The Domain Name System (DNS) can be described as the address book of the Internet. It's the system responsible to translate a domain name to its IP address as the internet communication is based on IP addresses.
This article covers the following :
- How domain names are organized and structured and what are the actors involved in this organization
- What are DNS records and how they are resolved
- Practical information about commands and tools to troubleshoot DNS issues or retrieve DNS information/records.
- Some DNS business use cases
Understanding domain names
Before going further, it's important to understand domain names, their anatomy, how they are organized, and the actors involved in their organization.
Domain names anatomy and TLDs
Each domain name has the following anatomy :
It's composed of :
- A top-level domain (TLD): which is .com in our case
- The primary domain: iboudaoud in our case
- subdomains: for every domain, we can have many subdomains configured
So, the main entry for every domain name is the TLD. Let's see how those top-level domains are organized :
First of all, TLD allocation is managed by the IANA (Internet Assigned Numbers Authority) which is a department of ICANN (Internet Corporation for Assigned Names and Numbers).
TLDs are organized into two main categories :
Generic TLD: Top-level domains not owned by countries. There are two groups of gTLD :
- Historical gTLD: it consists on TLDs that were initially available like .com, .net, .org, .edu and .info
- New gTLD: These are new generic TLDs that were created after ICANN introduced the new gTLD program in 2012 in order to extend the number of available gTLDs. In the list we can find .top, .studio, .doctor, etc
ccTLD (Country Code Top Level Domains): Those are domains specific to countries. Every country has its own ccTLD (.fr for France, .ma for Morocco, .be for Belgium, etc). Those TLDs can only be owned by Governments institutions according to a very strict process with IANA.
Tip: The full list of available TLDs can be consulted here: https://data.iana.org/TLD/tlds-alpha-by-domain.txt
How things are organized inside each TLD?
Currently, when you purchase a domain name (let's say iboudaoud.com), the process requires many actors for this operation to be successful.
- The TLD registry: Each top-level domain has a registry that contains the full list of domains registered in that TLD. It's also against this registry that we can determine if a domain is available or not. Access to registries is usually restricted to whitelisted registrars but we can interrogate them using the whois method.
- The registry operator: also called the TLD manager or network information center (nic). It's the organization accredited by IANA to manage the TLD (For .ma it's ANRT for example and for .fr it's AFNIC). There is a public database that lists all TLD managers.
- Registrars: A registry operator can handle the selling of domain names relative to the TLD it owns, but usually it's not the case. This activity is often delegated to registrars that are private companies like ovh.com, godaddy.com, or genious.ma.
- Resellers: Are companies that sell domain names but are not accredited as registrars. They join a partnership or affiliate program offered by registrars.
- The registrant is the person or entity that owns the domain name.
Let's have some examples :
".ma" TLD :
- The registry: can be interrogated through whois.registre.ma
- The TLD manager: ANRT (National Telecommunications Regulatory Agency)
- Registrars: here is the list of accredited registrars (57)
".fr" TLD :
- The registry : can be interrogated through whois.nic.fr
- The TLD manager : AFNIC (Association française pour le nommage Internet en coopération)
- Registrars : here is the list of accredited registrars (382)
The DNS Role and how DNS is involved?
First, what do we need to know about a domain name?
There are two types of information that we need to know about every domain name :
- Contractual information: Those are the information that are stored in the registry about the domain name such as the registrant information, the registrar, the domain name expiry date, and the name server (where DNS records are stored)
- DNS Records are the information needed by applications to interact with this domain name.
DNS records are like an identity document for the domain name. They allow applications to get the following information :
- What's the server holding the original information about the records, known as the authoritative server. Unlike domain names' contractual information, DNS records are stored in distributed servers and not in the TLD registry. When purchasing a domain name, the default authoritative server is provided by the registrar but it can be changed later. This DNS record is called "NS" or "Name Server"
- What's the IP address where to find the content of the domain name or its subdomains. This is the most important DNS record which is called "A". As explained earlier, internet devices can communicate only through IP adresses, so it's based on "A" records that the translation is done from a domain name to an IP address.
- What's the mail server handling emails for the domain name. This record is called "MX"
There are other DNS records, but the three listed above are the most used ones. The full list can be found here
How DNS records are retrieved
Every time an application (web browser for example) wants to access an URL, the following process is executed. This process is called DNS Resolution.
