Source: Freepik
The Domain Name System (DNS) makes the Internet usable by translating readable names such as rwth-aachen.de into IP addresses. It originated from simple lists of names and developed into a globally distributed, hierarchical system. Today, it fulfils many more tasks – for example in the areas of e-mail, IT security and network management. The DNS also plays a central role at RWTH Aachen University and is protected by modern technologies such as DNS firewalls. This article provides an overview of the origin, structure and current significance of the DNS.
Communication on the Internet requires a translation of names into IP addresses in many places – a process that is made possible by the Domain Name System (DNS). Starting from this original purpose, the DNS has now developed into a complex system with far-reaching functions and security aspects. In this blog post, which is the first in a small series of articles, we will look at the history and basic functioning of the DNS.
Origin of the Domain Name System (DNS)
Communication between computers on the Internet takes place using IP addresses. Since these – in this case, for example, those for the main website of RWTH Aachen University: 137.226.107.63 (IPv4) and 2a00:8a60:450::107:63 (IPv6) – are difficult to remember in large numbers, unlike the ever-popular computer names, efforts were made to maintain a list of names either individually or centrally (e.g., at the Stanford Research Institute). These name lists made it easier to assign names to IP addresses and were used as so-called host files on the respective computers. These were used as so-called host files on the respective computers. Even today, this can still be found in a rudimentary form on operating systems such as Linux, MacOS, and Windows, but is now only used in special cases. Over time, this file contained more and more entries, and notifications about updates, exchanges, transfers, and maintenance became increasingly cumbersome. At the beginning of the 1970s, work began on developing name structures to avoid collisions and make the information accessible in a distributed form across the network. In the early 1980s, the first specifications were published as RFC 882 and 883. This led to one of the first implementations in the form of the software package “Berkeley Internet Name Domain” (BIND) at the university of the same name, which, along with several other implementations, is still available today for various operating systems/distributions.
Structure of the Domain Name System
After the experience with the elaborately distributed host list file, a structured and hierarchical organisation of the system was established, as it is still used today. Hierarchical here means above all that organisational or network structures can be mapped by name. ‘testrechner.rz’ could be the “test computer in the computer centre”, “www.labor” a web server in my laboratory. However, to make such names unique worldwide – a prerequisite for their use on the global Internet – so-called ‘Fully Qualified Domain Names’ (FQDNs) are very often used nowadays. A computer ‘example.itc.rwth-aachen.de.’ would therefore clearly be located in the IT Center at RWTH Aachen University (which is located ‘below’ the top-level domain ‘de.’, see below). Such names consist of individual ‘labels’ (identifiers), which are separated from each other by a dot as a separator. The entry point here is a final ‘.’, which is, however, omitted in practice.
The so-called top-level domains play a special role here, as they are defined by a central body (following a specific process). In the beginning, certain types of top-level domains (TLDs) were used:
- Infrastructure domains such as .arpa,
- generic TLDs such as .com or .edu,
- and country code top-level domains (ccTLDs) such as .de, .fr, etc.
Over time, many new TLDs have been added. Some of them can be used by anyone, others are only intended for certain groups.
A central function in the DNS is performed by so-called name servers – basically directory servers on the internet that always know a certain part of the names and can provide information about them. Just as there is a top level of domains, there are also some name servers that are at the top of the DNS hierarchy: the globally distributed ‘root name servers’. Their job is to know which top-level domains (e.g. .de, .com) there are, and which subsequent name servers are responsible for them.
Step-by-Step Explanation: How DNS Names Are Resolved
For example, if you enter www.itc.rwth-aachen.de in your browser, your computer has to find out which server provides this website. This is what DNS does, working with a chain of queries by processing requests from the top to the bottom.
Your computer asks its way through the hierarchy:
- who is responsible for .de? → A so-called root name server knows this.
- who is responsible for rwth-aachen.de? → The .de name server will tell you.
- and so on, until finally a name server could be found that knows the complete data.
RWTH Aachen University itself is responsible for the DNS databases below rwth-aachen.de. It operates its own name servers for this purpose. For redundancy reasons, these are supported by additional servers of the DFN-Verein. The IT Centre maintains a database for the downstream administration of this data. The entire database of the university is divided into zones.
The contents of these zones can be edited and viewed by the university institutions themselves via our web application ‘DNS-Admin’.
What Additional Tasks Does the DNS Have Today?
Nowadays, however, the DNS has far more tasks than simply translating names into IP addresses. Various types of information can be stored in the DNS, namely in so-called DNS records (resource records). For example, it is possible to query the DNS to find out which mail servers are responsible for receiving messages for a domain’s email addresses. These are called MX records, for example. Another example are the so-called CAA records, which can be used to administratively specify which certification authority is authorised to issue certificates. In this way, DNS records can also contain security-relevant information. In addition, there are now many other types of DNS records that can be used for a wide variety of purposes.
The DNS Caching System
In order to process queries efficiently, the DNS uses a caching system: information that has already been queried is temporarily stored for a certain period of time and does not have to be retrieved from the Internet each time. This mechanism leads to faster access to the information and also reduces the load on the requested servers.
To implement this mechanism, there are so-called caching name servers that retrieve and temporarily cache information on behalf of requesting clients. They can return information that is already known particularly quickly because it can be retrieved from their own cache. Information that is not known to a caching server is requested from the other main type of name server, the authoritative name servers. These authoritative name servers know all the official and current data for a domain.
Both types of servers are available at RWTH Aachen University. Our authoritative servers, also known as zone servers due to their data structure, answer DNS queries for domains such as rwth-aachen.de worldwide. The caching name servers operated by the IT Center process the requests from end devices coming from the campus network and thus ensure fast, efficient name resolution.
Following this introduction to the DNS topic, the next blog post in this series will be dedicated to a security topic, namely our new DNS firewall.
Responsible for the content of this article are Bernd Kohler and Christoph Viethen.
Leave a Reply