I bet you have asked yourself: “how does dns work?”.
What is DNS
DNS stands for Domain Name System and how it works is like a phonebook:
There are owner’s name and number that equivalents to domain’s name and ip
addresses. It is the successor to the old hosts.txt file used in the early
days of ARPANET. The difference
between hosts.txt and DNS is architecture.
Old days with hosts.txt probably sucked due to centralization. You had to contact the operator to make a change or get the latest update. But, those problems are no longer an issue again for now.
DNS has hierarchical concept with thirteen root servers under Internet Assigned Numbers Authority. It is important thing if we want build our own dns server and you want people can access your domain from that. Without it, no one can access your domain except in the same network.
Two types of DNS you have to know: recursive and authoritative. Both of them have different purposes, but they go hand in hand.
Recursive
Recursive works as a middleman that receives a domain request from a client to a recursive resolver. The resolver will send the request to a root server, then to a TLD server, and finally to the Authoritative server that gives the answer back to the resolver. To make the process faster, the result of each query is stored in a cache for future requests.
Root Server
Root Server is the highest level in the DNS hierarchy. There are 13 root servers operated by different organizations and universities under the Internet Assigned Numbers Authority. Although there are only 13 logical names, each one is replicated into hundreds of physical servers worldwide for redundancy. With Anycast, your query is automatically routed to the nearest physical copy, making the process fast reliable.
TLD Server
Every top-level domain has its own name server. For example:
- .org: a0.org.afilias-nst.info, a1.org.afilias-nst.info, and the others
- .com: a.gtld-servers.net, b.gtld-servers.net, and the others
- .xyz: y.nic.xyz, y.nic.xyz, and the others.
After the root server responds, the resolver asks the TLD server, which then points to the correct Authoritative server.
Authoritative
This is where your domain configuration is stored. You need an Authoritative DNS server whenever you make a change to your domain, either adding a subdomain, changing an IP address, or setting up email.
Here is an example of my domain configuration on Cloudflare:
;; SOA Record
radhitya.org 3600 IN SOA gene.ns.cloudflare.com. dns.cloudflare.com. 2053351689 10000 2400 604800 3600
;; NS Records
radhitya.org. 86400 IN NS gene.ns.cloudflare.com.
radhitya.org. 86400 IN NS rodrigo.ns.cloudflare.com.
;; A Records
alif.radhitya.org. 1 IN A 185.199.108.153 ; cf_tags=cf-proxied:false
alif.radhitya.org. 1 IN A 185.199.111.153 ; cf_tags=cf-proxied:false
alif.radhitya.org. 1 IN A 185.199.110.153 ; cf_tags=cf-proxied:false
alif.radhitya.org. 1 IN A 185.199.109.153 ; cf_tags=cf-proxied:false
freesia.radhitya.org. 1 IN A 103.74.5.180 ; cf_tags=cf-proxied:false
mail.radhitya.org. 1 IN A 103.74.5.180 ; cf_tags=cf-proxied:false
radhitya.org. 1 IN A 103.74.5.180 ; cf_tags=cf-proxied:false
;; MX Records
radhitya.org. 1 IN MX 9 mail.laskarnix.org.
;; TXT Records
_atproto.radhitya.org. 1 IN TXT "did=did:plc:mgu5q3jjgpwez5iotllfuiw7"
_dmarc.radhitya.org. 1 IN TXT "v=DMARC1;p=none;pct=0;fo=1;rua=mailto:admin@radhitya.org;ruf=mailto:admin@radhitya.org"
mail._domainkey.radhitya.org. 1 IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYMuZA+1mq+SetRLLx3ypaF/ie3nIQMo20SJ69HQz9Am9yBZTJMEUlbcao4Qyjjr18UUGBqtuZnPkL27D6sdBrtby1313pwJpCJC6mHANBG2eGvTHlV7gUY0jBZ3JwynySS547IcA5Jm4107N1LygwGW9YFU7lLpwQ3dLMY8xLgwIDAQAB"
_nostr.radhitya.radhitya.org. 1 IN TXT "d98e9517ddad1993930496b8610ae5553a6c4eb12a9de9ad1ddb4d673ac77e41"
radhitya.org. 1 IN TXT "google-site-verification=YaZmtAN_pKgNu4RZNNsT1ghRMkBi2lxckK2UlGjF7os"
radhitya.org. 1 IN TXT "v=spf1 a mx ip4:103.235.75.32 ~all"
radhitya.org. 3600 IN TXT "google-site-verification=gDzgJc1zYr2OX7GNPY-iXndH5w6VOgfuyL2ZR3TXUn0"
Start of Authority (SOA)
Start of Authority is DNS record to mark the beginning of DNS zone and domain configuration.
- gene.ns.cloudflare.com is MNAME for the primary name server that manages the domain’s DNS zone
- dns.cloudflare.com is RNAME for DNS responsible email (the first dot is changed to @)
- 2053351689 is SERIAL for DNS zone version number that will be increased in every revision.
- 2400 is RETRY for retry timeout if primary server fails to be contacted during refresh
- 604800 is EXPIRE for maximum secondary timeout will be marked as valid if primary server down.
Text (TXT)
Text is the place for domain owner to put their info, like domain ownership verification, email validation, and the others.
Address (A) and Quad Address (AAAA)
They are IP address configuration and the difference between them is A for IPv4 and AAAA for IPv6
Name Server (NS)
Name Server records which name servers are authoritative for this domain
Linum - My Own Resolver DNS
I made my own resolver DNS. It has similar functionality to Unbound and Adguard Home does. Although my program is not feature-rich, linum does the job correctly for resolver, recursive, and ablock.
I chose Golang because Golang is beautiful and has comprehensive
libraries that helped me. The DNS library I use is miekg/dns with excellent
features.
Perhaps, this is the first time i learned a lot because i had to write caching, regular expression, and many things i had forgotten. On the other side, i felt ashamed to claim my program since it was AI assisted, to be exact AI made a plan and i wrote the code.
You can see everything in my program at codeberg.org/radhitya/linum.