preloader
DNS for Dummies: Part 2
Suhesh Kasti
Networking
January 13, 2025

DNS for Dummies: Part 2

Taking a deep dive into the journey of a DNS query, understanding recursive and authoritative servers, common DNS records, and the underlying technical mechanisms.

How Does DNS Work? 🌐

Every time we visit a website, our system undertakes an invisible yet intricate process to resolve the domain into an IP address. Let’s follow the journey of a domain query, using suhesh.com.np as our example.

Some jargons I will use below

  • Stub Resolver
  • Recursive Resolver
  • Authoritative Server

A stub resolver is the simplest DNS client—usually built into your operating system. It’s responsible for:

  • Sending a query to an LDNS server.
  • Receiving the resolved IP.
  • Storing the result temporarily in your device’s local DNS cache.

Example: Your PC or smartphone is using a stub resolver when querying suhesh.com.np.

A recursive resolver handles the heavy lifting in the DNS process. It:

  • Acts on behalf of the stub resolver to locate the requested IP address.
  • Queries multiple DNS servers (root, TLD, authoritative).
  • Caches responses to speed up subsequent lookups.

Example: Google’s 8.8.8.8 or your ISP’s DNS server.

An authoritative server holds the definitive information about a domain.

  • Stores DNS records for domains it manages.
  • Responds with the appropriate IP address or relevant record for a query.

Example: Cloudflare’s authoritative server for suhesh.com.np knows the exact IP (172.67.222.11).

The Journey of a Domain Query 🚀

When you type suhesh.com.np into your browser, the DNS resolution journey looks like this:

1. Local Check:

  • Host File
  • DNS Cache
  • Network gateway's Cache

Your PC first checks its local hosts file.

Where is the hosts file located?

  • Windows: C:\Windows\System32\drivers\etc\hosts
  • Linux/Unix: /etc/hosts

There domain to IP can be mapped as follows so that the IP is used directly. Host file

If there is no entry for the domain in the hosts file then your PC checks it’s operation system’s local DNS cache for a cached record to avoid querying a server.

Sites are cached when you visit the site for a certain time(TTL) so that querying the server is not required.

If there is no entry for the domain locally cached in the PC as well then the DNS cache of your network gateway(router) is searched for a cached record to avoid querying a server.

Sites are cached when you visit the site for a certain time(TTL) so that querying the server is not required.


2. Querying LDNS:
  • If the IP is not found locally, your system queries the Local DNS Server (LDNS). But what is an LDNS?

  • ISP
  • Public
  • On-Premise

When you use your Internet Service Provider’s (ISP) DNS server, your device typically sends all DNS queries to this server by default.

Example Scenario:

  • Setup: Your router has a default DNS server IP like 192.168.1.1, which points to the ISP’s DNS server.
  • Query Path: The DNS request for suhesh.com.np is forwarded to the ISP’s DNS server. If the ISP’s server has the record cached, it responds immediately; otherwise, it follows the recursive resolution process.
# Check your device's DNS
cat /etc/resolv.conf

Pros:

  • No additional setup required.
  • Often optimized for local ISPs’ networks.

Cons:

  • May lack privacy protections.
  • Slower or less reliable compared to public options.

Public DNS servers are reliable, fast, and often provide added features.

ProviderPrimary DNSSecondary DNSFeatures
Google DNS8.8.8.88.8.4.4Reliable and globally distributed.
Cloudflare DNS1.1.1.11.0.0.1Fast and privacy-focused.
AdGuard DNS94.140.14.1494.140.15.15Blocks ads and trackers.
Use Case:

You switch to Cloudflare’s 1.1.1.1 to improve website load speed and ensure your DNS queries aren’t logged by the ISP.

Changing DNS Settings (Linux):
sudo nmcli dev show | grep 'IP4.DNS' # Show current DNS
sudo nano /etc/resolv.conf # Modify DNS
Pros:
  • Speed and reliability.
  • Advanced features like ad blocking (AdGuard) or better privacy (Cloudflare).
Cons:
  • Dependency on external entities.

