DNS Overview

This document will provide a brief introduction into the Domain Name System. I strongly advise you to read this introduction: it isn’t that long, and I’ve created some nice images that should make the reading process more bearable :)

The Domain Name System, or DNS for short, is something like the telephone directory for the Internet: if you type in a domain name such as www.posadis.org in, for example, your browser, it will be looked up and converted to an Internet IP number, the Internet equivalent of a telephone number, which is used by your computer to make a connection. Apart from that, DNS also plays an important role in delivering e-mail and blocking spam.

The Authoritative DNS tree

Items in the Domain Name System are identified by domain names. Let’s look at an example domain name:


This domain name consists of three labels: www, acdam, and net. The Domain Name System is a hierarchical (i.e., tree-like) system, in which net is a subdomain of ., the root domain. Likewise, acdam.net is a subdomain of net and ., and www.acdam.net is a subdomain of acdam.net, net and .. This means we can represent the Domain Name System by means of a tree structure, as in the following figure:

As we can see from the figure, each domain name has some data ‘in it’: for example, the domain name www.acdam.net has an address-type piece of data in it with the value, and the acdam.net domain has information about where mail for that domain should go to. This information is stored in so-called Resource Records (RRs). In fact, all information in the DNS, including internal maintenance information and the information used to map IP numbers back to domain names (reverse mapping), is stored in RRs.

A distributed system

Now, you can imagine that given the enormous amount of domain names in existence, it wouldn’t be very practical to store all of these domain names in one place. Indeed, DNS is a distributed database: different parts of the DNS tree are stored on different DNS servers, as shown in the following figure:

There are a number of DNS servers that store the information about the root domain .: and, among others. These DNS servers are called the root nameservers. The root nameservers are called authoritative for . because they store its information.

These DNS servers don’t store information about the subdomains of ., org and net, though: the root nameservers have delegated the authority about these domain names to other nameservers. In this case, the root nameservers are only authoritative for ., and not for its subdomains.

In case of the acdam.net domain, however, we see a different picture: the two nameservers for acdam.net, and, are authoritative for both acdam.net and its two subdomains. In general, a zone is the collection of the root domain for the zone and its non-delegated subdomains, so . is a zone of its own where acdam.net is in a zone with www.acdam.net and mail.acdam.net. Of course, acdam.net could also have delegated the europe.acdam.net domain, for example, to ACDAM’s department in Europe, and in that case europe.acdam.net would not have been in the acdam.net zone.

One thing to notice here, is that is apparently both authoritative for net and acdam.net. This is indeed a possibility, and in fact, many nameservers are authoritative for (much) more than one zone. More information about the different kinds of authoritative DNS servers can be found in the article about Authoritative DNS.

Resolving and caching

So, how can we get the address of www.acdam.net. (i.e., how do we resolve a domain name)? Well, obviously, we need to start somewhere, and if we know nothing else, we should start at the root nameservers, of which any resolver knows the addresses.

So, for example, we could ask, in the example above, to about the www.acdam.net. addresses. Since the root nameserver delegated everything below net. to other nameservers, it will send back a referral message (for details, see DNS messages), essentialy saying “I don’t know what the addresses are, but here are some nameservers that are closer to what you want”.

Now, we can choose either nameserver for net. next. If we choose then we’re lucky, because that nameserver happens to be authoritative for acdam.net. as well as net., so it will directly give the answer. If we try, we would receive a delegation to the acdam.net. DNS servers, which would in turn return the answer.

So resolving a domain name is not as easy as you may think: it will often cause multiple queries to look up a domain name1).

Luckily, we can store the intermediary results, such as the net. DNS servers (which we’re going to need for other queries, too). In fact, we don’t need to do this ourselves since our ISP runs a caching DNS server that does this for us. A discussion of caching is given in the Caching article.

1) In reality, the situation is even more complicated because delegation information is stored by domain name and not by address, so if the acdam.net. DNS servers were in the acdam.com. zone, we’d need to initiate a new query for the DNS servers’ addresses first.
  dns/dns_overview.txt · Last modified: 2005/01/12 23:17
Copyright © Meilof Veeningen, 2002-2005 - About Posadis.org