cloudnative wiki

README

4 min read

DNS

https://www.youtube.com/watch?v=g_gKI2HCElk

https://devconnected.com/how-to-flush-dns-cache-on-linux/

DNS zones and related concepts are fundamental to understanding how the Domain Name System (DNS) works. Here’s an in-depth look at these topics:

DNS Overview

The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It translates human-readable domain names (like www.example.com) into IP addresses (like 192.0.2.1).

DNS Zone

A DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. It represents a distinct part of the DNS domain tree and contains one or more domain names.

Key Concepts:

  1. Zone Files:
    • A zone file is a text file that describes a DNS zone. It contains mappings between domain names and IP addresses or other resources.
    • It includes various DNS records, such as A (address), CNAME (canonical name), MX (mail exchange), NS (name server), and more.
  2. Primary (Master) Zone:
    • This is the authoritative zone file maintained on the primary DNS server. It is the read-write copy where administrators make changes.
  3. Secondary (Slave) Zone:
    • This is a read-only copy of the primary zone file. It is used for load balancing and redundancy.
    • Secondary DNS servers periodically synchronize with the primary server to ensure they have up-to-date information.
  4. Forward Zone:
    • Contains mappings from domain names to IP addresses. For example, an A record maps a domain name to an IPv4 address.
  5. Reverse Zone:
    • Contains mappings from IP addresses to domain names, typically used for reverse DNS lookups. For example, a PTR record maps an IP address to a domain name.

DNS Records

DNS records are entries in a DNS zone file that provide information about a domain, such as its IP address, mail server, and other data. Common DNS record types include:

  1. A (Address) Record:
    • Maps a domain name to an IPv4 address.
  2. AAAA (IPv6 Address) Record:
    • Maps a domain name to an IPv6 address.
  3. CNAME (Canonical Name) Record:
    • Maps a domain name to another domain name. Useful for aliasing one domain to another.
  4. MX (Mail Exchange) Record:
    • Specifies the mail server responsible for receiving email for a domain.
  5. NS (Name Server) Record:
    • Specifies the authoritative DNS servers for the domain.
  6. PTR (Pointer) Record:
    • Maps an IP address to a domain name, used for reverse DNS lookups.
  7. SOA (Start of Authority) Record:
    • Provides information about the DNS zone, such as the primary name server, the email of the domain administrator, the domain’s serial number, and various timers.
  8. TXT (Text) Record:
    • Used to store arbitrary text data, often for purposes like domain verification and email security (e.g., SPF, DKIM).

Delegation and Subdomains

  • Delegation: The process of assigning responsibility for a subdomain to another DNS server. This is done using NS records.
  • Subdomains: Domains that are part of a larger domain. For example, support.example.com is a subdomain of example.com.

DNS Resolution Process

  1. Recursive Resolution: A DNS resolver (usually an ISP’s DNS server) queries multiple DNS servers in sequence until it resolves the domain name to an IP address.
  2. Iterative Resolution: The DNS resolver queries DNS servers one by one, each of which may refer it to another server, until it gets an answer.

Zone Transfers

Zone transfers are mechanisms for copying DNS data from one server to another. There are two types:

  1. Full Zone Transfer (AXFR): Transfers the entire zone file from the primary to the secondary DNS server.
  2. Incremental Zone Transfer (IXFR): Transfers only the changes (deltas) made to the zone file since the last update.

DNS Security

  1. DNSSEC (DNS Security Extensions):
    • Adds security to DNS by enabling DNS responses to be verified for authenticity and integrity.
    • Uses digital signatures to ensure that the responses have not been tampered with.
  2. DANE (DNS-Based Authentication of Named Entities):
    • Uses DNSSEC to associate X.509 certificates with domain names for securing TLS connections.

DNS Caching

DNS caching improves the efficiency and performance of DNS by storing DNS query results for a period of time (TTL - Time to Live). Both DNS resolvers and clients cache DNS responses.

Conclusion

Understanding DNS zones and related concepts is crucial for managing domain names and ensuring the proper functioning of DNS infrastructure. DNS is a critical component of the internet, enabling user-friendly domain names to be translated into the IP addresses necessary for routing and connecting to servers and services.

Graph View