Programming in almost language

This is the site where you may share your knowledge and experience to eachother..

  • Categories

  • LinkedIn

  • Tweet Me

  • My footsteps

  • Advertisements

Understanding DNS

Posted by Pratap on April 9, 2009

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } H1 { margin-bottom: 0.08in } H1.western { font-family: “Liberation Sans”, sans-serif; font-size: 16pt } H1.cjk { font-family: “DejaVu LGC Sans”; font-size: 16pt } H1.ctl { font-family: “DejaVu LGC Sans”; font-size: 16pt } TD P { margin-bottom: 0in } TH P { margin-bottom: 0in } –>


DNS (DOMAIN NAME SYSTEM) *******************************************************************************

===========Domain name================

A Domain name is simply defined as that which identifies one or more IP addresses.

Every domain name has a suffix that indicates which top level domain (TLD) it belongs to. They are:

# gov – Government agencies

# edu – Educational institutions

# org – Organizations (nonprofit)

# mil – Military

# com – commercial business

# net – Network organizations

# ca – Canada

# th – Thailand

Because the Internet is based on IP addresses, not domain names, every Web server requires a Domain Name System (DNS) server to translate domain names into IP addresses.

==========DNS(Domain name system)=========

DNS is a system that helps the computers to communicate with each other in the internet in a easy manner by specifying a meningful names other than the IP address, which is very difficult for us to remeber.

Actually DNS converts domain name to a particular IP address.

DNS mapping is a combination of both domain name and IP address

DNS also contains mappings the other way round, from the IP number to the machine name; this is called a “Reverse Mapping”.

A Domain Name System (DNS) includes three parts:

    1.Data which describes the domain(s)

    2.One or more Name Server programs.

    3.A resolver program or library.

The main configurtion file is located at /etc/named.conf . It contains different zones for different domains and the database file of those domains will be there inside the /var/named/ folder as db files.

DNS consists of a server and client component. The term client refers to a host requesting information from another host or server that provides information. A server is a host that is running an application or service that provides information to requesting clients. The server contains a database that consists of a name and a corresponding IP address. These records are used to keep track of the different names assigned to an IP address. They are used during the process of name to number translation. This database is referred to as the Hosts table or hosts file. The client side of this component is called the resolver; it sends requests to the server for a name to number translation.

The Hosts file contains data for translating names to IP addresses in the form of records called resource records. There are accepted standard resource records and some extra-added options that further evolve the assigning and resolution of names to an IP address.

============Resource Records=============

Resource records are the data elements that define the structure and content of the domain name space. All DNS operations are ultimately formulated in terms of resource records. Resource Records (RRs) are the DNS data records

Record Name

Record Type

Brief Definition of Record


Address (IP)

Maps an IP Address in standard dot notation to a host name.


Name Server

Identifies an authoritative name server for a domain zone.


Canonical NAME

Alias hostname for the official hostname.


Start Of Authority

Identifies the best name server for information on a unique domain. Only one SOA can be used per zone.



Reversely maps an IP address to a name versus mapping a name to an IP address like an “A record”


Host INFOrmation

Identifies hardware information of host.


Mail EXchange

Identifies a host that will deliver, receive and forward mail.

============Root Namesevers================

A root name server is a DNS server that answers requests for the DNS root zone, and redirects requests for a particular top-level domain (TLD) to that TLD’s nameservers. Essentially the DNS root name servers reliably publish the contents of one small file to the Internet. The file is called the root zone file.

The root zone file lists the names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs) such as ORG, COM, NL and AU

============Types of DNS Servers==============

There are two common types of DNS servers: the Authoritative DNS Name Server and The Non-Authoritative DNS Name Caching Server

An Authoritative DNS server is the authoritative source for all DNS requests made for a designated zone or domain. Authoritative servers can be a Primary or Secondary (slave) name server. The secondary server serves as a fault tolerance backup for the primary authoritative DNS server. It carries a copy of the primary server’s DNS database. The secondary DNS server can respond to other authoritative requests with an authoritative response which allows for load balancing between the Primary and Secondary and provides system fault tolerance in case of critical failure

A Non-Authoritative or Caching Only DNS server is not the delegated server for its existing zone or domain. It cannot respond to requests in an authoritative manor such as authoritative queries from other authoritative servers. It is the easiest to set up, requires no dependence on other authoritative servers, and can save time and bandwidth with little effort. The nonauthoritative server first requests the data from an authoritative server and caches it for a period of time (standard=24 hours). An administrator can set the TTL, but too long may result in with stale data.

============Nameserver Cache==================

The word cache refers to a store. In the computer world, the term usually refers to an area of memory set aside for storing information that has been recently obtained so it can be used again. In the case of DNS, caching is used by DNS name servers to store the results of recent name resolution and other requests, so that if the request occurs again it can be satisfied from the cache without requiring another complete run of the name resolution process. Due to how most people use computers, a particular request is often followed by another request for the same name, so caching can significantly reduce the number of requests that result in complete name resolution procedures.

An example is the best way to illustrate this. Suppose you are using a host on your company’s local network. This host is probably configured to use your company’s DNS name server to handle resolution requests. You type “” into your Web browser, which causes a resolution attempt to be made for that address. Most likely, your local DNS server doesn’t know that name, so it will follow the complete name resolution process to get its address. After doing this, your local DNS server will cache the name “” and the address associated with it.

If you click on a link for a page at that Web site, that new page will also probably be somewhere at the “” site. This will result in another DNS resolution request being sent off to your local DNS server again. However, this time, the local server will not have to perform a resolution; it remembers that this name is in its cache and returns the saved address for the name immediately. You get your answer faster, and unnecessary Internet traffic is avoided.

