DNS is the Domain Name System, a hierarchical, distributed database to map various information together, such as hostnames to IP addresses. The name is also used as a synonym for nameservers, the specific servers delivering the DNS feature.
This tag should be used for all issues about configuration of DNS systems or troubleshooting problems in names resolution.
DNS is the Domain Name System, a hierarchical, distributed database where the keys are domain names.
The primary references are:
- RFC 1034 - Domain Names - Concepts and Facilities
- RFC 1035 - Domain Names - Implementation and Specification
(but there is no comprehensive document handling an exhaustive list of features and specifications of the protocol; a newer attempt at that as a work in progress is available at https://powerdns.org/hello-dns/ for a technical audience)
The most common record types found in the DNS are:
Arecords - the mapping from a domain name to an IPv4 addressAAAArecords - the mapping from a domain name to an IPv6 addressMXrecords - the mapping from a domain name to the host name of an SMTP serverNSrecords - used to delegate a portion of the hierarchy to specific DNS serversPTRrecords - typically used (viain-addr.arpa.) to map an IP address back to a domain nameCNAMErecords - used to alias a domain name to its canonical version
DNS packets are conventionally transported over UDP and TCP port 53. UDP is more commonly used, but zone transfers require TCP (RFC 5966), as do larger DNS responses (when over the default of 512 bytes) if the EDNS extension is not used (or badly implemented), see RFC6891.
A specific extension called DNSSEC allows to cryptographically sign resource records to ensure their authenticity and integrity. It introduces the following new records for that: DS and DNSKEY records to store key materials, RRSIG to store signatures and NSEC or NSEC3 records to handle signaling of not existing records.
Newer versions support DNS over TLS (RFC7858) and DNS over HTTPS (in process of becoming an RFC).
By default, during a recursive walk, each nameserver is queried with the full name being resolved, not just the labels it would need. It is only for historical reason as there is no technical reason for this. A newest specification (RFC7816) mandates "QNAME minimization" for privacy reasons, and is in the process of being deployed in nameservers.
Partial list of known open source namesevers:
- bind (sometimes also historically referenced as
named): authoritative and recursive - nsd: authoritative, started by the .NL registry
- unbound: recursive
- Knot DNS: authoritative, started by the .CZ registry
- powerdns: authoritative and recursive
- yadifa: authoritative, started by the .EU registry
- dnsmasq: recursive (with some authoritative features for local resolutions)
- geodns: authoritative
This Wikipedia article provides an approachable introduction to DNS.
