Introduction to the Domain Name System
(redirected from Openbsd.Dns)
Why use names?
There are over 4 billion possible IP addresses and an astronomical number of IPv6 addresses. Since humans have a difficult time remembering numbers, the Internet uses names like example.com. Instead of typing IP addresses like 192.168.0.1 into our web browser, we type names like example.com. Computers take these hostnames and find their associated IP addresses, a process called name resolution.
host, usage, and nslookup(1) are three utilities that can perform name resolution.
How DNS works
To perform name resolution, the client (such as a web browser) needs a name resolver. The name resolver then queries (requests information from) a name server. This name server could be run by your ISP, your router, or a server in a data center.
For example, if you visit the webpage https://example.com
, your web
browser will resolve the name example.com
into the IP address
93.184.215.14
.
$ host example.com example.com has address 93.184.215.14 example.com has IPv6 address 2606:2800:21f:cb07:6820:80da:af6b:8b2c example.com mail is handled by 0 .
Distributed Name System
DNS is distributed. This means that there is no single name server that knows about every single domain on the Internet. Instead, this information is spread out across millions of servers all across the Internet.
We can find which nameservers provide the information for example.com
as
follows:
$ host -t ns example.com example.com name server a.iana-servers.net. example.com name server b.iana-servers.net.
The two nameservers that contain the DNS records for example.com are
a.iana-servers.net
and b.iana-servers.net
. Internet RFCs require that
each domain should be served by at least two nameservers.
A distributed name system is robust and practical. If -- instead of a distributed name system -- all DNS records were only put on a single name server, then if that one name server went offline, name resolution for the entire Internet would fail!
To achieve a distributed system, name servers are delegated authority
over their own zones. For example, you might be delegated authority
for the zone example.org
. Your nameserver would control and define
the records for everything within example.org
. If you wanted to run a mail
server, you might create a subdomain such as mail.example.org
. Your
nameservers for the zone might be ns1.example.org
and ns2.example.org
,
and these nameservers would need to provide the correct DNS records so that
mail.example.org
would resolve to the correct IP addresses.
To further distribute the load, you might delegate control over the subdomain
www.example.org
to other nameservers (maybe to an outside organization), so
that the other organization (and not ns1.example.org
and
ns2.example.org
) would handle those records.
The outside organization would be responsible for the zone
www.example.org
, but that organization would have no direct control over
example.org
. The outside organization is not able to define records
outside of its delegated zone.
This distributed design makes DNS more resilient and shares the workload and data storage across multiple servers. This makes it possible to scale up to the size of the global Internet.
Because DNS was designed to be distributed, we recommend running your own nameservers. In particular, it's recommended to avoid non-free service providers for DNS services. Relying on non-free 3rd-party providers may result in privacy and censorship issues.
Domains
The hierarchy of DNS is like an inverted tree. At the very top is the
root domain, which all domains belong to. The root domain is represented
by a single period .
The root domain is at the very top of the DNS system.
Next, you have top-level domains (TLDs) such as com, net, and org. After
this come the second-level domains like example.org
.
Usually, when you pay money to register a domain, you are registering a
second-level domain. For example, example.org
might be one such
second-level domain you could register for an annual fee. [[dns/registrars|To
register a domain]], you would go to a name registrar and pay a fee.
Once you purchase a (second-level) domain, you can create your own subdomains free of charge.
Setting up name server
If you register a domain, the registrar will usually let you specify your own
name servers. By convention, the nameservers are often named ns1
and
ns2
, so the hostnames will be ns1.example.org
, ns2.example.com
, and
so forth. There will often be a web panel where you can input the nameservers
and their IP addresses (these are known as glue records). When
someone on the Internet queries your domain name, these glue records provide
the IP addresses for your nameservers. The resolver will query these
nameservers directly to find the actual data for your domain.
Nameserver types
There are two types of nameservers.
One type of nameserver providers answers for zones it has been delegated. Because the nameserver has 'authority over the zone, it is known as an authoritative name server. OpenBSD provides the authoritative nameserver nsd in its base system.
The other type of nameserver helps resolve names it has no control over. Instead of providing authoritative answers, caching nameservers request DNS records from other nameservers, and caches the results to help speed up the lookup of common requests. This is a caching name server, and OpenBSD provides the caching nameserver unbound in its base system.
See Also: