As a critical component of the Internet’s infrastructure, the Domain Name System (DNS) is the translation system that turns an Internet host name (domain name) into the unique series of numbers which constitute an Internet Protocol (IP) address for each specific domain name. The DNS plays a critical role in supporting the Internet infrastructure by providing a distributed and fairly robust mechanism that resolves Internet host names into IP addresses and IP addresses back into host names. The DNS is a critical application for the reliable and trustworthy operation of the Internet. Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network.
Overview of Domain Name System (DNS)
To send a packet to a remote host over the internet, knowledge of the IP address of that specific host is necessary, similar to the working of the telephone network where a phone number is necessary to reach a specific person. However, remembering the IP addresses of all hosts somebody might want to communicate with is rather difficult. Furthermore one probably want to reach a certain remote application, e.g. a website, regardless of the physical machine this application is running on. Moving applications across several machines leads to changing IP addresses making it even more difficult to remember them.
Therefore domain names were introduced which are more easy to remember and can automatically be translated into the corresponding IP addresses. This translation process is facilitated by the Domain Name System. To better understand the translation of domain names into IP addresses, the DNS can be compared with a telephone book which maps person’s names on telephone numbers.
To connect to a system that supports IP, the host initiating the connection must know in advance the IP address of the remote system. An IP address is a 32-bit number that represents the location of the system on a network. The 32-bit address is separated into four octets and each octet is typically represented by a decimal number. The four decimal numbers are separated from each other by a dot character (“.”). Even though four decimal numbers may be easier to remember than thirty-two 1’s and 0’s, as with phone numbers, there is a practical limit as to how many IP addresses a person can remember without the need for some sort of directory assistance. The directory essentially assigns host names to IP addresses.
Domain Name System (DNS) Components
The Domain Name System (DNS) was developed primarily to allow humans to use more easily remembered character strings in place of dotted decimal or, heaven forbid, hexadecimal numbers. You can enter a destination’s numeric IP address into a browser or other application and get the results you would expect without any contribution by the DNS. Once the system was in place, however, it took on a number of supplemental roles that have stretched and contorted the system far beyond the original intentions of its architects. The DNS is an essential component of Internet based e-mail. It can serve as a repository for encryption keys and other security components. Currently, it is undergoing expansion that will integrate IP addresses with worldwide telephone numbering.
The DNS consists of three components. The first is a “Name Space” that establishes the syntactical rules for creating and structuring legal DNS names. The second is a “Globally Distributed Database” implemented on a network of “Name Servers”. The third is “Resolver” software, which understands how to formulate a DNS query and is built into practically every Internet-capable application.
1. Name Space:
The DNS “Name Space” is the familiar inverted tree hierarchy with a null node named “” at the top. The child nodes of the root node are the Top Level Domains (TLDs)-.com, .net, .org, .gov, .mil-and the country code TLDs, including .jp, .uk, .us, .ca, and so forth. Node names, known as labels, can be as many as 63 characters long, with upper- and lower-case alphabetical letters, numerals, and the hyphen symbol constituting the complete list of legal characters. Labels cannot begin with a hyphen. Upper- and lower-case letters are treated equivalently. A label can appear in multiple places within the name space, but no two nodes with the same label can have the same parent node: A node name must be unique among its siblings.
2. Name Servers
The second key component of the DNS is a globally connected network of “name servers”. Each zone has a primary or master name server, which is the authoritative source for the zone’s resource records. The primary name server is the only server that can be updated by means of local administrative activity. Secondary or slave name servers hold replicated copies of the primary server’s data in order to provide redundancy and reduce the primary server’s workload.
Furthermore, name servers generally cache data they have looked up, which can greatly speed up subsequent queries for the same data. Name servers also have a built-in agent mechanism that knows where to ask for data it lacks. If a name server can’t find a domain within its zone, it sends the query a step closer to the root, which will resend it yet a step closer if it can’t find the domain itself. The process repeats until it reaches a TLD, which ensures that the entire depth of the name space will be queried if necessary.
The third component of the DNS is the “resolver”. The resolver is a piece of software that’s implemented in the IP stack of every destination point, or “host” in IETF-speak. When a host is configured, manually or through DHCP, it’s assigned at least one default name server along with its IP address and subnet mask. This name server is the first place that the host looks in order to resolve a domain name into an IP address. If the domain name is in the local zone, the default name server can handle the request. Otherwise, the default name server queries one of the root servers. The root server responds with a list of name servers that contain data for the TLD of the query. This response is known as a referral. The name server now queries the TLD name server and receives a list of name servers for the second-level domain name. The process repeats until the local name server receives the address for the domain name. The local server then caches the record and returns the address or other DNS data to the original querier.
The Domain Name Space
The DNS is a hierarchical tree structure whose root node is known as the root domain. A label in a DNS name directly corresponds with a node in the DNS tree structure. A label is an alphanumeric string that uniquely identifies that node from its brothers. Labels are connected together with a dot notation, “.”, and a DNS name containing multiple labels represents its path along the tree to the root. Labels are written from left to right. Only one zero length label is allowed and is reserved for the root of the tree. This is commonly referred to as the root zone. Due to the root label being zero length, all Fully Qualified Domain Name (FQDNs) end in a dot. A FQDN is basically a DNS host name and it represents where to resolve this host name within the DNS hierarchy.
Figure 1: Domain name space example
As a tree is traversed in an ascending manner (i.e., from the leaf nodes to the root), the nodes become increasingly less specific (i.e., the leftmost label is most specific and the right most label is least specific). Typically in an FQDN, the left most label is the host name, while the next label to the right is the local domain to which the host belongs. The local domain can be a subdomain of another domain. The name of the parent domain is then the next label to the right of the subdomain (i.e., local domain) name label, and so on, till the root of the tree is reached.
 Bade, Lars, Jelte Jansen, Harald Vranken, and Erik Poll, “Resilience of the Domain Name System: A case study for. nl.” (2016).
 Davidowicz, Diane. “Domain name system (DNS) security.” Yahoo Geocities (1999).
 “Chapter 5: Introduction to DNS”, available online at: https://www.cs.rutgers.edu/~pxk/417/notes/content/ms_dns.pdf
 “DNS Components: Hosting Articles”, available online at: https://www.accuwebhosting.com/resources/hosting-articles/dns-components