Domain Name System

The Domain Name System (DNS) associates various information with domain names; most importantly, it serves as the "phone book" for the Internet by translating human-readable computer hostnames, e. In Computer networking, a domain name is a name given to a collection of network devices that belong to a domain which is an administrative space managed according A hostname (occasionally also a sitename) is the unique name by which a network-attached device (which could consist of a computer file server network storage device fax g. www.example.com, into IP addresses, e. examplecom, examplenet, and exampleorg are second-level Domain names reserved by the Internet Engineering Task Force through RFC An Internet Protocol ( IP) address is a numerical identification ( Logical address) that is assigned to devices participating in a Computer network g. 208. 77. 188. 166, which networking equipment needs to deliver information. It also stores other information such as the list of mail servers that accept email for a given domain. A mail transfer agent (MTA (also called a mail transport agent, message transfer agent, or smtpd (short for SMTP daemon) is a Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving In providing a worldwide keyword-based redirection service, the Domain Name System is an essential component of contemporary Internet use. The Internet is a global system of interconnected Computer networks

Uses

The most basic task of DNS is to translate hostnames to IP addresses. A hostname (occasionally also a sitename) is the unique name by which a network-attached device (which could consist of a computer file server network storage device fax An Internet Protocol ( IP) address is a numerical identification ( Logical address) that is assigned to devices participating in a Computer network In very simple terms, it can be compared to a phone book. DNS also has other important uses.

Above all, DNS makes it possible to assign Internet names to organizations (or concerns they represent) independent of the physical routing hierarchy represented by the numerical IP address. An Internet Protocol ( IP) address is a numerical identification ( Logical address) that is assigned to devices participating in a Computer network Because of this, hyperlinks and Internet contact information can remain the same, whatever the current IP routing arrangements may be, and can take a human-readable form (such as "example. com"), which is easier to remember than the IP address 208. 77. 188. 166. People take advantage of this when they recite meaningful URLs and e-mail addresses without caring how the machine will actually locate them. Uniform Resource Locator is an URI which also specifies where the identified resource is available and the protocol for retrieving it An e-mail address identifies a location to which E-mail messages can be delivered

The Domain Name System distributes the responsibility for assigning domain names and mapping them to IP networks by allowing an authoritative name server for each domain to keep track of its own changes, avoiding the need for a central register to be continually consulted and updated. In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol.

History

The practice of using a name as a more human-legible abstraction of a machine's numerical address on the network predates even TCP/IP, and goes all the way to the ARPAnet era. The Internet Protocol Suite (commonly TCP/IP) is the set of Communications protocols used for the Internet and other similar networks The ARPANET ( Advanced Research Projects Agency Network) developed by ARPA of the United States Department of Defense, was the world's first operational Back then however, a different system was used, as DNS was invented only in 1983, shortly after TCP/IP was deployed. With the older system, each computer on the network retrieved a file called HOSTS. TXT from a computer at SRI (now SRI International)^[1]^[2]. SRI International, based in the United States is one of the world's largest contract Research institutes. The HOSTS. TXT file mapped numerical addresses to names. A hosts file still exists on most modern operating systems, either by default or through configuration, and allows users to specify an IP address (eg. The hosts file is a Computer file used to store information on where to find a node on a Computer network. An Internet Protocol ( IP) address is a numerical identification ( Logical address) that is assigned to devices participating in a Computer network 208. 77. 188. 166) to use for a hostname (eg. A hostname (occasionally also a sitename) is the unique name by which a network-attached device (which could consist of a computer file server network storage device fax www.example.net) without checking DNS. examplecom, examplenet, and exampleorg are second-level Domain names reserved by the Internet Engineering Task Force through RFC Systems based on a hosts file have inherent limitations, because of the obvious requirement that every time a given computer's address changed, every computer that seeks to communicate with it would need an update to its hosts file.

The growth of networking called for a more scalable system, one that recorded a change in a host's address in one place only. Other hosts would learn about the change dynamically through a notification system, thus completing a globally accessible network of all hosts' names and their associated IP Addresses.

At the request of Jon Postel, Paul Mockapetris invented the Domain Name system in 1983 and wrote the first implementation. Jonathan Bruce Postel (pəˈstɛl August 6 1943 – October 16 1998 made many significant contributions to the development of the Internet, particularly in the area Dr Paul V Mockapetris is the inventor of the Domain Name System. The original specifications appear in RFC 882 and RFC 883. In November 1987, the publication of RFC 1034 and RFC 1035 updated the DNS specification and made RFC 882 and RFC 883 obsolete. Year 1987 ( MCMLXXXVII) was a Common year starting on Thursday (link displays 1987 Gregorian calendar) Several more-recent RFCs have proposed various extensions to the core DNS protocols. In Computer network Engineering, a Request for Comments (RFC is a Memorandum published by the Internet Engineering Task Force (IETF describing

In 1984, four Berkeley students — Douglas Terry, Mark Painter, David Riggle and Songnian Zhou — wrote the first UNIX implementation, which was maintained by Ralph Campbell thereafter. The University of California Berkeley (also referred to as Cal, Berkeley and UC Berkeley) is a major research university located in Berkeley Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer In 1985, Kevin Dunlap of DEC significantly re-wrote the DNS implementation and renamed it BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon). Digital Equipment Corporation was a pioneering American company in the Computer industry BIND ( Berkeley Internet Name Domain or "named" is the most commonly used DNS server on the Internet especially on Unix -like systems where it Mike Karels, Phil Almquist and Paul Vixie have maintained BIND since then. Paul Vixie is the author of several RFCs and standard UNIX system programs among them SENDS proxynet rtty and Vixie cron BIND was ported to the Windows NT platform in the early 1990s. See also Software portability In Computer science, porting is the process of adapting software so that an executable program can be created Windows NT is a family of Operating systems produced by Microsoft, the first version of which was released in July 1993

Due to BIND's long history of security issues and exploits, several alternative nameserver and resolver programs have been written and distributed in recent years. This article is a comparison of DNS server software, comparing the features platform support and packaging of independent implementations of DNS.

How DNS works in theory

Domain names, arranged in a tree, cut into zones, each served by a nameserver.

The domain name space

The domain name space consists of a tree of domain names. In Computer science, a tree is a widely-used Data structure that emulates a Tree structure with a set of linked nodes Each node or leaf in the tree has zero or more resource records, which hold information associated with the domain name. The tree sub-divides into zones beginning at the root zone. A DNS root zone is the top level of the Domain Name System (DNS hierarchy for a given DNS system A DNS zone consists of a collection of connected nodes authoritatively served by an authoritative DNS nameserver. A DNS zone is a portion of the global Domain Name System (DNS namespace for which administrative responsibility has been delegated (Note that a single nameserver can host several zones. )

When a system administrator wants to let another administrator control a part of the domain name space within the first administrator’s zone of authority, control can be delegated to the second administrator. This splits off a part of the old zone into a new zone, which comes under the authority of the second administrator's nameservers. The old zone ceases to be authoritative for the new zone.

Parts of a domain name

A domain name usually consists of two or more parts (technically a label), which is conventionally written separated by dots, such as example. In Computer networking, a domain name is a name given to a collection of network devices that belong to a domain which is an administrative space managed according com.

The rightmost label conveys the top-level domain (for example, the address www. example. com has the top-level domain com).
Each label to the left specifies a subdivision, or subdomain of the domain above it. In the Domain Name System (DNS hierarchy a subdomain is a domain that is part of a larger domain Note: “subdomain” expresses relative dependence, not absolute dependence. For example: example. com comprises a subdomain of the com domain, and www. example. com comprises a subdomain of the domain example. com. In theory, this subdivision can go down 127 levels. Each label can contain up to 63 characters. The whole domain name does not exceed a total length of 253 characters. ^[3] In practice, some domain registries may have shorter limits. A domain name registry, also called Network Information Centre (NIC is part of the Domain Name System (DNS of the Internet which converts Domain
A hostname refers to a domain name that has one or more associated IP addresses; ie: the 'www. A hostname (occasionally also a sitename) is the unique name by which a network-attached device (which could consist of a computer file server network storage device fax example. com' and 'example. com' domains are both hostnames, however, the 'com' domain is not.

DNS servers

Main article: Name server

The Domain Name System consists of a hierarchical set of DNS servers. In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root nameservers: the servers to query when looking up (resolving) a top-level domain name (TLD). A root name server is a DNS server that answers requests for the DNS root zone, and redirects requests for a particular Top-level domain (TLD to that

DNS resolvers

See also: resolv.conf

A resolver looks up the resource record information associated with nodes. In Unix and related Computer Operating systems the resolvconf Configuration file contains information that allows a computer connected to the A node ( Latin nodus, ‘knot’ is a critical element of any Computer network. A resolver knows how to communicate with name servers by sending DNS queries and heeding DNS responses.

A DNS query may be either a recursive query or a non-recursive query:

A non-recursive query is one where the DNS server may provide a partial answer to the query (or give an error). DNS servers must support non-recursive queries.
A recursive query is one where the DNS server will fully answer the query (or give an error). DNS servers are not required to support recursive queries.

