+A mock Duolingo screenshot. The English answer is "If don't learn the domain name system, your home will go missing". In Spanish, it says "Si no aprendes el sistema de nombres de dominio, se deaparecera tu domicilio"
++ Even now, with over four hundred names and nicknames in the combined ARPANET-DCNET tables, this has become awkward ++— David Mills RFC 799 - Internet Name Domains + +Scaling issues were evident at even 400 hosts in 1981! David Mill's solution was intended to scale for thousands of hosts and it's still being used to this day! + +There are far more than 1 billion IPV4 addresses with a domain name attached to them as of 2019[^amountOfHosts], according to the Internet Systems Consortium[^ISCReport]. Of course, this does not exactly describe the amount of hosts there are, but it's a good starting point to understand the sheer scale of DNS. _At least_ 1 billion IPs are attached to a domain name, as this doesn't account for IPV6 addresses + +[^ISCReport]: https://ftp.isc.org/www/survey/reports/current/ + + + +[^amountOfHosts]: + The Internet Domain Survey measures IP addresses attached to domains rather than the reverse. Originally, hosts were counted, but due to newfound zone transfer limitations, reverse mapping was used post 1981 [^ISCAbout] + + The survey was discontinued after 2019 since the results became misleading with the prevalence of IPV6 and private networks[^ISCSurveyEnds] + +[^ISCAbout]: https://www.isc.org/survey-about/ + +[^ISCSurveyEnds]: https://www.isc.org/blogs/domain-survey-ends/ + +### Top Level Domains + + + +The key difference between `HOSTS.TXT` and DNS is distribution. Instead of one central source of truth, administration is delegated to sub-administrations. For example, `.com` domains are managed by Verasign[^verasignCom] + +[^verasignCom]: https://itp.cdn.icann.org/en/files/registry-agreements/com/com-agreement-html-01-12-2024-en.htm + +Domains are made of sections, known as labels, separated by dots + +`com` is a TLD (Top Level Domain). Top Level Domains are the rightmost label of a domain name. For example, `legacy.jacobasper.com`[^legacy] has a TLD of `com`, a second level domain of `jacobasper`, and third level domain of `legacy`. If you so choose, you can add even more subdomains up to 253 characters[^maxLength] + + + + + +[^legacy]: Visit at your own risk https://legacy.jacobasper.com/ + +[^maxLength]: + [RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4) says that a max length of the Fully Qualified Domain Name must be 255 characters or left, but this is accounting for the implied `.` at the end of a domain and the the length byte[^byteDisclaimer]. That's to say, `playfulprogramming.com` is shorthand for `playfulprogramming.com.`. There are 25 total characters, 18 for `playfulprogramming`, 2 for the `.` and length byte, and 3 for `com` and the implied `.` and terminating length byte + + There are more restrictions beyond just the length limit in the RFC if you're interested! + +[^byteDisclaimer]: Whenever I mention byte, I mean 8 bits. For historical reasons[^historicalReasons], 8 bits is referred to as an octet, but I'm so used to just saying byte, so bear with me 😅 + +[^historicalReasons]: [WHY IS A BYTE 8 BITS? OR IS IT?](https://web.archive.org/web/20010627215719/http://www.bobbemer.com/BYTE.HTM) + +### The DNS Tree + + + + +Of course, `legacy.jacobasper.com` is just one choice of many. DNS looks more like a tree in reality. `com` has many second level domains, including `wikipedia` and `jacobasper` + + + + + +The root zone is represented by a dot. Domain names have an implicit 0 length label, so the Fully Qualified Domain Name (FQDN) for `garlic.bread` is `garlic.bread.`, though as you may have guessed, the terminating `.