Understanding DNS: From Basics to BIND Configuration and Load Balancing

What is DNS?

DNS (Domain Name System) is an Internet service that maps domain names to IP addresses using a distributed database, allowing users to access resources via human‑readable names.

Key Characteristics

Distributed architecture

Supports TCP and UDP (default port 53)

Maximum label length 63 characters, full name up to 253 characters

TCP vs UDP

Originally DNS used UDP with a 512‑byte limit; responses larger than 512 bytes trigger TCP. Modern DNS can request larger UDP packets, so UDP is still used when the client can handle bigger messages.

Hierarchical Database Structure

DNS resembles an inverted tree similar to a Linux file system. The root zone (.) sits at the top, followed by top‑level domains (e.g., com), then second‑level domains (e.g., chinaz.com), and finally sub‑domains (e.g., tool.chinaz.com).

The tree is distributed to avoid a single‑machine storage bottleneck and to allow flexible delegation of authority.

Top‑Level Domains

ICANN controls generic TLDs (gTLDs) such as .com, .org, .edu and country code TLDs (ccTLDs) like .cn, .us. Personal and tech‑oriented domains like .me and .io are also discussed.

DNS Resolution Process

When a client queries a name, the resolver follows these steps:

Client asks its local recursive resolver for the name.

Resolver checks its cache; if missing, it queries the root servers.

Root servers return the address of the TLD name servers.

Resolver queries the TLD servers for the authoritative server of the second‑level domain.

Resolver queries that authoritative server for the final record and caches the result.

Resolver returns the answer to the client.

Recursive vs Authoritative Servers

Recursive resolvers perform the full lookup chain on behalf of clients, while authoritative servers store the definitive records for zones they manage.

Caching

Caching at each level reduces latency and load; recursive resolvers keep recent answers and can answer repeated queries without repeating the full lookup.

Smart (Geo‑aware) Resolution

EDNS extensions allow resolvers to include the client’s IP, enabling the authoritative server to return the IP address nearest to the requester. DNSPod in China supports this feature.

Domain Registrars

Registrars obtain authority from ICANN to allocate second‑level domains under TLDs. They also provide authoritative name servers, which can be replaced with custom servers (e.g., DNSPod) for better performance or smart routing.

Setting Up a BIND Server

BIND configuration consists of a global file (

/etc/named.conf

) and one or more zone files. Important directives include

recursion

(enable/disable recursive queries) and zone definitions.

Zone files define resource records such as SOA, A, CNAME, etc.

<code>SOA record example:
@   IN  SOA ns.example.com. admin.example.com. ( … )</code>

Common commands to validate configuration:

<code>named-checkconf
named-checkzone
service named start
netstat -ntlp
dig @127.0.0.1 www.hello.com</code>

DNS Load Balancing

Multiple A records for a name cause round‑robin responses, distributing traffic across several IPs. This is simple but lacks health checks compared to dedicated load balancers.

<code>www IN A 1.2.3.4
www IN A 1.2.3.5</code>

Sub‑domain Delegation

When a parent zone delegates a sub‑domain to another name server, an NS record is added in the parent zone and the child zone’s SOA points to the new authoritative server.

<code>a.hello.com IN NS ns.a.hello.com
ns.a.hello.com IN A xx.xx.xx.xx</code>

DNS Debugging Tools

Common utilities include

host

,

nslookup

, and

dig

. The

dig

output shows query, answer, authority, and additional sections.

DNS Amplification Attacks

Attackers exploit the small query / large response ratio of open resolvers to overwhelm a target with amplified traffic, often by spoofing the source IP.