{"id":22062,"date":"2025-05-05T11:00:58","date_gmt":"2025-05-05T09:00:58","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=22062"},"modified":"2025-05-05T13:34:56","modified_gmt":"2025-05-05T11:34:56","slug":"dns-an-der-rwth-aachen-teil-1","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2025\/05\/05\/dns-an-der-rwth-aachen-teil-1\/","title":{"rendered":"DNS at RWTH Aachen University Part 1: <br \/>History &#038; Function of the DNS"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_22062 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_22062')){$('.twoclick_social_bookmarks_post_22062').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2025\\\/05\\\/05\\\/dns-an-der-rwth-aachen-teil-1\\\/\",\"post_id\":22062,\"post_title_referrer_track\":\"DNS+at+RWTH+Aachen+University+Part+1%3A+History+%26%23038%3B+Function+of+the+DNS\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_22065\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-22065\" class=\"size-medium wp-image-22065\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-300x200.png\" alt=\"A globe with location markers connected by lines, next to it a laptop with a security lock symbol on the screen, in the background a cityscape with a WLAN symbol and flying paper airplanes.\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-300x200.png 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-1024x683.png 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-768x512.png 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-1536x1024.png 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/04\/Design-19-1-2048x1365.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-22065\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/www.freepik.com\/free-vector\/flat-background-safer-internet-day_119588614.htm#fromView=search&amp;page=1&amp;position=0&amp;uuid=5d0f35a6-738f-4601-a87b-28ba40e0af4c&amp;query=world+laptop+key+lock+locations+wifi\">Freepik<\/a><\/p><\/div><\/p>\n<p>The Domain Name System (DNS) makes the Internet usable by translating readable names such as rwth-aachen.de into IP addresses. It originated from simple lists of names and developed into a globally distributed, hierarchical system. Today, it fulfils many more tasks &#8211; for example in the areas of e-mail, IT security and network management. The DNS also plays a central role at RWTH Aachen University and is protected by modern technologies such as DNS firewalls. This article provides an overview of the origin, structure and current significance of the DNS.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<p>Communication on the Internet requires a translation of names into IP addresses in many places \u2013 a process that is made possible by the Domain Name System (DNS). Starting from this original purpose, the DNS has now developed into a complex system with far-reaching functions and security aspects. In this blog post, which is the first in a small series of articles, we will look at the history and basic functioning of the DNS.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Origin of the Domain Name System (DNS)<\/span><\/h3>\n<p>Communication between computers on the Internet takes place using IP addresses. Since these \u2013 in this case, for example, those for the main website of RWTH Aachen University: 137.226.107.63 (IPv4) and 2a00:8a60:450::107:63 (IPv6) \u2013 are difficult to remember in large numbers, unlike the ever-popular computer names, efforts were made to maintain a list of names either individually or centrally (e.g., at the Stanford Research Institute). These name lists made it easier to assign names to IP addresses and were used as so-called host files on the respective computers. These were used as so-called host files on the respective computers. Even today, this can still be found in a rudimentary form on operating systems such as Linux, MacOS, and Windows, but is now only used in special cases. Over time, this file contained more and more entries, and notifications about updates, exchanges, transfers, and maintenance became increasingly cumbersome. At the beginning of the 1970s, work began on developing name structures to avoid collisions and make the information accessible in a distributed form across the network. In the early 1980s, the first specifications were published as RFC 882 and 883. This led to one of the first implementations in the form of the software package \u201cBerkeley Internet Name Domain\u201d (BIND) at the university of the same name, which, along with several other implementations, is still available today for various operating systems\/distributions.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Structure of the Domain Name System<\/span><\/h3>\n<p>After the experience with the elaborately distributed host list file, a structured and hierarchical organisation of the system was established, as it is still used today. Hierarchical here means above all that organisational or network structures can be mapped by name. \u2018testrechner.rz\u2019 could be the \u201ctest computer in the computer centre\u201d, \u201cwww.labor\u201d a web server in my laboratory. However, to make such names unique worldwide &#8211; a prerequisite for their use on the global Internet &#8211; so-called \u2018Fully Qualified Domain Names\u2019 (FQDNs) are very often used nowadays. A computer \u2018example.itc.rwth-aachen.de.\u2019 would therefore clearly be located in the IT Center at RWTH Aachen University (which is located \u2018below\u2019 the top-level domain \u2018de.\u2019, see below). Such names consist of individual \u2018labels\u2019 (identifiers), which are separated from each other by a dot as a separator. The entry point here is a final \u2018.\u2019, which is, however, omitted in practice.<\/p>\n<p>The so-called top-level domains play a special role here, as they are defined by a central body (following a specific process). In the beginning, certain types of top-level domains (TLDs) were used:<\/p>\n<ul>\n<li><strong>Infrastructure domains<\/strong> such as .arpa,<\/li>\n<li><strong>generic TLDs<\/strong> such as .com or .edu,<\/li>\n<li>and <strong>country code top-level domains<\/strong> (ccTLDs) such as .de, .fr, etc.