DNS Explained. Hierarchy and Architecture
Blake K
Posted on July 28, 2020
This is an article in the DNS Explained. series. Click here to read the introduction post.
In the first post for this series, I described DNS being both hierarchical and decentralized. In this post, we will dive into what that really means.
DNS is Hierarchical
Hierarchy is obtained through levels of domains, starting at the root server (represented by a period ".").
You may have heard of top-level domains (TLDs) before. Some examples of TLDs include:
- .com
- .net
- .org
- .us
- .de
- .coffee
- .ninja
They are called top-level domains because well, they are at the top level (excluding the root)! Organizations can register second-level domains under any valid TLD.
Because DNS is hierarchical, that means that two separate second-level domains can both use the same third-level domain For example, mail.google.com
and mail.yahoo.com
are both allowed because the uniqueness of the third level domain is limited to the scope of the second-level domain. This was not possible under the predecessor hosts.txt system.
Root Zone Servers
In the above graphic, I introduced a new DNS concept called the root server. The root is the base of the DNS hierarchy tree. While I described it as a single point, it is actually more than that.
In reality, the root server is called the Root Zone servers. It's called the Root Zone because there are actually 13 Root servers. These servers are spread out geographically and are the starting place for traversing DNS via resolution.
ICANN appoints operators for these 13 root servers. There are 12 total operators.
Host name | IP Addresses | Operator |
---|---|---|
a.root-servers.net | 198.41.0.4, 2001:503:ba3e::2:30 | Verisign, Inc. |
b.root-servers.net | 199.9.14.201, 2001:500:200::b | University of Southern California, Information Sciences Institute |
c.root-servers.net | 192.33.4.12, 2001:500:2::c | Cogent Communications |
d.root-servers.net | 199.7.91.13, 2001:500:2d::d | University of Maryland |
e.root-servers.net | 192.203.230.10, 2001:500:a8::e | NASA (Ames Research Center) |
f.root-servers.net | 192.5.5.241, 2001:500:2f::f | Internet Systems Consortium, Inc. |
g.root-servers.net | 192.112.36.4, 2001:500:12::d0d | US Department of Defense (NIC) |
h.root-servers.net | 198.97.190.53, 2001:500:1::53 | US Army (Research Lab) |
i.root-servers.net | 192.36.148.17, 2001:7fe::53 | Netnod |
j.root-servers.net | 192.58.128.30, 2001:503:c27::2:30 | Verisign, Inc. |
k.root-servers.net | 193.0.14.129, 2001:7fd::1 | RIPE NCC |
l.root-servers.net | 199.7.83.42, 2001:500:9f::42 | ICANN |
m.root-servers.net | 202.12.27.33, 2001:dc3::35 | WIDE Project |
You may be asking yourself, how do hosts and resolvers know about these 13 root servers? The answer is simple: they're hardcoded!
You can view the locations of all the root zone servers here.
DNS is Decentralized
This hierarchical structure of domain levels permits decentralization too. DNS is decentralized in terms of not a single party is responsible for providing the nameservers at each level.
At each second-level domain, there are a set of nameservers. These nameservers are used during resolution to provide the IP addresses of third+ level domains within the scope of that specific second-level domain.
Since the scope is limited to that particular second-level domain, the registry of the TLD does not need to operate this, and instead, the responsibility is given to the second-level domain registrant to provide this functionality.
If the domain registrant does not want the responsibility of providing their own nameservers, there exist third-party companies that offer managed DNS services. Cloudflare is one of the largest managed DNS providers. Most registrars also offer this service.
Observations
We can make a few observations about DNS from the fact that it is both hierarchical and decentralized.
Firstly, DNS is scalable due to its hierarchy. By having "zones" of TLDs, the infrastructure for each zone can be spread out and independently scaled. This is great because some TLDs have more registrations than others.
Secondly, since the hierarchy begins with the root, and the root is represented by a period, the fully qualified domain name (FQDN) technically ends with a period too. This is official and was documented in RFC 1034. You can try it out in your browser and verify that it still works:
smile.amazon.com.
www.google.com.
dev.to./blake
Finally, FQDNs are parsed from right to left. This is because the root starts on the right-hand side, and the lowest level is on the left-hand side.
Posted on July 28, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.