Domain Name Servers
Posted by Christopher P. on November 13, 2014 01:06 PM
Domain Name Servers (DNS) provide a service very similar to the telephone directory. Most of us humans remember names better than they do numbers. Computers can remember numbers easily and can process them faster than names. IP addresses are numbers that indicate the identity of a particular device on a network. In the case of IPv4, they are written as four decimal numbers separated by periods ("dots") and this is referred to as dotted notation.
It is usually difficult to remember the IP address for Microsoft's World Wide Web server, but it is easy to remember "www.microsoft.com". The Domain Name Server acts like the white pages of the telephone directory. It maintains a list of network names and their corresponding IP addresses. So the entry for www.microsoft.com would look something like this
The web browser, when given "www.microsoft.com" as a destination, requests the IP address from the Domain Name Server (DNS) daemon. The DNS daemon looks in its database for the name and returns the IP address. The web browser then sends its request to that IP address in order to retrieve the Microsoft home page. This is referred to as a forward DNS lookup.
Sometimes an IP address is given instead of a name. In this case, the DNS daemon performs what is referred to as a reverse DNS lookup. It has a database that is set up so it can be searched on the IP address in order to find the corresponding name. So the entry for 220.127.116.11 would look something like this
This is similar to the phone lists that those annoying telemarketers use to call you during dinner to hawk their wares. The list contains phone numbers in numerical order, with the name of the resident to the right of the number. The reverse DNS lookup works the same way.
As there are millions of IP addresses, a single DNS server could not possibly be expected to contain all the addresses and their corresponding names. Because of this, DNS databases are distributed in a hierarchical manner. There are "root" DNS servers that basically remember the locations of other name servers which are authoritative for their domains. This means that each individual network must maintain a DNS database and daemon for the IP addresses that can be reached via that network. In this way, a DNS search proceeeds from the "root" name servers downward, getting progressively closer to the name server that actually knows the name and IP address of the destination in question.
If you see an IP address without a corresponding reverse DNS entry, it could be because:
Spammers usually want to hide the name of the spam host to avoid the consequences of spamming. A few site administrators think that going nameless is a good security measure since it provides no additional information to potential attackers.
Some network servers will refuse a connection to a host that has no reverse DNS entry, since their administrator believes that any unidentified host accessing the site is a potential security risk.
There are usually two, and sometimes three, nameservers for a particular domain. The primary nameserver is consulted first by the resolver on a host machine in order to obtain DNS information. If the primary does not respond, the resolver will attempt to obtain the information from the secondary. If a tertiary nameserver is listed in the InterNIC database (and hence in the root nameservers' databases), it will be queried if the secondary nameserver does not respond. If no DNS server responds, you will see a "No DNS entry" error message from your application.
DNS uses both TCP and UDP. It uses UDP datagrams for DNS lookups. It uses TCP however for zone transfers. A zone transfer is the method used by secondary nameservers to obtain the latest DNS information from the primary nameserver.
On another note, if you are setting up an SMTP mail server, make sure that the DNS MX record points to a DNS A record, and not a DNS CNAME record. If you fail to do this you will get weird operation of the SMTP server.