DNS : Java Glossary

by Roedy Green ©1996-2008 Canadian Mind Products
index page for letter ⇒ punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)

DNS

Domain Name Service. The name lookup the Internet uses to convert from alphabetic names such as oberon.ark.com to 32-bit binary IPv4 or 128-bit IPv6 addresses used on packet routing. There are computers spread all over the Internet called DNS (Domain Name Service) servers. They will automatically look up a name for you and give you the equivalent numeric IP. The process is analogous to looking up somone’s name in an electronic phone book to find out their phone number. This happens completely automatically whenever you key a website name into your browser or FTP client.

IP addresses	How DNS Works
Explicit DNS Lookup	The Miracle of DNS
Discovering your Host Name	Caching
Discovering your DNS Server	Links

IP addresses

IPv4 addresses are displayed for humans as a dotted quad with four numbers 0..255, e.g. as 204.50.21.34. In Windows 95/98/ME/NT/W2K/XP/W2K3 there is an auxiliary DNS helper file called HOSTS. that lists pairs of domain names and dotted quads. You can use this file for commonly looked up names, or for local names, e.g. names of workstations on the LAN. This is considerably quicker than getting one of the DNS servers to do those lookups for you.

Explicit DNS Lookup

In Java, you can invoke DNS lookup to convert the name to the dotted quad IP address by:

String dottedQuad = InetAddress.getByName( "mindprod.com" ).getHostAddress();

Discovering your Host Name

The InetAddress class also lets you work backwards from the dotted quad to get the host name.

Discovering your DNS Server

There is no official way in Java to find out the IP or name of your default DNS server, e.g. the one that DHCP assigned you. DNSjava is a pure Java set of classes to add a DNS server to your application. That is a rather large hammer to deal with the problem. In Java 1.3 you need the name of a DNS server to use JNDI to get at the other DNS information. In Java 1.4+, here is how you get at DNS MX or A records using JNDI.

For a LAN, you can assign IP addresses such as 192.168.0.1, 192.168.0.2 to each station since these are never seen on the Internet. In Windows, you can use the utility ipconfig /all to display information such as DNS Server IP, host name, physical ethernet 48-bit MAC address, IP, subnet mask, gateway IP and DHCP server IP. In older versions of Windows there is a similar utility called winipconfig.

How DNS Works

Here is my current best understanding about how the DNS lookup works. Don’t quote me yet.

There is a master database of all DNS names and their corresponding IP names. It it not stored all in one computer, but to simplify the explanation, we will pretend that it is. Some DNS names have associated several IPs of server farms that are assigned on a round robin basis to share the workload.

www.mindprod.com, mail.mindprod.com and mindprod.com may all translate to different IPs or to the same IP. All three are tracked in the master database. Ordinary humans aren’t allowed to talk to this master database. Instead you talk to a DNS server run by your local ISP. It does not have the entire database in it, just the entries most popular with the clients of your ISP. If you ask your ISP DNS server for a name it does not know, it asks a higher level server. If that higher level server does not know, it asks still a higher level server, working all the way back to the master DNS database server.

Does this mean you pester the master database every time you ask for a non-existent DNS name? Yes, but since the master database is actually entirely replicated in many computers, this is not the bottleneck you might expect.

How are changes propagated? Roughly once a day each DNS server asks the next higher level server if each of the entries it has cached in its local database is still valid. If not, it drops each invalid entry from its local database. If somebody later asks for that DNS name, the server will asks the next higher level server.

The master database server, through a tree of helpers, periodically asks every station on the net if its DNS name to IP translations are still valid, and if not, what the new information is. The information percolates up so that the master database is then completely up-to-date. From the master database, the information gradually percolates back down to all the ISP servers, through the ordinary process of asking the next higher level server when a server does not have a name in its cache. Information does not percolate down until it is needed. It generally takes about two days for out-of-date information to be totally flushed out of the system. How long it takes depends on a configurable freshness date for each name.

This way your computer only has to tell the Internet once about a DNS change. It does not have to directly tell every DNS server on the Internet.

What goes wrong is sometimes servers refuse to delete invalid cached entries. Then the only way to clear the out-of-date information is to reboot them and clear the entire cache. NT DNS servers have this problem. When a server fails to invalidate its cache, all downstream servers will be badly (i.e. weeks) out-of-date as well. The problem is not cleared until that server is rebooted.

