Federico Mengozzi

Application Layer


Every host on the internet can be identified with an hostname or with ip address. DNS is distributed database implemented in hierarchy DNS servers that allow to translate hostname to ip addresses. To do that there is also a DNS application layer protocol that allow to query the DNS database and it’s based on UCP protocol running on port 53.

DNS Services

  • Host aliasing - DNS can be use to associate hostname to a canonical hostname. Usually alias hostname are more mnemonic and easy to remember.
  • Mail server aliasing - the MX DNS record allow to have both a web server and mail server with the same hostname.
  • Load distribution - Usually for same hostname there can be many hosts with different IPs. DNS responds to each query with a set of IP, it can modify the order of IP in the set to distribute the traffic load among all host with the same hostname.

DNS Structure

A single DNS server with all the mapping for every hostname would not be the best solution for implementing the service for different reason

  • Traffic volume - The server would be responsible for all the DNS query from all the host on the internet. The traffic would be way to high for any centralized server.
  • Single point of failure - If a problem occur with the server the whole internet may stop working (since every host would be unreachable from the other).
  • Maintenance - Every updates that happens on the internet should also happens on this single server (such updates would occur too often).
  • Distance - Host that are physically distant from the server would experience long delay for their DNS query.

An improvement to this approach is to organize the DNS in a 3 classes hierarchy. On the top level there are the Root DNS server that are responsible for resolving the top-level domains (.com, .edu, .org, .net) and there are about 400 of those server. The root server then delegate the query to the Top-level domain (TLD) server that delegate the query to the specific hostname’s DNS server. Finally, the Authoritative DNS server will resolve the hostname with the specific IP address of the host on their network. ISPs usually have a Local DNS server that doesn’t belong to the DNS hierarchy but still has an important role in resolving hostname.

DNS Query

A DNS query is usually recursive, between user and its local DNS, and iterative between the local DNS and the authoritative DNS. It means that after querying the local DNS the user will receive the IP mapping to the hostname. The local DNS on the other hand will first query the Root DNS that will respond with the IP of a TLD DNS, it will the query the TLD to receive the IP address of the authoritative DNS that can resolve the hostname.

In the DNS protocol, caching can drastically increase the performance, it’s thanks to caching that the Root DNS server are seldom queried. The problem with caching is that small host usually connect and disconnect from the network and the cached values must be updated about every two days.

All DNS response message have a specific structure, namely a tuple of 4 values: (Name, Value, Type, TTL).

  • TTL - It’s used to specify how long the resource should be cached.
  • Type - It’s the type of the DNS query, there are four type
    • A - The Name is a hostname that had to be resolved and Value is the IP address of the hostname
    • NS - The Name is the domain resolved and Value is the hostname of the authoritative DNS server that resolve the domain.
    • CNAME - The Name is a mnemonic hostname and Value is its canonical hostname.
    • MX - The Name is again an hostname and the Value is the canonical name of the mail server for such hostname. This is how it’s possible to map a hostname to a web server and a mail server.

DNS Message

A generic DNS message has the following structure

  • The first 12 bytes is the header section. With the 16 bits being a number identifier for the query and different 1-bit message flag (query of reply, message for authoritative or not, recursion-desired query, …)
  • The question field contains information for the query, namely Name and Type.
  • The answer filed contains on the contrary information for the response, namely TTL and Value. Since a hostname is mapped to a set of IP addresses, a response message can have multiple RRs (resources record - the entry in a DNS database).

Structure of a DNS message

Another figure that play an important role in whole DNS field is the registrar that is responsible for verifying a new created hostname and for storying it in the DNS database.

Additional info: nslookup, dig, host

Go to top