Source string Source string

English Actions
The Domain Name System
We have already explained the main principles that underlie the utilization of names on the Internet and their mapping to addresses in section :ref:`naming`.
The last component of the Domain Name System is the DNS protocol. The original DNS protocol runs above both the datagram and the bytestream services. In practice, the datagram service is used when short queries and responses are exchanged, and the bytestream service is used when longer responses are expected. In this section, we first focus on the utilization of the DNS protocol above the datagram service. We will discuss later other recently proposed protocols to carry DNS information.
DNS messages are composed of five parts that are named sections in :rfc:`1035`. The first three sections are mandatory and the last two sections are optional. The first section of a DNS message is its `Header`. It contains information about the message type and the content of the other sections. The second section contains the `Question` sent to the nameserver or resolver. The third section contains the `Answer` to the `Question`. When a client sends a DNS query, the `Answer` section is empty. The fourth section, named `Authority`, contains information about the servers that can provide an authoritative answer if required. The last section contains additional information that is supplied by the resolver or nameserver but was not requested in the question.
The header of DNS messages is composed of 12 bytes. The figure below presents its structure.
The DNS header
The `Transaction ID` (transaction identifier) is a 16-bits random value chosen by the client. When a client sends a question to a DNS server, it remembers the question and its identifier. When a server returns an answer, it returns in the `Transaction ID` field the identifier chosen by the client. Thanks to this identifier, the client can match the received answer with the question that it sent.
The DNS header contains a series of flags. The `QR` flag is used to distinguish between queries and responses. It is set to `0` in DNS queries and `1` in DNS answers. The `Opcode` is used to specify the query type. For instance, a :term:`standard query` is used when a client sends a `name` and the server returns the corresponding `data`. An update request is used when the client sends a `name` and new `data` and the server then updates its database.
The `AA` bit is set when the server that sent the response has `authority` for the domain name found in the question section. In the original DNS deployments, two types of servers were considered : `authoritative` servers and `non-authoritative` servers. The `authoritative` servers are managed by the system administrators responsible for a given domain. They always store the most recent information about a domain. `Non-authoritative` servers are servers or resolvers that store DNS information about external domains without being managed by the owners of a domain. They may thus provide answers that are out of date. From a security point of view, the `authoritative` bit is not an absolute indication about the validity of an answer. Securing the Domain Name System is a complex problem that was only addressed satisfactorily recently by the utilization of cryptographic signatures in the DNSSEC extensions to DNS described in :rfc:`4033`.
The `RD` (recursion desired) bit is set by a client when it sends a query to a resolver. Such a query is said to be `recursive` because the resolver will recursively traverse the DNS hierarchy to retrieve the answer on behalf of the client. In the past, all resolvers were configured to perform recursive queries on behalf of any Internet host. However, this exposes the resolvers to several security risks. The simplest one is that the resolver could become overloaded by having too many recursive queries to process. Most resolvers [#f8888]_ only allow recursive queries from clients belonging to their company or network and discard all other recursive queries. The `RA` bit indicates whether the server supports recursion. The `RCODE` is used to distinguish between different types of errors. See :rfc:`1035` for additional details. The last four fields indicate the size of the `Question`, `Answer`, `Authority` and `Additional` sections of the DNS message.
The last four sections of the DNS message contain `Resource Records` (RR). All RRs have the same top level format shown in the figure below.
DNS Resource Records
In a `Resource Record` (`RR`), the `Name` indicates the name of the node to which this resource record pertains. The two-)bytes `Type` field indicates the type of resource record. The `Class` field was used to support the utilization of the DNS in other environments than the Internet. The `IN` `Class` refers to Internet names.
The `TTL` field indicates the lifetime of the `Resource Record` in seconds. This field is set by the server that returns an answer and indicates for how long a client or a resolver can store the `Resource Record` inside its cache. A long `TTL` indicates a stable `RR`. Some companies use short `TTL` values for mobile hosts and also for popular servers. For example, a web hosting company that wants to spread the load over a pool of hundred servers can configure its nameservers to return different answers to different clients. If each answer has a small `TTL`, the clients will be forced to send DNS queries regularly. The nameserver will reply to these queries by supplying the address of the less loaded server.
The `RDLength` field is the length of the `RData` field that contains the information of the type specified in the `Type` field.
Several types of DNS RR are used in practice. The `A` type encodes the IPv4 address that corresponds to the specified name. The `AAAA` type encodes the IPv6 address that corresponds to the specified name. A `NS` record contains the name of the DNS server that is responsible for a given domain. For example, a query for the `AAAA` record associated to the `www.ietf.org` name returned the following answer.
Query for the `AAAA` record of `www.ietf.org`
This answer contains several pieces of information. First, the name `www.ietf.org` is associated to IP address `2001:1890:123a::1:1e`. Second, the `ietf.org` domain is managed by six different nameservers. Five of these nameservers are reachable via IPv4 and IPv6.
`CNAME` (or canonical names) are used to define aliases. For example `www.example.com` could be a `CNAME` for `pc12.example.com` that is the actual name of the server on which the web server for `www.example.com` runs.

Loading…

User avatar None

String updated in the repository

cnp3-ebook / protocols/dnsEnglish

2 years ago
Browse all component changes

Glossary

English English
No related strings found in the glossary.

String information

Flags
read-only
Source string location
../../protocols/dns.rst:16
String age
2 years ago
Source string age
2 years ago
Translation file
locale/pot/protocols/dns.pot, string 4