On-premise DNS servers offer control and security, often used by organizations or enthusiasts.

Corporate Use Case:

Businesses often host DNS servers internally to:

  • Ensure faster name resolution within the company’s network.
  • Control and monitor employee DNS requests for security purposes.

Pros:

  • Full control over DNS records.
  • Customization for specific network needs.

Cons:

  • Requires technical expertise and maintenance.
  • Higher setup costs.

We can set up a Pi-Hole server on a Raspberry Pi at home to block ads and trackers for all devices on our network.

Configuration:

  • Raspberry Pi runs as a DNS server at 192.168.1.2.
  • All devices on the network point to this server for DNS queries.
# Installing Pi-Hole
curl -sSL https://install.pi-hole.net | bash


3. Recursive Resolution:
  • If the LDNS doesn’t have the record in its cache, it acts as a recursive resolver, initiating the process of finding the IP.
  • It starts at the root DNS servers, managed by 13 authorities using an anycast network, directing queries to the nearest available server.
    Note: The root servers sort of operate in a “I know a person who knows a person” kind of situation. They doesn’t know the final IP but points to the recursive resolver to nameservers managing the Top Level Domain(TLD) server.
4. TLD Nameservers:
  • The .com.np TLD, managed by Mercantile, provides the IP for the nameservers responsible for suhesh.com.np.

Top-Level Domain (TLD) servers are a crucial part of the Domain Name System (DNS). When a recursive resolver queries the root server for a domain name, the root server responds with the address of the TLD server responsible for that domain’s TLD (e.g., .com, .org, .in).

TLD Servers maintain the list of authoritative name servers for domains under their specific TLD. These servers help in the resolution process by directing the query to the correct authoritative server for a domain.

  • Generic TLDs (gTLDs)
  • Country Code TLDs (ccTLDs)
  • Sponsored TLDs (sTLDs)
  • Infrastructure TLDs

Generic TLDs are the most common and widely used domain extensions, often associated with their initial use cases (e.g., .com for commercial, .org for organizations).

Examples:
  • Traditional gTLDs: .com, .net, .org
  • Modern gTLDs: New gTLDs introduced to accommodate the demand for domain names, such as:
    • Tech-related: .io, .tech
    • Community-based: .club, .shop
    • Fun and niche: .gg, .zip, .xyz
Uses of gTLDs:
  • .com: Most popular, used for businesses or general-purpose websites.
  • .org: Typically used by nonprofits and organizations.
  • .io: Common among startups and tech-focused sites.
  • .gg: Popular in the gaming community.

Country code TLDs represent specific countries or territories. They are assigned based on the ISO 3166-1 alpha-2 country codes.

Examples:
  • United States: .us
  • India: .in
  • Nepal: .com.np
Uses of ccTLDs:
  • Localization of services and products for specific countries.
  • Trust-building among local users (e.g., businesses in Nepal prefer .com.np for local recognition).
Fun Fact:

Some ccTLDs, though country-specific, are widely used globally because of their uniqueness or relevance. For instance:

  • .me (Montenegro): Often used for personal blogs or profiles.
  • .tv (Tuvalu): Popular among video or streaming services.

These are a subset of gTLDs managed by specific organizations and are restricted to certain purposes.

Examples:
  • .gov: Restricted to US government entities.
  • .edu: Reserved for accredited educational institutions.
  • .mil: Used exclusively by the US military.

An example is .arpa, which is reserved for technical infrastructure purposes, such as reverse DNS lookups.


5. Authoritative Nameservers:
  • The query reaches Cloudflare’s authoritative nameservers, where a zone file maps suhesh.com.np to its IP ( 172.67.222.11). This is sent back to the resolver.
6. Response to the User:
  • The IP (172.67.222.11) is sent back through the resolver to your browser, which establishes a connection to load the website.