Caching is an essential efficiency feature that reduces DNS message traffic by eliminating unnecessary requests for recently-resolved names. Whenever a name is resolved the resulting DNS information is cached so it can be used for subsequent requests that occur shortly thereafter.

=============DNS – TTL================

One of the factors contributing to the flexibility of the Domain Name System (DNS), as we see it today, is the possibility to set a TTL value to a DNS server. TTL is defined as the Time To Live and refers to the capability of the DNS servers to cache DNS records. It represents the amount of time that a DNS record for a certain host remains in the cache memory of a DNS server after the latter has located the host’s matching IP address. The longer the TTL value is, the faster the domain resolution time periods will be. The TTL value can be set from one to several hours, if you are not planning any changes to your domain’s DNS records at the meantime. If you need to make such changes you will have to decrease the TTL value entry to several minutes to avoid any outdated data on your website.

The TTL value represents an essential part of the zone file of your domain name. In the basic format of any zone file, the time to live (TTL) field actually comes first

Examples of the TTL entry inside the /var/named/<domainname>.db file

$TTL 86400

$TTL 1440m

$TTL 24h

$TTL 1d

===============Domain Resolution===============

Domain resolution is a process of converting the domain name into its IP address.Whenever an url is typed on the address bar, then it will be searched on the local machine, if it is not found there , it will be checked on the primary nameserver for its ip. In case if primary nameserver is not accessble then the request will be gone to secondary name servers.So for a domain resolution it firsts checks locally for that domain, It starts with the nsswitch.

First it checks the nsswitch configuration file file(/etc/nsswitch.conf) and it is the nsswitch that sets the priority level.According to this priority level, next it checks the hosts file inside the /etc/hosts. Inside the /etc/hosts file there will be certains entries like Loopback address..etc..and If the information about the domain is not available, then it moves to moves to /etc/resolv.confThus the first part is over that is resolving the domain locallly.

Now the request goes to the to the resolv.conf file. The resolv.conf contains the nameservers IP, which connects to the ISPs. After reaching the ISP searches for the domain in their cache and if not it will query the root name server to check the registry. And from the registry the authoritative nameservers are fetched.

Then root server will follow its tree hierarchy according to the requested domain name e.g – suppose the requested url is In this case root name server will first go to name server for TLD “com” then it will look for name server for then once it get it , the nameserver for is searched and after getting the required name server , the A record for is returned by the authoriative name server to client server. Then

From there will be able to fetch the ‘A’ record of a particular domain and if it is not available inside the root name server it will query the authoritative name servers.

It will give back us the whois record of that domain, which is turn forwarded to the client machine.

After reaching the client it checks the /etc/named.conf file, /var/named/ db file whether the entries are made, then it checks the http configuration file /usr/local/apache/conf/httpd.conf. Thus we will be able to get the IP of a particular domain. Then we will be able to browse the domain using http srvice running at port 80 with using the IP address obtained from DNS resolution.Like this a particular domain gets resolved.

Resolution occurs when a client queries a name server to obtain the IP address with which it wants to connect. If a name server in the local domain cannot resolve a client’s request, it queries other servers to locate a server that can.

There are two types of resolution:

1)Iterative Queries

2)Recursive Queries

===============Iterative queries============

By default, a name server queries “iteratively” (or non-recursively). This means that it queries several name servers in turn until it finds an answer. It starts by consulting a known name server within the domain hierarchy that contains the destination machine. If it does not already know of a suitable server to ask, it first asks a server in the root domain. Each server responds by referring to a name server in the domain name hierarchy that is closer to the one containing the destination machine. The local server then repeats its query to the name server whose name and IP address it has just been given. In this way, the local server traverses the domain name space until it reaches a name server for the domain that contains the destination machine. This name server should be able to provide the IP address of the destination machine. “Obtaining an IP address by iterative query” illustrates how a client in the domain might obtain the IP address of the remote host

Obtaining an IP address by iterative query

The steps taken to resolve to its IP address are:

  1. The local client asks the local name server for the IP address of

  2. The local name server does not know the IP address of It also does not know the IP address of the name servers for or so it asks a root name server for the IP address of

  3. The root name server does not know the IP address of, but it does know the IP address of the name server for so it tells this to the local name server.

  4. The local name server asks‘s name server for the IP address of

  5.‘s name server does not know the IP address of, but it does know the IP address of the name server for so it tells this to the local name server.

  6. The local name server asks‘s name server for the IP address of

  7.‘s name server is authoritative for its zone so it can supply the IP address of

  8. The local name server passes the IP address of to the local client.

===================Recursive Queries====================

In a recursive query, a name server behaves like a client and asks another name server to either provide it with the answer to its query, or to return an error because it cannot supply an answer. Unlike an iterative query, the name server that is queried will not reply with a referral to a different name server.

================Reverse Mapping===================

Reverse mapping means translate the IP address to the domain/host names, as opposed to the domain name resolution process.

The Reverse DNS tool starts at your ip and goes backwards to find the host or domain which your IP is associated with. DNS stands for Domain Name System and acts as a phone book for all IPs. DNS is often used to find which ip a domain is attached to. When doing Reverse DNS, you are finding what domain an IP is attached to. Our Reverse DNS tool is the best way of fnding an IP’s host.Troubleshooting problems caused by faulty or non-existant reverse DNS can take considerable time and effort. It is much better to ensure that reverse DNS is configured correctly from the beginning.

You can configure reverse DNS by determining PTR records in a DNS server.


This might helps you.

Look beyond the horizon..


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: