DNS explained

What is it and how does it work? Simon Perry helps you get to grips with DNS.

30th March 2007

An area of the web business that confuses our clients more than anything else, is DNS. Even people who have been working in the web for a decade still regularly get confused by how it works and what exactly it does. This brief article aims to clear up some of the confusion.

DNS stands for Domain Name System. Essentially, DNS is simply the Internet’s version of a telephone directory. In a phone directory, you look up a name and get a phone number. In DNS, you look up a domain name and get a network address.

Of course, you would rarely use DNS directly yourself to look up a network address. When you type www.xibis.com into a web browser, the browser does it for you. It uses DNS to find that www.xibis.com points to 66.232.135.26 and it sends the request for the web page to the server at that address.

DNS is useful for many reasons, for instance: 

  • It’s a lot easier to remember a friendly name like www.xibis.com rather than a network address like 66.232.135.26. 
  • If I want to move my web site on a different server, I can just set it up on the new server and then point www.xibis.com at the new network address. I won’t have to inform all my web site visitors that it has moved. 
  • When your web browser sends a message to 66.232.135.26 it also sends through the domain name which was entered. The web server can use this to figure out which web site you are looking for, which means that multiple web sites can be hosted on one network address - and that makes web hosting a lot cheaper.

You can run a DNS lookup manually by opening a command window (start -> run -> type “cmd” and press “OK”) and typing “nslookup www.xibis.com” and pressing return. But what exactly happens when you do this?

How does it work?

Within your computer’s network settings will be the network address of the DNS server that you use. This will typically be the address of your ASDL router if that is how you connect to the Internet. Your computer will simply send a message to this machine and ask it to look up the domain name then it will return the result.

How does your router do this? Well, it just asks another DNS server at your ISP (Internet Service Provider). And to be fair, that server probably just asks another one. But eventually - some machine somewhere has got to do some work and look it up. The machines that do this are called DNS recursers.

Let’s assume we want to look up www.xibis.com. The first thing a DNS recurser would do is to ask a root nameserver (there are several “root nameservers” around the world) to lookup www.xibis.com. Now the root nameserver won’t hold information of this detail. The root nameservers simply know which machines look after .com, .net, .uk and so on, which are the top level domains. When you ask a root nameserver to look up www.xibis.com, it will simply reply “for .com domains, ask one of these computers....” and it will give a list of network addresses.

The recurser then goes to one of the servers that looks after .com and asks it to look up www.xibis.com. Again, the com server doesn’t hold information of this detail and simply replies “for xibis.com, ask these servers.....” and gives another list of DNS servers. The recurser then asks one of these servers to look up www.xibis.com. This server then returns the IP address 66.232.135.26 and we’ve got our address.

This sounds really inefficient - we’ve had to talk to many different servers to look up our DNS record. In reality, this process is made more efficient by a thing called caching.

Caching and "Time To Live"

When we get the DNS record information from the server we also get a value known as the "Time To Live", or TTL. This tells us how long, in seconds, the information is good for. If the TTL is 60, then if we need the network address again within the next minute we won’t bother re-looking it up, we will just work from memory.

The DNS recurser works in the same way. If it has gone through the process above to look up www.xibis.com, it knows which servers look after the .com domain so when it needs to look up www.google.com it does not need to go back to the root server - it remembers which servers look after .com and it just goes back to one of them. Likewise, if it needs to look up mail.xibis.com it does not need to go back to the root server or the .com server - it goes straight to the server that looks after the xibis.com domain.

The Time To Live can be set to anything you like; eight hours is pretty typical. This saves the DNS servers a lot of work because they don’t need to keep being asked where xibis.com is. However, it does mean that when you want to move xibis.com to another server, you have to wait eight hours for it to take effect everywhere on the Internet.

DNS changes will therefore happen at different times for different people. If you have your TTL set to eight hours and you’re using a DNS server that looked it up four hours before you changed it, you’ll only need to wait another four hours to see the changes. If your DNS server hasn’t looked up the domain in the last eight hours, the information won’t be cached and you’ll see the changes immediately.

You can get around this uncertainty with a little planning. If your TTL times are set to eight hours, just change them to 60 seconds at least eight hours before you move your site. After eight hours has passed, everyone should only be remembering the domain names for 60 seconds and you will be able to switch your site across almost immediately. This works well in theory, but unfortunately a lot of the cheaper DNS hosting providers on the Internet do not allow you to change the TTLs so sometimes this isn’t an option.

Types of Record

Using the phone book analogy again, you sometimes have different numbers for different things. For instance, the phone book might give a company’s phone number, fax number and ISDN number. DNS works the same way - it has different types of records that can be looked up.

There are lots of different types of records, but we’re just going to look at the most common ones types of record: A, CNAME and MX.

An A record is the simplest. It simply returns the IP address, such as in the example above where www.xibis.com points to 66.232.135.26. Easy!

A CNAME record isn’t too different, but rather than return an IP address it returns another domain name. You’ve then got to look this record up to find the IP address. This is obviously less efficient but it has its advantages - it makes it a lot easier to look after a lot of domains pointing to the same place.

MX records are used for mail. If you want to send an email to info@xibis.com then your mail server needs to know where to send it, so your mail server will look up the MX record. The MX records for xibis.com will return two addresses - mail.xibis.com and mail2.xibis.com. Each of these has a different priority. The one with the highest priority is our internal mail server so the mail server will try this first. If this server cannot be reached then it will try the second. You can have as many different mail servers as you wish, all with different priorities.

This article is really just an introduction and some of the intricacies of DNS get a lot more complex. Hopefully you’ve now got a good grasp of the basics - and please let me know if you did find this useful.

top

latest news

A Little Cyber Crime?
A Little Cyber Crime? more...
Xibis Stats more...
The Other Bill Silverman Prize
The Other Bill Silverman Prize more...

comments

The site does exactly what we wanted it to; we have had many favourable comments from our customers - at the end of the day, it is their views which really count and help to build a business.

Ash Narsey,
Just Childsplay