Note: Since the user receives answer back from the recursive resolver, the issue of asymmetric routing doesn’t occur

Understanding Zone Files 📄

A zone file is like the rulebook for a domain, that contains the mapping between domain names and IP addresses, along with other records. Zone files are managed by authoritative name servers and are essential for DNS functionality. Each zone file defines a DNS zone, which represents a portion of the DNS namespace.

A zone file is structured in Resource Record (RR) format, consisting of several records that define how a domain and its subdomains are handled. It starts with a Start of Authority (SOA) record, followed by various resource records such as A, AAAA, PTR, MX, CNAME, TXT, and others.

$TTL 86400       ; Default Time to Live for zone data
@   IN  SOA ns1.suhesh.com.np. admin.suhesh.com.np. (
        2025011501 ; Serial (YYYYMMDDNN format)
        3600       ; Refresh interval
        1800       ; Retry interval
        1209600    ; Expiry interval
        86400      ; Minimum TTL
)

; Name Server Records
@       IN  NS   ns1.suhesh.com.np.
@       IN  NS   ns2.suhesh.com.np.

; A Records (IPv4 address mapping)
@       IN  A    192.0.2.1                ; Root domain IPv4
www     IN  A    192.0.2.2                ; Subdomain for web
mail    IN  A    192.0.2.3                ; Subdomain for mail server

; AAAA Records (IPv6 address mapping)
@       IN  AAAA 2001:0db8::1             ; Root domain IPv6
www     IN  AAAA 2001:0db8::2             ; Subdomain for web (IPv6)

; PTR Records (Reverse DNS)
1.2.0.192.in-addr.arpa. IN PTR suhesh.com.np. ; IPv4 reverse lookup
3.2.0.192.in-addr.arpa. IN PTR mail.suhesh.com.np. ; Mail server reverse lookup

; CNAME Records (Aliases)
www     IN  CNAME suhesh.pages.dev.       ; Alias for hosted site
suhesh.com.np. IN  CNAME suhesh.pages.dev.

; MX Records (Mail Exchange)
@       IN  MX   10 mail.suhesh.com.np.   ; Primary mail server
@       IN  MX   20 backup-mail.example.com. ; Backup mail server

; TXT Records (Text and Verification)
@       IN  TXT  "v=spf1 ip4:192.0.2.0/24 ~all"  ; SPF record
@       IN  TXT  "This is a test TXT record for suhesh.com.np"
_dmarc  IN  TXT  "v=DMARC1; p=none; rua=mailto:[email protected]"

  • SOA Record:

    • ns1.suhesh.com.np.: Primary name server.
    • admin.suhesh.com.np.: Administrative contact email ([email protected], replacing the first . with @).
    • Timings specify refresh, retry, expiry, and default TTL.

  • A Records:

    • Root domain (@) points to 192.0.2.1.
    • www.suhesh.com.np resolves to 192.0.2.2.

  • AAAA Records:

    • IPv6 equivalents of the A records.

  • PTR Records:

    • 192.0.2.1 resolves to suhesh.com.np for reverse DNS lookups.
    • Reverse lookups ensure IP addresses can be mapped to hostnames.

  • CNAME Records:

    • www.suhesh.com.np is an alias for suhesh.pages.dev.
    • suhesh.com.np is also an alias, facilitating hosting on Cloudflare.

  • MX Records:

    • Specifies two mail servers for redundancy.
    • Preference is determined by the priority value (lower number = higher priority).

  • TXT Records:

    • SPF ensures only IPs in 192.0.2.0/24 can send emails on behalf of the domain.
    • _dmarc specifies a DMARC policy to monitor mail authentication.

Some Common DNS Records 🛠️

  • SOA (Start of Authority)
  • A (Address)
  • AAAA (IPv6 Address)
  • CNAME (Canonical Name)
  • MX (Mail Exchange)
  • PTR (Pointer)
  • SRV (Service)
  • TXT (Text)

Description:
The SOA record is a mandatory record in DNS zone files and defines authoritative information about the domain. It specifies the primary DNS server, email address of the admin, and timing settings for refreshing zone data.

