Domain Name System

Domain Name System

As far as most people are concerned, the Domain Name System (DNS) is a black box. I'd like to peek inside that box to find the answers to the following questions:

How does a host name get converted to an IP address?

The IP address (and other information) for a host name is found by tracing down a tree of information stored in domain name servers distributed around the net. If, for example, I wanted to determine the IP address of aramis.rutgers.edu, I would first ask a server at the root of the DNS tree, one of which is h.root-servers.net.   h.root-servers.net does not know about aramis.rutgers.edu, but it knows a list of servers who should know about the rutgers.edu domain, so it responds that I should ask one of dns1.rutgers.edu, dns2.rutgers.edu, or dns3.rutgers.edu.   Asking ns1.rutgers.edu, I would learn that aramis.rutgers.edu had the IP address of 128.6.4.2.

Obviously, it would place a great load on the net (and the root servers) if I had to go through this every time I needed a host's IP address. Fortunately, resolvers (the agents which do all the actual work shown above) cache information they have already learned for a while. (The actual length of time the information is good for is returned with the answer from the server providing the information.)

If I can convert a hostname to an IP address, how come sometimes I can't convert that same IP address back into a hostname?

It does seem silly on the face of it that my resolver knows (and can tell me immediately) the IP address associated with a hostname, but may claim not to know about, or even be able to determine, the hostname associated with that IP address. But more things are stored in the DNS system than hostnames and IP addresses, for instance, mail exchange records. If you ask to which machine should mail for aramis.rutgers.edu be delivered, you'd be told mail.cs.rutgers.edu. That information is cached too. But it would not make sense to ask what the hostname is which has its mail delivered to mail.cs.rutgers.edu. It would take extra effort for the resolver to be able to reverse just the hostname to IP address pair of data. Indeed, there are security reasons you would not want this to happen.

It's impossible to get to a host if the hostname to IP address mapping is not working. But there are fewer things you cannot do if the IP address to hostname mapping is broken. Therefore, broken IP address to hostname mapping may take longer to notice and seem less essential to the data maintainers to fix.

How *does* an IP addresss get converted to a hostname?

IP addresses are looked up very much like hostname, but the "hostname" you're looking up is made up of the 4 numbers in the IP address. So if you wanted to look up 128.6.4.2, you'd look in the DNS system for information on 2.4.6.128.IN-ADDR.ARPA. The 4 numbers are reversed for ease of resolver handling - the order is from least to most significant parts, like the hostname. You can also get information on subnets this way. For example, you can find out about the Rutgers class B subnet by looking up 6.128.IN-ADDR.ARPA.

dig is a handy program for poking around in the DNS system.

This page last updated February 15, 2008.