Share

What’s in a name? Resolving with DNS

According to Internet Live Stats, there are 996,814,563 websites on the internet! They all exist on millions of computers around the world, each with their own address. How are we able to find the one we’re looking for?

Image Credit: Carl Boisson

Image Credit: Carl Boisson

Behind the scenes, there’s a network of special computers called DNS servers. DNS servers are to networks as GPS devices are to drivers. They give directions to other computers in a similar fashion to how a GPS directs drivers to addresses.

The Basics

Every computer on the internet is assigned an IP address. This is a unique set of numbers which serve as a network location. 170.149.161.130, for example, tells us exactly where the computer that hosts the New York Times website lives on the internet. Imagine having to remember that to read the news. Now, imagine having to remember a set of numbers for each website you visit every day! Computers speak math, the language of numbers, but constantly typing out long strings of digits would make networks a pain to navigate. Domain Name System (DNS) servers act as a middle-man. Their primary function is turning people-friendly names (sites, domains) into computer-friendly numbers (IP addresses). This process is called name resolution.

Navigating Networks

When you tap a location on your GPS, it shows the name of the establishment in plain English (or your language of choice). In actuality, the name you entered corresponds to a set of numbers within the GPS, known as longitude latitude (and sometimes altitude). To make it easier for you, it translates the names to numbers and vise-versa.

“It’s far easier to search for directions to ‘The New York Times building’ than for 40° 45′ 23″ N, 73° 59′ 24″ W
40.756389, -73.99″

Before it can help people find the computers, printers, and files they need, a DNS server needs to have a record of where these things live within a network. This is handled through DNS Zones. You can think of a DNS zone as you would a set of addresses in your GPS. The latest GPS units will have a few set of addresses which group points of interest such as restaurants, parks, and gas stations. On top of all of that, there is a “home” button. Similarly, DNS zones have “directions” to different areas of a network, and a primary zone which directs to the domain (home).

Image Credit: Carl Boisson

Image Credit: Carl Boisson

Get Directions

Some of the common zones found in DNS include: Forward Lookup Zones, Reverse Lookup Zones, and Stub Zones. A Forward Lookup Zone contains a set of addresses that can be found if you know the name of the resource you’re looking for. If you know that a resource you’re looking for resides on Puppies.com, you would use that term to query it and that address would be found in the Forward Lookup Zone. This is akin to searching for “Puppy Paradise” by name to find its address on a GPS.

A Reverse Lookup Zone contains a set of names that correspond to addresses and is used to determine the name that corresponds to a specific IP address. If you’re trying to determine which resource is located at 10.10.1.2, searching with that IP would yield the name of the resource (i.e. Puppies.Com). This can be likened to inputting 40.603216 , -73.959591 into a GPS to verify that Puppy Palace is at that location.

A Stub Zone doesn’t contain direct addresses to resources. Instead, it points to other DNS servers that have Forward and Reverse Lookup Zones that are outside of that DNS’s domain. Imagine you have an American GPS, and need a European address (GLONASS). When you searched for this address, there would be a link to a European device that has that address. (At the time of this writing, I’m not sure this is a real feature of GPS devices).

Sorting our Address Book

Within DNS zones are specific addresses to the resources that a zone contains. These are referred to as Resource Records of which there are seven common types: SOA, NS, A, PTR, CNAME, MX, SRV. We won’t get into the details of each record type now but, if you’d like to learn more, a thorough overview can be found here. These records can include names that correspond to addresses (A), addresses that point to names (PTR), and records for special addresses like e-mail servers (MX). One of these records (SOA) is critical to DNS’ functionality. This allows a DNS resolver (the client making the DNS query) to determine if that server has authority to declare whether or not a resource can be found on that domain.

I Need Answers!

The search for an Authoritative server isn’t always so easy. DNS servers can be spread across many floors of a branch office, or even across continents. In order to streamline the process, two types of queries are used for name resolution: Recursive Queries and Iterative Queries. Let’s illustrate.

Congratulations, you’re the CEO of a Fortune 500 company which manufactures rubber duckies. You need to find out how many duckies were sold in India last May. You call in your Vice President of sales in Asia, and ask him to show you the numbers, but he’s clueless. As the boss, you expect direct answers; it would be unacceptable to to ask someone else. This would be an example of a Recursive Query. In the same manner, when a DNS server makes a recursive query, it is expecting a definitive (authoritative) yes or no, and not to be directed to other DNS servers.

Your VP of Asian sales is now embarrassed by his lack of preparation. He’s frantically searching for anyone who may have the specific sales report you requested. He e-mails the VP of international marketing in Brussels, who tells him to call the President of rubber production in Calcutta, who in turn directs him to Skype the VP of Global sales in Damascus, who, finally, is able to forward the Indian Duckie Sales report to the VP of Asian sales. This is an example of an Iterative Query. Similarly, a DNS server makes an iterative query with the understanding that it may be directed to several other servers before it finds the address it’s looking for.

Now your VP of Asian sales can tell you that your company sold 200,000 rubber duckies last May, the same way a DNS server would resolve the address of the site you searched for (authoritative yes). Because he was able to get in touch with the person responsible (authoritative) for generating that report, he could’ve also told you that the report isn’t ready/available, the same way a DNS server could come back with a “webpage is not available” message (authoritative yes). In either case, the DNS server with authority for the domain was able to give a definitive yes or no.

Just Scratching the Surface

There’s much more to DNS than what was covered here, like understanding underlying technology, standards, and implementation. I’ve provided a few links of how you can dig further into this topic. Thanks for reading!

Written by Carl Boisson on Medium.com