Questions tagged [dns]

DNS is the Domain Name System, a hierarchical, distributed database where the keys are domain names.

The primary references are:

• RFC 1034 - Domain Names - Concepts and Facilities
• RFC 1035 - Domain Names - Implementation and Specification

(but there is no comprehensive document handling an exhaustive list of features and specifications of the protocol; a newer attempt at that as a work in progress is available at https://powerdns.org/hello-dns/ for a technical audience)

The most common record types found in the DNS are:

• A records - the mapping from a domain name to an IPv4 address
• AAAA records - the mapping from a domain name to an IPv6 address
• MX records - the mapping from a domain name to the host name of an SMTP server
• NS records - used to delegate a portion of the hierarchy to specific DNS servers
• PTR records - typically used (via in-addr.arpa.) to map an IP address back to a domain name
• CNAME records - used to alias a domain name to its canonical version

DNS packets are conventionally transported over UDP and TCP port 53. UDP is more commonly used, but zone transfers require TCP (RFC 5966), as do larger DNS responses (when over the default of 512 bytes) if the EDNS extension is not used (or badly implemented), see RFC6891.

A specific extension called DNSSEC allows to cryptographically sign resource records to ensure their authenticity and integrity. It introduces the following new records for that: DS and DNSKEY records to store key materials, RRSIG to store signatures and NSEC or NSEC3 records to handle signaling of not existing records.

Newer versions support DNS over TLS (RFC7858) and DNS over HTTPS (in process of becoming an RFC).

By default, during a recursive walk, each nameserver is queried with the full name being resolved, not just the labels it would need. It is only for historical reason as there is no technical reason for this. A newest specification (RFC7816) mandates "QNAME minimization" for privacy reasons, and is in the process of being deployed in nameservers.

Partial list of known open source namesevers:

• bind (sometimes also historically referenced as named): authoritative and recursive
• nsd: authoritative, started by the .NL registry
• unbound: recursive
• Knot DNS: authoritative, started by the .CZ registry
• powerdns: authoritative and recursive
• yadifa: authoritative, started by the .EU registry
• dnsmasq: recursive (with some authoritative features for local resolutions)
• geodns: authoritative

This Wikipedia article provides an approachable introduction to DNS.