Understanding DNS: Architecture, Protocols, and BIND Configuration

DNS (Domain Name System) is a distributed database that maps domain names to IP addresses, enabling human‑readable access to internet resources.

Key characteristics include its distributed nature, support for both TCP and UDP (default port 53), a maximum label length of 63 characters, and an overall domain name length limit of 253 characters.

UDP is used for typical queries, but when a response exceeds 512 bytes the protocol falls back to TCP; modern extensions allow larger UDP responses when the client indicates support.

The DNS hierarchy resembles an inverted tree similar to a Linux file system, with the root zone at the top, followed by top‑level domains (e.g., .com), second‑level domains (e.g., chinaz.com), and sub‑domains accessed from bottom to top.

Top‑level domains are managed by ICANN and fall into generic (e.g., .com, .org) and country‑code (e.g., .cn, .us) categories; special TLDs like .me and .io are often chosen for personal or tech‑oriented projects.

The resolution process starts with the client consulting /etc/nsswitch.conf (which typically contains the line hosts: files dns myhostname ) to decide whether to use the hosts file or DNS. The client then queries a local recursive resolver, which checks its cache, contacts root name servers, follows delegations to TLD and authoritative servers, and finally returns the IP address.

Recursive resolvers (often provided by ISPs or public services such as 8.8.8.8) perform the full lookup chain, while authoritative servers store the definitive records for their zones.

Caching at each level reduces latency and load, but also introduces propagation delays; root servers are limited to 13 instances to keep UDP packet sizes within 512 bytes.

Smart DNS adds the client’s IP to queries (via EDNS) so the server can return the nearest IP address, improving performance across heterogeneous ISP networks.

Using BIND, the main configuration file is /etc/named.conf , where zones, logging, security, and recursion are defined. Zone files specify records such as SOA, A, CNAME, and NS. Example commands to validate configuration include named-checkconf and named-checkzone , and the service can be started with service named start (or systemctl restart named.service ).

Load balancing can be achieved by adding multiple A records for a name (e.g., www IN A 1.2.3.4 and www IN A 1.2.3.5 ), which causes resolvers to rotate responses (RR). This method is simple but lacks health checks compared to dedicated load balancers like LVS.

Sub‑domain delegation involves a parent zone granting authority to a child nameserver via NS records (e.g., a.hello.com IN NS ns.a.hello.com and ns.a.hello.com IN A xx.xx.xx.xx ), allowing independent management of sub‑domains.

Common DNS debugging tools are host , nslookup , and dig , with dig providing detailed query and response information.

DNS amplification attacks exploit the disparity between small query packets and large response packets, using spoofed source IPs to flood a target with amplified traffic; mitigation requires proper server configuration and filtering.