Skip to content

Appunti - DNS

Resource Records (RR) and Domains

The DNS (Domain Name System) is an infrastructure that implements a name table. This table is used for identifying a piece of textual information, called a value, by means of a domain name. A domain name is a sequence of strings called labels and separated by the dot character (‘.’). In the following we will use the term “name” as a shorthand for “domain name”.

Each row of the name table is called a resource record (RR) and maps (or translates) a name to a value. The name table contains, in addition to the name and value columns, a type column. Each RR is thus composed of three fields: name, type, value. The type field may assume a small set of values defined by the DNS protocol:

  • A is for a RR that maps the name to an IP address (i.e., the value field is an IP address).
  • CNAME is for a RR that maps the name to an alias for that name (i.e., the value of this RR will be the name of another RR).
  • MX is for a RR that maps the name of an email domain to the name of the mail server responsible for that email domain (i.e., the former is the name field while the latter is the value field).

There may be multiple RR with the same name: such RRs may have either a different type (e.g., one RR of type A, another of type MX); or the same type (e.g., one RR of type A that maps a name to a certain IP address and another RR of type A that maps that name to a different IP address).

The set of all RRs with the same name is called a domain.

Resolving a name

In a nutshell, you give the DNS a pair <name, type> and you obtain from the DNS the corresponding RRs.

A process that needs to obtain the value associated with a given name (i.e., to resolve a name) invokes a library function. The invocation implicitly specifies a pair <name, type>.

This function interacts with a module of the operating system called local resolver. If the local resolver has a locally available copy of the required RRs, then it returns those RRs; otherwise, the local resolver sends a DNS request containing the desired <name, type> pair to the default name server of the host. This name server obtains the required RRs and sends them back within a DNS response matching the DNS request.

The IP address of the default name server is specified in the configuration of a host. Usually all hosts in the same organization have the same default name servers. The port number of a name server is 53.

DNS infrastructure

The DNS infrastructure consists of thousands of servers distributed across the world that interact among themselves. These servers are called name servers.

The term DNS is used with several different meanings. It may denote either the infrastructure, or a server of the infrastructure, or the protocol used by name servers. One has to understand from the context what the intended meaning is.

Domain tree

The set of all domains that exist in the Internet may be conceptually organized as a tree called domain tree. Each node of the domain tree is associated with a domain and contains a label. The domain associated with a given node is the one whose name is obtained by concatenating all the labels along the path from that node to the root of the tree, left to right and separated by the dot character (‘.’).

The label of the root of the domain tree is the dot character ‘.’. It follows that all names terminate with the dot character. The user interface of programs usually hide the terminating dot character.

The domain tree is an abstract and idealized representation of all the existing domains. This representation does not include types and values of the RRs contained in each domain, nor does it include the number of RRs contained in each domain.

Implementation

Starting from 2024/2025, the DNS implementation (i.e., where RRs are actually located, how a name server obtains RRs and so on) is no longer part of this course).

Creating and managing a domain

If you want to "create a domain" under a certain TLD, you have to contact a "DNS provider" able to create domains below that TLD, e.g., Misterdomain is able to create domains below .it, .eu, .com and several other TLDs.

In DNS parlance, domain creation is done by registrars. A DNS provider is a registrar or a reseller of a registrar. The owner of the newly created domain is called registrant. The organization that manages the TLD is called registry. A broader definition of these terms is given in this ChatGPT interaction.

The registry for .it is "Registro .it - Istituto di Informatica e Telematica del CNR - Via G. Moruzzi, 1 - 56124 Pisa" (i.e., this organization manages the .it zone).

The Registro.it web site contains a list of all the registrars of .it, as well as a detailed description of all the requirements for becoming a registrar (costs included).

A TLD often introduces some TLD-specific constraints on the domains that can be created. For example, there could be certain domain names that cannot be bought by any registrar (e.g., internet.it) or domain names that can be bought only by certain registrars (e.g., parlamento.it). These constraints are of normative nature and have no underlying technical reason.

In general, there can be no delegations “below” a domain created by a registrant. Creation of new delegations in a subtree rooted at a domain created by a registrant requires specific business arrangements with registrars. The University of Trieste (registrant of domain units.it) has one of those arrangements with the .it registrar (i.e., it is possible to create zones “below” units.it, such as inginf.units.it).

Real identity of registrars and WHOIS

A registrar must maintain the association between each domain name it has created and the corresponding registrants. This information is stored outside of the DNS in a distributed infrastructure called WHOIS. This infrastructure can be queried programmatically in a variety of ways. Many freely accessible web applications, for example, take a domain name as input and return the corresponding WHOIS information that describes the registrant, the date of domain name creation and so on.

A registrant is identified by means of a string. In practice, there is a very weak connection between that string and the entity which actually created the domain name. In other words, it is very easy for an entity to obfuscate or falsify its real identity. The underlying reason is because creation of a domain name occurs through a web application, thus an entity may insert any string for describing itself as a registrant. The only connection with the real identity will be through the payment transaction, but this can be obfuscated or falsified easily, for example by using an anonymous payment method or a stolen credit card number.

The internals of the WHOIS infrastructure (e.g., links among WHOIS servers, procedure for finding the IP address of the server which knows the registrant for a given domain name, WHOIS protocol) are not part of this course.