• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft DNS Articles
• Understanding DNS
• Understanding Host Name Resolution
• Configuring DNS Clients
• DNS and Active Directory Integration
• DNS Server Roles
• Installing and Configuring DNS
• Integrating DNS Server with DHCP and WINS
• Monitoring and Troubleshooting DNS
• Planning and Implementing a DNS Namespace
• Planning DNS Zone Replication
• Securing DNS
• Securing DNS Servers
• Understanding DNS Queries and Lookups
• Understanding DNS Zones
• Renaming Domains
• Articles Menu
• » Windows Server
• » Microsoft Networking
• » Microsoft Security
• » Active Directory
• » Microsoft IIS
• » Microsoft IPSec
• » Microsoft DNS
• » Microsoft DHCP
• » Microsoft WINS
• » Microsoft Filesystems
• » Remote Access
• » Microsoft Exchange
• » Microsoft SMS
• » Microsoft ISA Server
• » Microsoft Biztalk Server
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

Understanding DNS

Domain Name Service (DNS) Overview

Domain Name Service (DNS) enables applications and users to connect to hosts in TCP/IP based networks by specifying a name. DNS is a hierarchically distributed database that creates hierarchical names that can be resolved to IP addresses. The IP addresses are then resolved to MAC addresses. DNS therefore provides the means for naming IP hosts, and for locating IP hosts when they are queried for by name.

The protocols and standards of DNS provide the following key components:

• The method for updating address information in a DNS database.
• The method for querying address information in a DNS database.
• he schema of the DNS database.
• The ability of replicating address information between DNS servers in the DNS topology.

The HOSTS files were used to resolve host names to IP addresses before DNS was in existence. The HOSTS files were manually maintained by administrators. The HOSTS file was located on a centrally administered server on the Internet. Each site or location that needed to resolve host names to IP addresses had to at regular intervals download a new copy of the HOSTS file. The size of the HOSTS file grew as the Internet grew. The traffic that was generated from downloading a new copy of the HOSTS file also grew. This led to the design and implementation of Domain Name Service (DNS) in 1984, the hierarchically distributed database that can resolve host names to IP addresses.

The main design requirement of DNS provides the following key features over the HOST file.

• A hierarchical name space
• Hostnames in the DNS database can be distributed between multiple servers
• The database has an unlimited size.
• Extensible data types
• Together with supporting host name to IP address mappings, different data types are supported as well.
• No degrade in performance as more servers are added . the database is scalable.
• Distribution of administration . naming can be managed individually for each partition.

From the days of Windows NT Server 4.0, DNS has been included with the operating system. DNS is the primary name registration and resolution service in Windows 2000 and Windows Server 2003, and provides the following features and services:

• A hierarchically distributed and scalable database.
• Provides name registration, name resolution and service location for Windows 2000 and Windows Server 2003 clients.
• Locates domain controllers for logon.

The Differences between the NetBIOS Naming System and DNS

Before discussing the differences between the NetBIOS naming system and DNS, lets first look at the different name types used in Windows operating systems:

• Computer name: This is the name which an administrator assigns to a computer. To verify the computer name of a computer:
  1. Right-click My Computer, and select Properties from the shortcut menu.
  2. Click the Computer Name tab to verify the computer.s name.
• NetBIOS name: A unique name used to identify a NetBIOS resource on the network. The NetBIOS name is resolved to an IP address for communication to occur.
• Host name: A host name is assigned to a computer to identify a host in a TCP/IP network. The host name can be described as being the alias that is assigned to a node, to identify it. When the host name is used and not the IP address, the host name has to be resolved to an IP address for IP communication to occur. The HOSTS file is a text file that contains host names to IP addresses mappings. The HOSTS file is stored locally.
• Fully qualified domain name (FQDN): This is the DNS name that is used to identify a computer on the network. FQDNs have to be unique. The FQDN usually consists of the following:
  • Host name
  • Primary DNS suffix
  • Period
• DNS Name: A DNS name is a name that can include a number of labels that are segregated by a dot. When a DNS name displays the entire path, it is known as the Fully Qualified Domain Name (FQDN).
• Alias: This is name used instead of another name. The Canonical Name (CNAME) is an alias name in DNS.
• Nickname: This is another name used for a host. It is usually an abbreviated version of the FQDN. A nickname has to be unique for each node if you want to map it the FQDN.
• Primary DNS suffix: Computers running in a Windows Server 2003 network are assigned primary DNS suffixes for name registration and name resolution purposes. The primary DNS suffix is also referred to as the primary domain name, or domain name.
• Connection-specific DNS suffix: This is a DNS suffix which is assigned to an adapter. The connection-specific DNS suffix is called the adapter DNS suffix.

The name differences between the NetBIOS naming system and DNS namespace are noted below:

• A NetBIOS name cannot be greater than 16 characters.
• With DNS, up to 255 characters can be used for names.
• The NetBIOS naming system is a flat naming system.
• The namespace used by DNS is a hierarchical space, or hierarchical system. The DNS naming system is called the domain namespacef. If you decide to use a private domain namespace, and there is no interaction with the Internet, it does not have to be unique.

