Order a domain here
The Domain Name System or DNS is a system that stores information about host names and domain names on networks, such as the Internet. Most importantly, it provides an IP address for each host name, and lists the mail exchange servers accepting e-mail for each domain.
Paul Mockapetris invented the DNS in 1983; the original specifications appear in RFC 882. In 1987 the publication of RFC 1034 and RFC 1035 updated the DNS specification and made RFC 882 and RFC 883 obsolete. Several more recent RFCs have proposed various extensions to the core protocols.
|Table of contents|
How the DNS works
A domain name consists of two or more parts (technically labels) separated by dots. The rightmost label conveys the top-level domain (for example, the address www.wikipedia.org has the top-level domain org). Each label to the left specifies a subdivision or subdomain (for example, wikipedia.org is a subdomain of org and www.wikipedia.org is a subdomain of wikipedia.org). In theory, this subdivision can go down to 127 levels deep, and each label can contain up to 63 characters, as long as the whole domain name does not exceed a total length of 254 characters. But in practice some domain registries have shorter limits than that.
The DNS consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain. The hierarchy of authoritative DNS servers matches the hierarchy of domains.
An example may clarify this. Suppose a web browser needs to find out the IP address of www.wikipedia.org. The browser starts out knowing only the IP address of a DNS server -- usually one that is provided by the ISP. It asks the DNS server at that address for the address of www.wikipedia.org. The DNS server then queries one of the root servers -- for example, 18.104.22.168. The root server replies with a delegation meaning roughly, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 22.214.171.124 has information on the org domain." The browser then asks that DNS server, which replies, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 126.96.36.199 has information on the wikipedia.org domain." The browser asks this third DNS server, which replies with the required IP address. This process is known as a recursive search.
A number of practical refinements to this system exist:
- Host names and IP addresses do not necessarily match on a one-to-one basis. Many host names may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. Alternatively a single host name may correspond to many IP addresses: this can facilitate load balancing.
- The task of performing DNS lookups usually falls to a DNS cache which remembers (for a limited time) the answers to all the queries it has asked. An organization or Internet service provider may run a DNS cache for all its users. By default, all DNS requests are cached for a certain amount of time according to the TTL value specified by the authoritative name server.
- To provide resilience in the event of computer failure, multiple DNS servers provide coverage of each domain. In particular, thirteen root servers exist worldwide. DNS programs or operating systems have the IP addresses of these servers built in. The USA hosts, at least nominally, all but three of the root servers. However, because many root servers actually implement anycast, where many different computers can share the same IP address to deliver a single service over a large geographic region, most of the physical (rather than nominal) root servers now operate outside the USA.
The DNS uses TCP and UDP ports 53 to serve requests. Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP is typically used only when the response data size exceeds 512 bytes, or for such tasks as AXFR.
The most important categories of data stored in the DNS are:
- An A record or address record maps a host name to its IP address.
- A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
- An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
- A PTR record or pointer record maps a host name to the canonical name for that host. Setting up a PTR record for a host name in the in-addr.arpa domain that corresponds to an IP address implements Reverse DNS lookup for that address. For example (at the time of writing), www.icann.net has the IP address 188.8.131.52, but a PTR record maps 184.108.40.206.in-addr.arpa to its canonical name, referrals.icann.org.
- An NS record or name server record maps a domain name to a list of DNS servers for that domain.
- An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain.
Other kinds of records simply provide information (for example, an LOC record gives the physical location of a host), or experimental data (for example, a WKS record gives a list of servers offering some well-known service such as HTTP or POP3 for a domain).
International domain names
Domain names must use only a subset of ASCII characters, preventing many languages from representing their names and words natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue, and some registries have adopted IDNA.
Various flavors of DNS software implement the DNS, including:
- BIND (Berkeley Internet Name Domain)
- DJBDNS (Daniel J. Bernstein's DNS)
- NSD (Name Server Daemon)
- PowerDNS  (http://www.powerdns.com/)
- Microsoft DNS (in the server editions of Windows 2000 and Windows 2003)
Ownership of domains
One can find the owner of a domain name by looking in the whois database: for most gTLDs ICANN holds a basic WHOIS, with the detailed WHOIS maintained by the domain registry which controls that domain.
For each of the 240+ Country Code top-level domains (ccTLDs) the registry (as part of its many functions) usually holds the entire authoritative WHOIS database for that extension.
Many investigators have voiced criticism of the methods used currently to control ownership of domains. Most commonly, critics claim abuse by monopolies or near-monopolies such as VeriSign Inc., and problems with assignment of top-level domains. The international body ICANN (the Internet Corporation For Assigned Names and Numbers) oversees the domain name industry.
US Truth in Domain Names Act
The US "Truth in Domain Names Act", in combination with the PROTECT Act, forbids knowingly using a misleading domain name with the intent to attract people into viewing a visual depiction of sexually explicit conduct on the Internet.
- DNS Resources Directory (http://www.dns.net/dnsrd/)
- DNS & BIND Resources (http://www.bind9.net/)
- CircleID DNS Community (http://www.circleid.com)
- DNS Security Extensions (DNSSEC) (http://www.dnssec.net/)
- RFC 1034 - DOMAIN NAMES - CONCEPTS AND FACILITIES (http://ietf.org/rfc/rfc1034)
- RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (http://ietf.org/rfc/rfc1035)