What is the Domain Name System(DNS)

-

     

    DNS or the Domain Name System is a service that is provided to map layer 3 IP Addresses to names that we can remember. Since computers don't speak in terms of 'names' you need to have some sort of mapping service to tell the computer, what IP a certain name is referring to. This is a lot like a phone book(if your old) or a contact list on your phone. We, as humans, are not very good at remembering numbers so we create contacts in our phones that 'maps' a persons name to their phone number. This makes it easier for us to be able to communicate with a lot more people. This DNS service is usually ran on a server and there are DNS servers on your LAN as well as ones that service the Internet. These DNS servers handle the DNS queries that machines send when they need to figure out what a particular name maps to. 

    There are multiple types of queries - recursive, iterative, and non-recursive. Before we talk about the queries we must talk about the DNS resolver. The DNS resolver, which is one of the types of DNS servers, is responsible for checking if the hostname is already in its local cache. If the resolver doesn't have an entry for that hostname then it will recursively query DNS servers, starting at the root, until it receives a response from an authoritative server. The first type of query is the Recursive Query. This happens when a DNS resolver or server must do a recursive lookup starting at the root of the tree(.) and going down the tree until an authoritative server responds. The next type of query is the Iterative Query. This query is different from the recursive query in that the client actually communicates directly with each DNS server involved in the lookup. In this case the DNS resolver will respond if it has the record in its cache but if it does not it responds with the root server or authoritative servers address. The last type of query is the Non-Recursive Query. This query happens when the DNS resolver already knows the answer and can immediately respond with either the DNS record or responds with the authoritative server for that zone. The image below is illustrates how a machine sends a DNS request and a DNS resolver recursively looks for the requested domain name. 



    There are three types of DNS servers - DNS resolvers, authoritative DNS root servers, and non authoritative servers. The image below shows the root server, which is the top of the DNS 'tree', and doesn't actually respond to queries other than give the addresses for the top level domain servers based on the extension of the domain(.com, .net, .edu). The top level domain(TLD) servers also don't respond to specific queries except for with other server that are authoritative for the zone. There are a total of 13 root name servers around the world and these are known to every recursive resolver. The Top Level Domains(TLD's) are pictured in yellow below. The TLD's are one level below the root level. 

The way the DNS Hierarchy is read is from bottom up. In this example, www.novell.com has three parts. 

www  - Sub-Domain(service or hostname you are reaching)
novell - Second level domain name
com    - Top Level Domain Name
  .        -  Root Level  

Even though we don't actually put the (.) at the end it is there and a part of the DNS hierarchy.

What are Zones ?
Zones are specific portions of a DNS namespace that are managed by a organization. For example, the zone novell.com is a specific portion of the com zone that is under the administration of novell, the organization. 


So how does the DNS server keep track of all this information ? 
DNS servers have resource records to help keep track and identify the different types of data it holds. Some of the types of records are:
  • A record: This type of record maps a hostname to an IPv4 address
  • CNAME: This is known as the cononical name and is really just an alias for another name
  • AAAA record: This type of record maps a hostname to an IPv6 address
  • MX record: The Mail Exchanger record specifies a host that is responsible for responding to email for a specific domain.

In short, DNS is a crucial part of the Internet and we use it everyday despite us not thinking about it very much. Thank you for taking the time to read this article and 
































Comments

Post a Comment

Popular posts from this blog

AWS Identity and Access Management(IAM)

-
Image
 IAM   With the cloud becoming more and more prevalent, how do we secure who can access cloud resources and which resources can speak to each other. This very important problem is solved with AWS Identity and Access Management(IAM) resource.  IAM enables you to control who can access your AWS environment, what actions they can perform, and which resources they can interact with. It allows you to set fine-grained permissions and policies to meet your security and compliance requirements. So what are the parts that make up Identity and Access Management(IAM) ? - User groups - Users - Roles - Policies - Identity Provider Lets go into more detail about each resource that makes up IAM. User groups are groups you can define to logically group users together that perform similar functions in job. This is kind of like having different groups for different job roles. Users are just the manually configured users created for use on the management console. This is where you define all the diffe
Read more

AWS Virtual Private Clouds(VPCs)

-
Image
   In the spirit of my last blog on cloud computing, we will discuss VPC's in this blog.  What are VPC's ? Before I answer this question I need to explain this picture and the terms used. In AWS(and other cloud providers) we have several things that make up the global cloud infrastructure. Those things are Regions, Availability Zones, and Edge Locations(not pictured). A region is a geographical area around the world that consist of multiple availability zones. An availability zone can be thought of as multiple discrete data centers that have separate power, cooling, networking, and housed in separate buildings. Edge locations are places where CloudFront caches your content to provide ultra-low latency delivery of your content. According to AWS they currently have 32 regions, 102 availability zones, and more than 550 PoP's(points of presence). These things together make it possible to create global resources in minutes that serve millions of customers.  A VPC or Virtual Pri
Read more

IPSec VPN - Fundamentals

-
A VPN, or Virtual Private Network, is a way to establish a tunnel between two endpoints, like two routers or two endpoints. VPN’s are used to provide a way of secure communication over an unsecure medium. A simple example would be secure communication between two branch offices over the unsecure internet. This is important because we need secure communication so that people can’t eavesdrop and steal important company information. Oftentimes, people misunderstand VPN's and think just because "private" is in the name that it's secure. This is not always the case, especially in the service provider world where there are different types of VPN's that do not provide any sort of encryption. IPSec VPN's do however provide encryption and other features. There are several different types of VPN’s that can be deployed. The most common ones are Site-To-Site and Remote Access, although there are many more and depending on the use case, the most common could be differe
Read more