DNS
DNS is a UDP-based protocol that allows computers on a network addresses via easier to remember names.
Hierarchy
DNS zones are hierarchical, stemming from a single root. Below this are TLDs (top level domains) and ccTLDS (country code top level domains).
- Root zone (
.
):com
TLD domain:google
net
TLD domain:google
uk
ccTLD:co
domain:google
Internal DNS resolution
gethostbyname()
provides name resolution. At a high level, it considers a number of sources for results.
hosts
files
Hosts files contain IP address => name pairs:
10.100.50.50 int
Its location is platform dependent:
- On Linux:
/etc/hosts
- On macOS:
/private/etc/hosts
- On Windows:
C:\Windows\system32\drivers\etc\hosts
Resolver caching
Query the DNS resolver cache:
- Linux: depends on configuration.
- macOS:
- Enable private data in logs:
sudo log config --mode "private_data:on"
- View DNS queries since enabling private data:
log stream --predicate 'process == "mDNSResponder"' --info
- Disable private data in logs:
sudo log config --mode "private_data:off"
- On pre-High Sierra versions, send the INFO signal to
mDNSResponder
and check/var/log/system.log
:sudo killall -INFO mDNSResponder
- Enable private data in logs:
- Windows:
ipconfig /displaydns
Clear the resolver cache:
- Linux: depends on configuration.
- macOS:
dscacheutil -flushcache; sudo killall -HUP mDNSResponder
- Windows:
ipconfig /flushdns
External servers
Root hints (cache.dns
) provide the location of the root servers, required for seeding DNS clients.
DNS queries requiring recursive queries or receiving cached responses are non-authoritative answers. Authoritative come only from the nameserver hosting the zone.
Recursion
DNS queries that a server doesn't hold the answer for can be forwarded (from the root, to the TLD, to the domain's nameserver) in a process called recursion. Queries made in this fashion are known as iterative queries.
Conditional forwarding is more specific than forwarding. It can speed up lookups by allowing requests for specific domains to be directed straight to the appropriate nameserver, saving the iterative queries to get to the domain.
Zone types
- Forward lookup zones resolve hostnames to IP addresses.
- Reverse lookup zones resolve IP addresses to hostnames, e.g. for mail lookup. Their zone names will be in the format
0.168.192.in-addr.arpa.dns
.
Record types
SOA
start of authority records contain metadata about the zone:- Serial number, incremented on every change to signal modifications.
- Primary authoritative nameserver.
- Hostmaster contact
- Minimum (default) TTL
- Refresh interval
- Retry interval
- Expires after
A
(IPv4) orAAAA
(IPv6) address records, pointing at IP addresses.CNAME
are canonical name records, pointing at other names.SRV
, service lookup zones, contain a hostname and port number pair, along with a priority and weight value.TXT
records contain arbitrary text and are often used for ownership verification.PTR
records "point" at host canonical hostnames for hosts.MX
, or mail exchanger, records point at SMTP servers for a domain. These include a priority value indicating a failover order.NAPTR
name authority pointer.NS
nameservers.SPF
(Sender Policy Framework) records are deprecated in favour of usingTXT
records for compatibility reasons.
All records have their own TTL, which can optionally override the zone default specified in the SOA.
Zone use cases
Primary DNS zones are authoritative sources of information for their zones. These zones are read/write, accepting resource record updates.
Secondary DNS servers are read-only copies of the zone. Zone transfers allow the contents of DNS zones to be copied over the DNS protocol (AXFR to full sync, IXFR for delta).
Stub zones contain only the SOA and NS records for the authoritative nameservers for the domain. This allows responding to recursive queries.
"Cache-only DNS" and "caching resolver" configurations require being able to service requests from clients and caching records over time.
Protocol
Headers
The header section comprises:
ID
is populated with an identifier by the querying client, used to match requests and responses.QR
indicates whether the packet contains a request (0
) or response (1
).OPCODE
indicates the operation type:0
: standard query.1
: inverse query.2
: status.3
: unassigned.4
: notify.5
: update.6-15
: unassigned.
AA
determines whether the responding nameserver is authoritative for the zone.TC
indicates that the message was truncated.RD
indicates that a request wishes to use recursion.RA
specifies whether recursion is available in the responding nameserver.Z
is reserved for future use and must be0
.RCODE
contains the response status.- Caching
QDCOUNT
specifies the number of question resource records in the question section.ANCOUNT
specifies the number of answer resource records in the answer section.NSCOUNT
specifies the number of nameserver resource records in the nameserver section.ARCOUNT
specifies the number of authoritative resource records in the authority section.
Question section
Question sections comprise:
QNAME
specifies the name being queried.QTYPE
specifies the desired resource record type:1
:A
record.2
:NS
record.5
:CNAME
record.6
:SOA
record.12
:PTR
record.15
:MX
record.16
:TXT
record.28
:AAAA
record.33
:SRV
record.
QCLASS
specifies the query class:1
: Internet (IN
) is the only widely used, though others are allocated.
Resource records
Resource records make up a number of sections:
- Answer section
- Authority section
- Additional section
They comprise the following fields:
NAME
specifies the domain name.TYPE
specifies a resource type.CLASS
specifies the resource class.TTL
provides the number of seconds a record may be cached.RDLENGTH
specifies the length of theRDATA
field.RDATA
contains the record data.
Zone transfers
Zone transfers, sometimes referred to by the query type AXFR, is a DNS transaction that allows replicating DNS zones across servers.
If it's possible to deliver a the result over a single packet, UDP is favoured, else TCP will be used.
There are two types of zone transfer:
AXFR
queries return the complete contents of the specified zone.IXFR
queries return partial results, requiring that the server store delta information between the current and several previous versions.
Load balancing
- Netmask ordering is the behaviour of listing resource records for addresses in the same subnet as the client first in the returned results. Since clients work down resource records in the order they're given, this should favour the "local" record over others.
- Round robin load balancing offers a poor-man's load distribution mechanism: the DNS server can permute the order of multiple address resource records.
EDNS(0)
EDNS(0) expands the size of several parameters of the original protocol which limited its expansibility. It was proposed in RFC 2671 and later revised by RFC 6891.
The extensions are facilitated through the use of a new optional (OPT
) pseudo-resource record type to preserve backwards compatibility (old responders ignore them and new responders don't include the records unless they exist in the request).
Troubleshooting
Troubleshooting should follow the order of the DNS resolution process:
- Check the local cache, if applicable.
- Check the local zones.
- Check the conditional forwarders.
- Check forwarders.
- Check the root hints.
Tools are platform-specific:
nslookup
is all you've got on Windows by default.drill
(and the BIND utilitydig
) are more feature rich.
References
Children
Backlinks