Let's Talk DNS on DevCentral
DevCentral is more than a website...it's an awesome tech community where the users and contributors really feel connected and cared for. And that's how it should be. One of the great things about DevCentral is the unique cross-section of talent that exists on this site. In the nine months that I have been a part of DevCentral, I have learned that the community is comprised of super-smart users who know just about everything there is to know about F5 technology. But it's also comprised of many people who are either brand new or fairly new to F5 and networking technology in general. It's a great place to be. And, let me encourage those who have just joined DevCentral to feel right at home and dive in!
Why do I say all that? Well, I'm about to embark on a series of articles discussing the Domain Name System (DNS) and how you can make it do amazing things with F5 technology. Many DevCentral users have tons of knowledge of all things DNS but many do not. So, I'm going to start out by discussing the basics of DNS in this article...what it is, why it's important, why you should care, etc. Then, in future articles, I'll start to dig deep into the technical details of the many DNS services offered by F5. This stuff is really cool, so I hope you enjoy reading these articles as much as I enjoy writing them. Let's dive into DNS together and learn a thing or two along the way...
What is DNS?
The Domain Name System (DNS) is just what it's name says...a system. More specifically, it's a hierarchical distributed naming system for computers, services, or other resources connected to the Internet. It associates various information with domain names that are assigned to each of the participating DNS entries. Or, more simply put, it's a system that translates easily memorized domain names into numerical IP addresses that can be used to locate computer services and devices around the globe. Let's face it...it's much easier to remember "www.f5.com" than it is to remember "65.61.115.222". Think of all the website domain names you know off the top of your head (devcentral.f5.com is, of course, your fave)...now imagine how hard it would be to memorize specific IP addresses for all those domain names!
The Internet is a vast and complicated place, so as you can imagine it takes lots of organization and parts and pieces to get all this DNS stuff to work correctly. To better understand where we are today with DNS, let's talk for a minute about where we were a few years ago. In the early, simpler days of ARPANET, a memorable name was used in the place of a computer's numerical address. Back then a centrally maintained, manually entered, simple text file was used to hold the names and numerical addresses of all ARPANET computers. Periodically, this file would be updated and transmitted to each computer connected to ARPANET (which later became the Internet). That way, each computer could know the name and address of all the other computers. This worked for a while, but it soon became evident that manually updating and transferring a simple text file for all names and addresses would not work for the rapidly growing and complex Internet. In order to provide an efficient and reliable form of name translation, some really smart people designed a well-organized, distributed system that works amazingly well in today's complex, connected world.
How Does DNS Work?
Let's step through the process of a simple request where a user wants to access a website. The user types the address of the site (we'll use www.f5.com as an example) into the web browser. The browser has no clue where www.f5.com is, so it sends a request to the Local DNS Server (LDNS) to ask if it has a record for www.f5.com. If the LDNS does not have a record for that particular site, it begins a recursive search of the Internet domains to find out who owns www.f5.com.
First, the LDNS contacts one of the Root DNS Servers, and the the Root Server responds by telling the LDNS to contact the .com DNS Server (see the diagram below). By the way, the Root Server reminds me of my kids...it never really knows the answer and it always tells you to go ask someone else. But, at least it tells you to ask someone who knows something about your question. My kids, on the other hand...
The LDNS then asks the .com DNS Server if it has a record for www.f5.com, and the .com DNS Server determines the owner of www.f5.com and returns a Name Server (NS) record for f5.com. Check out the diagram below:
Next, the LDNS queries the f5.com DNS Server NS record. The f5.com DNS Server looks up the name: www.f5.com. If it finds the name, it returns an Address (A) record to the LDNS. The A record contains the name, IP address, and Time to Live (TTL). The TTL (measured in seconds) tells the LDNS how long to maintain the A record before it asks the f5.com DNS Server again. Check out the following diagram:
When the LDNS receives the A record, it caches the IP address for the time specified in the TTL. Now that the LDNS had the A record for www.f5.com, it can answer future requests from its own cache rather than completing the entire recursive search again. LDNS returns the IP address of www.f5.com to the host computer, and the local browser caches the IP address on the computer for the time specified in the TTL. After all, if it can hold on to the info locally, it won't need to keep asking the LDNS.
The browser then uses the IP address to open a connection to www.f5.com:80 and sends a GET /... and the web server returns the web page response.
DNS can get a lot more complicated than what this simple example shows, but this gives you an idea of how it works. Rest assured, we will dive into many of the details of DNS over the course of this article series, so be sure to check back for more of this DNS goodness!
Let's Dig!
It's good to see picture examples of the DNS functionality, but sometimes it's nice to see the details of the different records via the command line. To show this, I used the dig tool to view details of the NS record and A record for www.f5.com.
Here are the details of the NS record:
Using pdns1.f5.com (from the NS record above), you can query for the A Record:
Notice the ANSWER SECTION that shows the following:
- Domain name (www.f5.com)
- TTL (30)
- IN is the CLASS and stands for Internet
- A is the TYPE of record (maps the domain name to the IP address)
- The IP Address (65.61.115.222)
Why Is DNS So Important?
In short, if DNS breaks, the Internet breaks. In addition, market demand for DNS services increases each year. Websites are becoming more complex, and many sites today require hundreds of DNS queries just to load one page correctly. Smart phone apps also require multiple DNS queries. Since your business relies on web applications, it relies heavily on DNS.
Fortunately, F5 provides fast, secure, and reliable DNS services. Using the BIG-IP Global Traffic Manager (GTM), F5 offers intelligent and automatic load balancing of web applications across data centers while improving application performance. In this series of articles, we will look at many DNS topics like:
- DNSSEC - real time DNS request signing
- DNS 64 - translating IPv4 to IPv6 automatically
- IP Anycast - spreads the load across several devices and makes it hard to DDoS
- Dynamic failover between data centers during outages while maintaining persistence to prevent broken sessions
- Scaling Global Server Load Balance (GSLB) and DNS performance using multicore Clustered Multiprocessing (CMP) technology
- DNS Express -authoritative for zones and completely shields internal DNS servers from Internet queries
- DNS iRules - you can do ANYTHING with an iRule!
These are a sample of the many things to look forward to in these articles. Be on the lookout for all the DNS fun, and please provide some feedback if you want to see anything else!
- kmurphy_130520NimbostratusGreat article, very well written and informative. Looking forward to reading the rest in the series