6.6 Domain Name System (DNS)
In this part you will see how devices on a home network look up the IP address for domain names using the Domain Name System (DNS) servers.
Now watch the video below, which is about 3 minutes long.
So far I have only used IP addresses as destinations. Computers use IP addresses; humans prefer to use human-readable domain names, such as google.com, open.ac.uk or even megacorp.com.
So something needs to convert those names into the appropriate IP address so that packets can be directed to the right destination – IP packets can only contain IP addresses, not names.
The system responsible for that is the Domain Name System (DNS). Devices on the LAN need to know the address of a DNS server to which requests for translations from name to IP address can be sent. And obviously we do need an IP address for that server.
Typically your ISP settings will include the IP address of their DNS server, and that will be set up in the gateway and then passed by DHCP to each device on the LAN. Let’s check using ipconfig /all. And there you can see the DNS server has been set.
Let’s perform a lookup for megacorp.com. The command to use is nslookup www.megacorp.com, and there is the reply – first it confirms which DNS server responded, and then gives the IP address 220.127.116.11.
So now we can use a server name instead of an IP address, for example in a ping – so replies there from the Megacorp web server. And I can use a URL in a browser also.
So does the gateway have a role to play here? In this example, no, but sometimes a home network will be set up so that the gateway itself is a DNS server. Of course your home gateway won’t know about every domain on the internet, so when it receives a request it can’t handle it will pass the request on to another DNS server – that’s the way the Domain Name System works. But when it gets an answer, it can save it and then reply immediately if asked again. You may have noticed that the lookup I did previously gave a ‘non-authoritative’ result; that’s because it picked up a cached value and there is a chance that it might be out of date. Saving values, or caching them, is very common in networking because networks are still very slow compared to processing speeds, so avoiding a network transfer by using a saved value is always a good idea.
The Domain Name System exists to convert between human-readable domain names, such as www.google.com or www.open.ac.uk, and the numeric IP addresses used in IP networking such as 18.104.22.168 or 22.214.171.124.
There are DNS servers in the internet to carry out these translations, and each device on a home network should be configured with the address of a DNS server. The gateway will relay the IP address of a DNS server from the ISP to devices on the network as part of DHCP configuration.
If a DNS server doesn’t know how to translate a particular domain name, then it will forward it to other DNS servers until an answer is returned; it will then save the answer in a cache in case it receives the same request again. A home gateway can act as a simple caching DNS server, passing new requests to the ISP’s more capable DNS server and caching the result.
Activity 5 Try it out
Open a command-line prompt on your computer.
Check using ipconfig /all that a DNS server is set up (use ifconfig -a on Mac or Linux).
Enter the following command to run a sample DNS look up:
What is the IP address returned?
Use this address to perform a reverse lookup, for example enter:
Does this always work?
Repeat the above with some other domain names and websites.
Are there any surprises?
Can you confirm which server is responding to your queries?
Your computer should be set up with the address of at least one DNS server; it may have a list of several alternatives. ipconfig /all should show these and each nslookup will state which server responded. Most replies will be flagged as ‘non-authoritative’ meaning that the server has replied with a cached value.
You might expect that if nslookup converts a server name into an IP address and you then ask for the reverse lookup, you would get back the original name. There are two possible surprises. First, you may get a message ‘Non-existent domain’. This is because the reverse lookups rely on network administrators creating special reverse records and these may not exist. Second, some DNS records involve aliases; for example www.megacorp.com may be an alias for the-real-server.megacorp.com.