Republic of the Philippines

NUEVA VIZCAYA STATE UNIVERSITY

Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

College: COLLEGE OF INDUSTRIAL TECHNOLOGY

Campus: Bambang

DEGREE PROGRAM BSInTe COURSE NO. SAM101

SPECIALIZATION Networking COURSE TITLE System Administration and Maintenance
YEAR LEVEL IV TIME FRAME 10hrs. WK NO. 5-6 IM NO. 5

I. UNIT TITLE/CHAPTER TITLE

Domain Name Service

II. LESSON TITLE / (OUTLINE)

Domain Name Service
DNS Hierarchy
DNS Records

III. LESSON OVERVIEW

The purpose of the DNS server is to translate a human readable name to an IP address or an IP
address to a domain name. This section also examines the DNS tree hierarchy and the many
DNS services currently available.

IV. DESIRED LEARNING OUTCOMES

The students should be able to:
• differentiate different DNS records;
• create / setup DNS server;

V. LESSON CONTENT
DOMAIN NAME
Domain Name System (DNS) is a worldwide service that resolves host names to IP addresses.
This facilitates proper communication between computers. DNS servers communicate with each other in
a hierarchy in an effort to teach each other their name resolutions. The LAN DNS servers do the same
thing as their Internet counterparts, just on a smaller scale (although sometimes not so small!). DNS
servers use inbound port 53 to accept name resolution requests. A domain is given a name, such as
microsoft.com for Microsoft. In addition, computers within a domain are given a unique name, which often
parallels the name of a user, such as Sinclair, or is a favorite name, such as antelope or popcorn. The
translation of a name to an IP address is called forward DNS lookup or forward DNS resolution, and
translation of an IP address to a domain name is called reverse DNS lookup or reverse DNS
resolution.

Domain Name and IP Address are two key elements used by the general population when
accessing websites on the Internet. One is the Internet name of the website and the other is its public IP
address. These two elements go hand in hand. People generally connect to Internet services via Internet
hostnames, but behind the scenes, the Internet name is translated to a public IP address. Both the IP
address assignment and the Internet domain name are governed at the highest level by the Internet
Assigned Numbers Authority (IANA).

Internet Assigned Numbers Authority (IANA), which is responsible for the global coordination
of the DNS Root, IP addressing, and other Internet Protocol resources. IANA is one of the Internet’s
oldest organizations and was set up to be in charge of the Internet management authorities or registration
authorities. IANA has three primary functions:

•
Domain name management: IANA manages the DNS root zone for the generic (g) top-level
domains (gTLDs), such as .COM, .NET, .ORG, .INFO, and country-code (cc) top-level domains
(ccTLDs), such as .US, .UK, and .AU. IANA maintains the .int (intergovernmental) domain
registries, which are exclusive registrations for intergovernmental treaty organizations, such as
NVSU-FR-ICD-05-00 (081220) Page 1 of 8
“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021
the United Nations (un.int) and NATO (nato.int), Asnthe.int, .arpa domains, and an IDN practices
resource. IANA maintains the .arpa domain registries, which include the in-addr.arpa domain. The
in-addr.arpa is the reverse DNS lookup for IPv4 addresses on the Internet. IANA also maintains
the IDN (Internationalized Domain Name) practices repository known as the language table
registry. This allows for domain name registration containing international characters (for
example, müller.info).

• Number resources management: IANA coordinates the global pool of IP addresses, which include
both IPv4 and IPv6. To coordinate the global effort of IP address allocation more effectively, IANA
delegates the allocation to the regional Internet registries (RIR), each of which is responsible for
a different area. The five RIRs accounting for the different regions of the world are as follows:
o AfriNIC: Africa Region
o APNIC: Asia/Pacific Region
o ARIN: North America Region
o LACNIC: Latin America and some Caribbean Islands
o RIPE NCC: Europe, the Middle East, and Central Asia

IANA is also responsible for the AS (Autonomous System) number allocation, which is used in
BGP to route Internet traffic. This allocation is delegated to the RIRs the same as the IP address
allocation.

• Protocol Assignments: IANA is also responsible for maintaining the registries of protocol names
and numbers used in the Internet today. These protocol numbering systems are managed by
IANA in conjunction with standards bodies.