Example:

@   IN  SOA ns1.suhesh.com.np. admin.suhesh.com.np. (
        2025011501 ; Serial number
        3600       ; Refresh interval (1 hour)
        1800       ; Retry interval (30 mins)
        1209600    ; Expiry interval (14 days)
        86400      ; Minimum TTL (1 day)
)

Breakdown:

  • Primary DNS server: ns1.suhesh.com.np. indicates the primary nameserver.
  • Admin email: admin.suhesh.com.np. translates to [email protected].
  • Serial: Updates sequentially for tracking changes (format: YYYYMMDDNN).
  • Timing values: Control how often other servers sync zone data.

Description:
The A record maps a domain name to an IPv4 address. It’s the most common record used for name-to-address resolution.

Example:

@   IN  A 192.0.2.1
www IN  A 192.0.2.2

Breakdown:

  • @: Represents the root domain (suhesh.com.np in this case).
  • www: Resolves the www.suhesh.com.np subdomain to 192.0.2.2.
  • Usage: Critical for websites, APIs, or any service running on an IPv4 address.

Description:
The AAAA record is like the A record but maps domain names to IPv6 addresses.

Example:

@   IN  AAAA 2001:0db8::1
www IN  AAAA 2001:0db8::2

Breakdown:

  • @: Maps the root domain to 2001:0db8::1.
  • Why IPv6? IPv4 has limited addresses; IPv6 expands the pool massively.

Description:
The CNAME record creates an alias, redirecting one domain name to another without associating directly with an IP address.

Example:

www     IN  CNAME suhesh.pages.dev.
suhesh.com.np. IN  CNAME suhesh.pages.dev.

Breakdown:

  • www.suhesh.com.np is an alias for suhesh.pages.dev.
  • This allows updates to be managed centrally on suhesh.pages.dev.

Description:
The MX record directs email for a domain to a mail server. Priority determines the order mail servers are tried.

Example:

@   IN  MX   10 mail.suhesh.com.np.
@   IN  MX   20 backup-mail.example.com.

Breakdown:

  • Priority 10: Mail server mail.suhesh.com.np has the highest priority.
  • Priority 20: Backup server backup-mail.example.com.
  • Tip: Lower priority number = Higher priority.

Description:
The PTR record is used in reverse DNS. It maps an IP address to a domain name for validation purposes.

Example:

1.2.0.192.in-addr.arpa. IN PTR suhesh.com.np.

Breakdown:

  • The IP 192.0.2.1 maps to suhesh.com.np.
  • Commonly used for verifying email sender authenticity.

Description:
The SRV record specifies a service’s location, including protocol, port, and priority.

Example:

_service._tcp.suhesh.com.np. IN SRV 10 5 5060 sip.suhesh.com.np.

Breakdown:

  • _service: Service name (e.g., _sip for VoIP).
  • _tcp: Protocol used.
  • 10: Priority (lower is preferred).
  • 5: Weight (higher gets more traffic).
  • 5060: Port for the service.

Description:
The TXT record stores text data for verification or metadata purposes, such as SPF, DKIM, and site ownership verification.

Example:

@       IN  TXT  "v=spf1 ip4:192.0.2.0/24 ~all"
_dmarc  IN  TXT  "v=DMARC1; p=none; rua=mailto:[email protected]"

Breakdown:

  • SPF: Ensures only IPs in 192.0.2.0/24 can send mail.
  • DMARC: Policy for email authentication reporting.

Registrar

Before you can start using the DNS service, you must first have a domain. This is achieved by using a service called registrar. A registrar handles the reservation of domain names.

Very often the same company that offers domain registration also offers web hosting and DNS management.

Resource Record Sets (RRSETs)

An RRSET is a group of resource records with the same name, class, and type but possibly different data.
For example, if you have multiple A records for load balancing:

  www.suhesh.com.np. IN A  104.21.25.25
  www.suhesh.com.np. IN A  172.67.222.11

This group forms an RRSET.

  • Importance:
    Ensures all records of the same type for a specific domain are returned together, preventing incomplete or ambiguous answers.

