DNS
Domain Name System (DNS) is a system for identifying machines in a human-readable format (i.e. as compared to IP addresses).
While there are root nameservers, the system is decentralized and records can be shadowed, spoofed, or confined to a local network.
Domain Names
Domain names map to actual IP addresses. A domain name is queried against a nameserver, which in some manner returns an answer.
Obtaining Domain Names
A domain name can be purchased from any number of providers, which act as a middleman with the authoritative root nameservers. Each service will have it's own portal or interface for setting the DNS records for your domain.
Records
The primary sorts of DNS records are:
Record Type |
Function |
A |
Maps a name to an IPv4 address |
AAAA |
Maps a name to an IPv6 address |
CNAME |
Aliases a name to another name |
While the protocol has evolved since, DNS began with Bind and DNS records are modeled after BIND zone files.
Nameservers
An authoritative nameserver contains a complete set of records and will directly return an answer.
A recursive nameserver acts as a proxy, querying authoritative nameservers on behalf of the client. It returns the first authoritative answer it can find. Note that recursive servers are vulnerable to exploitation, as through amplification attacks and cache poisoning.
A caching nameserver also acts as a proxy, but caches the answer as an authoritative record. If the name is queried again before the internal database expunges that record, the nameserver will directly return the answer.
Nameservers conventionally operate over TCP and UDP on port 53.
Hosts File
Prior to the creation of a central DNS, networks were managed by local hosts files. These files are fundamentally an authoritative record of names.
For Linux or BSD distributions, see /etc/hosts.