Understand each of the items that makes up the DNS system. Learn about DNS Servers. Learn about Recursion. Learn about Root servers. Learn about resource records. Learn about resource record sets. Understand the relationship between DNS servers and resolvers. Learn about A, MX, CNAME, PTR, SRV and SPF TXT records.
- [Voiceover] Let's dig in to the components of DNS, shall we? Let's start with DNS servers, right? DNS servers are name servers. They exist for the purpose of answering queries about the domain names that are out there on the network on the internet and the IP addresses that they map to and vise versa. And lots of other great information. And they're organized into a hierarchy that starts at the top with the roots servers and then below that the top level domain or TLD servers and then your domain would be beneath that level and then subdomains would be within your domain, right? That hierarchy works in a way that sort of encompasses one level into the next it's very well organized and it is a very redundant and a fault tolerant system, that I think is a marvel of engineering if you think about it.
The root level of course is at the very,very top it is managed by a couple of different organizations and it is actually not one server, but a group of servers that contain the information about all the top level domains in the world. The top level domains include everything from your standard .com and .gov, and .org. Those are very, very common. I think we're all used to seeing those of course. But also .mil, and .gov those of course relate tot he U.S. military and the U.S. government, not other states or countries. And of course that is because the internet comes from the DARPA research project many, many, many years ago.
So when all of this stuff was originally designed, it was a U.S. thing, right? I don't think anybody expected to grow into what it is today Anyway, because it has grown into what it is today there are are top level domains for every single country in the world. There are top level domains that have been opened up for fun and for commercial use, and these days you can spend a couple hundred thousand dollars and you can buy your own top level domain and it will get popped into the internet and that will be that. Within those top level domains however, so as resolvers are looking for answers ya know there's gonna go to the root servers to find out where the top level domain server is say for .com if you happen to be looking for something that's in .com.
And then .com is going to have all the information for all of the domains that rest within .com, right? So that's that next domain level and at each of these levels their all name servers. These are all DNS servers that are sitting at these different levels. Sometimes a DNS server will be responsible for a whole bunch of different domains, or zones that they'll carry. Sometimes a DNS server might only be authoritative for one maybe in a small organization. Especially for example if you look at subdomains. You see where we have root and top level domain, or TLD and then the domain.
Within that you can also have a subdomain. So you can have a whole domain within your web area or within your zone area so when people are ya know maybe searching for a website and there's a whole slew of different wikis that are available in a wiki subdomain for your domain. Maybe you put all of them into that subdomain. And then those subdomains have servers that are authoritative for all the information in there, right? So this hierarchical organization keeps things at least a little bit organized and gives all of the resolvers places to go whenever they can't find things and it's very redundant and I think a successful software engineering effort there.
DNS zones are the zone files or zones that control a domain. So if we're talking about our domain here as in our example landonhotels.com, ya know that Landon Hotels zone is its own zone and on our server it's going to be authoritative for that zone on our network, okay? A forward zone is going to be anything that is A record or CNAME record or a AAAA record.
These are going to be the resource records that refer to a name or a service that refers to a name that then must resolve to an IP address. And a reverse zone is kind of the opposite of that, right? It's looking for an IP address and then trying to find the name that's associated with that IP address. So primary zones and secondary zones are another thought entirely. Sometimes you'll hear people refer to these as primary DNS servers and secondary DNS servers. The primary server is going to be the authoritative server for the DNS zone and the secondary here is going to be also authoritative, but it is going to constantly be pinging the primary, asking it for, it's going to be actually making resolution requests and if it looks at the serial number field in the zone file and that serial number has incremented upward since the last time the secondary server talked to the primary server, the primary server will agree to a request from the secondary server to transfer the entire zone down to that secondary server, and this keeps a primary and a secondary both up to date with the current information about a zone.
All of the machine names and all of the A records, and CNAME records and everything. Even if they're being updated frequently will be up to date on both the primary and the secondary. And this done specifically because DNS is so important it's very important for the DNS zone file to be available to all clients whenever they come asking. So, if you have a primary, and the primary blows up ya know, having a secondary there to take over and be the authoritative source of information for that zone is really, really important, right? So the primary and secondary zones are there and then the next level down is the resource record, right? These are the records that are inside of these zone files each resource record, sometimes you'll see that abbreviated as an RR or maybe you'll even see an entire set of the resource records for a whole zone referred to as an RR set that's just something you might see, each of these single resource records are aligned in this DNS zone file.
They've got configuration data,and these are the details of where you're gonna go whenever your looking for something, how to find a resource perhaps, in the case of SRV records ya know, those are service records and so you can say hey where do I go to find use this example again, "Where do I go to find Minecraft?" and so you look at the SRV record, and hey lo and behold _Minecraft is there and where is that server? So these are the things right? The individual pieces of information. Each resource record is a line inside one of these zone files, okay? So what are the DNS resource types? Well the label in each of those lines that indicates what each record is, right? So in an A record, the resource type is that letter A in that record.
So there are lots of examples of this, right? There's an NS, there's an SOA, there's the A, there's the AAAA which is basically an A record for IPv6 use. The CNAME which is going to give you a redirection from one name to another name, which would then have to be resolved out into an A record for that final name and that goes to an IP address. PTR record which goes into its own completely separate zone, right? The PTR, the point of record is a reverse. And it's looking at IP addresses, so it's gotta go to it's own zone.
Which is called a reverse zone. And of course you've got the record types that aren't so much about where a machine is but more of where a service is, right? So MX, or TXT can frequently be used for that and SRV I already talked about the Minecraft example of service record. But ya know, for active directory you're gonna have your LDAP and your Kerberos service listed and that's how your Windows 2000 clients are going to find their active directory servers on your network. And then of course the sender policy framework file the SPF record which is sometimes listed as its own type of record and sometimes listed as a TXT record type but either way, each of these labels will tell a line what it's supposed to be, right? And so when a resolver is going to a zone file and looking for information,this is how it knows what each of these types are as its looking for them.
Okay, so DNS clients, right? Next in our tree of DNS functionality we have the client systems. And the client systems really any device on a network that has a DNS resolver in it. Resolvers are going to be built into every OS in existence I mean, there's resolvers in your TiVo DVR, there's resolvers in your printer, your muli-function device that's sitting in your office, there are resolvers built into every operating system. And the resovler is really responsible for submitting queries and then receiving responses to those queries.
The resolver is there not only on the client systems, resolvers are also present on all of the DNS servers because of course if a client makes a request out to a DNS server and the DNS server doesn't have the information to answer the question, then that DNS server has to take responsibility if it's programmed to deal with recursion. It will go out and recursively look for all of the answers necessary to provide an answer to the resolver on your clients system. So there's resolvers on all these devices and they're responsible for submitting queries and receiving responses, okay? So those are the base line components of DNS.
If you understand each of those components, you've got a solid framework for your understand of how DNS works.
To begin, author Sean Colins covers the fundamentals of DNS. He then segues to more complex topics such as setting up a DNS server on Linux, Mac, and Windows and working with DNS record types, such as AAAA, MX, TX, CNAME, and SPF. He offers breakdowns of difficult concepts as well as practical technical tips for the day-to-day activities involved in DNS server management.
- How split-horizon DNS works
- Lookups in Network Utility and Terminal on OS X, and from the cmd prompt on Windows
- Resolving DNS from different DNS servers, including BIND on pfSense and DNS Manager in Windows Server 2012
- Query, recursion, and caching basics
- DNS hierarchy
- Root-level DNS servers
- Configuring resource records: AAAA, MX, TXT, and more
- DNS tips and tricks for BIND, Windows Server, and Mac OS X Server
- Exploring DNS server options