How DNS or Name Resolution Service Work
Updated: Oct 3, 2021
What is DNS:
The Domain Name System (DNS) is a hierarchical naming system that serves as a directory of networked hosts and resources. Information in the directory maps network names to data and is maintained in logical entries known as resource records.
The DNS hierarchy begins with the root domain (.) at the top and branches downward to multiple next-level domains. And each level of the DNS hierarchy is delineated by the "dot" (.) in domain names.
Let's try to understand some of the terminologies in DNS:
Domain:
A domain is a collection of resource records that ends in a common name and represents an entire sub-tree of the DNS namespace. e.g. example.com.
Top-Level Domain (TLD):
A domain that has only one component. The Internet Assigned Numbers Authority (IANA) manages the DNS root and is responsible for delegating the top-level domains. e.g. .com, .info
Zone:
A zone is used to host the DNS records for a particular domain for which a particular name server is directly responsible, or authoritative. Zones are defined on authoritative name servers through the use of zone files, which contain definitions of the resource records in each zone.
Forward lookup zone: A forward lookup zone is an authoritative DNS zone that is used primarily to resolve network resource names (hostname) to IP address
Reverse Lookup Zones: A reverse lookup zone is an authoritative DNS zone that is used primarily to resolve IP addresses to network resource names (hostname)
Authoritative (query & server):
Authoritative name servers answer to resource records that are part of their zones only. An authoritative name server answer the client's queried zone information immediately. As an authoritative server, it already has the queried zone's information stored locally.
Authoritative-only: An authoritative-only does not answer the queries for outside zones. And An authoritative-only DNS server Will not respond to recursive queries as well as does not cache query results.
Non-authoritative (query & server):
Non-authoritative name servers do not contain original source files of the domain's zone. They have a cache file for the domains that are constructed from all the DNS lookups done previously. If a DNS server responded for a DNS query that doesn't have an original file is known as a Non-authoritative answer.
Recursive (query & server):
Recursive name servers offer resolution services, but they are not authoritative for any zone (database file); that is configured to query other DNS servers until it finds the answer to the question. It will either return the answer or an error message to the client.
Caching-only:
The Caching-only DNS server does not contain zone information or a zone database file. The Caching-only server only contains information based on the results of queries that it has already performed.
The Caching-only DNS server will have access to the entire range of public DNS data and maintains a cache of recently requested data.
Forwarder DNS:
A Forwarder is a DNS server that accepts recursive queries from a DNS Server downstream in the query chain., DNS server will forward all client's queries for zones for which it is not authoritative.
The Forwarder ability to handle recursive requests without performing recursion itself and also provide a local cache at a closer network location.
Forward first: DNS queries are forwarded to the configured forwarder. If a query fails because of a server error or timeout, DNS falls back to the recursive resolution using servers on the Internet.
Forward only: DNS queries are forwarded to the configured forwarder. If a query fails because of a server error or timeout, DNS returns an error to the client.
DNS Server High Availability (HA):
DNS Server High Availability (HA) setup called primary/secondary or master/slave setup where the primary DNS server is the master and the secondary DNS server is the slave. The secondary server is created at a second DNS provider to provide redundancy in the DNS network.
Why need DNS:
We have to go through name resolution, whenever we are going to access any network services either locally or over the internet from the client programs.
Network services could be web service, remote access services(e.g. ssh, telnet), ftp service, etc and the client program could be web Browser, ping, curl or ssh command.
let's see how red hat enterprise Linux do the name resolution. there is a atower.lab.munshibari.biz host that has ssh and web services running. And we are going to use ssh and curl command to access the services, as below diagram.
1. before the client programs start the name resolution it has to know where should it check first. the /etc/nsswitch.conf file has the details for the order of sources to query.
Now client programs has information that the /etc/hosts file has to check first then might need to check DNS for the name resolution.
/etc/hosts - static table lookup for hostnames & /etc/nsswitch.conf - Name Service Switch configuration file describe the order of sources to query and a limited set of actions that can be performed by lookup result.
2. Now client programs will check /etc/hosts file for the atower.lab.munshibari.biz hosts entry and will get the IP Address from the static table. and the client programs will proceed for the next activity, e.g. asked for authentication
3. if client programs does not find any information for atower.lab.munshibari.biz hosts in the /etc/hosts file, then will try for the second option which is DNS. Now client programs will check /etc/resolv.conf file to get the DNS server information.
4. Based on the DNS Server information in the /etc/resolv.conf file, the client programs send a zone query (lookup request) to the DNS server. And the DNS server answer the zone query to the client programs.
5. Once client programs has received the reply from DNS Server for atower.lab.munshibari.biz hosts then the client programs will proceed for the next activity, e.g. asked for authentication
How DNS Works:
The Organization DNS Server (resolver) is the first stop in the DNS lookup, and it is responsible for dealing with the client that made the initial request. And the DNS resolver could be caching-only or recursive DNS Server.
let's say, a user is trying to lookup ‘www.example.com’ from his system (laptop) when he type https://www.example.com in a web browser, and the query sent to his organization DNS Server.
1. The organization DNS Server (resolver) then queries a DNS root nameserver (.). And the root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net).
2. The organization DNS Server (resolver) then makes a request to the .com TLD.
And the TLD server then responds with the IP address of the domain’s nameserver (DNS), example.com.
3. Lastly, The organization DNS Server (resolver) resolver sends a query to the domain’s nameserver (DNS Server). And the IP address for www.example.com is then returned to the resolver from the nameserver.
4. And finally, the organization DNS Server (resolver) then responds to the web browser with the IP address of the domain requested initially. The browser makes a HTTP request to the IP address.
In previous our example, the DNS lookup query travels into the Internet and typical three types of queries occur:
A recursive query (typically a DNS recursive resolver) will respond to the client with either the requested resource record or an error message if the resolver can't find the record.
A iterative query to other name servers to get the information for the client. This process continues with additional DNS servers down the query chain until either an error or timeout occurs.
A non-recursive query - typically this will occur when a DNS resolver client queries a DNS server for a record that it has access to either because it's authoritative for the record or the record exists inside of its cache.
I think we have done a brief overview on DNS Server, and it might help in future. Our future post will be how to configure DNS server.