Network Services

The main purpose of computer networking is to provide network services for clients.
These services are vital for the functioning of networks, and understanding them is
crucial. If there are network issues, it's important to focus on the services
covered in this discussion:

- Name resolution, which is the process of converting domain names into IP

addresses using DNS. This is essential for making it easier for humans to access
websites and for handling administrative changes behind the scenes.

- DHCP, which simplifies network administration by dynamically assigning IP

addresses to devices.

- NAT technologies, which enhance network security and conserve IP address space.

- VPNs and proxies, which help users connect securely to networks.

DNS Server Types & Resolution

In networking, computers communicate using numbers, like IP addresses and MAC

addresses. IP addresses are 32-bit binary numbers, but they're commonly written in
4 octets for human readability. MAC addresses, on the other hand, are 48-bit binary
numbers, often expressed in hexadecimal.

Humans are better at remembering words, and this is where DNS (Domain Name System)
comes into play. DNS is a global and distributed service that translates human-
readable domain names, like www.weather.com, into IP addresses, making it easier
for users to access websites. DNS also allows organizations to make changes to IP
addresses behind the scenes without affecting end-users. This is a fundamental
technology for the functioning of the Internet.

DNS also helps optimize network performance by directing users to servers

geographically close to them. This is crucial for global web companies with users
around the world. DNS lets organizations decide which IP to resolve a domain name
to based on the user's location.

In essence, DNS converts domain names into IP addresses through a process called
name resolution. For a computer to operate on a network, it must be configured with
specific settings, including IP address, subnet mask, gateway, and DNS server.
These configurations are essential for proper network operation.

A computer can function without DNS, but it's essential for human usability. There
are five primary types of DNS servers: caching, recursive, root, TLD (top-level
domain), and authoritative. One DNS server can serve multiple roles. Caching and
recursive servers are commonly provided by ISPs or local networks. They store
domain name lookups temporarily to improve performance.

Here's how it works: Imagine you and a friend are on the same network, and you both
want to access Facebook.com. When your friend enters www.facebook.com in their
browser, their computer needs to find the IP address for the site. Both your
computers use the same local name server, so your friend's computer asks this
server for the IP of www.facebook.com. If it doesn't have this information, the
server performs a recursive resolution to find the correct IP. The IP is then
provided to your friend's computer and stored in the cache. Later, when you enter
www.facebook.com, your computer asks the same local name server, which can deliver
the IP from its cache. This caching helps speed up repeated queries. Every domain
in the global DNS system has a TTL (time to live), specifying how long a name
server can cache an entry before re-resolving it.

Now, let's discuss the steps involved when the local recursive server needs to
perform a full recursive resolution:

1. Contact Root Name Servers: The first step is to contact one of the 13 root name
servers, which direct queries to the appropriate TLD name server. In the past,
these root servers were in specific geographic regions, but today, they're
distributed globally using anycast.

2. Anycast Routing: Anycast is a technique that routes traffic to different

destinations based on factors like location and network health. This means that
even though there are 13 root name servers, they aren't physically limited to just
13 locations. Think of them as 13 authorities providing root name lookups as a
service.

3. Redirect to TLD Name Server: The root servers respond with the TLD name server
that should be queried. TLD represents the top-level domain, and it's the last part
of a domain name. For example, in www.facebook.com, "com" is the TLD. Each TLD has
its name server, distributed globally through anycast.

4. TLD Name Server Redirect: The TLD name server responds with a redirect,
indicating which authoritative name server to contact. The authoritative name
server holds the specific DNS records for the requested domain.

Authoritative name servers are crucial for the last part of a domain name
resolution, typically managed by the organization responsible for the domain. For
instance, for www.weather.com, the TLD name server directs the lookup to the
authoritative server for Weather.com, which is often controlled by the organization
that operates the website. This hierarchy is vital for internet stability, ensuring
that DNS queries follow a controlled sequence to prevent malicious redirection of
traffic.

DNS Traffic Efficiency

Due to the complexity of DNS resolution, local name servers cache DNS lookups to
avoid full resolution for every TCP connection. Local devices, such as your phone
or desktop, also maintain their own temporary DNS cache, reducing the need to query
the local name server for every connection. Notably, DNS primarily uses UDP for
transport at the application layer, instead of TCP.

