Domain Name System (DNS):

IP address are tough for human to remember and impossible to guess. Domain Name
System are usually used to translate a hostname or Domain name (eg. nec.edu.np) into an IP
address (eg. 202.37.94.177). Domain name comprise a hierarchy so that names are unique, yet
easy to remember.

DNS is an application layer protocol defines how the application processes running on different
systems, pass the messages to each other.

o DNS stands for Domain Name System.

o DNS is a directory service that provides a mapping between the name of a host on the
network and its numerical address.

o DNS is required for the functioning of the internet.

o Each node in a tree has a domain name, and a full domain name is a sequence of symbols
specified by dots.

o DNS is a service that translates the domain name into IP addresses. This allows the users
of networks to utilize user-friendly names when looking for other hosts instead of
remembering the IP addresses.

o For example, suppose the FTP site at EduSoft had an IP address of 132.147.165.50, most
people would reach this site by specifying ftp.EduSoft.com. Therefore, the domain name
is more reliable than IP address.

DNS is a TCP/IP protocol used on different platforms. The domain name space is divided into
three different sections: generic domains, country domains, and inverse domain.
Generic Domains

o It defines the registered hosts according to their generic behavior.

o Each node in a tree defines the domain name, which is an index to the DNS database.

o It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

mil Military groups

museum Museum & other nonprofit organizations

name Personal names

net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain

The format of country domain is same as a generic domain, but it uses two-character country
abbreviations (e.g., us for the United States) in place of three character organizational
abbreviations.

Inverse Domain

The inverse domain is used for mapping an address to a name. When the server has received a
request from the client, and the server contains the files of only authorized clients. To determine
whether the client is on the authorized list or not, it sends a query to the DNS server and ask for
mapping an address to the name.

Working of DNS

o DNS is a client/server network communication protocol. DNS clients send requests to the
server while DNS servers send responses to the client.

o Client requests contain a name which is converted into an IP address known as a forward
DNS lookups while requests containing an IP address which is converted into a name
known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available on the
internet.

o If a client like a web browser sends a request containing a hostname, then a piece of
software such as DNS resolver sends a request to the DNS server to obtain the IP address
of a hostname. If DNS server does not contain the IP address associated with a hostname,
then it forwards the request to another DNS server. If IP address has arrived at the
resolver, which in turn completes the request over the internet protocol

Service Provided by DNS:

We have just seen that there are two ways to identify a host – by a hostname and
by an IP address. People prefer the more mnemonic hostname identifier, while
routers prefer fixed-length, hierarchical structured IP addresses. In order to
reconcile these preferences, we need a directory service that translates hostnames
to IP addresses. This is the main task of the Internet’s domain name system (DNS).
The DNS is a distributed database implemented in a hierarchy of DNS servers, and
an application-layer protocol that allows hosts to query the distributed database.

The DNS servers are often UNIX machines running the Berkeley Internet Domain
(BIND) software [BIND 2012] . The DNS protocol runs over UDP and uses port
53.

DNS is commonly employed by other application-layer protocols-including HTTP,

SMTP, and FTP – to translate user-supplied hostnames to IP addresses.

As an example, consider what happens when a browser (that is, an HTTP client),
running on some user’s host, requests the URL www.someschool.edy/index.html .
In order for the user’s host to be able to send an HTTP request message to the web
server www.someschool.edu, the user’s host must first obtain the IP address of
www.someschool.edu .This is done as follows:

1. The same user machine runs the client side of the DNS application

2. The browser extracts the hostname, www.someschool.edu , from the URL

and passes the hostname to the client side of the DSN application

3. The DNS client sends a query containing the hostname to a DNS server
4. The DNS client eventually receives a reply, which includes the IP address
for the hostname

5. Once the browser receives the IP address from DNS, it can initiate a TCP
connection to the HTTP server process located at port 80 and that IP
address.

We see from this example that DNS adds an additional delay – sometimes
substantial – to the internet applications that use it. Fortunately, as we discuss
below, the desired IP address is often cached in a “nearby” DNS server, which
helps to reduce DNS network traffic as well as the average DNS delay.

DNS provides a few other important services in addition to translating hostnames

to IP addresses:

Host Aliasing

A host with a complicated hostname can have one or more alias names. For
example, a hostname such as relay1.west-coast.enterprise.com could have , say,
two aliases such as enterprise.com and www.enterprise.com . In this case, the
hostname relay1.west-coast.enterprise.com is said to be canonical hostname.
Alias hostnames, when present, are typically more mnemonic than canonical
hostnames. DNS can be invoked b an application to obtain the canonical hostname
for a supplied alias hostname as well as the IP address of the host.

