Setting Up DNS

DNS?

Domain Name Service / System. In a nutshell, this converts domain names like "kn4obl.net" to an IP address like "45.33.99.51". Only IP Addresses can be routed over the internet, but humans have a much easier time remembering words or phrases. In the distant past of the 1970s, all these name-to-IP-address associations were stored in a single giant file called "hosts", and DNS became a necessity to keep up with the massive growth of the internet.

The Domain Name System is the global network of root servers and all the internet service provider (ISP)-run DNS servers. The Domain Name Service is a program that servers can run to provide information over a given protocol on network port 53. To run your own DNS, you have to interact with both.

Domain Name Registration & The Root Servers

Firstly, you have to register a domain name. This system works more on trust than technology - we as a planet universally trust in the Internet Corporation for Assigned Names and Numbers (ICANN) to maintain the DNS root zone. This organization is arguably why the United States solely owned and controlled the internet Prior to 2015. The root zone is the parent of all domains, meaning that familiar top-level domains like ".com" and ".net" (and all others) fall under it. To obtain "kn4obl.net", I had to send some information and money to a registrar, and some of that information and money made its way to ICANN. In return, I get to control the records that the global DNS system provides in response to requests for that domain name.

ICANN controls the root servers. The ".net" top level domain falls under that. Finally, my domain, "kn4obl.net" is under that. Any subdomains like "www.kn4obl.net" are mine to name and assign IP addresses to. But we can't just send every request for an IP to the root servers or the ".net" servers - there are far too many domain names for these servers to handle that workload. When looking up a registered domain on the Domain Name System, the client (computer, web browser, whatever) will receive a different domain name for a specific, authoritative name server. If I were paying for a commercial DNS provider, it might look like "ns1196.dns.dyn.com", which generates separate queries for the name server's domain, "dyn.com". But if I'm runnning my own DNS, the name server can be part of the domain itself, like "ns1.kn4obl.net".

Uhoh! Infinite loop!

How can we look up the IP address for "ns1.kn4obl.net"? It's part of kn4obl.net, so the DNS server we should ask would be... ns1.kn4obl.net. The secret is glue records. To use a server's IP as a glue record, it has to be a reliable IP address - once DNS is up and running, records can be changed as rapidly as needed, but glue records are a part of the domain registration. Home cable connections aren't statically addressed, so I rented a virtual private server from Linode to provide at least the DNS part of my services. This IP address won't change often, likely never.

By sneaking in a specific IP address along with the name server's name, we can short-circuit the loop. We can finally ask, what's the IP address for kn4obl.net?

bind, also known as named

So we've found the right name server to ask - now we can open a connection with the Domain Name Service protocol to the IP address in the glue record. That private server should be listening on port 53. There are several name server daemons, but I went with a classic, bind9, also known as named, the Internet domain name server.

without going into detail that can be better explained elsewhere, the server configuration culminates in zone files that provide name to IP associations that look like this:

kn4obl.net. IN A 45.33.99.51

In Summary

  • I paid ICANN to recognize me as the controller of kn4obl.net.
  • The ICANN glue record points to a virtual private server I'm renting.
  • The server runs bind, a program to serve name service requests.
  • The client finally receives the IP address for any of the domains or subdomains in my zones.
  • With the IP address received, users can look up any of the resources I provide, across any number of servers.

Running my own DNS does require servers more reliable than a PC on my home network connection. At a cost of about $10 a month, I only need to host the DNS for 4 domains to break even with the going rate of $30 a year. Will it be reliable enough to replace a commercial service? I'm sure not asking much of my existing DNS, so I think it's possible. Only time will tell.

links

social