Networking Principles III: What Is DNS?

Image credit, where you can find out everything you ever wanted to know about DNS.

Domain Name System (DNS) provides name resolution for all Internet communications and many private networks, including all Windows Active Directory domains. This means that, whenever you type a website’s address into your Web browser, DNS will go out and fetch the IP address associated with that address. This beats having to remember the IP address every time you want to go to DNS also assists the delivery of e-mail by providing mail exchanger records that tell SMTP servers where to send e-mail messages.

On the Internet, there are thousands of DNS servers that maintain DNS records for name resolution.

Mike Meyers Talks DNS

DNS Terminology

Most of these terms have been around for as long as DNS has existed. Some of them have more than one meaning, depending on context. For example, Microsoft uses the term “domain” to describe their administrative structure, while DNS uses a different kind of domain.
  • The DNS namespace is the backbone of the DNS structure. This is a top-down hierarchical structure based on domain names. At the top is the Root domain, which is represented by an implied dot at the end of domain names. When you browse to websites like or, most web browsers will automatically add a dot after the .com so you don’t have to. The root domain currently consists of 13 servers that provide referrals to all the top-level domains. Top-level domains are a group of centrally managed domains, each one managed by organizations called domain name registrars such as .com, .net and .gov. A second-level domain most often denotes the company or organization name associated with the domain, such as Yahoo or Microsoft. A subdomain facilitates the distribution of DNS databases and records across thousands of servers.
  • DNS domains represent the portion of the namespace to the right of the host name. For example, is the fully qualified domain name for the computer hosting the forum at the domain It is made up of two parts. The first part is the top-level domain, .com. The next part is the second-level domain, Elfwood. These two parts make up Elfwood’s public domain name,, and can be used to connect to public resources, such as the forum, attached to the domain name.
  • Fully Qualified Domain Names (FQDNs) represent the full name for which a specific host, or the DNS name, that needs to have a DNS record created. Users can then use the FQDN to get the host’s IP address. If you go to the command prompt and ping, you get replies from the IP address This is DNS resolving Yahoo’s FQDN into the associated IP address.
    Each part of the domain name is referred to as a label and is separated by a period. For example, with, “forum” is the label of a server within Elfwood’s domain that has been made available through the Internet.
  • A host is a computer on the Internet that provides a specific resource. A host name is the name given to that computer.
  • A DNS zone consists of a collection of connected nodes served by an authoritative DNS name server. A zone can consist of a single domain namespace or multiple domains in a contiguous namespace. A contiguous namespace is a requirement for having multiple domains in a single zone.
  • An authoritative server for a domain holds a complete copy of a zone’s resource records. This is often the actual server for a domain, or a server that “knows” about it.
  • A forwarder is a DNS server that receives requests from other DNS server that can’t resolve the request themselves. This is often used when a server on a private network receives a request for a domain on the Internet. The internal DNS server will forward the request to servers out on the Internet. The forwarder will then query root servers and TLD servers on the private server’s behalf.
  • A conditional forwarder is a DNS server that receives requests targeted for a specific domain. If a computer in one domain sends a DNS query for a computer in another domain, a computer in the target domain can be configured with a conditional forwarder that basically says, “If you receive a request for, forward it to the DNS server handling”
  • A caching-only DNS server is solely responsible for fielding DNS queries, doing recursive lookups to root servers and sending requests to forwarders, and then caching the results. It is not configured with any zones. Caching-only servers are ideal for branch offices so that local computers’ queries are forwarded to an authoritative server in the main office.

DNS in a Linux Environment

DNS Query Process

The DNS Query Process is central to the name resolution process. This allows DNS servers and clients to exchange information. The types of queries used in the DNS query process are iterative queries and recursive queries.
  • With iterative queries, the DNS client requests the best answer from the DNS server. The DNS server will answer the request by either delivering the address it has cached, or it will refer the client to another DNS server who can answer the request. If the latter, the DNS client will then request the address from the server it was referred to.
  • With recursive queries, the DNS client will require an answer from its DNS server. It will receive either a positive or a negative answer. The DNS server will either deliver the address, or it will tell the client that the request cannot be resolved.