DNS Hierarchy
The DNS is a tree hierarchy. Everything in DNS starts at the “.” servers, or generally called root
servers, which are at the top of the hierarchy. The root servers are well-known IP addresses that have
been programmed into DNS servers. When the DNS is installed on a server, a list of the root server’s IP
addresses is automatically configured in the DNS. A file containing the list of the most up-to-date root
servers is available for the public, and it can be downloaded at the IANA’s website. The file is known as
the Root Hints file (root.hints). According to IANA, there are currently 13 root servers distributed around
the world operated by different independent entities. Each server is typically a cluster of servers spreading
throughout different regions or countries.

To allow computers to properly recognize a fully qualified domain name, dots are placed between
each part of the name. All resolvers treat dots as separators between the parts of the domain name. The
fully qualified domain name is split into pieces at the dots and the tree is searched starting from the root
of the hierarchical tree structure. All resolvers start their lookups at the root, therefore the root is
represented by a dot and is often assumed to be there, even when not shown. The resolver navigates
it's way down the tree until it gets to the last, left-most part of the domain name and then looks within that
location for the information it needs. Information about a host such as its name, its IP address and
occasionally even it's function are stored in one or more zone files which together compose a larger zone
often referred to as a domain.

• Top Level Domains (TLD's)

• Second Level Domains
• Sub-Domains
• Host Name (a resource record)

Within the hierarchy, you will start

resolution at the top level domain, work your
way down to the second-level domain, then
through zero, one or more sub-domains until
you get to the actual host name you want to
resolve into an IP address.

It is traditional to use different DNS servers for each level of the DNS hierarchy. The root of all
DNS entries is handled by the DNS servers at the InterNIC [well, sort of, but we'll get to that later --InetD
NVSU-FR-ICD-05-00 (081220) Page 2 of 8
“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021
]. The InterNIC points the Top-Level Domains (TLDs) to the top-level domain name servers maintained
by all registrars such as Network Solutions, Register.Com, OpenSRS and many others. [Please note that
InetDaemon does not endorse ANY registrar--they all suck, some more than others. --InetD ]. Next come
each domain's server will delegate to the DNS server at the next lower level in the hierarchy.

For example, in the figure below, .edu is the top-level domain, Berkeley is the second level
domain, and .cs is the sub-domain of Berkeley. Eos is the host name. A DNS server would store the IP
address of the host where its name resides in the tree.

Root Servers
The authoritative name servers that serve the DNS root zone, commonly known as the “root
servers”, are a network of hundreds of servers in many countries around the world. They are configured
in the DNS root zone as 13 named authorities, as follows.

List of Root Servers

HOSTNAME
a.root-servers.net
b.root-servers.net
c.root-servers.net
d.root-servers.net
e.root-servers.net
f.root-servers.net
g.root-servers.net
h.root-servers.net
i.root-servers.net
j.root-servers.net
k.root-servers.net
l.root-servers.net
m.root-servers.net
Source: https://www.iana.org/domains/root/servers
IP ADDRESSES OPERATOR
198.41.0.4, 2001:503:ba3e::2:30 Verisign, Inc.
199.9.14.201, 2001:500:200::b University of Southern California,
Information Sciences Institute
192.33.4.12, 2001:500:2::c Cogent Communications
199.7.91.13, 2001:500:2d::d University of Maryland
192.203.230.10, 2001:500:a8::e NASA (Ames Research Center)
192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc.
192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC)
198.97.190.53, 2001:500:1::53 US Army (Research Lab)
192.36.148.17, 2001:7fe::53 Netnod
192.58.128.30, 2001:503:c27::2:30 Verisign, Inc.
193.0.14.129, 2001:7fd::1 RIPE NCC
199.7.83.42, 2001:500:9f::42 ICANN
202.12.27.33, 2001:dc3::35 WIDE Project

TOP-LEVEL DOMAINS (TLD)

Top-level domains (TLD) registries are managed by IANA and ICANN. Examples of generic top-
level domains (TLD) are as follows: .com, .net, .org, .edu, .mil, .gov, .us, .ca, .info, .biz, and .tv. Country
domains are usually defined by two letters, such as .us (United States) and .ca (Canada). The primary
domain server for that domain has to exist in the same country; for example, the .us primary domain
server is located in the United States. registries are managed by IANA and ICANN. Examples of generic
top-level domains (TLD) are as follows: .com, .net, .org, .edu, .mil, .gov, .us, .ca, .info, .biz, and .tv.
Country domains are usually defined by two letters, such as .us (United States) and .ca (Canada). The
primary domain server for that domain has to exist in the same country; for example, the .us primary
domain server is located in the United States.