Understanding the DNS namespace

The naming system used by DNS is a hierarchical namespace, called the DNS namespace. The DNS namespace has a unique root. The root can contain numerous subdomains. Each subdomain also can contain multiple subdomains. The DNS namespace uses a logical tree structure wherein an entity is subordinate to the entity which resides over it. Each node in the DNS domain tree has a name, which is called a label. The label can be up to 63 characters. Nodes that are located on the same branch within the DNS domain tree must have different names. Nodes that reside on separate branches in the DNS hierarchy can have the same name.

Each node in the DNS domain tree or DNS hierarchy is identified by a FQDN. This is a DNS domain name that specifies the node.s location in relation to the DNS domain tree/hierarchy. A domain name can be defined as the list of labels along the path from the root of the DNS domain tree/hierarchy to a particular node. The FQDN is the entire list of labels for a specific node.

Each domain registered in DNS is connected to a DNS name server. The DNS server of a domain provides authoritative replies to queries for that particular domain.

Internet Corporation for Assigned Names and Numbers (ICANN) manages the DNS root of the Internet domain namespace. ICANN manages the assignment of globally unique identifiers which are key to the operation of Internet. This includes the following components:

• Internet domain names
• IP addresses
• Port numbers
• Protocol parameters

Below the root DNS domain are the top-level domains. These top-level domains are also managed by ICANN. The top-level domains managed by ICANN are:

• Organizational domains: Organizational domains have the following characteristics:
  • Organizational domains can be used globally.
  • They are named via a three-character code.
  • The code defines the main function of the organizations of the DNS domain.
• Geographical domains: Geographical domains have the following characteristics:
  • Geographical domains are usually used by organizations not residing in the United States.
  • They are named via a two-character country and region codes.
  • The codes were established by the International Organization for Standardization (ISO) 3166.
  • The codes identify a country, such as .uk for the United Kingdom
• Reverse domains: These domains are used for IP address to name mappings. This is called reverse lookups.

The additional top-level domains defined by ICANN in late 2000 are:

• .aero; for the air transportation industry
• .biz; for businesses
• .coop; for cooperatives
• .info; for information
• .museum; for museums
• .name; for individual names
• .pro; for credentialed professions such as attorneys.

The common top-level domain names used are:

• .com; commercial organizations
• .edu; for educational institutes.
• .gov; for government.
• .int; for international organizations.
• .mil; for military organizations
• .net; for Internet providers, and networking organizations
• .org; non-commercial organizations
• .uk; United Kingdom
• .us; United States
• .ca; Canada
• .jp; Japan

Understanding DNS Components and Terminology

The components which DNS is dependant on and the terminology used when discussing and managing DNS are listed below:

• DNS server: This is a computer running the DNS Server service, or BIND; that provides domain name services. The DNS server manages the DNS database that is located on it. The DNS server program, whether it is the DNS Server service or BIND; manages and maintains the DNS database located on the DNS server. The information in the DNS database of a DNS server pertains to a portion of the DNS domain tree structure or namespace. This information is used to provide responses to client requests for name resolution.

  When a DNS server is queried it can do one of the following:

  • Respond to the request directly by providing the requested information.
  • Provide a pointer (referral) to another DNS server that can assist in resolving the query
  • Respond that the information is unavailable
  • Respond that the information does not exist

  A DNS server is authoritative for the contiguous portion of the DNS namespace over which it resides.

  The following types of DNS servers exist:

  • Primary DNS server: This DNS server owns the zones defined in its DNS database, and can make changes to these zones.
  • Secondary DNS server: This DNS server obtains a read-only copy of zones via DNS zone transfers. A secondary DNS server cannot make any changes to the information contained in its read-only copy. A secondary DNS server can however resolve queries for name resolution. Secondary DNS servers are usually implemented for the following reasons:
    • Provide redundancy: It is recommended to install one primary DNS server, and one secondary DNS server for each DNS zone (minimum requirement). Install the DNS servers on different subnets so that if one DNS server fails, the other DNS server can continue to resolve queries.
    • Distribution of DNS processing load: Implementing secondary DNS servers assist in reducing the load of the primary DNS server.
    • Provide fast access for clients in remote locations: Secondary DNS servers can also assist in preventing clients from transversing slow links for name resolution requests.
• DNS zones: A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority, or is authoritative. A zone is a portion of a namespace . it is not a domain. A domain is a branch of the DNS namespace. A DNS zone can contain one or more contiguous domains. A DNS server can be authoritative for multiple DNS zones.
• Zone files store resource records for the zones over which a DNS server has authority.
• DNS client: This is a machine that queries the DNS server for name resolution. To issue DNS requests to the DNS server, DNS resolvers are used.
• Queries: The types of DNS queries which can be sent to a DNS server are:
  • Recursive queries
  • Iterative queries
• DNS resolvers: These are programs that use DNS queries to request information from the DNS servers. In Windows Server 2003, the DNS Client service performs the function of the DNS resolver. A DNS resolver can communicate and issue name queries to remote DNS servers, or to the DNS server running locally. When a DNS resolver receives a response from a DNS server, the resolver caches the information locally. The local cache is then used if the same information is requested.
• Resource records: The DNS database contains resource records (entries) that are used to resolve name resolution queries sent to the DNS server. Each DNS server contains the resource records it needs to respond to name resolution queries for the portion of the DNS namespace for which it is authoritative.
• Root servers: A root server performs the following functions when a query cannot be resolved from the local zone files:
  • Returns an authoritative answer for a particular domain.
  • Returns a referral to another DNS server that can provide an authoritative answer

