Brett Cannon on his blog recently discussed some details on how DNS resolution is done. I thought I would expand on it some, by way of an example and looking at the wire protocol.
Here is a screen shot of the packets that are being sent over the wire related to a request for “www.mit.edu”. If you wish to follow along, you can download the packet dump and run “wireshark dns-mit.dump” to get more details about what is happening on the wire.
Feel free to grap the packet capture and see what's happening. “wireshark” (previously known as “ethereal”), converts packets into something that's easily understandable, and provides kind of a navigation interface to “drilling down” into the packets. You should definitely think about following along.
The first packet is a query for “www.mit.edu” from one of the root name servers. This information is pulled from the cache in /var/named/named.ca (“ca” as in “cache”).
The second packet is a query to get a new copy of the root zone. The response to this query is in packet 5, which contains a new copy of the root zone. Packet 5 does indeed list the destination IP address used in the first two packets as a root server.
How do I know that packet 6 is a response to packet 2 and not packet 1? Both 1 and 2 were sent to the same host… If you are following along in wireshark, and click on packet 2 and packet 5, you will see they have the same Transaction ID, 0x53ba.
Packet 3 is a response to packet 1, listing the servers for the “edu” zone, one of which is the destination that packet 4 is sent to.
Packet 4 is another request for www.mit.edu, to one of the edu servers. The response to packet 4 is in packet 6.
Packet 6 includes the list of DNS servers for mit.edu, including 18.104.22.168.
Packet 7 is sent to that mit.edu DNS server, again asking for www.mit.edu. Note that so far the queries have been of type “A”. Packet 8 is a response, giving the address (what the “A” query is asking for) of www.mit.edu.
Packet 9 is an “AAAA” request for www.mit.edu, going to another of the DNS servers we received in packet 6. This is an example of the load-balancing which DNS does, the different queries went to different listed DNS servers. “AAAA” records request the IPv6 address, where the A request is for the IPv4 address.
Packet 10 is a response to packet 9, the response length was 0, there are no “AAAA” records for www.mit.edu.
Packet 11 is a request for the “MX” record (mail exchanger) for www.mit.edu, and packet 12 is a 0-length response – there is no mail server for www.mit.edu. This request was made because running “host www.mit.edu” also does an MX query.
When you get a domain name, you are getting a listing in the parent zone, for example “com” or “org” or “ca”. In other words, the information that came back in packet 6, above. Getting DNS registration does not provide people a way to find services in your domain, it provides a way for people to find your DNS servers.
In order for people to find your services, you need both the glue in the parent zone (for people to find where your DNS server is), but you also need the final DNS server which resolves the requests (packets 7, 9, and 11).
So that is why doing a web site requires domain registration, DNS service, and web hosting.comments powered by Disqus