DNS is a highly distributed database that contains a hierarchy that flows from very general information at the top of the stack to specific host information at the bottom, as shown in Figure 2.2. Distributed root servers are at the top of the DNS hierarchy and are used to direct queries to the top-level name servers based on the URL. Examples of top-level domains include .com, .net, .io, .edu, and many others. The root servers store the records of these TLD servers. The TLD servers store the domain records for the specific top-level domains and respond to the query with the name of the TLD server where the next level in the domain structure can be found. TLDs contain the information after the last dot in a URL. Below the TLD servers are the name servers where the information on how to reach the servers for each domain is stored.
Each level is separated by a period, for example, www.amazon.com. There is actually a period after .com that is rarely shown. This period is the pointer to the root servers and is inserted by the application software, so we never have to type www.amazon.com. with the period at the end even though, in reality, it’s there.
As a relic of the distant past, there are only 13 IP addresses allocated for all of the root servers in the world. Management responsibility for the Internet root servers is with the Internet Corporation for Assigned Names and Numbers (ICANN). While this may seem like a huge limitation, each IPv4 address, and also some IPv6 servers, have more than 600 root servers sitting behind them. Also, these root IP addresses are anycast, so the same address is used at many locations all over the world. The 13 IP addresses of the root servers are built into the code of all DNS resolvers and operate hidden from view.
There are more than 1,500 top-level domains (TLDs) operating on the Internet supporting more than 340 million domains. The number of TLDs and unique domains is constantly growing.
FIGURE 2.2 DNS server hierarchy
Each zone includes one or more domains or subdomains. The zone contains the name servers that store a zone file of resource records. The primary zone is authoritative for the domain that acts as the final authority over the domain records and sends updates to other zones as needed. There are also secondary zones for which a server can respond to a query but does not have the final determination of the records. The secondary zone periodically polls, or queries, the primary zone to see if there are any updates and that its records are correct. It is a read-only copy of the primary zone that is stored on a different server. The secondary zone can retrieve updates only from the primary zone. Secondary zones are used to reduce the load on primary DNS servers and for preventing a single point of failure.
Resource records are stored on DNS servers across the Internet. The master copy of the resource record is stored in a specific zone, or portion of the DNS namespace, that is the primary source of the data. A zone includes one or more domains and subdomains. The zone contains name servers that have a zone file containing individual resource records. Each record has a name, type, and time-to-live (TTL).