"DNS is yet another one of those Internet 'things' that just makes me step back and go... Wow! This is amazingly complex, and yet it works really well" Those are the words of Jeff Zimmerman the Cisco King that always has an answer to questions about our network and equipment. He and I trade emails rife with geek speak about cool stuff like DNS. Surprisingly, I have to explain Domain Name Service (DNS) to clients and customers on a regular basis. Questions always arise when a customer is setting up a new web site to host with us, or they are moving an existing web site over to us. The 2 most frequent questions are "What is DNS?" and "Why does it take 12 to 48 hours to make a name change?"
Let's start with the Basics. Every computer connected to the internet does so through the use of a machine readable "address" that is unique. It is unique across the internet - one of a kind. It's 4 pairs of numbers or "bytes". In binary it looks like this 01000010 00100101 11101110 00011010, but in decimal it looks like this 184.108.40.206. Now this is the point in time when I notice my listeners eyes are glazing over. Shout "fire" or something similarly startling (or have a balloon handy) before you continue.
The problem is that people just don't read Binary very well. I know that 00000000 is "0" and that 11111111 is "2555", but what the heck is 01000010 (66 for those taking notes). Decimal is a tad better, but more difficult to remember than my parents phone number (which reminds - mom, I meant to call you last night). Humans like things that are made of letters and resemble language. We prefer "google.com" to a bunch of zeros and 1's or number pairs - even though "google" doesn't really mean any more that the binary numbers.
DNS is the phone book for the Intranet. It's a giant "lookup" that allows your computer to send in a string like "www.google.com" and get back a number like 220.127.116.11. That number (translated into binary) can be easily used by your computer to "find" that other host on the Internet. So the first part of any web request or email request is usually to check with the DNS server to get back that number.
There are thousands of DNS servers on the internet. When you make a request to resolve www.cfwebtools.com (for example) it goes to the DNS server that you have registered in your network properties. If you are using a commercial ISP this will be an IP address given to you - automatically in most cases - and set up as the "registered DNS" for computer. Let's call this "your" DNS server (the one you are querying with your browser).
If "your" DNS already knows about www.cfwebtools.com it serves it up - end of story. "Your" DNS server (like all DNS servers) stores names and IP addresses in a Cache. So when Billy looks up yahoo and 5 minutes later Sally does the same thing the DNS server can say "ahah! I know this one!" Sort of like those people that watch the Ken Jennings episodes of jeopardy over and over again so they can feel good about knowing all the answers.
The DNS Cache can be set up a number of ways. The most common way is to use "Time to Live" (TTL) for a domain. You see part of any domain record is a "TTL" flag. It's the number of seconds that the record should be considered valid. When the DNS server first "gets" the record and stores it in the cache, it sets the TTL based on this flag. When the TTL number of seconds is up, the record is expired out of the cache. The next request for that domain will cause the DNS server to go and "get" the current record (more on that later). A typical TTL is 86400 seconds or 1 day.
If a DNS administrator expects a domain a great many changes he will set this number lower on the "controlling" server. Why all the rigmarole? The truth is that if DNS didn't work this way the amount of DNS traffic on the internet would eclipse the amount of actual traffic. Everyone would be so busy looking for addresses and numbers that no one would actually be communicating - sort of like a singles bar.
When DNS does not find the domain in it's cache then it has to go get it. Remember, "your" DNS server has only the string www.cfwebtools.com . But that gives it a starting place. The string www.cfwebtools.com is actually hierarchical. It represents a "host" called "www" on a "domain" called "cfwebtools" that is a "sub domain" of a domain called "com" that is a sub domain of "root" - which in geek speak is a period "." - that's why the "true" address is actually www.cfwebtools.com. (note the period). Early on, browsers dropped the period because it became evident that there would only be 1 root. There was no competing "comma" root I suppose (and no, Bill Gates had nothing to do with this.... Al Gore Maybe...).
Anyway, your DNS server doesn't know www or cfwebtools, but every DNS server knows about the "root" servers. These are very large servers that are "mirrored" throughout the world and control the "root" along with the main "root domains", which you know as "com, org, biz, net, info, gov, edu... etc.). In addition to these high level servers, DNS servers are often connected in a cascading hierarchy for upstream requests. They simply forward requests to a higher level DNS server for further processing and that higher level DNS server may follow the same procedure.
Your DNS server says to a root controller for "com" (or some downstream DNS server) "what do you konw about www.cfwebtools on the domain com). The DNS server may or may not be able to answer, but it can always contact the root of "com". Since the root of COM should know about cfwebtools - after all it's either a host or a sub domain that belongs to the "com" domain - right? In the case of cfwebtools (and all entries for com - I doubt there any actual "hosts" on com), the root of com has a "delegation" record for "cfwebtools". This delegation record says, "anytime you get a request for cfwebtools on com send it to one of these 2 (or more) name servers".
The root DNS contacts the name servers for cfwebtools and says "tell me what you know about www on cfwebtools.com. Since this new DNS server is the "controlling" (delegated) name server for cfwebtools it responds with an IP address which is forwarded back down the chain to you and bob's your uncle (or Sally if you live in California).
DNS servers all cache the data at every turn and expire the cache in a variety of ways (smart ttl expiration, fifo buffers and the like). This is what makes the "propagation delay" in resolving your IP. Each user for your domain has a different starting point on the Internet - and (typically) a completely different DNS server to start with. A user's registered DNS server does it's best to resolve the IP in the fewest number of hops - as soon as it hits an ip in the a cache along the way it serves it up. Since there are many many flavors of DNS and DNS configurations out there it can take quite some time for all of them to be "current" with a host ip address.
Sometimes the busier your site - the longer it takes. Why? Because your IP is cached in a more places on the net. If your site is very lightly used, then few people have visited, ergo, few DNS servers hold your IP in cache. The chances are that the DNS server is going to have to look it up anyway.
I'm well aware of the technical proficiency of my reading audience and I'm quite sure that if I've made any glaring errors you will help me by pointing them out. I welcome those comments. They will make this a better all-around post.