DNS Hierarchy
The Domain Name System (DNS) is organized as a hierarchical, distributed database. This hierarchical structure is fundamental to how DNS works and enables the system to scale to billions of domain names worldwide.
The Hierarchical Structure of DNS
DNS uses a tree-like hierarchical structure, with each level of the hierarchy separated by dots in domain names. When reading a domain name, you read from right to left in terms of the hierarchy:
Example: blog.example.com
- com - Top-Level Domain (TLD)
- example - Second-Level Domain
- blog - Subdomain
This hierarchical structure allows for distributed management of the DNS namespace, with different organizations responsible for different parts of the hierarchy.
Levels of the DNS Namespace
Root Domain
At the very top of the DNS hierarchy is the root domain, represented by a single dot (.). The root domain is managed by the Internet Corporation for Assigned Names and Numbers (ICANN).
The root domain is served by 13 sets of root servers (labeled A through M) distributed worldwide. These root servers are critical to the functioning of the internet, as they direct queries to the appropriate Top-Level Domain servers.
Top-Level Domains (TLDs)
Top-Level Domains are the highest level of domains in the DNS hierarchy (after the root). They are the rightmost part of a domain name, such as .com, .org, .net, etc.
TLDs are categorized into several types:
- Generic TLDs (gTLDs): .com, .org, .net, .edu, .gov, .mil, etc.
- Country Code TLDs (ccTLDs): .us, .uk, .ca, .jp, etc. (representing countries)
- New gTLDs: .app, .blog, .shop, .tech, etc. (introduced after 2011)
- Infrastructure TLDs: .arpa (used for reverse DNS lookups)
Each TLD is managed by a registry operator designated by ICANN. For example, Verisign manages .com and .net, while Public Interest Registry manages .org.
Second-Level Domains
Second-level domains are directly below TLDs in the hierarchy. These are typically the domains that individuals and organizations register. For example, in "example.com", "example" is the second-level domain.
Domain registrars (companies accredited by ICANN) allow users to register second-level domains under various TLDs. When you register a domain, you're essentially reserving a name in the second level of the DNS hierarchy.
Subdomains
Subdomains are domains that are part of a larger domain. They appear to the left of the second-level domain. For example, in "blog.example.com", "blog" is a subdomain of "example.com".
Unlike second-level domains, subdomains are created and managed by the owner of the parent domain. There's no need to register subdomains with a domain registrar.
Subdomains can be used to organize different sections of a website, separate different services (like mail.example.com for email), or create entirely separate websites under the same domain.
DNS Delegation
DNS delegation is the process by which responsibility for a portion of the DNS namespace is assigned to a specific entity. This is how the hierarchical structure of DNS is maintained:
- ICANN delegates responsibility for TLDs to registry operators
- Registry operators delegate responsibility for second-level domains to domain registrants
- Domain registrants can delegate responsibility for subdomains to other entities or manage them themselves
Delegation is implemented through NS (Name Server) records in the DNS. These records specify which name servers are authoritative for a particular domain or subdomain.
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.
These NS records tell the DNS system that the authoritative name servers for "example.com" are ns1.example.com and ns2.example.com. Any DNS queries for example.com or its subdomains will be directed to these name servers.
DNS Zones
A DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. Zones are the administrative units of the DNS hierarchy.
A zone contains the DNS records for all the domains within it. For example, the zone for example.com might contain:
- A records for example.com
- MX records for example.com (for email)
- Records for subdomains like www.example.com, blog.example.com, etc.
Zones can be further divided into subzones through delegation. For instance, if the administrator of example.com wants to delegate management of api.example.com to another team, they can create a separate zone for api.example.com.
Note: Zones and domains are related but distinct concepts. A zone is an administrative unit that can contain multiple domains, while a domain is a node in the DNS hierarchy.
Benefits of the DNS Hierarchy
The hierarchical structure of DNS provides several important benefits:
- Scalability: The distributed nature of DNS allows it to scale to billions of domain names.
- Decentralized Management: Different parts of the namespace can be managed by different organizations.
- Fault Tolerance: Problems in one part of the hierarchy don't necessarily affect other parts.
- Efficient Lookups: The hierarchy enables efficient name resolution by narrowing down the search at each level.
- Administrative Control: Domain owners have control over their portion of the namespace.
Next Steps
Now that you understand the DNS hierarchy, you might want to explore:
- How DNS Works - Learn about the DNS resolution process
- DNS Record Types - Understand the different types of DNS records
- DNS Lookup Tool - Try our tool to query DNS records for any domain