In the last article we’ve talked about the DNS service and explained some of its features. In today’s post we will further discover more interesting things about this name resolution protocol. I truly hope that I will cover all aspects about DNS from theoretical concepts to installation and configuration. As you read my articles feel free to add anything relevant on this topic.
In order to gain a good picture of DNS, we’ll have to talk about how a DNS query works. There are some elements involved in a name resolution query and these are as follows:
– the most important element is the FQDN or the fully qualified domain name, we have talked about it previously.
– the searched record type (A, MX, AAA, etc.), we will talk about these in a future article.
– a special DNS class.
You can look at the process of querying as a client-server model. The client requests a certain record and the server responds with the desired information. In reality, there are more aspects that need to be mentioned. A DNS query can be successfully resolved using several methods.
Using the local DNS resolver – suppose a client requires a DNS record, the first thing it will do is to query it’s local cache. The query is passed to the “DNS Client” service and the record is searched in the cache. You can view the status of the “DNS Client” in the Services console:
The cached information is loaded from two possible sources: the hosts file or the memory. The hosts file is a local database that contains mappings between domain names and IP addresses. The path to this file is “C:\Windows\System32\drivers\etc”:
The local cache is an allocated portion of the memory. A record was cached if a previous DNS query for the same record has been made. You can view the cache entries by using the ipconfig /displaydns command:
This cache can be cleared using the ipconfig /clearcache command. Records saved in the cache are unloaded after a certain period of time, the element that describes the resource cached period is called TTL or time to leave. By default, this value is set to 1 hour.
If the name resolution query is not successful, the DNS client will forward the request to the DNS server.
A direct query to a DNS server – in this scenario, if a client cannot resolve a queried name by using it’s own cached data, it will query a DNS server. When configuring a host or a server, you’ll have to specify at least one DNS server that will be used for name resolution. If you are using a DHCP service, the DNS settings will be configured automatically upon startup. We will talk about the Dynamic Host Control Protocol in a future article. If you are using dynamic allocation, you can view your DNS configuration by typing ipconfig /all from the command prompt. If you are using a static configuration, go to “Control Panel\Network and Internet\Network Connections”, right click your “Network Connection” and select “Properties”. Now click on the “IPv4” or “IPv6” and then click again on the “Properties” button. Now press on the “Advanced” button and navigate to the “DNS” tab. The window looks like this:
Here you can add the IP address of DNS servers. The client will query these servers in the order you set them here, if one server cannot resolve a name, the next server will be queried and so on. This process is also known as DNS recursion or simply put, recursion. In this scenario a client will query several DNS servers or one DNS server will query multiple servers on behalf of the client. When a record is found, the first queried server will respond to the client directly. Just like DNS Clients, Servers also host cached information from previous queries and a local database in the hosts file. If the searched record is not found, then the server either forwards the query to the next DNS server or responds with a “DNS name does not exist” message. The recursion process takes advantage of root hints, the Internet’s core DNS Servers. The root hints will be contacted by DNS servers when searching for a particular resource. The root hints database is located in Windows\System32\DNS, the file is named CACHE.DNS. All Windows DNS servers will come with this database configured by defauly, you can add/modify or delete entries from this file but, be careful because any misconfiguration can lead to a non working DNS server in terms of name resolution.
That’s it for this post folks, in the next article we will put in practice everything we have learned so far. Stay tuned for the next post and enjoy your day!