The resolver (or another DNS server acting recursively on behalf of the resolver) negotiates use of recursive service using bits in the query headers.

Resolving usually entails iterating through several name servers to find the needed information. However, some resolvers function simplistically and can communicate only with a single name server. These simple resolvers rely on a recursive query to a recursive name server to perform the work of finding information for them.

Address resolution mechanism

(This description deliberately uses the fictional . example TLD in accordance with the DNS guidelines themselves. )

In theory a full host name may have several name segments, (e. g ahost. ofasubnet. ofabiggernet. inadomain. example). In practice, in the experience of the majority of public users of Internet services, full host names will frequently consist of just three segments (ahost. inadomain. example, and most often www. inadomain. example).

For querying purposes, software interprets the name segment by segment, from right to left, using an iterative search procedure. At each step along the way, the program queries a corresponding DNS server to provide a pointer to the next server which it should consult.

A DNS recursor consults three nameservers to resolve the address www. wikipedia. org.

As originally envisaged, the process was as simple as:

the local system is pre-configured with the known addresses of the root servers in a file of root hints, which need to be updated periodically by the local administrator from a reliable source to be kept up to date with the changes which occur over time. A root name server is a DNS server that answers requests for the DNS root zone, and redirects requests for a particular Top-level domain (TLD to that
query one of the root servers to find the server authoritative for the next level down (so in the case of our simple hostname, a root server would be asked for the address of a server with detailed knowledge of the example top level domain).
querying this second server for the address of a DNS server with detailed knowledge of the second-level domain (inadomain. example in our example).
repeating the previous step to progress down the name, until the final step which would, rather than generating the address of the next DNS server, return the final address sought.

The diagram illustrates this process for the real host www. wikipedia. org.

The mechanism in this simple form has a difficulty: it places a huge operating burden on the root servers, with each and every search for an address starting by querying one of them. Being as critical as they are to the overall function of the system such heavy use would create an insurmountable bottleneck for trillions of queries placed every day. The section DNS in practice describes how this is addressed.

Circular dependencies and glue records

Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. A Circular dependency is a situation which can occur in programming languages wherein the definition of an object includes the object itself This record is called a glue record.

For example, assume that the sub-domain en. wikipedia. org contains further sub-domains (such as something. en. wikipedia. org) and that the authoritative name server for these lives at ns1. In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol. something. en. wikipedia. org. A computer trying to resolve something. en. wikipedia. org will thus first have to resolve ns1. something. en. wikipedia. org. Since ns1 is also under the something. en. wikipedia. org subdomain, resolving ns1. something. en. wikipedia. org requires resolving something. en. wikipedia. org which is exactly the circular dependency mentioned above. The dependency is broken by the glue record in the nameserver of en. wikipedia. org that provides the IP address of ns1. something. en. wikipedia. org directly to the requestor, enabling it to bootstrap the process by figuring out where ns1. In computing bootstrapping ("to pull oneself up by one's bootstraps" refers to techniques that allow a simple system to activate a more complicated system something. en. wikipedia. org is located.

In practice

When an application (such as a web browser) tries to find the IP address of a domain name, it doesn't necessarily follow all of the steps outlined in the Theory section above. A web browser is a software application which enables a user to display and interact with text images videos music games and other information typically located on a We will first look at the concept of caching, and then outline the operation of DNS in "the real world. "

Caching and time to live

Because of the huge volume of requests generated by a system like DNS, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching (i. e. the local recording and subsequent consultation of the results of a DNS query) for a given period of time after a successful answer. How long a resolver caches a DNS response (i. e. how long a DNS response remains valid) is determined by a value called the time to live (TTL). Time to live (sometimes abbreviated TTL) is a limit on the period of time or number of iterations or transmissions in Computer and Computer network technology The TTL is set by the administrator of the DNS server handing out the response. The period of validity may vary from just seconds to days or even weeks.

Caching time

As a noteworthy consequence of this distributed and caching architecture, changes to DNS do not always take effect immediately and globally. This is best explained with an example: If an administrator has set a TTL of 6 hours for the host www. Time to live (sometimes abbreviated TTL) is a limit on the period of time or number of iterations or transmissions in Computer and Computer network technology wikipedia. org, and then changes the IP address to which www. wikipedia. org resolves at 12:01pm, the administrator must consider that a person who cached a response with the old IP address at 12:00noon will not consult the DNS server again until 6:00pm. The period between 12:01pm and 6:00pm in this example is called caching time, which is best defined as a period of time that begins when you make a change to a DNS record and ends after the maximum amount of time specified by the TTL expires. Time to live (sometimes abbreviated TTL) is a limit on the period of time or number of iterations or transmissions in Computer and Computer network technology This essentially leads to an important logistical consideration when making changes to DNS: not everyone is necessarily seeing the same thing you're seeing. RFC 1537 helps to convey basic rules for how to set the TTL.

