Dns Terminology Components And Concepts
DNS, or the Domain Name System, is often a very strenuous part of learning how to configure websites and servers. Understanding how DNS works will assist you diagnose difficulties with configuring accesses to your websites and will allow you to broaden your understanding of what's going on behind the incidents.
In this govern, we will discuss some important DNS concepts that will aid you knocked the ground running with your DNS configuration. After tackling this govern, you should be prepared to set up your domain name with F(x) data cloud or set up your very own DNS server.
Before we leap into setting up your own servers to resolve your domain or setting up our domains in the command body, let's go over some basic concepts about how all of this actually works.
We should begin by being our terms. While some of these topics are acquainted from other discourses, there are many terms used when talking about domain names and DNS that aren't used too often in other venues of reasoning .
Let's commence uncomplicated:
Domain Name System
The domain name system, more commonly known as "DNS" is the networking system in place that allows us to resolve human-friendly names to special addresses.
a domain name is the human-friendly name that we are used to associating with an internet resource. For example, "google.com" is a domain name. Some people will say that the "google" section is the domain, but we can generally refer to the combined form as the domain name.
The url "google.com" is associated with the servers owned by google Inc. The domain name system allows us to approach the google servers when we symbol "google.com" into our browsers.
an ip address is what we call a network addressable venue. Each IP address must be special within its network. When we are talking about websites, this network is the whole internet.
IPv4, the most communal form of addresses, are written as four sets of numbers, each set having up to three digits, with each set separated by a dot. For instance, "126.96.36.199" could be a binding IPv4 IP address. With DNS, we map a name to that address so that you do not have to remember a complicated set of numbers for each place you wish to stop by on a network.
a top-level domain, or TLD, is the most general part of the domain. The top-level domain is the far section to the right (as separated by a dot). communal top-level domains are "com", "net", "org", "gov", "edu", and "io".
Top-level domains are at the top of the hierarchy in terms of domain names. definite parties are given management command over top-level domains by ICANN (Internet Corporation for Assigned Names and Numbers). These parties can then give domain names under the TLD, usually through a domain employee.
Within a domain, the domain possessor can be solo hosts, which refer to apart experts or services accessible through a domain. For instance, most domain possessors make their web servers accessible through the unclothed domain (instance.com) and also through the "host" definition "www" (www.instance.com).
You can have other host definitions under the general domain. You could have API accesses through an "api" host (api.instance.com) or you could have ftp accesses by being a host labelled "ftp" or "records" (ftp.instance.com or records.instance.com). The host names can be absolute as long as they are exclusive for the domain.
a subject related to hosts are subdomains.
DNS works in a hierarchy. TLDs can have many domains under them. For example, the "com" TLD has both "google.com" and "ubuntu.com" underneath it. A "subdomain" refers to any domain that is part of a large domain. In this case, "ubuntu.com" can be said to be a subdomain of "com". This is typically just labelled the domain or the "ubuntu" part is labelled a sld, which means ordinal stage domain.
Likewise, each domain can regulate "subdomains" that are located under it. This is usually what we convey by subdomains. For example you could have a subdomain for the history department of your education at "www.history.education.edu". The "history" section is a subdomain.
The disagreement between a host name and a subdomain is that a host defines a computer or resource, while a subdomain extends the parent domain. It is a mode of subdividing the domain itself.
Whether talking about subdomains or hosts, you can commence to see that the left-most parts of a domain are the most accurate. This is how DNS works: from most to least accurate as you read from left-to-right.
Fully Qualified Domain Name
a fully qualified domain name, often labelled FQDN, is what we call a direct domain name. Domains in the DNS system can be given relational to one another, and as such, can be somewhat ambiguous. a fqdn is a direct name that specifies its area in relation to the direct root of the domain name system.
This means that it specifies each parent domain including the TLD. a proper FQDN ends with a dot, telling the root of the DNS hierarchy. an instance of a fqdn is "mail.google.com.". Sometimes app that calls for FQDN does not demand the ending dot, but the trailing dot is demanded to conform to ICANN grades.
a name server is a computer designated to translate domain names into IP addresses. These servers do most of the work in the DNS system. Since the whole number of domain translations is too much for any one server, each server may redirect question to other name servers or representative responsibility for a set of subdomains they are accountable for.
Name servers can be "authoritative", conveying that they give replies to queries about domains under their regulate. Otherwise, they may point to other servers, or serve cached copies of other name servers' data.
a zone file is an uncomplicated matter file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when an user asks a definite domain name.
Zone records reside in name servers and generally be the resources accessible under an accurate domain, or the place that one can go to get that information.
Within a zone file, records are kept. In its uncomplicated form, a record is basically an individual mapping between a resource and a name. These can map a domain name to an ip address, be the name servers for the domain, be the mail servers for the domain, etc.
How DNS Works
Now that you are acquainted with some of the terminology involved with DNS, how does the system actually work?
The system is very easy at a high-level overview, but is very complex as you look at the details. general though, it is a very reliable structure that has been necessary to the adoption of the internet as we know it today.
As we said above, DNS is, at its core, a hierarchical system. At the top of this system is what are known as "root servers". These servers are commanded by different organizations and are delegated dominance by ICANN (Internet Corporation for Assigned Names and Numbers).
There are currently 13 root servers in operation. However, as there are a wonderful number of names to resolve every note, each of these servers is actually mirrored. The captivating action about this set up is that each of the mirrors for a solo root server share the same IP address. When asks are made for a definite root server, the question will be way to the adjacent mirror of that root server.
What do these root servers do? Root servers handle questions for information about Top-level domains. So if an ask comes in for something a lower-level name server cannot resolve, a query is made to the root server for the domain.
The root servers won't actually know where the domain is entertained . They will, however, be able to direct the requester to the name servers that handle the specifically asked top-level domain.
So if an ask for "www.wikipedia.org" is made to the root server, the root server will tell not find the result in its records. It will check its zone files for a listing that matches "www.wikipedia.org". It will not find one.
It will instead find a record for the "org" TLD and give the questioning entity the address of the name server accountable for "org" addresses.
The requester then sends a brand-new question to the IP address (given to it by the root server) that is accountable for the top-level domain of the question.
So, to continue our instance, it would send an ask to the name server accountable for knowing about "org" domains to see if it knows where "www.wikipedia.org" is located.
Once again, the requester will look for "www.wikipdia.org" in its zone records. It will not find this record in its records.
However, it will find a record listing the IP address of the name server accountable for "wikipedia.org". This is getting much closer to the respond we want.
Domain-Level Name Servers
At this point, the requester has the IP address of the name server that is accountable for knowing the effective IP address of the resource. It sends a brand-new question to the name server questioning , once again, if it can resolve "www.wikipedia.org".
The name server checks its zone records and it finds that it has a zone file associated with "wikipedia.org". Inside of this file, there is a record for the "www" host. This record tells the IP address where this host is located. The name server returns the closing respond to the requester.
What is a Resolving Name Server?
In the above scenario, we referred to a "requester". What is the requester in this situation?
In almost all cases, the requester will be what we call a "resolving name server" a resolving name server is one configured to question other servers asks. It is basically an intermediary for an user which caches preceding query results to upgrade speed and knows the addresses of the root servers to be able to "resolve" questions made for things it doesn't already know about.
Basically, an user will usually have a few resolving name servers configured on their computer system. The resolving name servers are usually given by an isp or other organizations. For example google provides resolving DNS servers that you can query. These can be either configured in your computer automatically or manually.
When you symbol an url in the address bar of your browser, your computer first looks to see if it can find out locally where the resource is located. It checks the "hosts" file on the computer and a few other venues. It then sends the question to the resolving name server and waits back to collect the IP address of the resource.
The resolving name server then checks its cache for the reply. If it doesn't find it, it goes through the levels outlined above.
Resolving name servers basically compress the questioning processes for the end user. The cases simply have to know to request the resolving name servers where a resource is located and be assured that they will investigate and return the closing reply.
We mentioned in the above processes the concept of "zone files" and "records".
Zone records are the path that name servers accumulation information about the domains they know about. Every domain that a name server knows about is stored in a zone file. Most asks approaching to the normal name server are not something that the server will have zone records for.
If it is configured to handle algorithmic queries, like a resolving name server, it will find out the respond and return it. Otherwise, it will tell the questioning party where to look next.
The more zone records that a name server has, the more asks it will be able to reply authoritatively.
a zone file describes a dns "zone", which is basically a set of the whole DNS labelling system. It generally is used to configure just an individual domain. It can include a number of records which be where resources are for the domain in ask.
$beginning is a parameter equal to the zone's advanced stage of dominance by failure.
So if a zone file is used to configure the "instance.com." domain, the
$beginning would be set to
This is either configured at the top of the zone file or it can be been in the DNS server's configuration file that references the zone file. Either route, this parameter describes what the zone is going to be influential for.
$TTL configures the "time to live" of the information it provides. It is basically an official. a caching name server can use previously asked
results to reply requests until the TTL ideal runs out.
Within the zone file, we can have many non-identical record symbols. We will go over some of the more communal (or obligatory symbols) here.
The Start of Authority, or SOA, record is a mandatory record in all zone files. It must be the first real record in a file (although $beginning or $TTL specifications may appear above). It is also one of the most complex to understand.
The begin of dominance record looks something like this:
domain.com. IN SOA ns1.domain.com. admin.domain.com. ( 12083 ; serial number 3h ; refresh interval 30m ; retry interval 3w ; expiry period 1h ; negative TTL )
Let's inform what each part is for:
domain.com.: This is the root of the zone. This specifies that the zone file is for the
domain.com.domain. Often, you'll see this replaced with
@, which is just a placeholder that substitutes the contents of the
$beginningvariable we learned about above.
IN SOA: The "IN" portion means internet (and will be present in many records). The SOA is the indicator that this is a Start of Authority record.
ns1.domain.com.: This defines the primary master name server for this domain. Name servers can either be master or slaves, and if dynamic DNS is configured one server needs to be a "primary master", which goes here. If you haven't configured dynamic DNS, then this is just one of your master name servers.
admin.domain.com.: This is the email address of the administrator for this zone. The "@" is replaced with a dot in the email address. If the name portion of the email address normally has a dot in it, this is replace with a "\" in this part ([email protected] becomes your\name.domain.com).
12083: This is the serial number for the zone file. Every time you edit a zone file, you must increment this number for the zone file to propagate correctly. Slave servers will check if the master server's serial number for a zone is larger than the one they have on their system. If it is, it requests the new zone file, if not, it continues serving the original file.
3h: This is the refresh interval for the zone. This is the amount of time that the slave will wait before polling the master for zone file changes.
30m: This is the retry interval for this zone. If the slave cannot connect to the master when the refresh period is up, it will wait this amount of time and retry to poll the master.
3w: This is the expiry period. If a slave name server has not been able to contact the master for this amount of time, it no longer returns responses as an authoritative source for this zone.
1h: This is the amount of time that the name server will cache a name error if it cannot find the requested name in this file.
A and AAAA Records
Both of these records map a host to an ip address. The "A" record is used to map a host to an ipv4 IP address, while "AAAA" records are used to map a host to an ipv6 address.
The general format of these records is this:
host IN A IPv4_address host IN AAAA IPv6_address
So since our SOA record labelled out a capital leader server at "ns1.domain.com", we would have to map this to an address to an ip address since "ns1.domain.com" is within the "domain.com" zone that this file is being .
The record could look something like this:
ns1 IN A 188.8.131.52
Notice that we don't have to give the full name. We can just give the host, without the FQDN and the DNS server will fill in the rest with the $beginning value. However, we could just as easily use the entire FQDN if we feel like being semantic:
ns1.domain.com. IN A 184.108.40.206
In most cases, this is where you'll be your web server as "www":
www IN A 220.127.116.11
We should also tell where the base domain resolves to. We can do this like this:
domain.com. IN A 18.104.22.168
We could have used the "@" to refer to the base domain instead:
@ IN A 22.214.171.124
We also have the action of resolving anything that under this domain that is not been explicitly to this server too. We can do this with the "*" wild correspondence:
* IN A 126.96.36.199
All of these work just as well with AAAA records for IPv6 addresses.
CNAME records be a name for canonical name for your server (one been by an a or AAAA record).
For example, we could have an a name record being the "server1" host and then use the "www" as a name for this host:
server1 IN A 188.8.131.52 www IN CNAME server1
Be aware that these names come with some performance disadvantages because they demand an extra query to the server. Most of the moment, the same result could be earned by using extra an or AAAA records.
One case when a cname is recommended is to give a name for a resource outside of the actual zone.
MX records are used to be the mail exchanges that are used for the domain. This helps email communications arrive at your mail server correctly.
