Join Log in
Score:0
redpanda2236 avatar Server

How does a TLD domain name server work in practice?

cn flag
redpanda2236

How exactly does a TLD name server resolve a query and identify the authoritative name server with the required information? Does a TLD name server for ".com" store the corresponding name server for every single website with the ".com" TLD? Is that not a massive database? Or is there some kind of algorithm that decides which domain names are assigned to which authoritative name servers and thus running the domain name through the algorithm you can identify the right authoritative name server?

Sorry this seems like a really simple question but I can't find anything online, I can only find surface level explanations of DNS like this one by CloudFlare but nothing that goes into the nitty gritty details.

50
0 + 0
dave_thompson_085 avatar
jp flag
dave_thompson_085
In 1980 or 1990 yes it would have been problematic. Today you can get a 1e13-byte disk for under US$100, and at probably less than 100 bytes per domain that allows a dozen domains for every person on Earth.
0
Reply
redpanda2236 avatar
cn flag
redpanda2236
@dave_thompson_085 ok I guess my gut intuition was wrong lol. Do you know exactly how they map domain name to the right name server? Is it a hash table?
0
Reply
dave_thompson_085 avatar
jp flag
dave_thompson_085
Could be. You could look at open-source DNS server software like bind and djbdns, but the TLD&root operators almost certainly use customized if not entirely custom software. Given their criticality, I'd bet there is a practice, if not an outright rule, to _not_ all use the same software to prevent risk of total failure from a bug or vulnerabilty. (People in telecom still remember with pain the day 32 years ago that AT&T 'toll' switches all crashed repeatedly due to a bug, making their nationwide long-distance network unusable for hours.)
0
Reply
Score:2
Patrick Mevzek avatar Server
cn flag
Patrick Mevzek

How exactly does a TLD name server resolve a query and identify the authoritative name server with the required information?

A TLD nameserver does nothing differently than any other authoritative nameserver at any other node in the DNS tree, that is per design and a property of the DNS protocol as a decentralized database.

You are probably forgetting the "registration plane". DNS deals with resolution aka the "resolution plane". It explains how to get the data, not how the data was stored in the first place (except with things like DNS updates, but that is for a local use not a global one).

The registration plane is that there are registries and registrars typically. A registry manage a TLD. It ensures the nameservers are working and it gets order from registrars. Registrars have end clients that choose domains and register them. Registrars send commands to registries typically with a protocol called EPP.

So in summary a registry maintain a database (typically relational) with all the data, including things not published in the DNS but available through other protocols like whois or RDAP (ex: contacts). This database is used to configure TLD authoritative nameservers with all the delegations, aka the NS records.

Does a TLD name server for ".com" store the corresponding name server for every single website with the ".com" TLD?

Yes, per above discussion.

Is that not a massive database?

For some TLDs like .com yes, but:

  • only a few hundred millions of records, which is something databases can completely handle, they are other cases with far more data
  • TLD like that is an exception, most TLDs are far smaller; typical ccTLDs are a few millions domains for example

Or is there some kind of algorithm that decides which domain names are assigned to which authoritative name servers and thus running the domain name through the algorithm you can identify the right authoritative name server?

No there is not. When you register a domain name (at any level in the DNS tree in fact), you are free to choose whatever nameserver you want to have handling it (except some very specific edge cases, like .tel in the past where the registry was forcing specific nameservers).

Sorry this seems like a really simple question but I can't find anything online,

https://en.wikipedia.org/wiki/Domain_name_registry is short but can be a good introduction. As soon as you understand there is resolution on one side (the DNS) and registration on the other (the whole registry/registrar things), it should help you understand things better.

0 + 0
Score:1
avatar Server
in flag
Virsacer

Well, they have to have all the delegation (NS) and glue (A/AAAA) records for their zone. dig com NS reveals that there are as many nameservers as there are root-servers:

;; ANSWER SECTION:
com.                    63343   IN      NS      i.gtld-servers.net.
com.                    63343   IN      NS      l.gtld-servers.net.
com.                    63343   IN      NS      f.gtld-servers.net.
com.                    63343   IN      NS      b.gtld-servers.net.
com.                    63343   IN      NS      k.gtld-servers.net.
com.                    63343   IN      NS      h.gtld-servers.net.
com.                    63343   IN      NS      j.gtld-servers.net.
com.                    63343   IN      NS      c.gtld-servers.net.
com.                    63343   IN      NS      d.gtld-servers.net.
com.                    63343   IN      NS      g.gtld-servers.net.
com.                    63343   IN      NS      e.gtld-servers.net.
com.                    63343   IN      NS      a.gtld-servers.net.
com.                    63343   IN      NS      m.gtld-servers.net.

So you can query any of them like this: dig google.com @a.gtld-servers.net. And they tell you the authoritative nameservers for the requested domain:

;; AUTHORITY SECTION:
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.         172800  IN      AAAA    2001:4860:4802:34::a
ns2.google.com.         172800  IN      A       216.239.34.10
ns1.google.com.         172800  IN      AAAA    2001:4860:4802:32::a
ns1.google.com.         172800  IN      A       216.239.32.10
ns3.google.com.         172800  IN      AAAA    2001:4860:4802:36::a
ns3.google.com.         172800  IN      A       216.239.36.10
ns4.google.com.         172800  IN      AAAA    2001:4860:4802:38::a
ns4.google.com.         172800  IN      A       216.239.38.10
0 + 0
Score:1
John Mahowald avatar Server
cn flag
John Mahowald

Does a TLD name server for ".com" store the corresponding name server for every single website with the ".com" TLD?

Yes. There are many servers behind multiple service IPs, any of which can service the query. dig -t NS com. to get a list.

For fun I downloaded com. from ICANN. That zone is 22 GB in size, 3.9 GB compressed. Large for DNS, but small for modern databases and storage systems. Operators can choose what database implementation stores zone data, and how it is replicated. Very likely every node has their own copy, to increase overall service availability in the event of downtime affecting some servers.

The zone contains which DNS servers are authoritative for a given name. Those following Stack Exchange's infrastructure blog may remember they are hedging their bets on DNS providers, and indeed that is still present:

ns1.serverfault.com.    172800  in      a       198.252.206.80
ns3.serverfault.com.    172800  in      a       69.59.197.60
serverfault.com.        172800  in      ns      ns-1135.awsdns-13.org.
serverfault.com.        172800  in      ns      ns-860.awsdns-43.net.
serverfault.com.        172800  in      ns      ns-cloud-c1.googledomains.com.
serverfault.com.        172800  in      ns      ns-cloud-c2.googledomains.com.
stackoverflowdevinsights.com.   172800  in      ns      ns1.serverfault.com.
stackoverflowdevinsights.com.   172800  in      ns      ns3.serverfault.com.

See also over at Super User: Is there a way to get the complete zone file for a domain without contacting its host?

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.