Domain Name System

This post explains briefly what is a domain name system (DNS).

Device Network Identifier

Devices in a network are identified based on a different identifiers:

• MAC address. It is linked to the network interface. Though it can be modified it some cases, it is usually permanent.
• IP address. Numerical logical address, temporary.
• Domain name. Human-friendly logical address, temporary.

This post explains how domain names are used using the domain name system (DNS).

In the same way that Address Resolution Protocol (ARP) resolves the IP address into its MAC address, domain name system resolves the domain name into the IP address.

Domain Name System Overview

A domain name system (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the internet.

A DNS, basically, translates a domain (e.g. example.com) into an IP address (e.g. 123.456.789.123). DNS allows that users handle the more human-friendly alphanumerical characters of a domain rather than sets of the more difficult to remember numbers of an IP address.

A fully qualified domain name (FQDN) consists of 3 parts:

1. Top-level domain (TLD). The org in www.example.org
2. Registered domain name. The example in www.example.org
3. Subdomain(s) or hostname. The www. in www.example.org

Each domain name has an assigned authoritative name server.

Name Server

The Domain Name System is maintained by a hierarchical and distributed database system, which uses the client–server model. The nodes of this database are the name servers. The top of the hierarchy is served by the root name servers.

Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. This is why whenever you register a name, you need to define a DNS server.

The primary authoritative name server of a domain hosts the original editable zone file for the domain.

The secondary authoritative name servers of a domain can be used to host read-only copies of the zone file.

A DNS cache server is nay DNS system deployed to cache DNS information from other DNS servers.

Zone File

A zone file is a file hold in a DNS server that contains details about domain names within the zone.

The zone file is structured as defined by the standard RFC 1035.

Resource Record

A resource record (RR) is a single registry contained within a zone file that contains a single piece of information about an specific domain.

Resource record fields:

1. Name of the requested resource (NAME)
2. Type of RR (TYPE)
3. Class Code (CLASS)
4. Count of seconds that the RR stays valid (TTL)

Valid types of resource records (TYPE fields):

• IP Address (A)
• IP Address (AAAA)
• Domain Name Aliases (CNAME)
• SRV
• TXT
• MX
• A + Dynamec DNS
• AAAA
• ALIAS
• CAA
• NS
• URL
• Start of Authority (SOA)
• Reverse DNS lookups (PTR)

A record is also know as host record. This record assigns a host name to an IP address. It is the most common record type in forward lookup zones.

AAAA record is used in IPv6.

CNAME record, also known as canonical name record, assigns a hostname to another hostname, that is called an alias. It is used for performs redirections.

SRV record is also know as service record. It is used to locate domain controllers and global catalog servers.

MX record, also known as mail exchange are used to locate the mail servers responsible for a domain.

TXT contains information about a domain.

DNS Query

Record requests are performed from devices to DNS servers.

A query ID (QID) is a 16-bit value that identifies a DNS query.

A DNS query request is done via UDP port 53 calls.

When the info is requested, the question record contain this info:

1. Name of the requested resource (NAME)
2. Type of RR (TYPE)
3. Class Code (CLASS)

Zone Transfer

A zone transfer is a process used in the Domain Name System (DNS) to replicate DNS records from one DNS server to another.

Zone transfer types:

1. Full (AXFR)
2. Incremental (IXFR)

AXFR transfer the entire transfer file.

IXFR transfers only the changes (additions, deletions, or modifications) made to the zone file since the last transfer.

A zone transfer request is done via TCP port 53 calls.

Local DNS Resolution

While DNS servers hold the information in a zone file, the single devices hold it in a different way.

Types of local DNS files:

• Structured static local file, known as hosts file
• Dynamic DNS query system

Hosts files

A host file may look like this:

123.123.123.123        example.org

The hosts files is usually located in this path, depending on the operating system:

Operating System	Path
Unix-like	/etc/hosts
Windows	C:\Windows\System32\drivers\etc\hosts

DNS-to-IP Resolution Process

When a non-DNS server device wants to translate a domain name into its IP, this is the normal process:

1. Check the local cache
2. Send a DNS query to a known DNS server
3. Send a broadcast query to any possible local subnet DNS server (this step is NOT widely supported)

If any of the previous steps returns the IP, the process ends.

If all steps are completed and no IP is obtained, the resolution fails.

DNS Security

You can find more information about DNS security, DNS controls (including DNSSEC and DoH) and DNS attacks on this post.

Tools to check DNS

Tool to check CNAME of a domain:

https://mxtoolbox.com/CnameLookup.aspx.

External references

• Wikipedia; “Domain nane system“; Wikipedia.org
• Microsoft Learn; “Explore the domain service system“, Microsoft Learn
• M. Chapple, J. M. Stewart, D. Gibson; “CISSP Official Study Guide Ninth Edition“, pp. 509-515; Sybex, 2021