Note that the term "propagation", although very widely used in this context, does not describe the effects of caching well. Specifically, it implies that [1] when you make a DNS change, it somehow spreads to all other DNS servers (instead, other DNS servers check in with yours as needed), and [2] that you do not have control over the amount of time the record is cached (you control the TTL values for all DNS records in your domain, except your NS records and any authoritative DNS servers that use your domain name).

Some resolvers may override TTL values, as the protocol supports caching for up to 68 years or no caching at all. Negative caching (the non-existence of records) is determined by name servers authoritative for a zone which MUST include the Start of Authority (SOA) record when reporting no data of the requested type exists. The MINIMUM field of the SOA record and the TTL of the SOA itself is used to establish the TTL for the negative answer. RFC 2308

Many people incorrectly refer to a mysterious 48 hour or 72 hour propagation time when you make a DNS change. When one changes the NS records for one's domain or the IP addresses for hostnames of authoritative DNS servers using one's domain (if any), there can be a lengthy period of time before all DNS servers use the new information. This is because those records are handled by the zone parent DNS servers (for example, the . com DNS servers if your domain is example. com), which typically cache those records for 48 hours. However, those DNS changes will be immediately available for any DNS servers that do not have them cached. And any DNS changes on your domain other than the NS records and authoritative DNS server names can be nearly instantaneous, if you choose for them to be (by lowering the TTL once or twice ahead of time, and waiting until the old TTL expires before making the change).

In the real world

DNS resolving from program to OS-resolver to ISP-resolver to greater system.

Users generally do not communicate directly with a DNS resolver. Instead DNS-resolution takes place transparently in client-applications such as web-browsers, mail-clients, and other Internet applications. A web browser is a software application which enables a user to display and interact with text images videos music games and other information typically located on a An e-mail client, aka Mail User Agent (MUA aka e-mail reader is a frontend Computer program used to manage E-mail. When an application makes a request which requires a DNS lookup, such programs send a resolution request to the local DNS resolver in the local operating system, which in turn handles the communications required. The Domain Name System (DNS is a hierarchical naming system for computers services or any resource participating in the Internet.

The DNS resolver will almost invariably have a cache (see above) containing recent lookups. If the cache can provide the answer to the request, the resolver will return the value in the cache to the program that made the request. If the cache does not contain the answer, the resolver will send the request to one or more designated DNS servers. In the case of most home users, the Internet service provider to which the machine connects will usually supply this DNS server: such a user will either have configured that server's address manually or allowed DHCP to set it; however, where systems administrators have configured systems to use their own DNS servers, their DNS resolvers point to separately maintained nameservers of the organization. An Internet service provider ( ISP, also called Internet access provider or IAP) is a company which primarily offers their customers access to the Internet In any event, the name server thus queried will follow the process outlined above, until it either successfully finds a result or does not. It then returns its results to the DNS resolver; assuming it has found a result, the resolver duly caches that result for future use, and hands the result back to the software which initiated the request.

Broken resolvers

An additional level of complexity emerges when resolvers violate the rules of the DNS protocol. A number of large ISPs have configured their DNS servers to violate rules (presumably to allow them to run on less-expensive hardware than a fully-compliant resolver), such as by disobeying TTLs, or by indicating that a domain name does not exist just because one of its name servers does not respond.

As a final level of complexity, some applications (such as web-browsers) also have their own DNS cache, in order to reduce the use of the DNS resolver library itself. This practice can add extra difficulty when debugging DNS issues, as it obscures the freshness of data, and/or what data comes from which cache. These caches typically use very short caching times — on the order of one minute. Internet Explorer offers a notable exception: recent versions cache DNS records for half an hour. Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE) commonly abbreviated to IE, is a series of graphical Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. ^[4]

Other applications

The system outlined above provides a somewhat simplified scenario. The Domain Name System includes several other functions:

