DNS Overview – Domain Name Services – ANS-C01 Study Guide

DNS Overview

DNS is a distributed service that operates globally in all IP-based networks. DNS clients run on networking devices such as smartphones, tablets, laptops, all the way to huge server clusters running in AWS. DNS services the client requests for information to connect to devices given a domain name and returning an IP address. DNS has been enhanced and extended over the years to add the functionality and security required by modern IP-based networks.

Domain names, including the names of domains, hosted zones, and records, consist of a series of labels separated by dots and can be up to 63 bytes long. The total length of a domain name cannot be longer than 255 bytes. When registering a public domain name, the rules are that it can only use the characters a–z, 0–9, and a hyphen. The hyphen cannot be at the beginning or end of the name. Hosted zones and records are more open and allow any ASCII character to be used except for spaces.

Amazon Route 53 supports any valid domain name. DNS supports lowercase characters only. Route 53 will automatically convert uppercase characters to the lowercase format. Asterisks for hosted zones are treated as regular characters and not as any wildcard. The asterisk cannot be at the beginning of a hosted zone but can be inside the label, for example, *.tipofthehhat.com is not valid, but t*pofthehat.com is. For a DNS record, the asterisk is treated as a wildcard character that means the standard “anything.” So, *.tipofthehat.com will include all subdomains under tipofthehat.com, and DNS will use the more specific domain name over the more general asterisk wildcard.

Architecture

The domain name is the human-readable text that is sent to the DNS servers when a query is made to be translated into an IP address and returned to the client. The Uniform Resource Record (URL) is the standard format used by a browser to create a DNS query and is shown in Figure 2.1.

FIGURE 2.1 URL format

The DNS architecture is distributed and divided into specific functional areas and we will go into more detail shortly. This architecture adds resiliency by distributing the DNS service across thousands of servers throughout the world managed by different organizations. If any component, cloud region, or section of the Internet were to fail or suffer from performance degradation, the DNS service is designed to keep running. There have been many denial-of-service (DoS) attacks on DNS, but the service has been robust enough to stay operational.