Skip navigation. The dot net.

The DNS (Domain Name System) is a distributed hierarchical database, with separate parts residing on separate DNS name servers throughout the Internet. The DNS stores information about IP (Internet Protocol) addresses, hostnames, domain names, and other data.

IP Addresses and Hostnames

DNS is required for translation of hostnames to IP addresses and vice versa; this translation is what makes sending and receiving email, browsing the web, and numerous other network services work.

Each host (computer or other device) connected to the Internet is assigned a unique number, called its IP address. There are two parts to an IP address; the first part identifies the local network on which the host is located and the second part identifies the host itself. The IP address makes it possible for a data packet (e.g., your email message) to be sent to the proper place. However, because long strings of digits are difficult for people to memorize or recognize, each IP address is given an hopefully easier-to-remember hostname.

A hostname is a unique name assigned to each host connected to a network and, like an IP address, is made up of two or more parts. One part is a unique name for each host (e.g., ftp, mail, or www) appended to a common domain name used by the organization (e.g., example.org). The resulting longer hostname is the fully qualified domain name (FQDN). The names ftp.example.org., mail.example.org., and www.example.org., are FQDNs which share the domain name example.org. in common. Notice the dot at the end of each domain name. It indicates that the name is a fully qualified domain name. In practice, it is usually left out, but it is important to include the final dot of the domain name when constructing DNS resource records.

The Structure of the Full DNS

The full DNS is organized in a hierarchical tree structure. Each local organization manages DNS information only for its own domains or sub-trees.

Authority for the DNS service for each local domain is delegated by its parent domain, to at least two DNS name servers which serve the authoritative data for the local domain. One of these name servers, to which authority is delegated, is configured to be the primary master name server for its domain and any others are configured to be secondary slave name servers. Both the primary and the secondary name servers are said to be authoritative for the local domain.

Top-Level-Domain (TLD) names include .com., .edu., .net., .info., .org., country-code domains such as .us., and several others. The root domain of the full DNS tree is represented by the empty string after the . at the end of a TLD name.

The root name servers delegate authority for each TLD to its name servers. The name servers for each TLD in turn delegate authority for local domains to the name servers for the respective domain.

Resolution

The querying of name servers about DNS data is done by resolver software and is called resolution. When a DNS resolver wants to resolve a domain name, it starts with the least specific end of the domain name and works from right to left, asking each name server in turn about the element to its left. The root name servers know how to get the TLD name servers, and the name servers for each TLD know how to get to the name servers for each of their delegated domains. The chain of queries occurs recursively and the answer is returned by a name server which is authoritative for the domain of interest.

Authoritative Name Servers and Caching-only Name Servers

All authoritative name servers can temporarily cache data obtained from other DNS name servers about domains for which they are not themselves authoritative. Some name servers are not authoritative for any domain but can still perform the caching function. Such servers are called caching-only name servers.

Organization of Local DNS Data

The association of IP address, hostname, and domain name is done in the DNS database. A well designed local DNS service includes two zone data files. The first zone file contains the resource records for the hostname-to-address mapping. The second zone file contains the resource records for the address-to-hostname mapping. These two mappings are sometimes called the forward mapping domain and the reverse mapping domain, respectively.

Common Types of DNS Records and Control Statements Found in a Zone File

A Record

An A (Address) record maps a hostname to an IP address.

dns1.example.org.         IN       A       192.168.0.1
dns2.example.org.         IN       A       192.168.0.2
 
mailer4.example.org.      IN       A       192.168.0.4
mailer5.example.org.      IN       A       192.168.0.5
 
www.example.org.          IN       A       192.168.0.7

PTR Record

A PTR (PoinTeR) record maps an IP address to a hostname.

1.0.168.192.in-addr.arpa.     IN       PTR       dns1.example.org.
2.0.168.192.in-addr.arpa.     IN       PTR       dns2.example.org.
 
4.0.168.192.in-addr.arpa.     IN       PTR       mailer4.example.org.
5.0.168.192.in-addr.arpa.     IN       PTR       mailer5.example.org.
 
7.0.168.192.in-addr.arpa.     IN       PTR       www.example.org.

Notice that the order of the parts of an IP address is reversed for the in-addr.arpa. format of a PTR record. See What is Reverse DNS Lookup?

CNAME Record

A CNAME (Canonical NAME) record maps an alias name to another hostname which is in turn mapped to an IP address by an A record. The hostname used in the A record is the canonical name to which the CNAME record points.

www.example.org.          IN       A       192.168.0.7
ftp.example.org.          IN       CNAME   www.example.org.