<\/li>\n<\/ul>\n<p>Over time, many new TLDs have been added. Some of them can be used by anyone, others are only intended for certain groups.<\/p>\n<p>A central function in the DNS is performed by so-called name servers &#8211; basically directory servers on the internet that always know a certain part of the names and can provide information about them. Just as there is a top level of domains, there are also some name servers that are at the top of the DNS hierarchy: the globally distributed \u2018root name servers\u2019. Their job is to know which top-level domains (e.g. .de, .com) there are, and which subsequent name servers are responsible for them.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Step-by-Step Explanation: How DNS Names Are Resolved<\/span><\/h3>\n<p>For example, if you enter <a href=\"http:\/\/www.itc.rwth-aachen.de\">www.itc.rwth-aachen.de<\/a> in your browser, your computer has to find out which server provides this website. This is what DNS does, working with a chain of queries by processing requests from the top to the bottom.<\/p>\n<p>Your computer asks its way through the hierarchy:<\/p>\n<ol>\n<li>who is responsible for .de? \u2192 A so-called <strong>root name server<\/strong> knows this.<\/li>\n<li>who is responsible for rwth-aachen.de? \u2192 The .de name server will tell you.<\/li>\n<li>and so on, until finally a name server could be found that knows the complete data.<\/li>\n<\/ol>\n<p>RWTH Aachen University itself is responsible for the DNS databases below rwth-aachen.de. It operates its own name servers for this purpose.\u00a0 For redundancy reasons, these are supported by additional servers of the DFN-Verein. The IT Centre maintains a database for the downstream administration of this data. The entire database of the university is divided into zones.<\/p>\n<p>The contents of these zones can be edited and viewed by the university institutions themselves via our web application \u2018<a href=\"https:\/\/noc-portal.rz.rwth-aachen.de\/dns-admin\/\">DNS-Admin<\/a>\u2019.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">What Additional Tasks Does the DNS Have Today?<\/span><\/h3>\n<p>Nowadays, however, the DNS has far more tasks than simply translating names into IP addresses. Various types of information can be stored in the DNS, namely in so-called DNS records (resource records). For example, it is possible to query the DNS to find out which mail servers are responsible for receiving messages for a domain&#8217;s email addresses. These are called MX records, for example. Another example are the so-called <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/rhjc72ly4wmw\/article\/7be1cfb5ec1f494584fe79168508ffc4\/\">CAA records<\/a>, which can be used to administratively specify which certification authority is authorised to issue certificates. In this way, DNS records can also contain security-relevant information. In addition, there are now many other types of DNS records that can be used for a wide variety of purposes.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">The DNS Caching System<\/span><\/h3>\n<p>In order to process queries efficiently, the DNS uses a caching system: information that has already been queried is temporarily stored for a certain period of time and does not have to be retrieved from the Internet each time. This mechanism leads to faster access to the information and also reduces the load on the requested servers.<\/p>\n<p>To implement this mechanism, there are so-called caching name servers that retrieve and temporarily cache information on behalf of requesting clients. They can return information that is already known particularly quickly because it can be retrieved from their own cache. Information that is not known to a caching server is requested from the other main type of name server, the authoritative name servers. These authoritative name servers know all the official and current data for a domain.<\/p>\n<p>Both types of servers are available at RWTH Aachen University. Our authoritative servers, also known as zone servers due to their data structure, answer DNS queries for domains such as rwth-aachen.de worldwide. The caching name servers operated by the IT Center process the requests from end devices coming from the campus network and thus ensure fast, efficient name resolution.<\/p>\n<p>Following this introduction to the DNS topic, the next blog post in this series will be dedicated to a security topic, namely our new DNS firewall.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Responsible for the content of this article are <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-JLYS4CA&amp;allou=1\">Bernd Kohler<\/a> and <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-6AYL3GF&amp;allou=1\">Christoph Viethen<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":6019,"featured_media":22064,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[314],"tags":[485,1453,1088,81,61,1218,217],"class_list":["post-22062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-sicherheit","tag-dns","tag-domain-name-system","tag-ipv6","tag-it-security","tag-it-sicherheit","tag-netzwerksicherheit","tag-rwth"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/22062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/6019"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=22062"}],"version-history":[{"count":6,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/22062\/revisions"}],"predecessor-version":[{"id":22076,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/22062\/revisions\/22076"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/22064"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=22062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=22062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=22062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}