Hostnames and IP addresses do not necessarily match on a one-to-one basis. Many hostnames may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. "vhost" redirects here for vhosts in relation to Internet Relay Chat see Vhost (IRC Virtual hosting is a method that servers Alternatively a single hostname may correspond to many IP addresses: this can facilitate fault tolerance and load distribution, and also allows a site to move physical location seamlessly. This article contains specific implementations of fault tolerant systems
There are many uses of DNS besides translating names to IP addresses. For instance, Mail transfer agents use DNS to find out where to deliver e-mail for a particular address. A mail transfer agent (MTA (also called a mail transport agent, message transfer agent, or smtpd (short for SMTP daemon) is a Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving The domain to mail exchanger mapping provided by MX records accommodates another layer of fault tolerance and load distribution on top of the name to IP address mapping. An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS specifying how Internet E-mail should be routed
Sender Policy Framework and DomainKeys instead of creating their own record types were designed to take advantage of another DNS record type, the TXT record. In Computing, Sender Policy DomainKeys is an E-mail authentication system designed to verify the DNS domain of an E-mail sender and the Message integrity.
To provide resilience in the event of computer failure, multiple DNS servers are usually provided for coverage of each domain, and at the top level, thirteen very powerful root servers exist, with additional "copies" of several of them distributed worldwide via Anycast. A root name server is a DNS server that answers requests for the DNS root zone, and redirects requests for a particular Top-level domain (TLD to that Anycast is a network Addressing and Routing scheme whereby data is routed to the "nearest" or "best" destination as viewed by the routing

Protocol details

DNS primarily uses UDP on port 53 ^[5] to serve requests. User Datagram Protocol ( UDP) is one of the core protocols of the Internet Protocol Suite. In Computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint used by Transport Layer protocols Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP comes into play only when the response data size exceeds 512 bytes, or for such tasks as zone transfer. The Transmission Control Protocol (TCP is one of the core protocols of the Internet Protocol Suite. DNS zone transfer, also sometimes known by its (most common Opcode Mnemonic AXFR, is a type of DNS Transaction. Some operating systems such as HP-UX are known to have resolver implementations that use TCP for all queries, even when UDP would suffice. HP-UX (Hewlett Packard UniX is Hewlett-Packard 's proprietary implementation of the Unix Operating system, based on System V (initially

Extensions to DNS

EDNS is an extension of the DNS protocol which allows the transport over UDP of DNS replies exceeding 512 bytes, and adds support for expanding the space of request and response codes. For the former alternative root system called eDNS see EDNS (alternative DNS root. It is described in RFC 2671.

Standards

A number of the aspects of the Domain name system are specified by an Internet standard. In Computer network Engineering, an Internet Standard (STD is a Specification, put forward by the Internet Engineering Task Force (IETF for The following is a list of some of the RFCs that pertain to DNS. In Computer network Engineering, a Request for Comments (RFC is a Memorandum published by the Internet Engineering Task Force (IETF describing

RFC 920 Specified original TLDs: . arpa, . com, . edu, . org, . gov, . mil and two-character country codes
RFC 1032 Domain administrators guide
RFC 1033 Domain administrators operations guide
RFC 1034 Domain Names - Concepts and Facilities.
RFC 1035 Domain Names - Implementation and Specification
RFC 1101 DNS Encodings of Network Names and Other Types
RFC 1123 Requirements for Internet Hosts -- Application and Support
RFC 1912 Common DNS Operational and Configuration Errors
RFC 1995 Incremental Zone Transfer in DNS
RFC 1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
RFC 2136 Dynamic Updates in the domain name system (DNS UPDATE)
RFC 2181 Clarifications to the DNS Specification
RFC 2182 Selection and Operation of Secondary DNS Servers
RFC 2308 Negative Caching of DNS Queries (DNS NCACHE)
RFC 2317 Classless IN-ADDR. ARPA delegation
RFC 2671 Extension Mechanisms for DNS (EDNS0)
RFC 3696 Application Techniques for Checking and Transformation of Names
RFC 4343 Domain Name System (DNS) Case Insensitivity Clarification
RFC 4892 Requirements for a Mechanism Identifying a Name Server Instance
RFC 5001 DNS Name Server Identifier Option (NSID)

Types of DNS records

Main article: List of DNS record types

When sent over the internet, all records use the common format specified in RFC 1035 shown below. The Domain name system (DNS implements a distributed hierarchical and redundant database for information associated with Internet Domain names and addresses

**RR (Resource record) fields**
Field	Description	Length (octets)
NAME	Name of the node to which this record pertains. In Computing, an octet is a grouping of eight Bits Octet, with the only exception noted below always refers to an entity having exactly eight	(variable)
TYPE	Type of RR. For example, MX is type 15.	2
CLASS	Class code.	2
TTL	Signed time in seconds that RR stays valid. Time to live (sometimes abbreviated TTL) is a limit on the period of time or number of iterations or transmissions in Computer and Computer network technology	4
RDLENGTH	Length of RDATA field.	2
RDATA	Additional RR-specific data.	(variable)