This choice is based on a few key reasons. UDP is connectionless, meaning it

doesn't require the setup and teardown of connections, resulting in less network
overhead. DNS requests and responses are typically small enough to fit in a single
UDP datagram, making it well-suited for a connectionless protocol.

Using TCP for DNS resolution significantly increases the number of packets
exchanged. With TCP, a typical full DNS lookup involves several handshakes and
acknowledgments, resulting in 44 packets at a minimum. In contrast, using UDP for
DNS requires just eight packets for the same lookup.

It's important to understand that DNS is typically a precursor to actual data

traffic. Computers perform DNS lookups to obtain IP addresses before transmitting
additional data. This process happens quickly but can add up, especially in high-
traffic scenarios.
We've seen that TCP has some overhead, which makes it less suitable for simple
tasks like DNS. UDP is a better choice for such cases. UDP doesn't provide error
recovery, so if a DNS request fails, it's the DNS resolver's job to retry it.

However, DNS over TCP does exist and is used when responses can't fit in a single
UDP packet. In such cases, DNS clients establish a TCP connection to perform the
lookup.

DNS Resource Records

DNS is crucial for IT support specialists when troubleshooting network issues. It

relies on resource record types, with the most common being the A record, which
links domain names to IPv4 addresses. Multiple A records for one domain allow load
balancing via DNS round robin.

Another important record type is the Quad A (AAAA) record, which is like an A
record but for IPv6 addresses. The CNAME record is used to redirect traffic from
one domain to another, simplifying the process of updating IP addresses. This makes
it easier to ensure that both "microsoft.com" and "www.microsoft.com" lead to the
same destination.

In DNS, there are various resource record types that play essential roles in how
domain names are resolved and managed. One crucial concept is CNAME, which allows
for redirecting one domain to another. By setting up a CNAME from 'microsoft.com'
to 'www.microsoft.com', you simplify changes, ensuring that updates only need to be
made to the 'www.microsoft.com' A record, making it easier to maintain complex web
presences.

Another key resource record is the MX record, which handles email routing. It
ensures that email traffic is directed to the correct mail server, even if it's
different from the web server. Large companies often separate their web and mail
servers, and MX records help manage this effectively.

Similar to the MX record is the SRV record, which defines the location of various
services. While MX is specific to mail services, SRV records can be used for
various service types, such as CalDAV for calendars and scheduling.

The TXT record, originally for human-readable descriptions, has evolved to convey
data for computers to process. It's commonly used to communicate configuration
preferences for network services, such as email service providers.

DNS also includes resource record types like NS and SOA, which define authority
information about DNS zones.

Domain Names, DNS Zones and Zone Files

Domain names consist of three primary parts: the subdomain (e.g., 'www'), the
domain (e.g., 'google'), and the Top Level Domain (TLD, e.g., '.com'). ICANN
oversees the administration and definition of TLDs, with a growing number of
options beyond traditional ones like '.com' and country-specific TLDs.

Domains are chosen and registered by individuals or companies, but they must end
with a predefined TLD. Subdomains, such as 'www', are assigned within a registered
domain and create fully qualified domain names (FQDNs). While domain registration
typically incurs costs, subdomains can be freely chosen and assigned by the
domain's controller.
Fully qualified domain names (FQDNs) can have many levels, but the DNS system
supports up to 127 levels for a single FQDN. Each part of an FQDN can be up to 63
characters, and the total FQDN length is limited to 255 characters. Authoritative
name servers handle DNS zones, and these zones are hierarchical.

Root name servers manage the root zone, while Top-Level Domain (TLD) name servers
oversee their specific TLD zones. Authoritative name servers can also manage finer-
grained zones. Zones do not overlap, and the administrative authority is specific
to each zone.

Zones make it easier to manage large domains with many resource records. For
example, a company like "largecompany.com" could split its offices into separate
subdomains like "la.largecompany.com," "pa.largecompany.com," and
"sh.largecompany.com," each with its DNS zone. This requires one authoritative name
server for "largecompany.com" and one for each subdomain.

Zones are configured through zone files, which declare resource records for a zone.
These files include an SOA record for the Start of Authority and NS records for
other Name Servers responsible for the zone. Multiple physical servers are often
used for redundancy.

In addition to SOA and NS records, zone files may contain A, quad A, and CNAME
records, along with TTL values. While subdomains can have many layers, zones with
many levels are rare. Reverse lookup zone files allow DNS resolvers to find the
FQDN associated with an IP address, using pointer resource records (PTR records).