Internet Technology

Domain Name System (DNS)

Name Server: a name server is a computer server that hosts a network service for providing responses to
queries against a directory service. It maps a human-recognizable identifier to a system-internal, often
numeric, identification or addressing component. This service is performed by the server according to a
network service protocol. Name servers do two things all day long:
They accept requests from programs to convert domain names into IP addresses.
They accept requests from other name servers to convert domain names into IP addresses.
The Domain Name System (DNS) is a Name server. It is an Internet service that translates domain names
into IP addresses. The DNS is a hierarchical distributed naming system for computers, services, or any
resource connected to the Internet or a private network. It associates various information with domain
names assigned to each of the participating entities. A Domain Name Service resolves queries for these
names into IP addresses for the purpose of locating computer services and devices worldwide. By
providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an
essential component of the functionality of the Internet.
The Internet maintains two principal namespaces the domain name hierarchy and the Internet Protocol
(IP) address spaces. The Domain Name System maintains the domain name hierarchy and provides
translation services between it and the address spaces. Internet name servers and a communication
protocol implement the Domain Name System. A DNS name server is a server that stores the DNS
records for a domain name, such as address (A) records, name server (NS) records, and mail exchanger
(MX) records); a DNS name server responds with answers to queries against its database.
An often-used analogy to explain the Domain Name System is that it serves as the phone book for the
Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain
name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6).
Unlike a phone book, however, DNS can be quickly updated and these updates distributed, allowing a
service's location on the network to change without affecting the end users, who continue to use the same
hostname. Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs)
and e-mail addresses without having to know how the computer actually locates the services.

DNS Architecture
DNS architecture is a hierarchical distributed database and an associated set of protocols that define:
A mechanism for querying and updating the database.
A mechanism for replicating the information in the database among servers.
A schema of the database.
DNS originated in the early days of the Internet when the Internet was a small network established by the
United States Department of Defense for research purposes. The host names of the computers in this
network were managed through the use of a single HOSTS file located on a centrally administered server.
Each site that needed to resolve host names on the network downloaded this file. As the number of hosts
on the Internet grew, the traffic generated by the update process increased, as well as the size of the

Domain Name System (DNS)

Page 1

HOSTS file. The need for a new system, which would offer features such as scalability, decentralized
administration, support for various data types, became more and more obvious.
The Domain Name System introduced in 1984 became this new system. With DNS, the host names reside
in a database that can be distributed among multiple servers, decreasing the load on any one server and
providing the ability to administer this naming system on a per-partition basis. DNS supports hierarchical
names and allows registration of various data types in addition to host name to IP address mapping used
in HOSTS files. Because the DNS database is distributed, its potential size is unlimited and performance
is not degraded when more servers are added.
The original DNS was based on Request for Comment (RFC) 882 (Domain Names: Concepts and
Facilities) and RFC 883 (Domain NamesImplementation and Specification), which were superseded by
RFC 1034 (Domain NamesConcepts and Facilities), and RFC 1035 (Domain NamesImplementation
and Specification). Additional RFCs that describe DNS security, implementation, and administrative
issues later augmented the original design specifications.
DNS Domain Names
The Domain Name System is implemented as a hierarchical and distributed database containing various
types of data, including host names and domain names. The names in a DNS database form a hierarchical
tree structure called the domain namespace. Domain names consist of individual labels separated by dots,
for example: mydomain.microsoft.com.
A Fully Qualified Domain Name (FQDN) uniquely identifies the hosts position within the DNS
hierarchical tree by specifying a list of names separated by dots in the path from the referenced host to the
root. The next figure shows an example of a DNS tree with a host called mydomain within the
microsoft.com. domain. The FQDN for the host would be mydomain.microsoft.com.
Understanding the DNS Domain Namespace
The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more
resource records, which hold information associated with the domain name. The tree sub-divides into
zones beginning at the root zone. A DNS zone may consist of only one domain, or may consist of many
domains and sub-domains, depending on the administrative authority delegated to the manager.

