Diff: Domain name system
Comparing revision #2 (2026-06-22 07:55:22) with revision #3 (2026-06-22 16:09:19).
| Old | New |
|---|---|
The '''Domain Name System''' ('''DNS''') is the distributed naming system used to translate domain names into information that network software can use. Its most familiar job is turning names such as example.com into IP addresses, but DNS is also used for mail routing, service discovery, domain delegation, and security-related records. |
|
The '''Domain Name System''' or '''DNS''' is the naming system that lets internet users reach services by domain names instead of needing to remember numeric IP addresses. It is a core part of how the public internet works. |
|
DNS is one of the core systems of the internet. It lets people use names instead of memorising numerical IP addresses, and it gives domain owners a way to publish technical records for their services. |
|
When a person enters a domain such as ''example.com'', DNS helps find the records that point to the servers responsible for that name. Those records can then direct web browsers, email systems and other software to the right destination. |
|
== Purpose == |
== Purpose == |
Computers communicate using addresses, not human-friendly names. A web browser can show a name such as www.example.com, but the network connection needs an IP address. DNS provides the lookup system that connects the name to the relevant record. |
|
DNS is not only a web system. Email servers use DNS records to find where mail for a domain should be delivered. Security systems use DNS records for sender authentication, certificate checks, and other validation. Many applications use DNS to find services and endpoints. |
|
== Structure == |
|
DNS is hierarchical. At the top is the root. Below the root are top-level domains such as .com, .net, .org, .uk, and many others. Below those are registered domain names, then any subdomains created by the domain holder. |
|
Computers communicate using addresses such as IPv4 and IPv6 addresses. Those addresses are useful to machines but awkward for people. DNS creates a distributed system for mapping readable names to the technical data needed to contact services. |
|
A full domain name is made from labels. In www.example.com, the labels are www, example, and com. The hierarchy is read from right to left: com is the top-level domain, example is registered under it, and www is a host or subdomain label under example.com. |
|
DNS is not a search engine. It does not decide which website is best, rank pages or inspect the meaning of a page. Its job is narrower: it answers questions about names and records. |
|
== Resolution == |
|
When a device needs a DNS answer, it usually asks a recursive resolver. That resolver may already have a cached answer. If not, it works through the hierarchy: |
|
== How Resolution Works == |
|
DNS resolution usually begins with a recursive resolver. That resolver may be run by an internet service provider, a company, a public DNS service or software on the user's own network. |
|
* It asks the root servers where to find the top-level domain servers. |
|
* It asks the top-level domain servers where to find the authoritative servers for the domain. |
|
* It asks the authoritative servers for the record being requested. |
|
* It returns the answer to the client and may cache it for a limited time. |
|
If the resolver does not already have a cached answer, it follows the DNS hierarchy. It asks root name servers where to find the correct top-level domain servers, then asks those servers where to find the authoritative name servers for the domain. The authoritative name servers hold the records for that domain. |
|
Caching reduces load and improves speed. The time-to-live value on a DNS record tells resolvers how long they may keep an answer before checking again. |
|
The resolver then returns the answer to the user's device and usually caches it for a limited time. |
|
== Resource Records == |
|
DNS stores different types of resource records. Common examples include: |
|
== Common Record Types == |
|
Common DNS record types include: |
|
* A records, which map a name to an IPv4 address. |
|
* AAAA records, which map a name to an IPv6 address. |
|
* CNAME records, which make one name an alias of another. |
|
* MX records, which identify mail servers for a domain. |
|
* NS records, which identify authoritative name servers. |
|
* TXT records, which store text used for policies and verification. |
|
