TTL) then this is the result passed back to the original PC making the request.
In a small networking environment the DNS server involved will know the answer of fail.
In a large-scale environment, like the Internet, there are several more levels to the search before we give up.
If we are on the Internet, there is a pretty good chance that the entry on the DNS server is either non-existent, or is stale. If this is the case, the DNS server (not the PC) will query the Internet’s Root servers.
Root DNS servers
The Root servers do not know the results of our query, but are designed to help us find the server that does know the answer.
There are many Root DNS servers on the Internet, they are part of a large pool.
These servers get traffic from all over the Internet. The DNS server asks a random Root DNS server, where to look for more information about the domain we trying to look up.
The response will be a list of authoritative servers for the domain. The authoritative DNS servers hold all the DNS data for the domain. (I.E. The Root DNS servers tell the DNS server who is supposed to have the official answer for any given domain.)
At least one IP address will be returned as the Authoritative DNS server. For redundancy, there should be somewhere between 2 and 5 authoritative DNS servers, on different parts of the Internet, for every domain.
Our ISP’s DNS server now knows what servers on the Internet holds the information on the domain we want.
Authoritative DNS servers
The authoritative servers are also DNS servers, holding information specific to certain domains. For sake of preventing confusion, we will just call it an ‘authoritative server’.
The authoritative server gets it’s name, because it’s the server that is the authority on this domain name. The authoritative servers know all the host information about the domain. This information includes a translation table of how to translate www.LiveHost.net, into an IP address, or where all the email should be sent to, and much more.
Remember, there will be 2-5 authoritative servers for a domain. It is possible to have just one, but it’s far from desirable.
The DNS server queries one authoritative server at random. Again, if it does not find a functioning DNS server there, it tries another. If all servers have been tried, and none were functional, an error is returned to the PC (sound familiar?)
If your domain is hosted at LiveHost.net, then your authoritative servers for your domain are probably ns1.LiveHost.net and ns2.LiveHost.net. These servers can be authoritative for many domains at once.
The authoritative server will return the answer from its translation table, along with TTL to the requesting DNS server. The DNS server caches it, along with TTL, in case someone else asks for the information.
The DNS server then returns the result to the PC, and the PC caches it, along with TTL, for later reference, in case you want it again.
The PC, and application, (i.e. Internet Explorer) now has an IP address to use so it can move on.
The total turnaround time for all this is somewhere around 300-400 milliseconds, give or take. If the result is from the PC cache, or the DNS server’s cache, it will be a lot faster.
If you’re outside of the US, and your looking for a .com, .net, .us domain name it may take a little longer because of the distances the requests and answers must travel.
Setting Authoritative DNS servers for a domain
The authoritative DNS servers are usually the DNS servers supplied by the web host that houses the domain.
Once you know what DNS servers to use as the authoritative servers, you must tell the Root DNS servers, so they can direct queries. When you register a domain, you may select what authoritative DNS servers to use. Say you register the name ‘mydomain.com’. Part of the configuration is to set at least two DNS servers. You may change these servers at any time.
Once you register the domain, or change the DNS servers, you could be in for up to a 72-hour wait, until the update actually reaches the Internet’s root DNS servers. This delay has been a source of aggravation for many new webmasters, who do not realize the time that is required for these changes to take effect.
There is also other useful information stored in the Root DNS servers, and the Authoritative DNS servers, you may want to explore.
This primer should be considered only a guide to the DNS resolution process. Entire books have been written on just portions of DNS, or even on the DNS utilities themselves.
Once you understand how DNS works, it's much easier to pinpoint many problems in DNS resolution.
Thomas Tremain, is a networking engineer, that has many years experience in networks, since 1990. Thomas has been the owner and lead engineer of LiveHost.net and GotoNames.com, since 2002 and 2003 respectively. Please feel free to contact Thomas with any thoughts or possible corrections. You are welcome to copy this article for informational use, as long as it’s copied completely without changes, including (but not limited to) text, links, by-line, resource box, and copyright notice.
Copyright 2004, LiveHost.net, all rights reserved.
If you would like to link to this page:
