A fully qualified domain name or FQDN is a complete domain name that identifies a page, host, server, or any other online resource. An FQDN is also a domain name that specifies its exact location in the DNS hierarchy tree.
What is DNS (Domain Name System)?
Now we come to the key question of naming. As we now know, on the internet, messages are carried in packets that are addressed with numbers called IP addresses. So how do we determine those IP addresses?
After all, it’s infeasible for people to remember the IP address of each server that they want to communicate with. Are you going to remember that www.apple.com is 17.253.207.54? So instead, hosts are given easy-to-remember names, like www.apple.com. These names are called hostnames. What we need, then, is a way to translate hostnames to IP addresses.
Here’s where the Domain Naming System or DNS comes into play. DNS translates hostnames to IP addresses. People often think of DNS like the phone book, but instead of translating names to phone numbers, it translates names to IP addresses. For example, www.apple.com translates to 17.253.207.54. Note also that hostnames live within domains. For example, www.apple.com is in the apple.com domain.
The DNS system is split into two parts: recursive and authoritative. Recursive DNS is user facing, and authoritative DNS is domain-owner facing. We will now explain each of these two sides in more detail.
Let’s look first at recursive DNS and how it is configured. Your computer’s operating systems will be configured to use one or more recursive DNS servers that are usually provided by your ISP or your company’s IT department. For example, opening up my computer’s configuration panel, I can see that my computer is configured to use two recursive DNS servers at IP addresses 75.75.75.75 and 75.75.76.76. Those servers are run by my ISP — in this case, Comcast.
Either of these recursive DNS servers can provide DNS lookups for all of the applications running on my computer. For example, any application on my computer can send a query for www.apple.com to either of those recursive DNS servers, and it will answer with the IP address 17.253.207.54.
So how do the recursive DNS servers come up with answers? After all, they can’t possibly know the answer to every possible hostname lookup. That’s where authoritative DNS comes in.
Let’s look now at authoritative DNS and how it’s configured, and to do that we have to start with domains. A domain, such as apple.com, has to be purchased from an organization called a registrar. There are many registrars out there, many of which you might have heard of or have done business with. Examples include Network Solutions and GoDaddy. Once you’ve purchased a domain from a registrar, you have to set up some authoritative DNS servers and provide the list of those servers to the registrar. In this example, Apple has four authoritative DNS servers for its domain, apple.com.
To configure those authoritative DNS servers, you have to create and upload a zone file to them. Essentially, the zone file lists all of the translations for the hostnames in the domain. In this example, the zone file for the apple.com domain includes translations for the hostnames www.apple.com, mail.apple.com, vpn.apple.com, and whatever else is needed.
Note that the authoritative DNS servers for the apple.com domain only need to be able to translate hostnames in that domain, and any of the domain’s authoritative DNS servers can perform that function. In our example, then, any of the four authoritative DNS servers for apple.com can translate www.apple.com into the IP address 17.253.207.54. The important point here is that the authoritative DNS servers for apple.com only need to be able to translate hostnames in the apple.com domain. They do not need to be able to translate hostnames in the google.com domain, for example. That responsibility would lie with the authoritative DNS servers for the google.com domain. This separation of responsibilities is what allows the DNS to scale as it does.
Now let’s look at how the two halves of DNS work together. When an application on my computer wants to look up www.apple.com, it starts by sending the query to any of the recursive DNS servers that we saw configured in my computer’s operating system. That recursive DNS server does not, a priori, know the answer, so to get the answer, it sends the query to any one of the authoritative DNS servers that we saw configured for the apple.com domain.
The authoritative DNS server knows the answer — it’s in the zone file — so it just has to look it up. It can then send that answer back to the recursive DNS server. Finally, the recursive DNS server sends the answer back to my computer. In doing so, the recursive DNS server will remember the answer for a configurable amount of time, so the next time it receives a query for that hostname, it can skip the step of going forward to the authoritative DNS.
You might be wondering, how is it that the recursive DNS servers were able to find the authoritative DNS servers for the domain, in the example case, apple.com. The answer is hierarchy, which is facilitated by the registrar. Remember the registrar? The details of how the hierarchy works is beyond the scope of this presentation.
The DNS is a critical and foundational component of the internet. When DNS is broken, you really can’t use the internet.
The Domain Name System (DNS) is a critical part of the internet. DNS is often likened to a phone book. The DNS takes human-readable domain names, such as www.apple.com, and maps them to numeric IP addresses that are readable by machines. The system supports the use of IP addresses to direct IP packets.
What came before DNS?