Mail Server Aliasing

For obvious reasons, it is highly desirable that e-mail addresses by mnemonic. For
example, if Bob has an account with Hotmail, Bob’s e-mail address might be as
simple as [email protected]. However, the hostname of Hotmail mail server is
more complicated and much less mnemonic than simply Hotmail.com (for
example, the canonical hostname might be something like relay1.west-
coast.hotmail.com). DNS can be invoked by a mail application to obtain the
canonical hostname for a supplied alias hostname as well as the IP address of the
host. In fact, the MX record (see below) permits a company’s mail server and web
server to have identical (aliased) hostnames; for example, a company’s web server
and mail server can both be called enterprise.com.
Load Distribution

DNS is also used to perform load distribution among replicated servers, such as
replicated Web servers. Busy sites, such as cnn.com, are replicated over multiple
servers, with each running on a different end system and having a different IP
address. For replicated web servers, a set of IP addresses is thus associated with
one canonical hostname. The DNS database contains this set of IP addresses.
When clients make a DNS query for a name mapped to a set of addresses, the
server responds with the entire set of IP addresses, by rotates the ordering of the
addresses within each reply. Because a client typically sends its HTTP request
message to the IP address that is listed first in the set, DNS rotation distributes the
traffic among the replicated servers.

DNA rotation is also used for e-mail so that multiple mail servers can have the
same alias name. also, content distribution companies such as Akamai have used
DNS in more sophisticated ways to provide web content distribution.

DNS Records and Messages:

The DNS servers that together implement the DNS distributed database
store resource records (RRs).

A resource record is a four-tuple that contains the following fields:

(Name, Value, Type, TTL)

TTL is the time to live of the resource record; it determines when a resource should

be removed from a cache.

The meaning of Name and Value depend on Type:

•If Type=A, then Name is a hostname and Value is the IP address

for the host name.

•If Type=NS, then Name is a domain (such as foo.com) and Value is the hostname

of an authoritative DNS server that knows how to obtain the IP addresses for

hosts in the domain.

•If Type=CNAME, then Value is a canonical hostname for the alias hostname

Name. This record can provide querying hosts the canonical name for
a host name.

•If Type=MX, then Value is the canonical name of a mail server that has an alias

Host name name.

DNS Messages

The first 12 bytes is the header section, which has a number of fields.

•The first field is a 16-bit number that identifies the query. This identifier is

copied into the reply message to a query, allowing the client to match received

replies with sent queries.

•There are a number of flags in the flag field.

A 1-bit query/reply flag indicates whether the message is a query (0) or a

reply (1). A1-bit authoritative flag is set in a reply message when a DNS server

is an authoritative server for a queried name.

A 1-bit recursion-desired flag is set when a client (host or DNS server) desires
that the DNS server perform recursion when it doesn’t have the record.

A 1-bit recursion available field is set in a reply if the DNS server supports

recursion.

•In the header, there are also four number-of fields. These fields indicate the

number of occurrences of the four types of data sections that follow the

header.

•The question section contains information about the query that is being made.

This section includes (1) a name field that contains the name that is being

queried, and (2) a type field that indicates the type of question being asked

about the name

•In a reply from a DNS server, the answer section contains the resource records

for the name that was originally queried.

The authority section contains records of other authoritative servers.

•The additional section contains other helpful records

The first 12 bytes is the

header section, which has a
number of fields.
• The first field is a 16-
bit number that identifies
the query. This identifier is
copied into the reply message
to a query, allowing the client
to match received
replies with sent queries.
• There are a number of
flags in the flag field.
A 1-bit query/reply flag
indicates whether the
message is a query (0) or a
reply (1). A1-bit authoritative
flag is set in a reply message
when a DNS server
is an authoritative server for a
queried name.
A 1-bit recursion-desired flag
is set when a client (host or
DNS server) desires
that the DNS server perform
recursion when it doesn’t
have the record.
A 1-bit recursion available
field is set in a reply if the
DNS server supports
recursion.
• In the header, there are
also four number-of fields.
These fields indicate the
number of occurrences of
the four types of data
sections that follow the
header.
• The question section
contains information about
the query that is being made.
This section includes (1) a
name field that contains the
name that is being
queried, and (2) a type field
that indicates the type of
question being asked
about the name
• In a reply from a DNS
server, the answer section
contains the resource records
for the name that was
originally queried.
The authority section contains
records of other authoritative
servers.
• The additional section
contains other helpful records