` is usually omitted for brevity + + + +### Zones + +So how does this help resolve the scaling issues from `HOSTS.TXT`? + +Instead of a central source of truth, DNS is a distributed Database, with authority delegated into zones, which are simply a portion of the DNS tree + +The manager of the `.bread` TLD is overburdened by managing `.garlic.bread` domains. There is simply too much garlic related lore for the bread administrators to handle. Avocado toast and sourdough is all good and well, but they don't know the first thing about the Garlic Councils restrictions on proper garlic press selection[^amateurs]. Luckily, the Garlic Council is glad to put any compliance issues on their plate so that the breadministration doesn't knead to! + +[^amateurs]: Amateurs + + + +Authority over `garlic.bread` is now delegated to the Garlic Council. Their servers are now the place to go to get information about `garlic.bread` and its subdomains! + +### Name Resolution + +Let's look at a real example of zones in action! We'll find each of the zones traversed before reaching the authoritative zone for `legacy.jacobasper.com.` + +We'll be running the following command + +```bash +dig legacy.jacobasper.com. +trace +nodnssec | grep -Ev "unreachable|no servers" +``` + +Let's break it down + + + + +[`dig`](digManual) is a utility to DNS lookups. `+trace` will enable following the delegation path—it will start at the root name servers and follow their referrals until finding the authoritative name server. `+nodnssec` and piping to `grep` will filter information about DNSSEC and failed IPV6 lookups respectively + +[digManual]: https://linux.die.net/man/1/dig + +``` +dig legacy.jacobasper.com. +trace +nodnssec | grep -Ev "unreachable|no servers" + +; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> legacy.jacobasper.com. +trace +;; global options: +cmd + +. 0 IN NS c.root-servers.net. +. 0 IN NS d.root-servers.net. +;; omitted for brevity +. 0 IN NS a.root-servers.net. +. 0 IN NS b.root-servers.net. +;; Received 432 bytes from 192.168.144.1#53(192.168.144.1) in 0 ms +``` + +Note that `;` are used as comments, used here for some debug information and by myself to make the output easier to follow 😀. There is no difference in using one or more semicolons, but 2 are often used for readability + +There are 13 root name servers[^why13RootServers], labeled `a` to `m`. Note that this does not mean there are 13 physical servers—13 IP addresses distribute load amongst more than 1500 servers[^1500Servers] across the globe + +[^why13RootServers]: [Reason for Limited number of Root DNS Servers](https://lists.isc.org/pipermail/bind-users/2011-November/085653.html) + +[^1500Servers]: As of June 10th, 2025, [there were "1954 instances operated by the 12 independent root server operators" according to root-servers.org](https://web.archive.org/web/20250610122946/https://root-servers.org/) + +A name server answers queries about a particular domain name. The root servers are responsible for information in the root zone, in this case about where to find the Top Level Domain Name servers + +#### So what are each of the columns in the `dig` output? + + + + + +From left to right, we have the domain we're looking for, in this case the root domain. Then the TTL, or Time To Live, which specifies how long records can be cached for. More on caching later. The Class is `IN`, meaning Internet. There are other values, but today they are exceedingly rare, if used at all. The Type is the kind of record, in this case `NS` for Name Server. We'll go over more types of records later. Finally, we have the Fully Qualified Domain Name (FQDN) of the root name server + +I'll include these column header comments for convenience from now on + +``` +;; domain TTL Class Type FQDN + . 0 IN NS a.root-servers.net. +``` + +Root name server `a` very kindly refers us to the `com.` name servers, again ranging from `a` to `m` + +Note the TTL for these records are 2 days + +``` +;; domain TTL Class Type FQDN + com. 172800 IN NS l.gtld-servers.net. + com. 172800 IN NS j.gtld-servers.net. +;; omitted for brevity + com. 172800 IN NS c.gtld-servers.net. + com. 172800 IN NS e.gtld-servers.net. +;; Received 846 bytes from 198.41.0.4#53(a.root-servers.net) in 29 ms +``` + +The `com.