Introduction to DNS

DNS (Domain Name System) is a network protocol that we use to find the IP addresses of hostnames. Computers use IP addresses but for us humans, it’s more convenient to use domain names and hostnames instead of IP addresses. If you want, you could visit bitxpert.net by going directly to IP address 166.62.27.187, but typing in the domain name bitxpert.net is probably easier.

DNS is distributed and hierarchical, there are thousands of DNS servers, but none of them has a complete database with all hostnames / domain names and IP addresses. A DNS server might have information for certain domains but might have to query other DNS servers if it doesn’t have an answer.

There are 13 root name servers that have information for the generic top level domains like com, net, org, biz, edu or country specific domains like uk, nl, de, be, au, ca, and such. Take a look at the image below:

 

At the top of the DNS hierarchy are 13 root name servers that contain name server information for the top level domain extensions. For example, a name server for .com will have information on bitxpert.com, but it won’t know anything about bitxpert.org. It will have to query a name server that is responsible for the org domain extension to get an answer.

Below the top level domain extensions you will find the second level domains. Here’s where you find the domain names like bitxpert, Cisco, Microsoft, etc.

Further down the tree, you can find hostnames or subdomains. For example, vps.bitxpert.com is the hostname of the VPS (virtual private server) that runs this website. An example of a subdomain is tools.cisco.com where vps.tools.cisco.com could be the hostname of a server in that subdomain.

Between each DNS “record” we use a period character (.) and officially we also have to use a period character for the root, but almost nobody writes or prints it. Take a look at the two examples below:

  • vps.bitxpert.com.
  • vps.bitxpert.com

Take a close look at those examples above; the first one has a trailing period character that indicates the root of the DNS hierarchy. Writing down a hostname with its complete domain name like we did above is called an FQDN (Fully Qualified Domain Name).

Here’s a summary of what I just explained:

. root of the DNS hierarchy
com the com. top level domain
bitxpert the bitxpert domain within .net
vps the VPS hostname within domain bitxpert.net

Now you have an idea what DNS is about. Let’s look at an actual example of a host that wants to find the IP address of a hostname. The host will send a DNS request and will receive a DNS reply from the server:

 

Once the host has the IP address, then it can try to contact the device it wants to communicate with. Below is the output of ipconfig on a Windows host:

C:UsersVmware>ipconfig /all | more

Windows IP Configuration

   Host Name . . . . . . . . . . . . : vmware
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : bitxpert.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : bitxpert.local
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
   Physical Address. . . . . . . . . : 74-D0-2B-7D-22-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc21:558c:1574:96a2%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.56.100.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.56.100.254
   DHCPv6 IAID . . . . . . . . . . . : 259313707
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-68-9A-AD-74-D0-2B-7D-22-8C
   DNS Servers . . . . . . . . . . . : 10.56.100.253
   NetBIOS over Tcpip. . . . . . . . : Enabled

You can see this host is using 10.56.100.253 as its DNS server. This is an internal DNS server on my local network.

A DNS server on a local network typically only knows about hostnames and domain names on the local network. It can use a DNS server of the ISP or the root name servers when it has to find the IP addresses of hostnames on the Internet.

Let’s open a webpage: http://bitxpert.net

 

The host will now send a DNS request to find the IP address of bitxpert.net, here’s what it looks like in Wireshark:

 

Above you can see that the DNS query is sent to 10.56.100.253 using UDP port 53. The host wants to know the IP address for bitxpert.net. Here’s what the DNS server returns:

 

 

Above you can see the answer, IP address 95.85.36.216 belongs to bitxpert.net. The host can now use this IP address and try to establish a connection.

I hope this has helped to give you an idea of how DNS works. If you have any questions, feel free to leave a comment.

Add comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.