Monday, January 4, 2010

How domain name system is controlled?

SkyHi @ Monday, January 04, 2010

I do not know how domain name system can avoid duplicate entries of same domain name across globe.

Say I start a domain name server and map domain to my ip
address, how other domain name servers detect the ambiguity? Who is
responsible for avoiding such duplicates?


The reason it wouldn't matter is because no one will ever ask your personal DNS server to resolve

Let's say I ask my browser for Here are the steps my
ISP's recursive nameserver goes through, assuming google's A record is
not locally cached:

  1. I request the DNS A record for from my ISP's nameserver (and it's not in my personal DNS cache).
  2. If it's not recently cached, the nameserver knows it's not
    authoritative for the zone, so it can't look it up in the
    local zone database. Thus, it asks a random one of the 13 root
    nameservers about
  3. The root server sends the ISP's nameserver to the Global Top-Level Domain server for the .COM TLD, using their NS records.
  4. The GTLD nameserver also doesn't know where is, but it
    sends the nameserver the records for nameservers that are authoritative
    for the zone.
  5. Now our nameserver asks the authoritative server, and it returns
    the A record for, which is returned to us (and cached on the
    ISP's nameserver to avoid having to go through all this again).

As you can see, at no point in that process will I or my nameserver ask your DNS server where is.

Now, there are potential vulnerabilities, through cache poisoning
and other similar attacks. One of the most famous is the Kaminsky

For an awesome step-by-step guide to DNS resolution, plus descriptions of the serious issues and vulnerabilities, check out this illustrated guide.

A small point of contention here: Your ISP's
DNS servers don't query the root servers for Google's A record. The
root servers answer queries regarding the gTLD's. Ignoring any
cacheing, here's how it would go:

  1. Your ISP's DNS server will query a root server to find the authorative name server(s) for the .com gTLD

  2. Your ISP's DNS server will then query one of the gTLD servers
    responsible for the .com domain to find the authorative name server(s)
    for Google

  3. Your ISP's DNS server will then query one of Googles name servers for the A record

The root servers are responsible for the . domain and the gTLD
servers are responsible for the .com, .edu, etc. domains. The root
servers don't know anything about any domain under .com, .edu, etc.

There are two levels of hierarchy at work here: through - responsible for the . domain through - responsible for the .com, .edu, etc. domains