What is Domain Name Resolution

  • April 9, 2004
  • Read 221,444 times
 

Introduction

When using the Internet most people connect to web sites, ftp servers or other Internet servers by connecting to a domain name, as in www.bleepingcomputer.com. Internet applications, though, do not communicate via domain names, but rather using IP addresses, such as 192.168.1.1. Therefore when you type a domain name in your program that you wish to connect to, your application must first convert it to an IP address that it will use to connect to.

The way these hostnames are resolved to their mapped IP address is called Domain Name Resolution. On almost all operating systems whether they be Apple, Linux, Unix, Netware, or Windows the majority of resolutions from domain names to IP addresses are done through a procedure called DNS.

Domain Name Resolutions

As discussed above, Domain Name Resolution is the task of converting domain names to their corresponding IP address. This is all done behind the scenes and is rarely noticed by the user. When you enter a domain name in an application that uses the Internet, the application will issue a command to have the operating system convert the domain name into its IP address, and then connect to that IP address to perform whatever operation it is trying to do.

The way the operating system resolves the domain name is based upon its configuration. For almost all operating systems the default order for Domain Name resolution is as follows:

  1. Hosts File - There is a file called the HOSTS file that you can use to convert domain names to IP addresses. Entries in the HOSTS file override any mappings that would be resolved via a DNS server.
  2. Domain Name System - This is the system used on the Internet for converting domain names to their corresponding IP addresses. Your operating system will connect to the DNS server configured on your computer and have that server return to you the IP address for the domain name you queried it with.
  3. Netbios - This only applies to Windows machines and will only be used to map names to IP addresses if all previous methods failed. This method will attempt to map the netbios name you are trying to connect to with an IP address.

It is possible though to change the order that your operating system uses when doing Domain Name Resolution. We will discuss these methods for the Windows and Unix/Linux operating systems below.

Domain Name Resolution on Windows

Windows by default uses the above order for Domain Name Resolution. This can be changed though by changing certain registry keys. There registry keys are:

Registry Key
Description
DnsPriority Which corresponds to using the Domain Name System
LocalPriority This refers to the local name of the computer
HostsPriority This is the HOSTS file
NetbtPriority This is using Netbios name mapping

You assign to these keys a priority based upon values ranging between -32768 and 32767. The lower the number you assign to the entry, the higher the priority for that particular resolution provider.

For example, examine the priorities assigned to the values below:

DnsPriority = 30
LocalPriority = 200
HostsPriority = 75
NetbtPriority = 100

What this will do is change the Domain Name Resolution order to the following sequence:

  1. Domain Name System
  2. Hosts file
  3. Netbios Mappings
  4. The Local Computer Name

As you can see I have changed the default order of how Windows will do domain name resolution and the value that had the lowest number had the highest priority when doing domain name resolution.

The location for the above registry subkey's can be found under these registry keys:

Windows 95/98/ME HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSTCP\ServiceProvider
Windows NT, 2000, XP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider

NOTE: For Windows 95/98/ME if the key does not exist, you must create it. In order for these keys to work with NT 4.0, you need to install Service Pack 4.

Domain Name Resolution on Linux and Unix

Unix and Linux have a similar default Domain Name Resolution order as Windows. The operating system will first check its /etc/hosts file and if it does not find an entry for the queried domain, it will then query its configured DNS servers.

The order in which server resolves domain names can be changed by editing the /etc/host.conf file. This file determines the order that the operating system uses to resolve domain names. The line that we are concerned with is the one that looks like:

order hosts, bind

This tells the operating system to first check the hosts file, and if that fails, to use DNS, otherwise known as bind which is the name of the software used to make DNS requests.

You can change the order the operating system uses, by changing the order line. For example if we wanted to make it so it queried DNS first and the hosts file second we would change the line to read:

order bind, hosts

Currently the valid values you can place after order is hosts, bind, or nis. NIS stands for the Network Information Service and will not be covered by this article.

Conclusion

As you can see it is not always wise to think that your operating system will always use the default resolution order. Due to it being possible to change the order in which the operating system does Domain Name Resolution, you must keep this in mind when trying to debug problems with resolving domain names.

As always if you have any comments, questions or suggestions about this tutorial please do not hesitate to tell us in the computer help forums.

--
Lawrence Abrams
Bleeping Computer Internet Basics Series
BleepingComputer.com: Computer Support & Tutorials for the beginning computer user.

Users who read this also read:

  • The Hosts File and what it can do for you Image
    The Hosts File and what it can do for you

    When using the Internet most people connect to web sites, ftp servers or other Internet servers by connecting to a domain name, as in www.bleepingcomputer.com. Internet applications, though, do not communicate via domain names, but rather using IP addresses, such as 192.168.1.1. Therefore when you type a domain name in your program that you wish to connect to, your application must first convert ...

  • IP Addresses Explained Image
    IP Addresses Explained

    Every machine on the the Internet has a unique number assigned to it, called an IP address. Without a unique IP address on your machine, you will not be able to communicate with other devices, users, and computers on the Internet. You can look at your IP address as if it were a telephone number, each one being unique and used to identify a way to reach you and only you.

  • The Domain Name System Image
    The Domain Name System

    A key component of the Internet and how it works revolves around the Domain Name System, otherwise known as DNS. The underlying technology behind the Internet, is that when a computer needs to talk to another computer on the Internet, they communicate via the computer's IP Address. The IP Address is a unique set of numbers associated with a particular machine, which will be discussed in a ...

  • Domain Names & Hostnames Image
    Domain Names & Hostnames

    When you use the Internet, you use domain name and hostnames all the time. These hostnames and domain names when put together become the Internet address that you search with. The domain name without a hostname is also the most common email address. This article will explore what hostnames and domain names are and how they are used. We will also discuss TLD's, or Top Level Domains, such as ...

  • TCP and UDP Ports Explained Image
    TCP and UDP Ports Explained

    In this tutorial we will discuss the concept of Ports and how they work with IP addresses. If you have not read our article on IP addresses and need a brush up, you can find the article here. If you understand the concepts of IP addresses, then lets move on to TCP and UDP ports and how they work.

 

Comments:

blog comments powered by Disqus
search tutorials
Mandiant mWise Conference 2024

Login