The type of the record indicates what the format of the data is, and gives a hint of its intended use; for instance, the A record is used to translate from a domain name to an IPv4 address, the NS record lists which name servers can answer lookups on a DNS zone, and the MX record is used to translate from a name in the right-hand side of an e-mail address to the name of a machine able to handle mail for that address. Internet Protocol version 4 ( IPv4) is the fourth revision in the development of the Internet Protocol (IP and it is the first version of the protocol to be widely In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol. A DNS zone is a portion of the global Domain Name System (DNS namespace for which administrative responsibility has been delegated An e-mail address identifies a location to which E-mail messages can be delivered

Many more record types exist and be found in the complete List of DNS record types. The Domain name system (DNS implements a distributed hierarchical and redundant database for information associated with Internet Domain names and addresses

Internationalized domain names

Main article: Internationalized domain name

While domain names technically have no restrictions on the characters they use and can include non-ASCII characters, the same is not true for host names. An internationalized domain name ( American Standard Code for Information Interchange ( ASCII) ^[6] Host names are the names most people see and use for things like e-mail and web browsing. Host names are restricted to a small subset of the ASCII character set that includes the Roman alphabet in upper and lower case, the digits 0 through 9, the dot, and the hyphen. A hyphen ( -) is a Punctuation mark It is used for both Words to join and to separate Syllables It is often confused with the dashes (See RFC 3696 section 2 for details. ) This prevented the representation of names and words of many languages natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue. ICANN (aɪkæn eye-can is the Internet Corporation for Assigned Names and Numbers. Punycode is a Computer programming encoding syntax by which a Unicode string of characters can be translated into the more-limited character set permitted An internationalized domain name ( In Computing, Unicode is an Industry standard allowing Computers to consistently represent and manipulate text expressed in most of the world's Some registries have adopted IDNA. A domain name registry, also called Network Information Centre (NIC is part of the Domain Name System (DNS of the Internet which converts Domain

Security issues

DNS was not originally designed with security in mind, and thus has a number of security issues.

One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into believing it has received authentic information when, in reality, it has not. DNS cache poisoning is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS

DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; DNSSEC modifies DNS to add support for cryptographically signed responses. The Domain Name System Security Extensions ( DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System There are various extensions to support securing zone transfer information as well.

Even with encryption, a DNS server could become compromised by a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL. This could have far-reaching impact to potentially millions of Internet users if busy DNS servers cache the bad IP data. This would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years).

Some domain names can spoof other, similar-looking domain names. For example, "paypal. com" and "paypa1. com" are different names, yet users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the number 1. In Typography, a typeface is a set of one or more Fonts designed with stylistic unity each comprising a coordinated set of Glyphs A typeface usually comprises L is the twelfth letter of the Latin alphabet. Its name in English is el or occasionally ell (ɛl Mathematics For any number x: x ·1 = 1· x = x (1 is the multiplicative identity This problem is much more serious in systems that support internationalized domain names, since many characters that are different, from the point of view of ISO 10646, appear identical on typical computer screens. An internationalized domain name ( The Universal Character Set (UCS defined by the ISO / IEC 10646 International Standard, is a standard set of characters upon which This vulnerability is often exploited in phishing. In the field of computer security phishing is the Criminally Fraudulent process of attempting to acquire sensitive information such as usernames Passwords

Techniques such as Forward Confirmed reverse DNS can also be used to help validate DNS results. FCrDNS, or Forward Confirmed Reverse DNS, is when an IP address has both forward (name -> IP and reverse (IP -> name DNS entries that match each other

Legal users of domains

Registrant

Most of the domain name registrars in the world receive an annual fee from a legal user in order for the legal user to utilize the domain name (i. A domain name registrar is a company accredited by the Internet Corporation for Assigned Names and Numbers ( ICANN) and/or by a national ccTLD authority to register e. a sort of leasing agreement exists, subject to the registry's terms and conditions). Depending on the various naming conventions of the registries, legal users are commonly known as "registrants" or as "domain holders".

ICANN holds a complete list of domain registries in the world. ICANN (aɪkæn eye-can is the Internet Corporation for Assigned Names and Numbers. One can obtain information about the legal user of a domain name by looking in the WHOIS database held by most domain registries. WHOIS (pronounced " who is " not an acronym is a query/response protocol which is widely used for querying an official Database in order to determine