Authoritative Name Server, A name server that is authorized and configured to answer DNS
queries for a particular domain or zone. A Non-Authoritative Answer is a name lookup answer received
by a client via a non-authoritative server. A non-authoritative name server will always query the
authoritative name servers of the domain for the answer

SECOND LEVEL DOMAINS

The next level in the DNS hierarchy is the Second Level Domains. This is the domain that is
directly below the tld. This is the main part of the domain name. It can vary according to the buyer. There
are no limits here as the tlds. Once the domain is available anyone can purchase it. If the domain is
unavailable at the moment, same 2nd level name with other tlds is the best option.

SUB-DOMAIN
The sub-domain is the next level in the DNS hierarchy. The sub-domain can be defined as the
domain that is a part of the main domain. The only domain that is not also a sub-domain is the root
domain. Suppose two domains. one.example.com and two.example.com. Here, both the domains are
the sub-domains of the main domain example.com and the example.com is also a subdomain of the com
top level domain.

NVSU-FR-ICD-05-00 (081220) Page 3 of 8

“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

COMMON DNS RESOURCE RECORDS

DNS resource records are contents of the DNS zone file. The zone file contains mappings
between domain names and IP addresses in the form of text records. There are many types of the
resource records. In this article, we are going to see DNS Resource Records in detail.

The common types of DNS Resource Records are given below. There are many other resources
also.
✓ SOA
✓ NS
✓ A
✓ PTR
✓ CNAME
✓ MX
✓ SRV

SOA Record
Every zone file will have a SOA record. It will be present at the beginning of the zone. The SOA
stands for Start of Authority. Normally, this type of record holds information about the zone itself and
about other records. Each zone will be having only one SOA record. The SOA record contains the
following fields.
Eg: IN SOA nameserver.place.dom. postmaster.place.dom.

NS Record
The NS record stands for nameserver record. This shows the authoritative servers the zone. They
indicate primary and secondary servers for the zone specified in the SOA record. Zones can contain
many NS records, but it should contain at least one NS record for a DNS zone.

For example, when the administrator on abc.com delegated authority for the noam.abc.com
subdomain to noamdc1.noam.abc.com., the following line was added to the zone abc.com and
noam.abc.com:
noam.abc.com. IN NS noamdc1.noam.abc.com.

A Record
The next resource record we are going to see is the A record. The A record stands for Address
record. It maps a domain name to an IP address so that the resolver can request the corresponding IP
address for the domain. As an example, the following A resource record, located in the zone abc.com,
maps the FQDN of the server to its IP address.
abc.com IN A 172.16.48.1

PTR Records
The PTR record stands for the pointer record. It functions reversely as that of the A record. It
maps a domain name to an IP address. We are familiar with the term reverse dns. This record is used to
achieve the reverse dns. An example is given below.
1.48.16.172.in-addr.arpa. IN PTR abc.com.

CNAME Resource Records

The next is CNAME Resource Record. The CNAME stands for the Canonical name. The function
of the CNAME record is to create an alias for the domain name. It is helpful to hide the implementation
details of the network from the customers. An example of the CNAME record is given below.

ftp.abc.com. IN CNAME ftp1.abc.com.

Once a DNS client queries for the A resource record for ftp.abc.com, the DNS server finds the
CNAME resource record. Then it resolves the query for the A resource record for ftp1.abc.com, and
returns both the A and CNAME resource records to the client. This is how CNAME record works.

NVSU-FR-ICD-05-00 (081220) Page 4 of 8

“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

MX Resource Records
The MX record stands for the mail exchange record. The mail exchange (MX) resource record
specifies a mail exchange server for a DNS domain name. A mail exchange server is a host that will
either process or forward mail for the DNS domain name. Processing the mail means either delivering it
to the addressee or passing it to a different type of mail transport. Forwarding the mail means sending it
to its final destination server. It will Simple Mail Transfer Protocol (SMTP) to another mail exchange server
that is closer to the final destination, or queuing it for a specified amount of time. Only mail exchange
servers use MX records.

