WP DNS for Humans: Making Sense of Domain Name System

Decoding DNS: A Five Minute Explainer About Domain Name System

Decoding DNS: A Five Minute Explainer About Domain Name System

There will always be services to onboard in running a website. As a solutions engineer, the domain name system (DNS) is one of those technical topics that comes up almost every day while I’m working with customers to tune the Imperva Incapsula service to fit their needs.

In this article you’ll find out:

  • Why DNS is integral to most Internet protocols
  • How DNS makes the Internet human-friendly
  • What makes DNS an international standard
  • How DNS maps names to IP addresses

DNS 101

The domain name system, defined (primarily) in RFC1034 and RFC1035 forms part of the major Internet backbone. Acting as a distributed hierarchical directory service, it makes large networks like the Internet friendly to humans.

Each network resource is represented by a numeric address, taking the form of four three-digit numbers separated by periods (e.g., 123.456.654.321). This is the form of an IP version 4 (IPv4) address.

The world has run out of such addresses. As we begin to embrace the Internet of Things (IoT), an advanced addressing scheme, IPv6, has been introduced to provide many more unique addresses. (It will eventually replace IPv4 altogether.)

Such numerical strings are difficult for humans to remember and offer no hint as to what or whom it belongs. The problem only gets worse when you consider more complex IPv6 addresses.

The domain name system (DNS) is what lets us enter recognizable names in a web browser (e.g., www.somedomain.com), that name being mapped to the network resource where that website is hosted.

Who Runs the DNS Overseers?

The Internet Corporation for Assigned Names and Numbers (ICANN) is authorized to run the root zone, split into the ISO domain types (e.g., .com, .org, .edu). In turn, domain name registries are created to operate the major zones. The Internet Assigned Numbers Authority (IANA), an ICANN department, is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.

Every country elects a delegate to control their country code top-level domain. In Israel, for example, one of the delegates is ildns.huji.ac.il (Hebrew University of Jerusalem).

Domain type resource records can be modified on behalf of registrants through a system of registrars such as InterNic, GoDaddy and others.

Domain Types

A domain is divided into different levels, all of which are hierarchical:

  • gTLD (Generic Top Level Domain) – Domains ending with .com, .net, .org, .gov, .edu and .name.
  • ccTLD (Country Code Top Level Domain) – Domains designating a specific country of origin (e.g., .il, .ru, .uk, ,us, .it, .pl).
  • Infrastructure TLD – Address and routing parameter area domain (ARPA), e.g., IPv4 48.199.81.in-addr.arpa. Used in PTR records (explained below).
  • 2ld, 3ld, 4ld – As an example, in www.somedomain.co.uk, uk is the ccTLD, co is the 2ld, while somedomain is the 3ld and www the 4ld.

This is similar to a personal computer folder/subfolder, but is evaluated in the opposite direction. For example, consider the following Microsoft Windows path, C:\Windows\system32\drivers\. Its root starts at C:, with each backslash being a separator between a folder and its subfolders.

In a domain such as www.somedomain.co.uk, the root starts with its ccTLD and is evaluated from right to left. Each period (dot) determines the zone cuts, or delegation points.

What is the Act of Delegation?

Delegation refers to placing name server (NS) records in a domain name, thus delegating control of a subdomain to another entity. The other entity now controls the resource records for this subdomain. Additional child domains may be further delegated to other entities.

Whenever a higher entity delegates a zone to another entity, the latter becomes the authoritative NS for this zone and its undelegated subzones. For example, the “uk” zone is delegated by IANA to an entity in the UK that can delegate the subzone “co.uk” to some other entity to be the authoritative NS.

What Is a Zone?

DNS mappings are accomplished by different types of resource records contained in a zone file database and served from an authoritative name server—the single server responsible for resolving DNS requests of a specific domain. In most cases, your site’s authoritative name server is located at your hosting provider (e.g., GoDaddy), although some domains maintain their own authoritative name server.

What are Resource Records?

Similar to individual files within a Windows subfolder, a domain contains resource records that are classified by type. Such records are normally defined in zone files. Important resource record types include SOA, NS, A, CNAME and MX, as follows:

  • A

One or more A records normally define a host and contains an IPv4 or IPv6 address. For example, the record:

www      IN        A

in the somedomain.co.uk domain defines the host uniquely identifiable as www.somedomain.co.uk to be reachable at the IPv4 address


A CNAME (canonical name) record defines an alias which will be resolved until an A record is found. The record:

www      IN        CNAME          www.somedomain.co.uk

in the somedomain.com domain defines the name uniquely identifiable as www.somedomain.com to be an alias of www.somedomain.co.uk.

  • MX

An MX (mail exchange) record holds the host names and priorities of the mail servers for a domain. The records:

somedomain.co.uk     IN        MX      10       mailsrv1

somedomain.co.uk     IN        MX      20       mailsrv2

define mailsrv1.somedomain.co.uk as the first priority mail server and mailsrv2.somedomain.co.uk as second priority.

  • NS

The NS (name server) record defines a domain’s authoritative name servers. It can also define the name servers of child domains (subdelegation). Example:

somedomain.co.uk     IN        NS       ns1.somedomain.co.uk

somedomain.co.uk     IN        NS       ns2.somedomain.co.uk

  • PTR

The PTR (pointer) record points an IP address to an A record in a reverse mode, and uses the infrastructure TLD domain type.


  • TTL

Time to live (TTL) serves as a caching control. Every name server keeps a cache of the results so it won’t have to ask the same question again in a given period of time. The time is determined by the authoritative server, so any other server knows how long it needs to keep answering the cached response before asking for an update from the authoritative server. TTL values are determined “per record” and setting this value on specific records is sometimes honored automatically by all standard DNS systems worldwide. However, some caching DNS servers may set their own TTLs regardless of the authoritative records, so it cannot be guaranteed that all world-wide DNS servers have the new records after the TTL has expired.

Start of Authority

Each domain has its own start of authority (SOA). It defines where the authority of the domain begins—in other words, who owns the domain. Every zone file contains the following basic and required records.

Start-of-Authority What is a Name Server?

The NS is a server responsible for answering DNS queries.

  • It exists at all hierarchical levels.
  • Authoritative name servers hold part of the entire DNS database.
  • One NS can serve more than one zone.
  • Many name servers should serve the same zone for redundancy purposes.
  • Some name servers are authoritative for certain zones and/or subzones.

Iterative vs. Recursive

Name servers have different functions. Iteration and recursion are two different functions that are often erroneously used interchangeably. Generally speaking, the NS your computer points to is most likely a recursive server.

Zones, on the other hand, are hosted in iterative name servers. Iterative name servers can only answer information they know or have cached. Conversely, recursive or cache name servers only know how to ask other resources for information as they don’t retain authoritative information.

Let’s access a web page to see the difference.

You type http://www.google.com into your browser and press [Enter]. Here is what happens next:

Step 1 – Your computer sends a resolution request to its configured NS, typically located at your ISP.


Step 2 – Your recursive ISP NS starts by asking one of the predefined root servers in its “hints” file.


Step 3 – The recursive NS then asks one of the com name servers.


Step 4 – The recursive NS asks one of the google.com name servers.


Step 5 – The recursive NS sends the answer back to your computer. The server remembers (caches) the data for the duration specified by the TTL.


Step 6 – Your computer can now send the HTTP request to the Google web server.


To find out how DNS works at Incapsula, please refer to our support articles, Onboarding FAQ and Onboarding a Site – Web Protection and CDN.