DNS Delegation

  • What Is It?
    DNS delegation is the process of assigning responsibility for a subdomain to another DNS server.
    To delegate a subdomain such as delegated.suhesh.com.np, tell DNS resolvers where to find the zone file: For example:

    • The root server delegates .com to Verisign (the registry for .com TLD).
    • Verisign delegates suhesh.com.np to Cloudflare

  • Why Use Delegation?

    • Scales DNS by distributing the management of subdomains.
    • Example setup: A company managing example.com might delegate sales.example.com to a separate department or team.

TTL (Time to Live)

  • Definition:
    TTL is a duration (in seconds) that tells resolvers how long to cache a record before requesting an update.

  • Use Case:

    • Short TTLs: Good for dynamic content, as changes propagate faster.
    • Long TTLs: Better for static services, reducing DNS server load.

  • Example:

    www.suhesh.com.np. IN A 192.0.2.1 3600

    Here, the TTL is 3600 seconds (1 hour).

Zone Delegation

  • How It Works:

    • Parent zones (like .com.np) maintain NS records pointing to child zones (e.g., suhesh.com.np).
    • These NS records specify the authoritative servers for the child zone.

  • Example Delegation Setup:
    Parent zone com.np might include:

    suhesh.com.np. IN NS ns1.cloudflare.com.
suhesh.com.np. IN NS ns2.cloudflare.com.

DNS Failover and Load Balancing

  • DNS Failover:
    Configured using multiple A or CNAME records and leveraging health checks.
    Example:

    www.suhesh.com.np. IN A 192.0.2.1
www.suhesh.com.np. IN A 192.0.2.2

    If 192.0.2.1 is down, traffic shifts to 192.0.2.2.

  • Load Balancing:
    Uses RRSETs with multiple records for load sharing across servers.
    Cloudflare and other DNS providers often implement this alongside traffic routing policies.

Reverse DNS (rDNS)

  • Purpose:
    Maps IP addresses to domain names, often for verification purposes (like email authentication).

  • Example of a PTR Record:

    1.2.0.192.in-addr.arpa. IN PTR suhesh.com.np.

  • Key Use Cases:

    • Email services check PTR records for spam prevention.
    • Provides more context in logs for troubleshooting.

Root Hints

  • Definition:
    Root hints are the list of IP addresses of the root DNS servers, hard-coded into most DNS servers.

  • Use:
    These servers guide resolvers to TLD nameservers. If your DNS server doesn’t have a cache, it refers to root hints for direction.

Split-Horizon DNS

  • What Is It?
    A DNS configuration that serves different results based on the source of the DNS query (e.g., internal vs. external users).

  • Example Use Case:

    • Internal users: Resolve suhesh.com.np to 192.168.0.1 (internal IP).
    • External users: Resolve suhesh.com.np to 203.0.113.1 (public IP).

The entire DNS Series Explore DNS Cheat Sheet

Tags

Word Quiz

Correct := 0 | Wrong := 0

Question?

Fill the Answer

Correct:= 0 | Wrong:= 0

Question

Comments

comments powered by Disqus

Related Posts

BigIP: Guided Web Application Security Config

BigIP: Guided Web Application Security Config

This comprehensive blog post provides a detailed breakdown of configuring security policies in BIG-IP ASM, covering essential elements such as policy types, enforcement modes, learning modes, and signature accuracy settings. It offers practical examples and explanations for each component, helping you enhance the security of your web applications.

Read More
BigIP: Security Features

BigIP: Security Features

This comprehensive blog post provides a detailed breakdown of configuring security policies in BIG-IP ASM, covering essential elements such as policy types, enforcement modes, learning modes, and signature accuracy settings, offering practical examples and explanations for each component.

Read More
F5 101 Certification Exam

F5 101 Certification Exam

Let's Prepare for F5 101 certification exam. This is going to be the most comprehensive guide to practice for F5 101 Exam

Read More
Previous ← DNS for Dummies: Part 1 Next DNS for Dummies: Part 3 →