What's In a Name?

What's In a Name?

Surfing the web seems like straightforward undertaking, you type the website you want to go to into your browsers address bar, or you click on a result from a search engine and within no time the website you wanted to visit is in front of you.

But how did this happen simply by typing a web address into a browser? How is the connection made between you and a website out there somewhere in the world?

The answer lies in the Domain Name System (DNS).

All servers on the internet that are hosting the websites you want to access are addressable via a unique Internet Protocol (IP) address. For example as I write this article linkedin.com is currently addressable via 13.107.42.14. These addresses aren't practical for human use which is why we give websites names such as linkedin.com.

DNS is the process by which these human readable names are translated into the IP addresses that can be used to actually access the websites content.

DNS Elements

Four main elements are involved in a DNS lookup.

A DNS Recursor is a server that receives queries from clients to resolve a websites host name into an IP address. The recursor will usually not be able to provide the answer itself but knows how to recursively navigate the phone directory of the internet in order to give the answer back to the client.

A Root Nameserver is usually the first port of call for the recursor, it can be thought as like a directory of phone directories, based on the area of the internet the websites domain points at it directs the recursor at the correct directory that can be used to continue the DNS query.

A Top Level Domain (TLD) Nameserver acts as the phone directory for a specific part of the internet based on the TLD portion of the web address. For example a TLD nameserver will exists for .com addresses, .co.uk addresses and so on.

An Authoritative Nameserver is the final link in the chain, it is the part of the phone directory that can provide the IP addresses for the website you are looking for.

DNS Resolution

To bring this process to life let's look at the path of a DNS query if you were trying to get to mywebsite.com.

The user types mywebsite.com into their browser and hits enter, the browser then asks a DNS recursor to provide the IP address for mywebsite.com.

The recursor first queries a root nameserver to find the TLD nameserver thats appropriate for this request.

In this example the root nameserver will respond with the TLD nameserver for .com addresses.

The TLD nameserver will then respond with the authoritative nameserver for the websites domain, in this example mywebsite.com, the location of this server will be related to where the website is being hosted. The authoritative nameserver then responds with the IP address for the website, the recursor returns this to the users browser and the website can be loaded.

DNS Security

DNS is one of the fundamental technologies that has its origins in the foundation of the web. At this time when the blueprint of the web was being created security was less of a concern to those solving these engineering problems, it was assumed that the authenticity of the links in the chain could be taken on trust.

Unfortunately in the modern web this level of trust in other actors can be misplaced. When a server claims to be the authoritative nameserver for a particular website how can you trust that this is the case and you aren't going to be directed to a rogue impersonation of the website you are trying to reach.

Domain Name System Security Extensions (DNSSEC) is attempting to replace the trust based system with one that is based on provable security. It introduces the signing and validation of the DNS records being returned from the various elements involved in a DNS query so that their authenticity can be determined.

DNS is one of the technologies that is now taken for granted but solves a problem without which the web as we know it wouldn't be able to exist. On the surface it sounds like a simple problem to solve but the scale of the web means even the simplest of solutions has to be able to scale to a world wide scale.

要查看或添加评论,请登录

Ben Walpole的更多文章

  • The Virtual World

    The Virtual World

    I don't have any statistics to back up this claim but given the prevalence of cloud native approaches I am willing to…

  • Distributing Problems

    Distributing Problems

    Patterns and practices in software engineering can be very cyclical, the names and terminology applied can change but…

  • Solid State World

    Solid State World

    It's often said that technology moves quickly, I'm actually of the opinion that its our learning of how to utilise…

  • Network of Networks

    Network of Networks

    When we're searching for analogies to describe the operation of the internet we often fall back on that of posting a…

  • Underpinning Kubernetes

    Underpinning Kubernetes

    Kubernetes is the de facto choice for deploying containerized applications at scale. Because of that we are all now…

  • Compiling Knowledge

    Compiling Knowledge

    Any software engineer who works with a compiled language will know the almost religious concept of the build. Whether…

  • Terraforming Your World

    Terraforming Your World

    Software Engineers are very good at managing source code. We have developed effective strategies and tools to allow us…

  • Being at the Helm

    Being at the Helm

    The majority of containerized applications that are being deployed at any reasonable scale will likely be using some…

  • Avoiding Toiling

    Avoiding Toiling

    Site Reliability Engineering (SRE) is the practice of applying software engineering principles to the management of…

    1 条评论
  • The Language of Love

    The Language of Love

    Software engineers are often polyglots who will learn or be exposed to multiple programming languages over the course…

社区洞察

其他会员也浏览了