Introduction to the Domain Name System
(redirected from Openbsd.Dns)
Why Use Names?
There are over 4 billion possible IPv4 addresses and an
astronomical number of IPv6 addresses. Since humans have a
difficult time remembering numbers, the Internet uses names like
example.com. Instead of typing an IP address like 192.168.0.1 into a web
browser, users can type example.com. Computers take these hostnames and
find their associated IP addresses, a process called name resolution.
host, usage, and nslookup(1) are three utilities that can perform name resolution.
How DNS Works
To perform name resolution, the client (software such as a web browser) needs a name resolver. The name resolver then queries (requests information from) a name server. This name server could be run by an ISP, a router, or a server in a data center.
For example, if a user visits the webpage https://example.com, the user's
web browser will resolve the name example.com into the IP address
93.184.215.14.
$ host example.com example.com has address 93.184.215.14 example.com has IPv6 address 2606:2800:21f:cb07:6820:80da:af6b:8b2c example.com mail is handled by 0 .
Distributed Name System
DNS is distributed. This means that there is no single name server that knows about every single domain on the Internet. Instead, this information is spread out across millions of servers all across the Internet.
To find which nameservers provide the information for example.com,
run the command:
$ host -t ns example.com example.com name server a.iana-servers.net. example.com name server b.iana-servers.net.
This requests the NS records? for example.com. In this example,
it reports two nameservers that contain the DNS records for example.com:
a.iana-servers.net and b.iana-servers.net. Internet RFCs require that
each domain must be served by at least two nameservers.
A distributed name system is robust and practical. If, instead of a distributed name system, one nameserver kept all records, then the amount of storage and bandwidth needed by that one server would grow exponentially over time. It might also result in a single point of failure for the entire Internet.
To achieve a distributed system, name servers are delegated authority
over their own zones. For example, you might be delegated authority
for the zone example.org. Your nameserver would control and define
the records for everything within example.org. If you wanted to run a mail
server, you might create a subdomain such as mail.example.org. Your
nameservers for the zone might be ns1.example.org and ns2.example.org,
and these nameservers would need to provide the correct DNS records so that
mail.example.org would resolve to the correct IP addresses.
To further distribute the load, you might delegate control over the subdomain
www.example.org to other nameservers (perhaps even to an outside
organization), so that the other organization (and not
ns1.example.org and ns2.example.org) would handle those records.
The outside organization would be responsible for the zone
www.example.org, but that organization would have no direct control over
example.org. The outside organization is not able to define records
outside of its delegated zone.
This distributed design makes DNS more resilient and shares the workload and data storage across multiple servers. This makes it possible to scale up to the size of the global Internet.
Because DNS is designed to be distributed, you are encouraged to run your own nameserver. In particular, it's recommended to avoid non-free service providers for DNS services. Relying on non-free 3rd-party providers may result in privacy and censorship issues.
Domains
The hierarchy of DNS is like an inverted tree. At the very top is the
root domain, which all domains belong to. The root domain is represented
by a single period (.). The root domain is at the very top of the DNS
system. Next, there are top-level domains (TLDs) such as com,
net, and org. After this come the second-level domains like
example.org.
Usually, users pay money to register a second-level domain. For example,
example.org might be one such second-level domain a user could register for
an annual fee. To register a domain, the user would go to a
name registrar and pay a fee.
Once a second-level domain is purchased, users can usually create subdomains free of charge.
Setting up name server
When a user registers a domain, the registrar will usually allow the owner to
specify the name servers for the domain. By convention, the nameservers are
often named ns1 and ns2, so the hostnames will be ns1.example.org,
ns2.example.com. There will often be a web panel where the owner can input
the nameservers and its IP addresses (these are known as
glue records). When someone on the Internet queries the
domain name, these glue records provide the IP addresses for the nameservers.
The resolver will afterwards query these nameservers directly to find the
actual data for the domain.
Nameserver types
There are two types of nameservers:
Authoritative Nameserver
The first type of nameserver providers answers for zones it has been delegated. Because the nameserver has authority over the zone, it is known as an authoritative name server. OpenBSD provides the authoritative nameserver nsd in its base system.
Caching Nameserver
The other type of nameserver helps resolve names the nameserver has no authority over. Instead of providing authoritative answers, caching nameservers request DNS records from other nameservers, and caches the results to help speed up the lookup of common requests. This is a caching nameserver, and OpenBSD provides the caching nameserver unbound in its base system.