* SOA records, which describe authority and timing information for a zone. |
|
* '''A records''', which point a name to an IPv4 address; |
|
* '''AAAA records''', which point a name to an IPv6 address; |
|
* '''CNAME records''', which make one name an alias of another; |
|
* '''MX records''', which define mail exchangers for email delivery; |
|
* '''TXT records''', which store text data used for verification, email security and other purposes; |
|
* '''NS records''', which identify authoritative name servers; |
|
* '''SOA records''', which store basic authority and timing information for a DNS zone. |
|
== Root and Authority == |
|
The DNS root zone is managed through a formal coordination process. ICANN explains DNS as a system that helps users navigate the internet by allowing text-based names to be used instead of IP addresses. IANA maintains root-zone information and other technical registries used by internet infrastructure. |
|
== Caching and TTL == |
|
DNS answers are normally cached. The time to live, or TTL, tells resolvers how long they may keep an answer before checking again. A short TTL can make changes take effect faster but increases query traffic. A long TTL reduces query traffic but can make changes take longer to appear. |
|
Domain owners do not usually manage the whole hierarchy. A registrar handles the registration of a domain name, a registry operates a top-level domain, and authoritative DNS providers publish records for the domain. |
|
This is why moving a website or changing mail records can appear immediate for some users and delayed for others. |
|
== Security == |
== Security == |
DNS was originally designed for function and resilience rather than modern hostile networks. Attacks can include cache poisoning, hijacked domain accounts, malicious redirects, domain abuse, and denial-of-service attacks against DNS infrastructure. |
|
DNS can be attacked or misused. Common problems include cache poisoning, domain hijacking, misconfigured records, spoofed lookups and abuse of domains for phishing or malware. |
|
DNSSEC adds cryptographic signing to DNS data so resolvers can check whether an answer is authentic. DNSSEC does not encrypt ordinary DNS queries by itself, but it helps protect against forged answers when correctly deployed. |
|
DNSSEC adds cryptographic signing to help prove that DNS answers have not been tampered with, although it does not encrypt the query itself. DNS over HTTPS and DNS over TLS can encrypt the link between a client and a resolver, but they do not remove the need to trust the resolver. |
|
Privacy has also become more important. Traditional DNS queries can reveal browsing and service-lookup behaviour to networks and resolvers. Newer approaches such as encrypted DNS transports are intended to reduce that exposure, although they also raise operational and policy questions. |
|
== Administration == |
|
ICANN helps coordinate the global domain-name system, including policies around generic top-level domains. Registries run top-level domains, registrars sell or manage domain registrations for customers, and authoritative DNS providers host the records. |
|
In practice, a website owner may use one company for registration, another for DNS hosting, another for email and another for web hosting. |
|
== See Also == |
== See Also == |
* [[Internet Corporation for Assigned Names and Numbers (ICANN)]] |
|
* [[Cloud Computing]] |
|
* [[Data Centre]] |
|
* [[Internet_Corporation_for_Assigned_Names_and_Numbers_(ICANN)]] |
|
* [[Data_Centre]] |
|
* [[SMTP_Server]] |
|
* [[GoDaddy]] |
|
== References == |
== References == |
* [https://www.icann.org/resources/pages/dns-2022-09-13-en ICANN: The Domain Name System] |
* [https://www.icann.org/resources/pages/dns-2022-09-13-en ICANN: The Domain Name System] |
* [https://www.rfc-editor.org/info/rfc1034 RFC 1034: Domain names, concepts and facilities] |
|
* [https://www.rfc-editor.org/info/rfc1035 RFC 1035: Domain names, implementation and specification] |
|
* [https://www.iana.org/domains/root IANA: Root Zone Database] |
|
* [https://www.icann.org/resources/pages/about-domain-names-2018-08-30-en ICANN: about domain names] |
|
* [https://www.cloudflare.com/learning/dns/what-is-a-dns-server/ Cloudflare: what is a DNS server] |
|
* [https://www.cloudflare.com/learning/dns/dns-records/ Cloudflare: DNS records] |
|
* [https://lookup.icann.org/ ICANN Lookup] |
|
[[Category:Technology]] |
|
[[Category:Internet]] |
[[Category:Internet]] |
[[Category:Networking]] |
|
[[Category:Computing]] |