How DNS Resolves Queries

A DNS client queries a DNS server to resolve a name. The query contains the following important information:

• The DNS domain name in the FQDN format.
• The query type
• The class for the DNS domain name

A DNS client uses one of three query types to query a DNS server:

• Iterative queries: The DNS server provides the best answer it can. This can be:
  • The resolved name
  • A referral to a different DNS server
• Recursive queries: The DNS server has to reply with the requested information, or with an error. The DNS server cannot provide a referral to a different DNS server.
• Inverse queries: The query sent to the DNS server is to resolve the host name associated with a known IP address. All the domains have to be queried to provide a correct answer to the query.

If a DNS server cannot find a match for a queried name in its zone information, or in its cache; the DNS server performs recursion to resolve the name. This is the default configuration for DNS servers. Recursion is the process whereby which the DNS server queries other DNS servers for the client. By the initial DNS server querying the other DNS servers, recursion actually ends up making the initial DNS server a DNS client!

In order to perform recursion, root hints assist the DNS server in determining where in the DNS namespace it should commence searching for the queried name. Root hints is a collection of resource records which the DNS Server service utilizes to locate DNS servers who are authoritative for the root of the DNS domain namespace structure. If you are using Windows Server 2003 DNS, a preconfigured root hints file named Cache.dns already exists. The file can be found in the WINDOWS\System32\Dns directory. Cache.dns contains the addresses of root servers in the Internet DNS namespace, and is preloaded to memory when the DNS Server service initiates.

If however recursion is disabled for the DNS server, and the DNS server cannot find a match for the queried name in its zone information, or in its cache; the client begins to perform iterative queries. The root hint referrals from the DNS server are used for iterative queries. When a client performs iterative queries, the client sends repeated requests to different DNS servers to resolve the queried name.

The events that occur to resolve a name requested in a query are explained below:

1. The resolver sends a recursive DNS query to its local DNS server, to request the IP address of a particular name.
2. Because the local DNS server cannot refer the resolver to a different DNS server, the local DNS server attempts to resolve the requested domain name.
3. The local DNS server checks its zones.
4. If it finds no zones for the requested domain name, the local DNS server sends an iterative query for the requested name to the root DNS server.
5. The root DNS server is authoritative for the root domain. It responds with an IP address of a name server for the specific top-level domain.
6. The local DNS server next sends an iterative query for the requested name to this name server who in turn replies with the IP address of the particular name server servicing the requested domain name.
7. The local DNS server then sends an iterative query for the requested name to the particular name server servicing the particular domain.
8. The name server responds with the requested IP address.
9. The IP address is returned to the resolver.

The different query response types which can be returned from the DNS server are:

• Authoritative answer: This is a positive response which is returned to a client. The authority bit set in the DNS message indicates that the reply was received from a DNS server that has direct authority for the name queried in the message.
• Positive answer: This response type returns the queried resource record that corresponds to the name and record type queried in the original query.
• Referral answer: A referral response is returned if the DNS server does not support recursion. A referral contains additional resource records for resolving the request.
• Negative answer: A negative answer is returned to the client when the following events occur:
  • The name queried does not exist in the DNS namespace. This information is obtained from an authoritative server.
  • The authoritative server indicated that the name queried does exist in the DNS namespace. However, there are no resource records of this type present for the requested name.

How caching works in DNS

In DNS, caching is used to reduce traffic on the network that is generated from queries sent to DNS servers. The DNS Server service and the DNS Client service both utilize caching to improve DNS performance, and reduce DNS specific traffic.

• DNS Server Cache: When the DNS server performs recursive queries for clients, the DNS server stores the resource records in its DNS server cache. If the same information is requested again, the cached information is used. The contents of the DNS server cache is removed when the DNS Server service is stopped. You can also manually remove the contents of the DNS server cache by using the DNS console, the management console for administering DNS.
• DNS Client Cache: This cache is also referred to as the DNS resolver cache. Information is added to the DNS client cache when the following events occur:
  • The DNS Client service starts: The records in the HOSTS file are loaded into the DNS client cache.
  • The DNS server responds to a client.s request: When the DNS server returns a response to a query, the information is added to the DNS client cache.
  The contents of the DNS client cache is removed when the DNS Client service is stopped.

Related Articles on DNS

• What is DNS?
• How do I flush DNS?
• How do I find my DNS servers?
• What are public DNS servers?
• How do I perform a DNS lookup?
• What is reverse DNS?
• What is a dynamic DNS?
• What are DNS root servers?
• Understanding DNS

Bookmark Understanding DNS

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum