DNS (Domain Name System)

❖ DNS (Domain Name System) is a hierarchical and decentralized naming system used to convert
human-readable domain names (like www.example.com) into IP addresses (like 192.168.1.1), which
computers use to communicate with each other over a network.
❖ Without DNS, users would need to remember IP addresses instead of simple domain names, making
navigation on the internet difficult and inefficient.

The Problem Without DNS

IP Address Dependency:

● Human Readability: Humans prefer domain names (e.g., google.com) instead of complex IP addresses (e.g.,
172.217.14.206) to access websites.
● Scalability: As websites and services increase, remembering numeric IP addresses for every service would
be almost impossible.
● Changing IPs: IP addresses can change (e.g., after server reboots), and without DNS, users would need to
constantly update the IP addresses they use to access services.
How DNS Solves Our Problem

Domain to IP Translation:

❖ DNS automatically resolves domain names to IP addresses.

❖ This allows users to simply type in human-readable names (e.g., google.com), and DNS looks up and returns
the corresponding IP address that the system can use to establish communication with the correct server.

Centralized and Hierarchical Naming:

❖ At the top are root servers, which point to top-level domain (TLD) servers (e.g., .com, .org).
❖ Below them are authoritative servers for specific domain names (e.g., google.com), which hold the IP
information for that domain.
❖ This ensures efficient, organized domain management across the entire internet.

DNS Hierarchy Overview

❖ The Domain Name System (DNS) is like the phonebook of the internet, where instead of looking up people’s
phone numbers, computers look up IP addresses for websites (like converting “google.com” into an IP
address).
❖ This system is organized in a hierarchy to handle billions of domain names efficiently.
❖ The three main parts are Root Servers, TLD Servers, and Authoritative Servers.
Root Servers (Top Level in DNS Hierarchy)

What Are Root Servers?

❖ Root DNS servers are the starting point for any DNS query. Think of them as the top-level index that helps
direct DNS queries to the right place.
❖ These servers do not store IP addresses of websites directly (like www.google.com) but instead help guide
the query to the right part of the DNS system.

How Root Servers Work:

❖ When a DNS server doesn't know the IP address of a website, it starts by contacting a Root Server.
❖ Root servers know which DNS servers manage specific top-level domains (TLDs), such as .com, .org,
.net, etc. They will point the query to the correct TLD server.

Example:

● Imagine you’re looking for www.example.com, but your local DNS server doesn’t know its IP address.
● It contacts a root server and says, "Where can I find information for .com domains?"
● The root server responds with the address of a TLD server that manages .com.

TLD Servers (Top-Level Domain Servers)

What Are TLD Servers?

❖ TLD Servers manage top-level domains (TLDs) like .com, .org, .net, .edu, etc. Each TLD has its own set of
DNS servers that handle requests for domain names under that TLD.
 ❖ For example, all websites ending in .com are managed by specific DNS servers that only handle .com
domains.

How TLD Servers Work:

❖ After the root server directs the query to the TLD server (e.g., for .com), the TLD server will provide the
address of the Authoritative Name Server responsible for the specific domain (like www.example.com).

Example:

❖ Once your query reaches the TLD server for .com, it will respond with, "To find www.example.com, ask the
authoritative name server for this domain."
❖ The TLD server sends the query to the next level: the Authoritative Name Server for example.com.

Authoritative Name Servers

What Are Authoritative Servers?

❖ Authoritative DNS servers are the servers that store the IP addresses for specific domain names.
❖ These servers have the final answer to a DNS query, meaning they hold the official IP address of a website or
service.

How Authoritative Servers Work:

❖ Once the query reaches the authoritative server for a domain (like example.com), it responds with the exact
❖ IP address of the requested website (e.g., 192.168.1.1).
Example:

The authoritative server for example.com knows the IP address of www.example.com and will send that
information back to the original DNS server that made the request.

How the DNS Hierarchy Works Together (Example of Resolving www.example.com

❖ You type www.example.com into your browser.

❖ Your local DNS server doesn’t know the IP address, so it asks a Root Server: "Where can I find the DNS
servers for .com?"
➢ The Root Server points to the TLD server for .com.
❖ The TLD server for .com then responds: "For example.com, go to its authoritative DNS server."
❖ Finally, the Authoritative DNS server for example.com responds with the exact IP address (e.g.,
192.168.1.1), allowing your browser to connect to the website.

Why This Hierarchy Is Important:

❖ Efficient and Organized: Instead of one huge server handling all domain name requests, the work is divided
up between different levels (root, TLD, and authoritative servers). This keeps things fast and scalable.
❖ Reduces Internet Traffic: By spreading DNS information across multiple servers, the DNS system avoids
overloading any one part of the Internet.
❖ Caching: DNS servers and even your computer cache (save) responses so that they don’t have to repeat the
whole process for frequently accessed websites.
How DNS Works (Step-by-Step)

❖ DNS Query (Client to DNS Server):

➢ When a user types a URL (like www.example.com), the client sends a DNS query to the DNS server
configured on the network to resolve the domain name to an IP address.
❖ DNS Recursive Lookup:
➢ If the local DNS server doesn't have the requested domain in its cache, it forwards the query to a
higher-level server (usually a recursive resolver).
➢ The resolver starts by querying the root server to find the TLD (e.g., .com).
➢ Then, it queries the TLD server to get the address of the authoritative DNS server for the domain
(example.com).
➢ Finally, it queries the authoritative DNS server to get the IP address for www.example.com.
❖ DNS Response (Server to Client):
➢ Once the authoritative DNS server provides the IP address, the response is sent back through the
resolver to the client's device, which can then initiate communication with the server hosting the
website.
❖ Caching:
➢ DNS servers (and even local clients) cache DNS responses for a certain period (TTL - Time to Live), so
repeated requests for the same domain can be resolved more quickly.
Types of DNS Messages

DNS Query Message:

○ A DNS query message is sent from the client to the DNS server to ask for the resolution of a domain
name to an IP address.

Contents of a DNS Query Message:

○ Query ID: Unique identifier for the query.

○ Flags: Specifies the type of query (standard, inverse, or status).
○ Questions: The domain name being queried (e.g., www.example.com).
○ Answer, Authority, and Additional Records: These fields are empty in a query but will be filled in the
response.

DNS Response Message:

○ The DNS server responds to the query with either the requested IP address or an error if the domain
can't be found.

Contents of a DNS Response Message:

○ Query ID: Matches the query ID sent by the client.

○ Flags: Indicates whether the response is authoritative, whether recursion is supported, etc.
○ Answer Section: Contains the IP address corresponding to the domain name (e.g., www.example.com
→ 192.168.1.1).
 ○ Authority Section: Information about authoritative name servers (if applicable).
○ Additional Section: Extra records that may help speed up future queries.

Types of DNS Queries

Recursive Query:

● In a recursive query, the DNS server must respond with either the requested IP address or an error.
● If the server doesn't know the answer, it will continue to query other servers until it finds the correct
IP.

Iterative Query:

● In an iterative query, the DNS server will return the best answer it can provide (e.g., a referral to
another server) but won't continue querying on behalf of the client.

DNS Record Types

1. A Record: Maps a domain name to an IPv4 address.

2. AAAA Record: Maps a domain name to an IPv6 address.
3. CNAME Record: Defines an alias for a domain name (e.g., www.example.com might alias to example.com).
4. MX Record: Specifies mail servers responsible for receiving email for the domain.
5. NS Record: Identifies the authoritative DNS servers for a domain.
6. PTR Record: Provides reverse DNS lookup (mapping an IP address back to a domain name).
DNS in the OSI Model

● DNS operates primarily at the Application Layer (Layer 7) of the OSI model.
● However, it also relies on the Transport Layer (Layer 4) for communication.

DNS at Layer 4 (L4): Port Number and Protocol

● Port Number:
○ DNS uses port 53.
● Protocols:
○ UDP (User Datagram Protocol): By default, DNS queries use UDP because it is faster and more efficient
for small messages.
○ TCP (Transmission Control Protocol): DNS uses TCP for zone transfers between DNS servers or when
the response size exceeds 512 bytes (such as DNSSEC queries).

Configuring DNS on a Cisco Router

Specify DNS Server: You can configure a Cisco router to use a DNS server for name resolution:
R1(config)# ip name-server 8.8.8.8

Enable DNS Lookup: Make sure the DNS lookup feature is enabled (it is by default):
R1(config)# ip domain-lookup

Set a Domain Name: Optionally, you can set a default domain name to be used by the router when resolving names:
R1(config)# ip domain-name example.com
DNS Forwarders and Resolvers

1. Forwarders:
These are DNS servers configured to forward DNS queries to another DNS server (usually higher in the DNS
hierarchy) instead of resolving them directly.
2. Resolvers:
These are local DNS servers that handle DNS queries from client machines, often forwarding queries to
upstream DNS servers.

DNS and Caching

● DNS servers cache DNS responses for a specified Time to Live (TTL), which helps reduce the load on DNS
servers and speeds up the resolution process for frequently accessed domains.
● If the cache expires or the domain hasn't been queried before, the DNS server will perform the full recursive
lookup process.