DNS can do a number of other things besides convert a domain name to an IP number. It can go the other way, starting with an IP, figure out the DNS name. It can find out the latitutude and longitude of the server hosting the domain. It can find out what kind of CPU the server is. It can find out who owns the domain. It can distribute digital certificates. It can tell you the name of the associated mail servers. In Java you access this additional information with JNDI.

recommend book⇒DNS and BIND, Fourth Edition

paperback

ISBN13:

978-0-596-00158-2

ISBN10:

0-596-00158-4

publisher:

O’Reilly

published:

2001-04-16

by:

Paul Albitz and Cricket Liu

Covers up to version 9.1.0 BIND. Also cover IPv6. This explains how Domain Name Service finds the corresponding IP to a name. BIND in the software that usually comes bundled with Unix for letting you manange your little branch of the DNS name tree.

	abe books.co.uk	abe books.ca
	amazon.co.uk	amazon.ca
	abe books.de	chapters.indigo.ca
	amazon.de	abe books.com
	abe books.fr	amazon.com
	amazon.fr	barnes and noble.com
	abe books.it	powells.com
	iberlibro.com	o’reilly safari
		abe books anz

The Miracle of DNS

The most amazing thing about the Internet is how conceptually simple it is and how low tech. In the end, the whole DNS lookup service rests on little flat files prepared with a text editor, (e.g. notepad), that list the names of the domains you own and the IPs they live at, and the nameservers who will handle last resort queries about this domain if the caches don’t already know. This humble but authoritive information gets propagated in multilevel caches in nameservers all over the Internet. It works similarly for the mail system — little flat files, prepared by the owner of each domain, with MX records in them, telling where to find the mail server for the owner’s domain. Each nameserver knows about just some of the Internet. For the rest, it forwards requests to a better-informed nameserver, or asks a better informed nameserver on the caller’s behalf, who in turn may delegate the request, perhaps right back the master authorative nameserver for that domain. One problem with this hierarchical approach is it puts a heavy load on the master servers for top level domains like .com

The IP routing system can also be controlled by simple flat files. Each router looks at the IP of the incoming packet and determines which band (low/high) it belongs in, and has a table which node to send all packets in that band to, hopefully a step closer to their destinations. Some bands may have several destinations to share the load. Clever routers can start forwarding a packet even before it has fully arrived.

Caching

The DNS lookup services of the native OS can be very slow. So Java caches the results. You can control how long a DNS to IP lookup remains fresh in the cache with two entries in the java.security files.

java.security :

in C:\Program Files\java\jre1.6.0_07\lib\security\java.security in the JRE 1.6.0 on your local hard disk.
in J:\Program Files\java\jdk1.6.0_07\jre\lib\security\java.security in the in the JDK 1.6.0 on your local hard disk.
in C:\Program Files\java\jre1.5.0_16\lib\security\java.security in the older JRE 1.5.0 on your local hard disk.
in J:\Program Files\java\jdk1.5.0_16\jre\lib\security\java.security in the in the older JDK 1.5.0 on your local hard disk.

Look for the networkaddress.cache.ttl (time to live) and networkaddress.cache.negative.ttl. Documentation on using them is embedded in the comments in the java.security file.

You can also set the security properties programmatically with:

// setting cache time to live to 10 seconds
java.security.Security.setProperty( "networkaddress.cache.ttl" , "10" );

DHCP
DNSJava a tool for DNS lookup written in pure Java
DNSStuff: all manner of web tools for DNS/IP
domain names
DynDNS: three free services of interest to people who host webservers on their home machines
hosts
IP
IPv6
JNDI
Kimble essay on how DNS works
local domain
localhost
Neworking Properties
RFC 1876: how latitude and longitude are stored in a DNS record
SOA records
TCP/IP
TTL
whois

	Please email your feedback for publication, errors, omissions, broken/redirected link reports and suggestions to improve this page to Roedy Green :
	Canadian Mind Products
	mindprod.com IP:[65.110.21.43]
	Your face IP:[38.103.63.59]	The information on this page is for non-military use only.
	You are visitor number 27,491.	Military use includes use by defence contractors.
	You can get a fresh copy of this page from:	or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
	http://mindprod.com/jgloss/dns.html	J:\mindprod\jgloss\dns.html