Domain Name System (DNS)

Page 2

The hierarchical Domain Name System, organized into zones, each served by a name server
The DNS domain namespace, as shown in the following figure, is based on the concept of a tree of named
domains. Each level of the tree can represent either a branch or a leaf of the tree. A branch is a level
where more than one name is used to identify a collection of named resources. A leaf represents a single
name used once at that level to indicate a specific resource.
Administrative responsibility over any zone may be divided by creating additional zones. Authority is
said to be delegated for a portion of the old space, usually in the form of sub-domains, to another
nameserver and administrative entity. The old zone ceases to be authoritative for the new zone
DNS Domain Name Hierarchy

Domain Name System (DNS)

Page 3

How the DNS Domain Namespace Is Organized

Any DNS domain name used in the tree is technically a domain. Most DNS discussions, however,
identify names in one of five ways, based on the level and the way a name is commonly used. For
example, the DNS domain name registered to Microsoft (microsoft.com.) is known as a second-level
domain. This is because the name has two parts (known as labels) that indicate it is located two levels
below the root or top of the tree. Most DNS domain names have two or more labels, each of which
indicates a new level in the tree. Periods are used in names to separate labels.
The five categories used to describe DNS domain names by their function in the namespace are described
in the following table, along with an example of each name type.
Types of DNS Domain Names
Name
Type Description
Root domain This is the top of the tree, representing an unnamed
level; it is sometimes shown as two empty quotation
marks (""), indicating a null value. When used in a
DNS domain name, it is stated by a trailing period (.)
to designate that the name is located at the root or
highest level of the domain hierarchy. In this instance,
the DNS domain name is considered to be complete
and points to an exact location in the tree of names.
Names stated this way are called fully qualified
domain names (FQDNs).
Top
level A name used to indicate a country/region or the type
domain
of organization using a name.
Second level Variable-length names registered to an individual or
domain
organization for use on the Internet. These names are
always based upon an appropriate top-level domain,
depending on the type of organization or geographic
location where a name is used.
Subdomain
Additional names that an organization can create that
are derived from the registered second-level domain
name. These include names added to grow the DNS
tree of names in an organization and divide it into
departments or geographic locations.
Host
or Names that represent a leaf in the DNS tree of names
resource
and identify a specific resource. Typically, the
name
leftmost label of a DNS domain name identifies a
specific computer on the network. For example, if a
name at this level is used in a host (A) RR, it is used
to look up the IP address of computer based on its
host name.

Domain Name System (DNS)

Example
A single period (.) or a period
used at the end of a name, such
as example.microsoft.com.

.com, which indicates a name

registered to a business for
commercial use on the Internet.
microsoft.com. , which is the
second-level
domain
name
registered to Microsoft by the
Internet DNS domain name
registrar.
example.microsoft.com.
,
which is a fictitious subdomain
assigned by Microsoft for use in
documentation example names.
hosta.example.microsoft.com.,
where the first label (host-a) is
the DNS host name for a specific
computer on the network.

Page 4

DNS and Internet Domains

The Internet Domain Name System is managed by a Name Registration Authority on the Internet,
responsible for maintaining top-level domains that are assigned by organization and by country/region.
These domain names follow the International Standard 3166. Some of the many existing abbreviations,
reserved for use by organizations, as well as two-letter and three-letter abbreviations used for
countries/regions are shown in the following table:
Some DNS Top-level Domain Names (TLDs).
DNS Domain Name
com
edu
org
net
gov
mil
arpa
xx

Type of Organization
Commercial organizations
Educational institutions
Non-profit organizations
Networks (the backbone of the Internet)
Non-military government organizations
Military government organizations
Reverse DNS
Two-letter country code (i.e. us, au, ca, fr)

Other level Domains

Below these top-level domains in the DNS hierarchy are the second-level and third-level domain names.
These are the names directly to the left of .com, .net, and the other top-level domains. These domain
names are typically open for reservation by end-users who wish to connect local area networks to the
Internet, create other publicly accessible Internet resources or run web sites. The registration of these
domain names is usually administered by domain name registrars who sell their services to the public.
Second-level domains.
Top-level Internet domains like ".com" are shared by all the organizations in the domain. Second-level
domain names like "yahoo.com" and "livinginternet.com" are registered by individuals and organizations.
Second-level domains are the addresses commonly used to host Internet applications like web hosting and
email addressing
Excluding the top-level domain portion, second-level domain names can have up to 61 characters. For
many years, character were restricted to the 26 letters, 10 numbers, or the hyphen character, except the
hyphen can't be the first or last character. Under these conditions, there are 36 possibilities for the first
and last character of the domain name, and 37 possibilities for the other 59 characters. Therefore, the total
number of possible different second level domain names was:
37^59 x 36 x 36
Third-level domains.
Third-level Internet domain names are created by those that own second-level domains. Third-level
domains can be used to set up individual domains for specific purposes, such as a domain for web access
and one for mail, or a separate site for a special purpose:
www.livinginternet.com
mail.livinginternet.com
Domain Name System (DNS)