The master of this process is the DNS Resolver that we'll detail later.
Let's imagine that we typed "iboudaoud.com" in the browser, so this is how the resolution is done (we'll show also the results of the command "dig +trace iboudaoud.com" that allows us to see this process in detail) :
- The Resolver asks the root servers to get the TLD servers (in our case ".com" servers). But how does the resolver know the root servers? The good news is that there are only 13 root servers in the world that are well known and that every resolver should know.
- Then the TLD server (the ".com" server in our case) returns the addresses of the authoritative server of the domain name. As our domain name is registered through OVH then we're getting the addresses of OVH authoritative servers
- The last step is for the authoritative server to give us the A record of the domain so that we can have the IP address that will be reached by the browser
As you've already noticed, for each step usually there is not only one server but a list of servers (for root servers, TLD servers, and authoritative servers). This is a best practice to make sure that the process never fails even if there is a problem regarding a particular server because the consequences can be huge if there is only one server and if that server fails.
In reality, there is another part involved which is ... cache
To make this process performant, there is cache management at every layer of the process to avoid interrogating the authoritative server for each request going to the domain name.
This is achieved with the help of the TTL parameter that is set for every DNS record.
TTL (Time To Live) is a parameter in seconds that is configured for each DN record and that tells how much time a server (resolver for example) can cache the record value. When the TTL expires the resolver should refresh the record value from the authoritative server.
This parameter should be configured carefully because it impacts DNS propagation when modifying a record.
Focus on DNS Resolver
As mentioned earlier, the DNS resolver is the master of the DNS resolution process.
By default, your computer uses the DNS resolver provided by your network (it can be your ISP, your IT department, etc). The computer gets this information through the DHCP protocol when connecting to the network.
But, you have also the ability to manually configure the resolver to use. For example, there are well known public DNS servers that can be used to speed up your internet browsing :
|Provider||Primary DNS||Secondary DNS|
A note regarding home networks :
For home networks, the DNS server set for devices by DHCP protocol is usually the router IP and it's at the router level that the real DNS server is configured manually or automatically by the ISP. So to set manually the DNS server used by a home network device, there are two options :
- Modify the DNS server at the device level to override the DHCP settings
- Modify the DNS server at the router level. This is useful if we want to apply the changes for all home network devices.
The DNS Toolbox
To get DNS information/records or to troubleshoot DNS issues, here is a list of useful tools :
|Google DNS||https://dns.google/||A public DNS Resolver that is provided by Google. Its advantage is that it provides an API to automatically retrieve DNS records.|
|Google dig tool||https://toolbox.googleapps.com/apps/dig/||A web version of the "dig" command provided by Google|
|DNS Map||https://dnsmap.io/||A tool to check DNS propagation. Useful when doing changes to your records|
|DNS Perf||https://www.dnsperf.com/||A tool that tracks the performance of well known authoritative servers, resolvers, and DNS Root servers|
|dig||http://manpages.ubuntu.com/manpages/jammy/en/man1/dig.1.html||DNS lookup command|
|nslookup||http://manpages.ubuntu.com/manpages/jammy/en/man1/nslookup.1.html||DNS lookup command|
|host||http://manpages.ubuntu.com/manpages/jammy/en/man1/host.1.html||DNS lookup utility|
There are below some useful tips as well related to DNS settings :
How do I know the resolver my device is using?
Using command lines
Command 1 : scutil --dns | grep 'nameserver[[0-9]*]' Command 2 : cat /etc/resolv.conf
Using computer settings
Settings > Network > Advanced > DNS Tab
How can I change my DNS resolver?
To perform this change for all home network devices, the modification should be done at the router level.
To change this setting for a specific device, there is a good guide that explains how this operation can be achieved according to the device type (Mac, Windows, Linux, Android, etc)
DNS business use cases
DNS protocol is also used to enable some business use cases such as :
- Ad Blocking: There are DNS servers that act as ad blockers in addition to DNS resolvers. Some examples can be found here
- Parental Control: A DNS Server can also be used as a parental control shield. OpenDNS is an example.
- Wifi Captive portal: wifi portals can be based on DNS servers to make sure that the user is always redirected to the wifi portal if he's not authenticated.
Here is a list of additional resources that can be checked to dig further into the subject :