#DNS  #Computer-Networks  
# Topic covered
* What is DNS?
* DNS Servers
  * DNS resolver, Root, TLD and  Authoritative
* Who operates DNS root servers?
* How do resolvers find DNS root servers?
* Types of DNS queries
  * Iterative
  * Recursive
* How does the Domain Name System (DNS) lookup work?
* Why does DNS use UDP and not TCP?

6.1 What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com.

Web browsers interact through Internet Protocol(IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

6.2 DNS Servers

https://www.cloudflare.com/learning/dns/what-is-dns/

To achieve better scalability, the DNS servers are organized in a hierarchical tree structure.

There are 4 basic levels of DNS servers:

1. DNS resolver

  • Also known as Local DNS server
  • The resolver can be thought of as a librarian who is asked to go find a particular book somewhere in the library.
  • The DNS resolver is a server designed to receive queries from client machines through applications such as web browsers.
  • Typically, the resolver is then responsible for making additional requests in order to satisfy the client’s DNS query.
  • It first checks in it Local Cache if not found then only makes additional requests to Root name server

2. Root name server

  • It stores the IP addresses of Top Level Domain (TLD) name servers.
  • It responds by directing the resolver to a TLD nameserver, based on the extension of that domain (.com, .net, .org, etc.)
  • There are 13 logical root name servers globally.

3. TLD name server

  • It stores the IP addresses of authoritative name servers.
  • It responds by directing the resolver to authoritative name servers

4. Authoritative name server

  • It provides the IP address of the server to the resolver
  • You can register authoritative name servers with domain name registrar such as GoDaddy, Namecheap, etc.

.

6.3 Who operates DNS root servers?

https://www.iana.org/domains/root/servers

There are 13 root servers globally with 13 different IP addresses that serve the DNS root zone. The number 13 is a compromise between network reliability and performance. It’s also based on a constraint of Internet Protocol version 4 (IPv4), which most networks use.

Below are the list of root-servers, their IP and Operator DNS root servers

6.4 How do resolvers find DNS root servers?

https://www.cloudflare.com/learning/dns/glossary/dns-root-server/

Since the DNS root zone is at the top of the DNS hierarchy, recursive resolvers cannot be directed to them in a DNS lookup. Because of this, every DNS resolver has a list of the 13 IP root server addresses built into its software.

Whenever a DNS lookup is initiated, the recursor’s first communication is with one of those 13 IP addresses.

6.5 Types of DNS queries

Iterative query - In iterative, DNS query is between local DNS server and all other DNS servers.

In this situation the DNS client will allow a DNS server to return the best answer it can. If the queried DNS server does not have a match for the query name, it will return a referral to a DNS server authoritative for a lower level of the domain namespace.

The DNS client will then make a query to the referral address. This process continues with additional DNS servers down the query chain until either an error or timeout occurs.

Recursive query - In recursive, DNS query is between local DNS server and Root DNS server.

In a recursive query, a DNS client requires that a DNS server (typically a DNS recursive resolver) will respond to the client with either the requested resource record or an error message if the resolver can’t find the record.

Types of DNS queries

6.6 How does the Domain Name System (DNS) lookup work?

https://blog.bytebytego.com/p/how-does-the-domain-name-system-dns

After a user types a domain name (e.g. “thehackernews.com”) into their browser, DNS lookup is triggered. A group of DNS servers then help to find the IP address for the domain and return it back to the user’s computer.

If a DNS resolver has already performed the same query in the recent past, this DNS query is cached and when performed again, our resolver respond to us with the cashed data instead of querying other DNS servers.

The diagram below illustrates how DNS lookup works under the hood:

  1. google.com is typed into the browser, and the browser sends the domain name to the DNS resolver.

  2. The resolver queries a DNS root name server.

  3. The root server responds to the resolver with the address of a TLD DNS server. In this case, it is .com.

  4. The resolver then makes a request to the .com TLD.

  5. The TLD server responds with the IP address of the domain’s name server, google.com (authoritative name server).

  6. The DNS resolver sends a query to the domain’s nameserver.

  7. The IP address for google.com is then returned to the resolver from the nameserver.

  8. The DNS resolver responds to the web browser with the IP address (142.251.46.238) of the domain requested initially.

DNS lookups on average take between 20-120 milliseconds to complete (according to YSlow).

4 basic levels of DNS servers

6.7 Why does DNS use UDP and not TCP?

https://www.geeksforgeeks.org/why-does-dns-use-udp-and-not-tcp/

DNS is an application layer protocol. All application layer protocols use one of the two transport layer protocols, UDP and TCP. TCP is reliable and UDP is not reliable. DNS is supposed to be reliable, but it uses UDP, why?

There are the following interesting facts about TCP and UDP on the transport layer that justify the above.

  1. UDP is much faster. TCP is slow as it requires a 3-way handshake.

  2. UPD has less overhead, because it requires fewer headers

  3. UDP is not reliable, but reliability can be added to the application layer. An application can use UDP and can be reliable by using a timeout and resend at the application layer.

Actually, DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to serve requests. DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server.

When the length of the answer exceeds 512 bytes and both client and server support EDNS, larger UDP packets are used. Otherwise, the query is sent again using the Transmission Control Protocol (TCP). TCP is also used for tasks such as zone transfers. Some resolver implementations use TCP for all queries.