Page 5

rareorchids.livinginternet.com

Domain Name Syntax

The definitive descriptions of the rules for forming domain names appear in RFC 1035, RFC 1123, and
RFC 2181. A domain name consists of one or more parts, technically called labels, that are
conventionally concatenated, and delimited by dots, such as example.com.
The right-most label conveys the top-level domain; for example, the domain name
www.example.com belongs to the top-level domain com.
The hierarchy of domains descends from right to left; each label to the left specifies a
subdivision, or subdomain of the domain to the right. For example: the label example specifies a
subdomain of the com domain, and www is a sub domain of example.com. This tree of
subdivisions may have up to 127 levels.
Each label may contain up to 63 characters. The full domain name may not exceed a total length
of 253 characters in its external dotted-label specification. In the internal binary representation of
the DNS the maximum length requires 255 octets of storage.
DNS names may technically consist of any character representable in an octet. However, the allowed
formulation of domain names in the DNS root zone, and most other sub domains, uses a preferred format
and character set.
The characters allowed in a label are a subset of the ASCII character set, and includes the characters a
through z, A through Z, digits 0 through 9, and the hyphen. This rule is known as the LDH rule
(letters, digits, hyphen). Domain names are interpreted in case-independent Operation
Creating a New Domain Name
When someone wants to create a new domain, he or she has to do two things:
Find a name server for the domain name to live on.
Register the domain name.
Technically, there does not need to be a machine in the domain -- there just needs to be a name server that
can handle the requests for the domain name.
There are two ways to get a name server for a domain:
You can create and administer it yourself.
You can pay an ISP or hosting company to handle it for you.

Domain Name System (DNS)

Page 6

How does DNS work?

DNS clients and servers use queries as the fundamental method of resolving names in the tree to specific
types of resource information. This information is provided by DNS servers in query responses to DNS
clients, who then extract the information and pass it to a requesting program for resolving the queried
name. In the process of resolving a name, keep in mind that DNS servers often function as DNS clients,
querying other servers in order to fully resolve a queried name.
Address resolution mechanism
Domain name resolvers determine the appropriate domain name servers responsible for the domain name
in question by a sequence of queries starting with the right-most (top-level) domain label.

A DNS recursor consults three nameservers to resolve the address www.wikipedia.org.

When you visit a domain such as dyn.com, your computer follows a series of steps to turn the humanreadable web address into a machine-readable IP address. This happens every time you use a domain
name, whether you are viewing websites, sending email or listening to Internet radio stations like
Pandora.
Step 1: Request information
The process begins when you ask your computer to resolve a hostname, such as visiting http://dyn.com.
The first place your computer looks is its local DNS cache, which stores information that your computer
has recently retrieved.
If your computer doesnt already know the answer, it needs to perform a DNS query to find out.
Domain Name System (DNS)

Page 7

Step 2: Ask the recursive DNS servers

If the information is not stored locally, your computer queries (contacts) your ISPs recursive DNS
servers. These specialized computers perform the legwork of a DNS query on your behalf. Recursive
servers have their own caches, so the process usually ends here and the information is returned to the user.
Step 3: Ask the root nameservers
If the recursive servers dont have the answer, they query the root nameservers. A nameserver is a
computer that answers questions about domain names, such as IP addresses. The thirteen root
nameservers act as a kind of telephone switchboard for DNS. They dont know the answer, but they can
direct our query to someone that knows where to find it
Step 4: Ask the TLD nameservers
The root nameservers will look at the first part of our request, reading from right to left www.dyn.com
and direct our query to the Top-Level Domain (TLD) nameservers for .com. Each TLD, such as
.com, .org, and .us, have their own set of nameservers, which act like a receptionist for each TLD. These
servers dont have the information we need, but they can refer us directly to the servers that do have the
information.
Step 5: Ask the authoritative DNS servers
The TLD nameservers review the next part of our request www.dyn.com and direct our query to the
nameservers responsible for this specific domain. These authoritative nameservers are responsible for
knowing all the information about a specific domain, which are stored in DNS records. There are many
types of records, which each contain a different kind of information. In this example, we want to know
the IP address for www.dyndns.com, so we ask the authoritative nameserver for the Address Record (A).
Step 6: Retrieve the record
The recursive server retrieves the A record for dyn.com from the authoritative nameservers and stores the
record in its local cache. If anyone else requests the host record for dyn.com, the recursive servers will
already have the answer and will not need to go through the lookup process again. All records have a
time-to-live value, which is like an expiration date. After a while, the recursive server will need to ask for
a new copy of the record to make sure the information doesnt become out-of-date.
Step 7: Receive the answer
Armed with the answer, recursive server returns the A record back to your computer. Your computer
stores the record in its cache, reads the IP address from the record, then passes this information to your
browser. The browser then opens a connection to the webserver and receives the website.
This entire process, from start to finish, takes only milliseconds to complete

Domain Name System (DNS)

Page 8