We can have multiple MX resource records for that domain. The following example shows MX
resource records for the mail servers for the domain noam.abc.com.:
*. noam.abc.com. IN MX 0 mailserver1.noam.abc.com.
*. noam.abc.com. IN MX 10 mailserver2.noam.abc.com.
*. noam.abc.com. IN MX 10 mailserver3.noam.abc.com.

SRV Records
With MX records, we can have multiple mail servers in a DNS domain, and when a mailer needs
to send mail to a host in the domain, it can find the location of a mail exchange server. Service (SRV)
resource records enable you to specify the location of the servers for a specific service, protocol, and
DNS domain. Thus, if you have two Web servers in your domain, you can create SRV resource records
specifying which hosts serve as Web servers, and resolvers can then retrieve all the SRV resource
records for the Web servers.

Additional Resource Records

TXT Resource
Records The TXT record or Text record is used to hold arbitrary text information of the domain.
Besides storing arbitrary information or comments for the domain, this record is being used increasingly
more to validate the authenticity of the domain. One of its popular applications is to authenticate the email
sender domain. SPF or Sender Policy Framework can be entered into a TXT record.

IP Version 6 Address record (AAAA Record)—stores a hostname and its corresponding IPv6 address.
Certificate record (CERT Record)—stores encryption certificates—PKIX, SPKI, PGP, and so on.

VI. LEARNING ACTIVITIES

A. How to Configure Mikrotik DNS Server
How to Configure DNS Server Mikrotik – Maybe you’ve heard the term’s DNS servers. DNS
(Domain Name System) server functions to map the hostname or domain web sites on the Internet to its
IP address (an IP address into). For the record, computer networks (including the Internet) to
communicate using IP addresses instead of domain names such as .com, .net, .org, etc. That is to
configure the user’s computer or router that will access the Internet its DNS server must be configured
first. If not, then the site that will be addressed is inaccessible due to its IP address cannot be known.

To configure DNS Server in Mikrotik you could be setting it via the command line or via winbox.
Here is an example of command giving 8.8.8.8 DNS Server (DNS has Google):

servers: 8.8.8.8
dynamic-servers:
allow-remote-requests: yes
max-udp-packet-size: 4096
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 9KiB

In the command above mean allow-remote-requests = yes is going to make your Mikrotik Router
as a DNS server also. So that the DNS configuration on the user’s computer is quite directed to Mikrotik
Router, and no longer point to Google’s DNS server or ISP, or other. It can save your bandwidth usage
for DNS questions will only be given to your Mikrotik Router.
NVSU-FR-ICD-05-00 (081220) Page 5 of 8
“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

To more easily you can use to configure the DNS Server Winbox in Mikrotik via the menu IP ->
DNS -> Settings button, it will appear like this:

We recommend that you configure more than one DNS server so that when the first server is
down, we can still use the second server. You can enter its DNS server as shown above or via the
command line with the following command:
[Admin @ MikroTik]> set ip dns servers = 8.8.8.8,8.8.4.4 allow-remote-requests = yes
[Admin @ MikroTik]> set ip dns servers = 8.8.8.8,8.8.4.4 allow-remote-requests = yes

After the DNS server has been configured in Mikrotik. Mikrotik Router then it should already be connected
to the internet. Check the connection to the Internet by pinging website such as google.com.

Use Ctrl + C to stop the pinging process.

B. MikroTik DNS Client and Caching DNS Server Configuration

Domain Name Server (DNS) and How It Works
Communication between a workstation (PC) and a Server are always done by the IP address.
But remembering a huge number of public IP addresses is almost impossible for the human being. To
solve this issue, DNS technique is introduced in computer networking. The DNS technique can be best
compared to a phone book where a user finds a phone number listed by the easier-to-remember name.
So, the DNS can be defined as a mapper between human readable names (such as mikrotik.com) and
their associated IP Addresses (such as 159.148.147.196). A DNS Server listens on port 53 on both UDP
and TCP connection.

NVSU-FR-ICD-05-00 (081220) Page 6 of 8

“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

Caching DNS Configuration in MikroTik Router

MikroTik caching DNS feature provides domain name resolution for the clients connected to it.
But before using caching DNS facility, we have to configure DNS feature in MikroTik Router. The following
steps will show how to configure DNS service in MikroTik Router.

