Whom do you ask?

Suppose you're in school and you want to find out what's in a particular history course. If you know the teacher, it's easy--just ask her. But what if you don't know the teacher?

Probably, you'll go to the head of the history department. But what if you don't know who's head of the history department?

When all else fails, you go to the principal's office. In other words, you go higher and higher in the administration till you find someone with authority.

But stay with this analogy for a moment.

The principal's office might not know what's in every history course. She can tell you who the head of the history department is, though.

And the head of the history department will probably direct you to the teacher. Now you're going down the line of authority.

Next time you want help with another history course, you won't bother the principal's office; you'll go to the head of the history department. This won't work if somebody new becomes head of the history department, so next year you might have to go back to the principal's office.

Rules of information finding

So the rules of finding information (let's put them in a form that helps us understand DNS) include these:

1. If you go to the top of the hierarchy (the principal), you can eventually find everybody.

2. You don't always go to the top of the hierarchy because it wastes people's time, including yours. Instead, you go just as high as you need to (the teacher or the head of the department).

3. At each level, the person directs you to the next level down, till you get what you need.

4. Knowledge is not all in one place. The teacher knows what's in the course. The head of the history department doesn't know what's in the course, but know who the teacher is. And the principle's office knows who the head of the history department is.

5. You remember the information you got from your first search, and reuse it to save time.

6. Because the information changes from time to time, you have to discard the information and start over.

Now let's apply these rules to DNS. It has a hierarchy that you can see in a name such as www.hackerteen.com.br:

Each part of the name www.hackerteen.com.br (hackerteen.com.br, com.br, and .br) is called a domain. Now let's re-examine the rules.

1. If you go to the top of the hierarchy, you can eventually find everybody.

There are 13 large banks of computers called root servers. The word "root" was suggested by the way the hierarchy looks when you make a figure: like an upside-down tree. The 13 servers all have the exact same information, so really there is only one root. The information is in 13 places so that people around the world can get it faster, and so that DNS will keep working even if some servers fail.

What's the name of the root? Just a dot (.). Under the root are .com, .org, .br, and so forth.

2. You don't always go to the top of the hierarchy. Instead, you go just as high as you need to.

If your browser knows where the .br server is, it goes right to that server and skips the step of asking the root servers for .br.

3. At each level, the person directs you to the next level down, till you get what you need.

The root server tells you what server handles .br, and that one tells you who handles .com.br is. They you ask .com.br, which tells you who handles hackerteen.com.br, and so on.

4. Knowledge is not all in one place.

When a DNS server has knowledge, it's said to "have authority" over that knowledge or to "be authoritative" for that knowledge. The root servers are authoritative for finding .br. The .br server is authoritative for finding com.br, and so on.

5. You remember http://www.google.com/search?q=motors&ie=utf-8&oe=utf-8&aq=t&rls=org.deb... information you got from your first search, and reuse it to save time.

The first time you visit www.hackerteen.com.br, your browser might take a little extra time to show the page as the request goes down the DNS tree. When you visit another page on the same site, it might be faster because your browser already knows where to find www.hackerteen.com.br. A local DNS server near you also knows, so it can save time if your friend at the next desk visits www.hackerteen.com.br.

Remembering information is called caching (a "cache" is a place to put stuff you need later). Every DNS server has a cache. Your computer probably has its own cache, and your browser does too. Caching allows popular sites to be found faster, because they stay in the cache for an hour or more.

6. Because the information changes from time to time, you have to discard the information and start over.

DNS information comes with a "time to live" value (TTL) that typically ranges from minutes to weeks. After the TTL is used up (expires), the server or cache deletes the information.

What is the information in DNS? What is an IP address?

As we've shown, what you look up in DNS is a domain name, such as www.hackerteen.com.br. What you get back is an IP address. This is a four-part number such as 192.0.100.2. An IP address is tied more closely than domain names to a computer and to the way networks are wired together. You might have to deal with your IP address when you first install your computer or deal with a networking problem. Computer administrators can do much more with these addresses, because they tell a lot about the network and where the computer is.

What problems can arise with DNS?

The root servers could all fail

This is the worst potential problem. Internet would be divided into different parts that couldn't communicate, and the problem would get worse as TTLs expire. This problem has never happened because there are 13 servers and they're managed very well.

Someone could trick a server into giving out the wrong IP address

This is rare but very dangerous. This kind of attack could help a criminal who sets up a fake server and then attracts visitors who think they're visiting a popular domain name. The server can collect personal information such as credit cards.

A server for a domain could fail

This makes it hard for people to visit the sites in that one domain. If the hackerteen.com.br domain server failed, other DNS servers would continue to find computers in that domain until the TTLs expired in their caches. That gives time for the hackerteen.com.br administrator to bring the domain server back up. If they can't, other people won't find their sites. People inside the domain will also be unable to find Internet sites, if their computers depend only on the domain server that failed.

A new computer takes time to be found

Suppose someone sets up a new web server with a new IP address. Other computers and DNS servers will continue using the old IP address until the TTLs on their caches expire. So it may be a few hours or even a few days before some people can find the new server.

Domain names can be part of other annoyances, such as when someone gives up a domain and another organization buys it. You may see advertisements or other things that you don't want, or that even embarrass you, when you visit the domain. But this is not a technical problem.

Also, someone can send email that looks like it comes from you. Recipients can't tell (unless they do a lot of expert tracing) that it's fake. The email could say things that embarrass you, make you look like a spammer, or even contain illegal content that puts you at risk. This is not a problem with the domain name system, even though the email fakes the domain name that's part of your email address. The problem (often called "joe jobbing") just shows that email is easy to fake.

How does my computer use DNS?

We explained how a DNS server helps you find other computers--but how do you find a DNS server?

This is a common problem in computing. You have to start somewhere. In this case, you can't use DNS until you find an entry point, so something outside of DNS has to get you started.

Whoever attached your computer to the Internet also gave the starting point for DNS. If you set up networking on your own system, you may remember that it asked for the address of a computer to attach to. If you use an Internet provider, the provider has a DNS server for all your DNS requests. If you are on a local network in a school or business, it might provide its own DNS server, in which case you had to specify its IP address as part of getting onto the network.

How did the 13 root servers get chosen?

The Internet is a voluntary agreement among people who want to talk to each other and help others to talk. This voluntary cooperation extends to the root servers--important as they are.

Root servers were started by volunteers as a service to the Internet community. The engineers who developed the Internet's software ensured that root servers would be spread across different countries, although the United States has more than any other country.

By putting 13 root servers around the world, the engineers ensured that some would always be available (and made sure that most users would have one nearby, geographically).

But the use of the 13 root servers is also a choice that every computer user makes. Some engineers have set up alternative root servers, so that they could use domain names that weren't approved for use by the 13 official servers. You could attach to an alternative root server, but hardly anyone does so. Therefore, in effect, there is just one domain name system and everybody can visit the same systems using the same names.