For most of the more than 240 country code top-level domains (ccTLDs), the domain registries hold the authoritative WHOIS (Registrant, name servers, expiration dates, etc. A country ). For instance, DENIC, Germany NIC, holds the authoritative WHOIS to a . DENIC Verwaltungs- und Betriebsgesellschaft eG is the manager of the. DE domain name. Since about 2001, most gTLD registries (. History The initial set of top-level domains defined by RFC 920 in October 1984 was a set of "general purpose domains" ORG, . BIZ, . INFO) have adopted this so-called "thick" registry approach, i. e. keeping the authoritative WHOIS in the central registries instead of the registrars. WHOIS (pronounced " who is " not an acronym is a query/response protocol which is widely used for querying an official Database in order to determine

For . COM and . NET domain names, a "thin" registry is used: the domain registry (e. g. VeriSign) holds a basic WHOIS (registrar and name servers, etc. ). One can find the detailed WHOIS (registrant, name servers, expiry dates, etc. WHOIS (pronounced " who is " not an acronym is a query/response protocol which is widely used for querying an official Database in order to determine In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol. ) at the registrars.

Some domain name registries, also called Network Information Centres (NIC), also function as registrars, and deal directly with end users. But most of the main ones, such as for . COM, . NET, . ORG, . INFO, etc. , use a registry-registrar model. There are hundreds of Domain Name Registrars that actually perform the domain name registration with the end user (see lists at ICANN or VeriSign). By using this method of distribution, the registry only has to manage the relationship with the registrar, and the registrar maintains the relationship with the end users, or 'registrants' -- in some cases through additional layers of resellers.

Administrative contact

A registrant usually designates an administrative contact to manage the domain name. In practice, the administrative contact usually has the most immediate power over a domain. Management functions delegated to the administrative contacts may include (for example):

the obligation to conform to the requirements of the domain registry in order to retain the right to use a domain name
authorization to update the physical address, e-mail address and telephone number etc. in WHOIS

Technical contact

A technical contact manages the name servers of a domain name. WHOIS (pronounced " who is " not an acronym is a query/response protocol which is widely used for querying an official Database in order to determine The many functions of a technical contact include:

making sure the configurations of the domain name conforms to the requirements of the domain registry
updating the domain zone
providing the 24×7 functionality of the name servers (that leads to the accessibility of the domain name)

Billing contact

The party whom a domain name registrar invoices. A domain name registrar is a company accredited by the Internet Corporation for Assigned Names and Numbers ( ICANN) and/or by a national ccTLD authority to register

Name servers

Namely the authoritative name servers that host the domain name zone of a domain name. In Computing, a name server (also called 'nameserver' consists of a program or computer server that implements a name-service protocol.

Politics

Critics commonly claim abuse of domains by monopolies or near-monopolies, such as VeriSign, Inc. VeriSign Inc ( is an American company based in Mountain View California that operates a diverse array of network infrastructure including two of the Particularly noteworthy was the VeriSign Site Finder system which redirected all unregistered . Site Finder was a Wildcard DNS record for all.com and.net unregistered domain names run by. com and . net domains to a VeriSign webpage. For example, at a public meeting with VeriSign to air technical concerns about SiteFinder ^[7], numerous people, active in the IETF and other technical bodies, explained how they were surprised by VeriSign's changing the fundamental behavior of a major component of Internet infrastructure, not having obtained the customary consensus. SiteFinder, at first, assumed every Internet query was for a website, and it monetized queries for incorrect domain names, taking the user to VeriSign's search site. Unfortunately, other applications, such as many implementations of email, treat a lack of response to a domain name query as an indication that the domain does not exist, and that the message can be treated as undeliverable. The original VeriSign implementation broke this assumption for mail, because it would always resolve an erroneous domain name to that of SiteFinder. While VeriSign later changed SiteFinder's behaviour with regard to email, there was still widespread protest about VeriSign's action being more in its financial interest than in the interest of the Internet infrastructure component for which VeriSign was the steward.

Despite widespread criticism, VeriSign only reluctantly removed it after the Internet Corporation for Assigned Names and Numbers (ICANN) threatened to revoke its contract to administer the root name servers. ICANN (aɪkæn eye-can is the Internet Corporation for Assigned Names and Numbers. ICANN published the extensive set of letters exchanged, committee reports, and ICANN decisions ^[8].