Configuring DNS in Windows Server 2008

DNS Zones

DNS zones are like building blocks for building DNS infrastructure. These zones are classified by the information they store, where they are stored, and their read/write status.
  • Standard zones, also known as file-based or file-backed zones, use a file called %zonename%.dns to store all their DNS records, where %zonename% is the name of the DNS domain being stored. In Windows Server 2008, the %zonename%.dns file can be found at %systemroot%\system32\DNS folder. The .dns file is a text-based document that can be viewed in Notepad and is formatted to be compatible with Berkely Internet Name Domain (BIND) servers. BIND is the industry standard for DNS servers on the Internet and networks running DNS on UNIX/Linux systems.Standard zones are classified as primary, secondary and stub. A primary DNS zone is authoritative for a specific domain and its name records. The primary zone is hosted on a DNS server hosting a writable copy of the %zonename%.dns file. This means any changes to DNS records must be completed at the primary zone. There can be only one Primary DNS zone in a DNS structure, even if there are multiple DNS servers. The server holding this zone will act as the master server and replicates any changes made using zone transfers.Secondary DNS zones are read-only versions of DNS records for a zone. If you deploy multiple DNS servers in your organization, the ones with the secondary zones will point to the master server for updates. In order to be active, the secondary DNS zone must have access to the master records for zone transfers. By default in Windows Server 2008, DNS servers only allow zone transfers to servers specified as name servers, either by being listed on the zone’s Name Servers tab or by having a name server record created for it. Besides the default setting, you can deny all zone transfers, allow zone transfers to all servers (which is not recommended), or specify IP addresses of the servers needing zone transfers.Stub zones are read-only copies of a zone that obtains its resource records from the name servers that are authoritative for a particular zone. Unlike secondary zones, a stub zone contains only the State of Authority record for the zone, the Name Server (NS) records for all name servers authoritative for the zone, and Host (A) records for all name servers authoritative for the zone. This reduces the size of the stub zone’s database and can help reduce the amount of DNS traffic on your network.
  • Forward lookup zones are the most commonly used DNS records on the Internet. They allow DNS clients to resolve FQDNs to IP addresses. They make communicating on the Internet possible.
  • Reverse lookup zones perform the opposite task as forward lookup zones by resolving IP addresses to FQDNs. If a packet is received from an unknown source, the server can trace the source IP address back to the server associated with it.

DNS Resource Records

DNS databases use DNS resource records to store information about hosts, host names, and other information. DNS records are stored as text-based information and contains information about:
  • The owner. This field defines the host or domain to which a resource record belongs.
  • Time-to-Live (TTL). This is the amount of time, in seconds, that a record is cached by a DNS client. If this value is not defined, the record uses the default TTL as specified in the Start to Authority record.
  • Class. This field defines the protocol family the record uses. In most cases, the value will be IN for the Internet system.
  • Type. This determines the type of resource record.
  • Resource Record Data (RDATA) contains information provided by the resource record or its data.A typical DNS record should look like this:

Owner [TTL] Class Type RDATA

SOA, Name Server, and Host A Records

Start of Authority records are listed at the top of the zone file. The list below includes the RData for SOA records.

Name server (NS) records identify the DNS servers that host a zone. You might have more than one NS record if you have multiple DNS servers.

Host (A) Records provides host name-to-IP address resolution for DNS clients.

The SOA records include:

  • Serial Number: A number that increments by 1 for every change in a DNS zone. This is used during the zone transfer process. Secondary servers compare the master SOA serial number with their own SOA serial number to determine if updates are necessary.
  • Responsible Person: The e-mail address of the person responsible for a domain.
  • Primary Server: The name of the primary DNS server that is authoritative for the zone.
  • Refresh Interval: The interval in which secondary servers check for updates to a zone.
  • Retry Interval: The amount of time in seconds that a server will wait after submitting a zone transfer request before it sends a second request.
  • Expires After: The amount of time in seconds that a secondary server responds to queries before it discards its own zone. The time value restarts at zero after each transfer is completed.
  • Minimum (Default) TTL: The amount of time in seconds that a resource record is considered valid. Unless explicitly set at the resource record level, this applies to all zone records in a specific zone. This time is used by DNS clients in determining how long a query answer they have received is valid.
  • TTL for this Record: The time-to-live value used by the SOA record.