1. From Winbox, go to IP > DNS menu

item. DNS Settings window will
appear.
2. Put your ISP provided DNS Server IP
(or use Google public DNS server IP:
8.8.8.8 and .8.8.4.4) in Servers input
box.
3. Click on Allow Remote Requests
checkbox. It will enable caching DNS
feature of MikroTik Router.
4. Optionally, you can change cache
size by putting custom size in Cache
Size input box. Default cache size is
2048 KiB or 2MB.
5. Click Apply and OK button.

MikroTik Caching DNS is now enabled,

and you can use any of your MikroTik IP as
DNS IP for your network client. If everything
is OK, your client will get response from MikroTik cache DNS Server. To check your DNS cache, go to
IP > DNS menu item and click on Cache button. You will find cached domain name in DNS Cache
window. If you wish you can flush cached object by clicking Flush Cache button.

Putting Static DNS Entry in MikroTik Cache DNS

MikroTik cache DNS stores DNS entry dynamically whenever it gets a new domain. But
sometimes you may need to put static host entry such as your local servers or printers. MikroTik cache
DNS is capable to get static host entry. The following steps will show how to put static host entry in
MikroTik DNS Server.

1. From DNS Settings window, click on Static button. DNS Static window will appear.
2. Click on PLUS SIGN (+). New DNS Static Entry window will appear.
3. Put your host name (such as ftp) in Name input field and put the IP Address of the host in Address
input field.
4. Click Apply and OK button.
5. Similarly, you can put as many host entries as you want following the above steps.

NVSU-FR-ICD-05-00 (081220) Page 7 of 8

“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”
 Republic of the Philippines
NUEVA VIZCAYA STATE UNIVERSITY
Bayombong, Nueva Vizcaya
INSTRUCTIONAL MODULE
IM No.: SAM101-1st-SY2020-2021

Blocking DNS Request from WAN Interface

If you turn your MikroTik router into a DNS server, all your MikroTik IP address can be used as
DNS Server IP including WAN IP which is a public IP and problem will arise here. If anyone outside of
your LAN uses your WAN IP as a DNS IP, your MikroTik will be happy by serving him/her DNS solution
consuming your paid bandwidth. So, you must stop DNS request from outside of your LAN. For stopping
DNS request from outside of your LAN, you should apply firewall rules which will drop all DNS requests
coming from your WAN interface. The following steps will show how to block DNS request from WAN
interface.

1. Go to IP > Firewall, menu and click on PLUS SIGN (+). New Firewall Rule window will appear.
2. From General tab, choose input from Chain drop down menu and choose udp from Protocol
dropdown menu and put 53 in Dst. Port input box and then choose your WAN Interface (such as
ether1) from In. Interface dropdown menu.
3. Click on Action tab and choose drop option from Action dropdown menu.
4. Click Apply and OK button.
5. Similarly, click on PLUS SIGN (+) again and choose input from Chain dropdown menu and choose
tcp from Protocol dropdown menu and put 53 in Dst. Port input box and then choose your WAN
Interface from In. Interface dropdown menu.
6. Click Apply and OK button.

6. EVALUATION (Note: Not to be included in the student’s copy of the IM)

7. ASSIGNMENT
Read the following supplemental materials
✓ https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
✓ https://wiki.mikrotik.com/wiki/Manual:IP/DNS

8. REFERENCES

Fadıl, &; Fadıl. (2019, July 10). How to Configure Mikrotik DNS Server. Technology Software Center.
https://techsoftcenter.com/how-to-configure-mikrotik-dns-server/.

Sayeed, A. (2020, January 4). MikroTik DNS Client and Caching DNS Server Configuration. System
Zone. https://systemzone.net/mikrotik-dns-client-and-caching-dns-server-configuration/.

Root Servers. IANA. https://www.iana.org/domains/root/servers.

dns-parameters. Domain Name System (DNS) Parameters. https://www.iana.org/assignments/dns-

parameters/dns-parameters.xhtml.

NVSU-FR-ICD-05-00 (081220) Page 8 of 8

“In accordance with section 185. Fair use of copyrighted works of Republic Act 8293, the copyrighted works included in this material may be reproduced for educational purposes
only and not for commercial distribution.”