` name servers refer us to the zone for `jacobasper.com.`, which are operated by DNSONE. I could use any DNS server to be authoritative for my domains, but I chose to use Netlify, which seems to use DNSONE! + +``` +;; domain TTL Class Type FQDN + jacobasper.com. 172800 IN NS dns1.p08.nsone.net. + jacobasper.com. 172800 IN NS dns2.p08.nsone.net. + jacobasper.com. 172800 IN NS dns3.p08.nsone.net. + jacobasper.com. 172800 IN NS dns4.p08.nsone.net. +;; Received 139 bytes from 192.41.162.30#53(l.gtld-servers.net) in 29 ms +``` + +Finally, we reach the records we're after! `A` records stand for address, and describe the IPV4 address of a domain + +``` +;; domain TTL Class Type FQDN + legacy.jacobasper.com. 120 IN A 34.234.106.80 + legacy.jacobasper.com. 120 IN A 100.28.201.155 +;; Received 82 bytes from 198.51.45.8#53(dns2.p08.nsone.net) in 29 ms +``` + +To sum it up, there was a DNS zone for the root zone, which referred us to the `.com` zone, which then referred us to the `jacobasper.com.` zone, which then knew where `legacy.jacobasper.com.` lives! + +`legacy.jacobasper.com.` and `jacobasper.com` are both under this zone, as well as any arbitrary amount of subdomains I choose. I could also delegate further if I so chose, but I don't have too many domains to worry about, so the current setup is fine for me! + +### Kinds of Records + + + +### Registering a domain + +A registry handles the database of TLDs and registrant metadata. For example, Verasign operates the registry for the `.com` TLD + +A registrant is TODO + +A registrar like GoDaddy (Go Father) is an intermediary that provide services like domain lookup and sending zone information to the registrar + +To put it simply, registrants register registrations with a registrar that registers registrations regularly with a registry regulating regions and general domains + +--- + +#### Pricing + +So why not just skip the registrar and send your information straight to the registry? I could find a better use for my 12$ like producing 9–12 pounds of garlic[^garlicProduction] + +[^garlicProduction]: According to Rutgers, "[non-specialty] garlic costs about $1.00–1.25 per pound to produce" https://njaes.rutgers.edu/fs1289/ + +Unfortunately for you, + + + +Verasign charges $10.26 as of September 1st, 2024[^verasignMyths] + +[^verasignMyths]: https://blog.verisign.com/domain-names/myths-vs-facts-about-dot-com/ + +ICANN charges 18 cents per transactions for registrars https://www.icann.org/en/contracted-parties/accredited-registrars/how-to-become-a-registrar/registrar-fees-10-08-2018-en + +Registrars charge a fee on top + +https://webmasters.stackexchange.com/questions/61467/if-icann-only-charges-18%C2%A2-per-domain-name-why-am-i-paying-10 + +### Kinds of TLDs + + + +Generic TLDs (gTLD) like `.com`, `.net`, and `.org`. These can be used by anyone + +Sponsored TLDs (sTLD) like `.gov` and `.edu` have more stringent eligibility requirements, like being a US government or educational entity + +Country Code TLDs (ccTLD) like `.us`, `.mx`, `.uk`, are managed by territories. Ironically, these do not necessarily need to be used for hosts within that country. Each country can decide registration rules. + +On the looser side, `.tv` is used for Twitch and `.rs` is used for Rust related sites instead of Tuvaluan or Serbian related content. `.us` TLDs have far stricter rules, requiring the registrant to have ties to the US[^usTLDNexus] + +[^usTLDNexus]: https://www.about.us/documents/policies/usTLD_Nexus_Requirements_Policy.pdf + +## Other + +### DNS allows for redirects + +### Vhosts + + + +Even if you know the IP of a web server, it may use vhosts to allow the URI or Host header to direct what content you are served + +Here's an example configuration from an Apache web server[^apache] + +[^apache]: [Apache HTTP Server Version 2.4 Virtual Host Examples](https://httpd.apache.org/docs/2.4/vhosts/examples.html) + +```apache +Listen 80 +