Howto‎ > ‎

Explaining DNS

I was challenged recently to try to explain DNS succinctly so this is a somewhat non-technical summary:

In its simplest terms, DNS is the mechanism that translates addresses into names and names into addresses. For example, www.sunsetair.ca translates into 69.25.137.45 and 8.8.8.8 translates into google-public-dns-a.google.com. The simplest analog is that you can open a phone book and look up a persons name and find their phone number, similarly you can open a reverse directory and look up their number and find a name. As with a phone directory there are more pieces of information you can find, i.e. their address, but we'll try to keep this simple.

You pay a company a yearly fee to register a domain for you. Generally you are dealing with a reseller for a domain registry. For example, EasyDNS is a domain registry for a number of domain registries. As a person who has a domain name registered to you, you are a registrant. You pay them a yearly fee to maintain your record in the registry.

Continuing with the example above, sunsetair.ca is registered by the CIRA .ca domain registry and the reseller is EasyDNS. The registrant is Sunset Air Ltd.

If you are working from the perspective of a client computer and you want to go to website www.sunsetair.ca it works roughly like this:
  1. DNS client asks worldwide root nameservers who handles the .ca domain -> picks one authoritative DNS server, i.e. l.ca-servers.ca [156.154.101.4]
  2. DNS client asks l.ca-servers.ca [156.154.101.4] who handles sunsetair.ca domain -> picks one authoritative DNS server, i.e. dns2.easydns.net [72.52.2.1]
  3. DNS client asks dns2.easydns.net [72.52.2.1] what the address for www.sunsetair.ca is -> resolves to 69.25.137.45
Essentially you paying your yearly fee for domain registration makes step 2 possible - otherwise the .ca nameservers would point out correctly that the domain doesn't exist.

It is time consuming to go through this process of querying names so each domain record has an associated cache time called time-to-live or TTL. For example, www.sunsetair.ca currently has a TTL of 600 seconds meaning that someone actively using the www.sunsetair.ca site would requery the address every 10 minutes.

There are a number of ways that DNS servers can be confused - for example, in step 2 there are 13 different .ca nameservers which all might have a different idea of who is in charge of sunsetair.ca . This generally isn't a conflict but if a domain is being transferred between two domain resellers then things can potentially be confused as the two resellers might have a different idea which addresses are in use.

Similarly if an address change occurs within the TTL timeout then clients might be looking at old information. This is why we generally lower TTL's and parallel web services in advance of a server move to ensure clients are looking at current data.

Here is a concrete example of how you would look at this in Windows using the nslookup tool; the key bit below is ANSWERS: ->  www.sunsetair.ca   internet address = 69.25.137.45  ttl = 600 (10 mins)

C:\Documents and Settings\Mike>nslookup -d www.sunsetair.ca
[snip]
------------
Server:  some.generic.dns.server
Address:  11.22.33.44
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 3,  additional = 0
 
    QUESTIONS:
        www.sunsetair.ca, type = A, class = IN
    ANSWERS:
    ->  www.sunsetair.ca
        internet address = 69.25.137.45
        ttl = 600 (10 mins)
    AUTHORITY RECORDS:
    ->  sunsetair.ca
        nameserver = dns2.easydns.net
        ttl = 600 (10 mins)
    ->  sunsetair.ca
        nameserver = dns3.easydns.ca
        ttl = 600 (10 mins)
    ->  sunsetair.ca
        nameserver = dns1.easydns.com
        ttl = 600 (10 mins)
 
------------
Non-authoritative answer:
Name:    www.sunsetair.ca
Address:  69.25.137.45