Itu telecommunication Standardization Sector Information Document 1-E

Yüklə 25.75 Kb.
ölçüsü25.75 Kb.

ITU - Telecommunication Standardization Sector Information Document 1-E


January 2002


1, 2, 3 & 4/2




The Domain Name System (DNS)



The paper is provided to give a brief introduction to and explanation of the Internet Domain Name System.
The Domain Name System (“DNS”) is a distributed hierarchical lookup service. It is primarily used on the Internet to translate between domain names and Internet Protocol (“IP”) addresses.

The DNS service consists of DNS data, name servers, and a protocol used to retrieve data from the servers. Clients of the DNS can be applications such as web browsers or mail transfer agents and even other name servers. Simple text data base records called resource records are placed into millions of files called zones. Zones are kept on authoritative name servers distributed around the Internet, which answer queries according to the DNS network protocols. In contrast, caching servers simply query the authoritative servers and cache any replies. Most servers are authoritative for some zones and perform a caching function for all other DNS information. The DNS software implementation known as Berkeley Internet Name Domain (“BIND”) is the most commonly used domain name server on the Internet1.

To understand the DNS hierarchy, it is helpful to examine the structure of Internet host names (see Figure 1). The last portion of a host name, such as .int, in the case of the (the ITU’s web site), is the top level domain (“TLD”) to which a host belongs. There are currently a set of generic top level domains (“gTLDs”), such as .com, .net, and .org, as well as country code top level domains (“ccTLDs”), such as .be for Belgium, .cn for the People’s Republic of China, .mx for Mexico, and .us for the United States of America. Other top level domains such as .int, .gov, .mil and .edu do not neatly fit into either of these classifications — they form a set of “chartered” gTLDs since they have registration entrance requirements. For example, only intergovernmental treaty organizations are allowed to currently register under the TLD .int. Additional TLDs have been recently created, some of which should be available in late 20012.

Figure 1: DNS Hierarchy

The root node of the Internet name space consists of a single file, the root zone file. The root zone file contains pointers to the master (primary) and slave (secondary) servers for all Internet top level domains (e.g., gTLDs, ccTLDs).

The master (primary) server is the definitive source of data for a DNS zone. This is where all changes to the zone's contents are made. The DNS protocol provides an automatic mechanism for propagating the contents of a zone to slave (secondary) servers. The provision of secondary servers provides robustness and prevents single points of failure. If one name server for a zone fails or is unreachable, there should be other name servers for the zone that can be queried instead. Usually a name server will only give up on an attempt to resolve a query when all the known servers for the zone have been tried and none respond.

At the top of the DNS database tree are 13 root name servers consisting of a primary server, “”, and 12 secondary name servers3. The location of the 13 root name servers is shown in Figure 2. Ten of these are in the United States, while the remaining three are located in Japan, Sweden, and the United Kingdom.

Figure 2: Location of DNS Root Name Servers

Currently, the primary root server, “”, is maintained by Verisign Global Registry Services4, a subsidiary of Verisign, Inc., located in the United States of America5. The final authority for change control of the root zone file (e.g., addition or deletion of top level domains) is held by the US Department of Commerce6.

As a specific example, the root zone file contains pointers to the name servers for the .com, .net, and .org gTLDs, also managed by Verisign Global Registry Services7. The global distribution of those name servers is shown in Figure 3.

Figure 3: Distribution of Current gTLD Name Servers (Source: Network Solutions, May 2001)

An example can be given of a DNS lookup to find the IP address of the ITU web site: When a server looks up, it will query the root name servers for a reference to the .int name servers. The local server then queries one of them for A server for .int then returns a referral to the name servers. The server then repeats the query for a third time, this time to one of the name servers, which gives the final answer. This iterative process is known as resolving.

The answers a name server gets when it is resolving queries are cached and used to speed up subsequent lookups. For example, if the name server that looked up was then asked to lookup up the mail server, it would immediately query the name servers directly and not start resolving the query again from the root name servers.

There is often confusion about the difference between domains and zones. The difference between a domain and zone is subtle. A zone contains the domain names and data that a domain contains except for the domain names and data that are delegated elsewhere. Delegations means making someone else responsible for the subdomain. This delegation property is why DNS is often defined as a distributed database.


1 See The current versions of BIND are written by Nominum under contract to the Internet Software Consortium (ISC). They are released as open source software under an ISC copyright that essentially permits unrestricted use and distribution.


3 An interesting and in-depth study of performance of the DNS root and gTLD server systems is available at


5 See Appendix A at for additional details.

6 Cooperative Agreement No. NCR-9218742, Amendment 11, (Oct. 6, 1998): 

While NSI continues to operate the primary root server, it shall request written direction from an authorized USG official before making or rejecting any modifications, additions or deletions to the root zone file. Such direction will be provided within ten (10) working days and it may instruct NSI to process any such changes directed by NewCo when submitted to NSI in conformity with written procedures established by NewCo and recognized by the USG.

7 The .com, .net, and .org TLDs are carried on the same constellation of name servers. Verisign GRS announced on June 12, 2001, that it would be bringing into the authoritative name server set serving .com, .net and .org. See Previously, the gTLDs .com, .net and .org were also carried on the root name servers shown in Figure 2 but have been migrated off to the name server infrastructure shown in Figure 3.

* Contact:


Tel: +41 22 730 5887

Fax: +41 22 730 5853


Attention: This is not a publication made available to the public, but an internal ITU-T Document intended only for use by the Member States of the ITU, by ITU-T Sector Members and Associates, and their respective staff and collaborators in their ITU related work. It shall not be made available to, and used by, any other persons or entities without the prior written consent of the ITU-T.


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur © 2016
rəhbərliyinə müraciət

    Ana səhifə