Unlike many other record symbols, mail records generally don't map a host to something, because they registerly to the whole zone. As such, they usually look like this:
IN MX 10 mail.domain.com.
Note that there is no host name at the commencing .
Also note that there is a more number in there. This is the choice number that helps experts decide which server to send mail to if there are aggregate mail servers been . Lower numbers have a high priority.
The MX record should generally point to a host been by an a or AAAA record, and not one been by a cname.
So, let's say that we have two mail servers. There would have to be records that look something like this:
IN MX 10 mail1.domain.com. IN MX 50 mail2.domain.com. mail1 IN A 184.108.40.206 mail2 IN A 220.127.116.11
In this instance, the "mail1" host is the desirable email exchange server.
We could also write that like this:
IN MX 10 mail1 IN MX 50 mail2 mail1 IN A 18.104.22.168 mail2 IN A 22.214.171.124
This record symbol defines the name servers that are used for this zone.
You may be wondering, "if the zone file resides on the name server, why does it need to reference itself?". Part of what makes DNS so boffo is its aggregate stages of caching. One reason for being name servers within the zone file is that the zone file may be actually being served from a cached copy on another name server. There are other reasons for needing the name servers been on the name server itself, but we won't go into that here.
Like the MX records, these are zone-wide parameters, so they do not take hosts either. In general, they look like this:
IN NS ns1.domain.com. IN NS ns2.domain.com.
You should have at least two name servers been in each zone file in order to operate correctly if there is a difficulty with one server. Most DNS server app considers a zone file to be invalid if there is only a solo name server.
As always, include the mapping for the hosts with an or AAAA records:
IN NS ns1.domain.com. IN NS ns2.domain.com. ns1 IN A 126.96.36.199 ns2 IN A 188.8.131.52
There are quite a few other record symbols you can use, but these are probably the most communal symbols that you will come across.
The PTR records are used be a name associated with an ip address. PTR records are the backward of an a or AAAA record. PTR records are exclusive in that they start at the
.arpa root and are delegated to the possessors of the IP addresses. The Regional Internet Registries (RIRs) oversee the IP address delegation to organization and service providers. The Regional Internet Registries include APNIC, ARIN, RIPE NCC, LACNIC, and AFRINIC.
Here is an instance of a ptr record for 111.222.333.444 would look like:
444.333.222.111.in-addr.arpa. 33692 IN PTR host.instance.com.
This instance of a ptr record for an ipv6 address shows the nibble format of the reverse of Google's IPv6 DNS Server
184.108.40.206.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.220.127.116.11.ip6.arpa. 86400IN PTR google-public-dns-a.google.com.
The control line equipment
dig with the
-x flag can be used to look up the reverse DNS name of an ip address.
Here is an instance of a dig control. The
+short is attached
to reduce the production to the reverse DNS name.
- dig -x 18.104.22.168 +short
The production for the dig regulate above will be the domain name in the PTR record for the IP address:
Servers on the Internet use PTR records to place domain names within log arrivals, make informed spam handling choices, and display easy-to-read details about other devices.
Most commonly-used email servers will look up the PTR record of an ip address it receives email from. If the source IP address does not have a ptr record associated with it, the emails being sent may be interacted as spam and rejected. It is not all-important that the FQDN in the PTR matches the domain name of the email being sent. What is all-important is that there is a binding PTR record with a related and matching forward a record.
Normally network routers on the Internet are given PTR records that correspond with their animal venue. For instance you may see references to 'NYC' or 'CHI' for a router in brand-new York municipality or Chicago. This is useful when running a traceroute or MTR and reviewing the way Internet traffic is taking.
Most providers offering dedicated servers or VPS services will give consumers the ability to set a ptr record for their IP address. F(x) data cloud will automatically assign the PTR record of any machine when the machine is labelled with a domain name. The machine name is assigned during creation and can be edited later using the environments page of the machine command body.
Note: It is important that the FQDN in the PTR record has a corresponding and matching forward A record. Example: 111.222.333.444 has a PTR of server.example.com and server.example.com is an A record that points to 111.222.333.444.
You should now have a beautiful good grasp on how DNS works. While the general concept is relatively uncomplicated to grasp once you're acquainted with the strategy, this is still something that can be strenuous for inexperienced fiduciaries to put into practice.
For an overview check out How To Set Up Domains within the F(x) data cloud regulate body.