We established in the last chapter (sic) that any Internet connected computer can communicate with any other Internet connected computer by using its own and the destination IP address to determine if the two computers are on the same or different networks. And the same method is used by every computer involved in getting the data packets making up, e.g., an email or webpage, from sender to destination. We were left, however, with the unanswered question as to how computers discover one another’s IP addresses?
To answer this question
Have you ever wondered why such a magnificent word is used to label a website or as part of an email address? IT people are notorious for their attachment to fantasy games and (graphic) novels and maybe they just couldn’t resist the idea of being able to talk about ‘my domain’. Or there could be a bit more to it. We’re all familiar with ‘domain names’ and use them all the time to navigate the Internet. But what is a ‘domain’? Or in other words, what is the thing that a domain name is the name of? A domain is the collection of technical resources used by an organisation. Macnamara’s domain, macnamara.co.uk, includes a web server, an email system, a messaging system, a voice system, a file system, a user authentication system and various other systems related to our business activities. The domain called macnamara.co.uk represents our collection of business resources. Some of these resources are available to people outside our company and others are private but they are all grouped together in the macnamara.co.uk domain. The same is true for all organisations, e.g., gov.uk, microsoft.com and google.com with each of these representing a huge array of systems and services.
The organisation, through its technical team, takes full responsibility for the availability of these resources, who can and can’t access them and how well they represent the organisation internally and externally. A ‘domain’ in the sense of a span of authority and control now begins to make sense. Just think, they might have been called realms, what would that have done for system administrators’ egos? An important point to grasp here is the idea of authority. As well as being a label for a collection of resources made available by an organisation, a domain is an authoritative online representation of the organisation. In some ways the domain name is analogous to the old company rubber stamp that used to be kept in a safe in the bosses office and used to authenticate documents produced by the company. A domain, as we will see, can speak for or authoritatively represent, the organisation that owns it. Bearing this in mind, it is astonishing that (especially smaller) organisations are often casual about maintaining their domain names. It is not unusual to find the username and password used to register and maintain a domain name has been lost or handed over to, e.g., their web development agency.
So, how can a domain speak authoritatively for the organisation that owns it? To find our way between and within domains we use something called the Domain Name System or DNS. This is a system of signposts that allows us and our applications to find the resources we need within a domain. We have a great explanation of DNS here: What is a Domain? But, for our purposes, we just need to know that for each domain that wants to make some of its resources, such as a website, publicly available a file, known as a zone file, is published on one or more DNS servers containing a list of resource names together with their corresponding server locations (ultimately IP addresses). These record pairs are much like like the name/number pairs in a telephone directory.
When we want to access a resource, we send a query to the DNS server giving the domain name and the name of the resource we want to use, and the DNS server looks up the resource location in the zone file for that domain and answers the query with the required location. Zone files may be stored on several servers to make it easier to find them, but one server has responsibility for maintaining the definitive copy of the file and this server is said to be authoritative for the domain. This is the sense in which the domain name system can be said to speak authoritatively on behalf of a domain or, more accurately, on behalf of the owner of a domain.
Now things get more interesting. If DNS can be used to provide answers as to the location of publicly available resources to anyone who asks, could it perhaps be used to provide answers to other questions that might be useful to systems interacting with the domain? If the relevant information can be stored in the DNS name/information pair format there is no reason why not. To do this, zone files can contain a special type of record pair called a Text or TXT record. A TXT record, like all other DNS records consists of a name and a value. If the name is queried the value will be returned. Another useful type of record is a Canonical Name or CNAME record. A CNAME record points to the name of another resource, which may be in the same zone file or in another domain. In this sense, canonical means real and refers to the real name of a resource. Presumably this type of record could have been called a Real Name or RNAME (though this is already taken as the administrator in the SOA record), but remember we are dealing here with the people who came up with the word domain to describe a set of resources. The ability of DNS servers to authoritatively answer queries other than just the location of resources by using TXT and CNAME records can be used to reduce the risk of our legitimate emails becoming collateral damage in the war against spam and scams. Just one more technical diversion, into how email gets from sender to recipient, is needed before we see how this works.
No one is in charge of the internet but we are all masters of our own domain