Before the Domain Name System (DNS) was invented, the process of assigning computer hostnames and addresses was manual, requiring a phone call to add hostnames and addresses to the HOSTS.TXT file maintained by SRI (Stanford Research Institute), which was then mapped to an ARPANET directory developed by Elizabeth Feinler. In 1983, Paul Mockapetris invented the DNS, a distributed and dynamic naming system to replace the slow HOST.TXT service; this provided the scalability needed to support growing network needs. The DNS records framework allows memorable domain names to be mapped to IP addresses. In 1986, the Internet Engineering Task Force (IETF) made DNS an Internet Standard.
Today, DNS is a critical part of the infrastructure of the internet.
How does DNS work?
DNS services translate hostnames to IP addresses. How the DNS system does this can be likened to a phone book, but instead of a name being associated with a phone number, DNS translates a domain name to an IP address. For example, www.apple.com translates to 17.253.207.54. The Domain Name System (DNS) is split into two DNS nameservers that work together:
- Recursive DNS server
- Authoritative DNS server
What is a recursive DNS server?
Recursive DNS is user-facing and involved in every DNS query. A computer’s operating system is configured to use one or more recursive DNS servers; these recursive DNS servers are often provided by an internet service provider (ISP) or a company’s IT department. When you type a domain name, e.g., apple.com into a browser, the recursive DNS server doesn’t know the IP address of the domain, but it does know where to go to find that information. To find an IP address, the recursive DNS server connects to an authoritative DNS server.
What is an authoritative DNS server?
An authoritative nameserver is domain owner facing. A domain, such as apple.com, is purchased from an organization called a registrar. Registrar examples include well-known internet brands such as GoDaddy. Once a domain name is purchased, a company must set up authoritative DNS servers and provide the list of the servers to the registrar. The company may have several authoritative DNS servers.
The configuration of authoritative DNS servers requires creating and uploading a DNS zone file to the registrar. This zone file lists all the translations for the hostnames in the domain. In the example apple.com, the zone file includes translations for the hostnames www.apple.com, mail.apple.com,vpn.apple.com, and others.
The authoritative DNS servers of a company domain only need to translate hostnames in that domain. For example, if apple.com has four authoritative DNS servers, any can translate an incoming request from a recursive DNS server for apple.com into its IP address equivalent, 17.253.207.54.
Once the IP address is located within the zone file, the authoritative DNS server sends this information back to the recursive DNS server, who then sends the answer to the web browser, which has the information to display the web page.
An important aspect of the recursive DNS server is that it can retain IP address data for a length of time in the computer DNS cache. This means that when you next navigate to apple.com, the recursive DNS server won’t need to query the authoritative DNS servers of apple.com to allow the Apple web pages to be presented.
Do we need a Domain Name System?
Yes, DNS is a fundamental part of the internet; without DNS, the internet would become unusable. For example, if your recursive DNS server failed, you would be unable to connect to a website without manually typing the IP address into the address bar of a browser.
DNS security issues
Some cyberattacks target the DNS system. For example:
- DNS hijacking changes an IP address to another address so that the DNS lookup for a domain then points to the hacker’s own servers. End users are redirected to a malicious website.
- DNS amplification is a type of distributed denial-of-service (DDoS) attack. DNS amplification attacks exploit publicly available DNS servers and overwhelm them with DNS response traffic.
- DNS flood attacks are another type of DDoS attack that targets server-side assets, sending a flood of UDP requests. DNS request packets are sent at an extremely high packet rate, generating a mass onslaught of source IP addresses.
- DNS cache poisoning is where hackers corrupt the DNS cache in an attempt to control the cache of the recursive DNS server.
Akamai Edge DNS is a global, highly scalable Domain Name System (DNS) service offering security, resilience from DDoS events, and high DNS responsiveness.
Frequently Asked Questions (FAQ)
The Domain Name System (DNS) is a critical part of the internet. DNS is often likened to a phone book. The Domain Name System (DNS) takes human-readable domain names, such as www.apple.com, and maps them to numeric IP addresses that are readable by machines. The system supports the use of IP addresses to direct IP packets.
The authoritative DNS servers for a domain only translate hostnames in that domain; any of the domain’s authoritative DNS servers can perform that function. Therefore, DNS servers are domain-specific and so do not translate hostnames from other domains. This separation of responsibilities allows the DNS to scale.
The DNS hierarchy, or the domain name space, has a single domain at the top of the tree called the root domain. The DNS hierarchy is then broken into second-level domains, subdomains, and hosts. The result is five DNS hierarchy levels:
- Root-Level Domain (root nameserver)
- Top-Level Domains (TLD nameserver)
- Second-Level Domains (SLD)
- Subdomains
- Hosts
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.