MX Record

An MX (Mail eXchanger) record specifies the hostname that will process incoming email for a domain. Each MX record is given a preference value. If multiple MX records are used for the same domain name, the one with the lowest numbered value is the most preferred. If it does not answer, the next most preferred is selected by the sending mailer.

mailer4.example.org.      IN       A       192.168.0.4
mailer5.example.org.      IN       A       192.168.0.5
example.org.              IN       MX      10 mailer4.utexas.edu.
example.org.              IN       MX      20 mailer5.utexas.edu.

NS Record

An NS (Name Server) record maps a domain name to a list of name servers which hold the DNS information for the domain.

example.org.              IN       NS      dns1.example.org.
example.org.              IN       NS      dns2.example.org.

SOA Record

The initial fields of an SOA (Start Of Authority) record identify the domain or zone, the authoritative name server for the zone, and email address of the technical contact for the zone (with a . replacing the @ symbol usually found in an email address).

The number in the serial field of the SOA record must be incremented each time any update is done to the zone. Each secondary name server will periodically compare the serial number of the primary name server to its own, to decide whether it needs to do a zone transfer from the primary.

A ten-digit serial number YYYYMMDDNN is recommended, where YYYYMMDD identifies the date of the latest update, and NN specifies the version number of the update. This format allows up to 100 updates per day.

The other fields of the SOA record are defined as follows:

 

example.org.              IN       SOA     dns1.example.org. hostmaster.example.org. (
                          2005030101       ; serial           <2005-Mar-01, update 1>
                          10800            ; refresh          <3 hours>
                          3600             ; retry            <1 hour>
                          1209600          ; expire           <2 weeks>
                          10800 )          ; negative caching <3 hours>

Different sources vary in their recommendations about the values to use in the timeout fields of an SOA record. The values used in this example are one reasonable selection.

$TTL Control Statement

A $TTL control statement specifies the time that non-authoritative DNS servers may cache any record from this zone.

$TTL 86400
 

By default the time is specified in seconds. A differing TTL value at an individual DNS record will override the value given by the $TTL control statement, for that particular record.

$ORIGIN Control Statement

The contents of a $ORIGIN control statement are appended to names not ending in a dot.

$ORIGIN example.org.
dns1                      IN       A       192.168.0.1
dns2.example.org.         IN       A       192.168.0.2
mailer4.example.org.      IN       A       192.168.0.4
mailer5                   IN       A       192.168.0.5
www                       IN       A       192.168.0.7
ftp                       IN       CNAME   www.example.org.

How DNS Records and Control Statements Fit Together to Create a Zone File

The record types and control statements described above are sufficient to create a simple zone file.

Here is a zone file for the forward mapping domain example.org.:

$TTL 86400
$ORIGIN example.org.
example.org.              IN       SOA     dns1.example.org. hostmaster.example.org. (
                          2005030101
                          10800
                          3600
                          1209600
                          10800 )
example.org.              IN       NS      dns1.example.org.
                          IN       NS      dns2.example.org.
example.org.              IN       MX      10 mailer4.utexas.edu.
                          IN       MX      20 mailer5.utexas.edu.
dns1.example.org.         IN       A       192.168.0.1
dns2.example.org.         IN       A       192.168.0.2
mailer4.example.org.      IN       A       192.168.0.4
mailer5.example.org.      IN       A       192.168.0.5
www.example.org.          IN       A       192.168.0.7
ftp.example.org.          IN       CNAME   www.example.org.
 

Here is a zone file for the reverse mapping domain 0.168.192.in-addr.arpa.:

$TTL 86400
$ORIGIN 0.168.192.in-addr.arpa.
0.168.192.in-addr.arpa     IN       SOA     dns1.example.org. hostmaster.example.org. (
                           2005030101
                           10800
                           3600
                           1209600
                           10800 )
0.168.192.in-addr.arpa.    IN       NS      dns1.example.org.
                           IN       NS      dns2.example.org.
1.0.168.192.in-addr.arpa.  IN       PTR     dns1.example.org.
2.0.168.192.in-addr.arpa.  IN       PTR     dns2.example.org.
4.0.168.192.in-addr.arpa.  IN       PTR     mailer4.example.org.
5.0.168.192.in-addr.arpa.  IN       PTR     mailer5.example.org.
7.0.168.192.in-addr.arpa.  IN       PTR     www.example.org.

References

Books

DNS & BIND, 4th Edition
by Paul Albitz and Cricket Liu
Sebastopol, CA: O'Reilly and Associates, April 2001.
Publisher's Website: http://www.oreilly.com/catalog/dns4/

DNS & BIND Cookbook
by Cricket Liu
Sebastopol, CA: O'Reilly and Associates, 1st Edition October 2002.
Publisher's Website: http://www.oreilly.com/catalog/dnsbindckbk/

Sites for Testing a DNS Configuration

http://www.dnsreport.com
http://www.checkdns.net

DNS Information

http://www.dns.net/dnsrd/
http://en.wikipedia.org/wiki/DNS