There is also significant disquiet regarding the United States' political influence over ICANN. This was a significant issue in the attempt to create a .xxx top-level domain and sparked greater interest in alternative DNS roots that would be beyond the control of any single country. The Internet uses a Domain Name System (DNS root officially administered by the Internet Corporation for Assigned Names and Numbers (ICANN

Additionally, there are numerous accusations of domain name "front running", whereby registrars, when given whois queries, automatically register the domain name for themselves. Recently, Network Solutions has been accused of this. ^[9]

Truth in Domain Names Act

Main article: Anticybersquatting Consumer Protection Act

In the United States, the "Truth in Domain Names Act" (actually the "Anticybersquatting Consumer Protection Act"), in combination with the PROTECT Act, forbids the use of a misleading domain name with the intention of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet. The Anticybersquatting Consumer Protection Act (also known as Truth in Domain Names Act) a United States federal law enacted in 1999 is part of A bill to amend The United States of America —commonly referred to as the The PROTECT Act of 2003 is a multipurpose United States law intended to prevent Child abuse. Internet pornography is Pornography that is distributed by means of various sectors of the Internet, primarily via Websites Peer-to-peer

References

^ History of the DNS. Dynamic DNS is a method protocol or network service that provides the capability for a networked device using the Internet Protocol Suite, such as an IP router or The Internet uses a Domain Name System (DNS root officially administered by the Internet Corporation for Assigned Names and Numbers (ICANN This article is a comparison of DNS server software, comparing the features platform support and packaging of independent implementations of DNS. Round robin DNS is a technique of load distribution, load balancing or Fault-tolerance provisioning multiple redundant Internet Protocol service hosts DNS management software is software that runs Domain Name System server clusters Retrieved on 2008-04-29. 2008 ( MMVIII) is the current year in accordance with the Gregorian calendar, a Leap year that started on Tuesday of the Common Events 1429 - Joan of Arc arrives to relieve the Siege of Orleans.
^ Cricket Liu, Paul Albitz. DNS & BIND. O'Reilly (shown via Google Books). Retrieved on 2008-04-29. 2008 ( MMVIII) is the current year in accordance with the Gregorian calendar, a Leap year that started on Tuesday of the Common Events 1429 - Joan of Arc arrives to relieve the Siege of Orleans.
^ What is the maximum length of a domain name? on the IETF DNSOP working group mailing list. On the wire, in the DNS binary format, it can be at most 255 octets as per RFC 1034 section 3. 1. For an all-ASCII hostname, this can be represented in traditional dot notation as 253 characters.
^ How Internet Explorer uses the cache for DNS host entries. Microsoft (2004). Retrieved on 2006-03-07. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Events 161 - Roman Emperor Antoninus Pius dies and is succeeded by co-Emperors Marcus Aurelius and Lucius Verus
^ Mockapetris, P (November, 1987). RFC1035: Domain Names - Implementation and Specification. Retrieved on 2007-07-31. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 30 BC - Battle of Alexandria: Mark Antony achieves a minor victory over Octavian 's forces but most of his army subsequently
^ The term host name is here being used to mean an FQDN for a host, such as eg. A fully qualified domain name (or FQDN) is an unambiguous Domain name that specifies the exact location in the Domain Name System 's tree hierarchy through en. wikipedia. org. , and not just (to use the same example) en .
While most domain names do indeed designate hosts, some domain name DNS entries may not. In this sense, a (FQDN) hostname is a type of domain name, but not all domain names are actual host names. A fully qualified domain name (or FQDN) is an unambiguous Domain name that specifies the exact location in the Domain Name System 's tree hierarchy through Cf. this host name vs domain name explanation from the DNS OP IETF Working Group. An IETF working group, or WG for short is a Working group of the IETF.
^ McCullagh, Declan (2003-10-03). Declan McCullagh is an American Journalist and columnist for CNET 's news Year 2003 ( MMIII) was a Common year starting on Wednesday of the Gregorian calendar. Events 42 BC - First Battle of Philippi: Triumvirs Mark Antony and Octavian fight an indecisive battle with Caesar's VeriSign fends off critics at ICANN confab. CNET News. com. Retrieved on 2007-09-22. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 66 - Emperor Nero creates the Legion I Italica. 1236 - The Lithuanians
^ Internet Corporation for Assigned Names and Numbers (ICANN). ICANN (aɪkæn eye-can is the Internet Corporation for Assigned Names and Numbers. Verisign's Wildcard Service Deployment. Retrieved on 2007-09-22. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 66 - Emperor Nero creates the Legion I Italica. 1236 - The Lithuanians
^ Slashdot | NSI Registers Every Domain Checked

External links

DNS Complexity, Paul Vixie, ACM Queue
Open Source Guide - DNS for Rocket Scientists, an on-line technical book for further reading

A listing of some DNS tools

Paul Vixie is the author of several RFCs and standard UNIX system programs among them SENDS proxynet rtty and Vixie cron The Association for Computing Machinery, or ACM, was founded in 1947 as the world's first scientific and educational Computing society

Dictionary

-proper noun

(computing) (Internet) The distributed database, sometimes including all the supporting hardware or software infrastructure, the Internet uses to translate hostnames into IP numbers and provide other domain related information.

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
network: | |

Contents