Other Records

  • Host (AAAA) Records for IPv6 are similar to A records for IPv4, except they map a host name for IPv6. This lets IPv6 clients and applications that support IPv6 resolve IPv6 names for a DNS server.
  • Mail Exchanger (MX) records specify the server responsible for handling e-mail and acting as a mail server for a domain. The MX record might represent the destination e-mail server or represent an intermediary firewall or the SMTP passing the mail along to its destination. SMTP is the industry standard for sending e-mail. When a mail server receives an e-mail, it will query the MX and A records of the domain so it can deliver the e-mail to the appropriate recipient. The MX’s RData records include the mail server preference value, which uses preference values to designate the order in which mail servers should be attempted. An organization might have multiple servers for e-mail in case one goes down.
  • The alias, or canonical name (CNAME) record, is used to create an alias for a specific host. This is often used for security reasons and/or to create a more user-friendly name.
  • The pointer (PTR), or Reverse Lookup record, resolves IP addresses to host names for DNS clients. This is often used when setting up an e-mail server. Most public SMTP servers will not accept mail unless they can perform a reverse lookup to determine the host that sent it.

Service Locator Records

Service locator (SRV) records provide important service information to DNS clients. SRV records include the location of services a client needs, the network protocol needed to access the services, and the domain services it provides. The information is organized into these fields:

Service: The name of the desired service. Applications use this name when requesting information about a specific service.

Protocol: The protocol of the service, which will either be TCP or UDP.

Name: The domain name to which the record relates.

TTL: The time-to-live for the record. This field is optional; by default, it will use the SOA’s TTL.

Class: The protocol family used by the record. In most cases, the value will be IN for the Internet system.

Priority: The priority of the target host. The lower values have first priority.

Weight: Determines the host preference when priorities are the same. Hosts with larger weights are used more often than hosts with lower weights.

Port: The port used by the service.

Target: The FQDN of the host providing the service.

Standard DNS Zone Transfers

Replicating record changes is necessary so that secondary servers are updated with the most current DNS information to provide to its clients. This is done using zone transfers. The Master server provides updated DNS record information to secondary, or slave servers. Standard DNS servers can determine when an update is necessary by accessing the SOA record, which contains a serial number that increments each time a DNS zone is changed. The secondary server always initiates the update process by requesting a copy of the current SOA record from the master server. When the secondary server receives the record, it will compare the record against the SOA record it has stored. If the serial numbers are different, the secondary server requests a zone transfer. The master server will then initiate the zone transfer to the secondary.

There are two types of zone transfers: incremental zone transfers (IXFRs) and full zone transfers. Incremental zone transfers send updates of the DNS zone only to the secondary server. This reduces the amount of replicated data. Full zone transfers send the entire zone data file to the secondary server. After the first successful full zone transfer to a secondary server or if the information is reloaded from the master server, a request for an AXFR is initiated. By default, WIndows Server 2008 DNS servers request IXFRs from their master server. They will also request an AXFR if the difference between serial numbers is too great for an incremental transfer. Master servers can be set to notify secondary servers when an update is available.

Troubleshooting DNS
Sometimes you will run into errors with your DNS system, especially if you run a large network with a lot of servers and other resources that need DNS to keep track of them. So here’s an easy way to start troubleshooting DNS issues.
DNS On Your Router

DNS can be configured on routers to make troubleshooting network difficulties a little easier. Routers can be configured to find DNS servers on the web by entering the command ip name-server or ip name-server <IP address of the preferred DNS server>. You can also configure hostnames on router’s IP address table by using the command ip host <hostname> <host’s IP address>. This makes it easy to ping devices from your router when you need to troubleshoot without the extra headache of remembering the IP address of the device you want to ping. For DNS lookups to work, the command ip domain-lookup must be enabled. DNS lookups are turned off when you enter no ip domain-lookup. The debug domain command debugs DNS on your router.

Upgrading A Network?

This is one area where you don’t want to fool around. So here’s some items to check out for all your networking needs.

Unfortunaly, this xml/rss feed does not work correctly...