How do you spell D-N-S?
September 16, 2008 7:54 AM   Subscribe

How do you explain DNS, A records, MX records, etc. to your staff and clients? What's the best way to get non-technical people to understand this?

In my line of work, we have new co-workers who know just a little bit of what DNS is. Usually, it's their understanding of how a person finds a website or gets email to someone. And that's pretty much it.

So, I'm considering a primer of what DNS is, what it does, why it's important, what role A/MX/www records play, and the like.

What have you seen online, preferably with graphics, that you've used to explain to people what's going on in such a foreign concept? Or, how have you explained this subject?

Yes, I know there are Internet for Idiots-type books out there and Wikipedia entries, but that is a Step 3, and we're just on Step 1.
posted by fijiwriter to Computers & Internet (14 answers total) 12 users marked this as a favorite
I would like to see what you come up with when you're finished because DNS is in my opinion the simplest and most complex thing in IT. Definitely post back when you're finished!
posted by wavering at 7:59 AM on September 16, 2008

I would compare it to an entry in a phone book. The name needs to be unique to avoid confusion. The entry needs to be renewed annually. The mx record is the phone number.
posted by damn dirty ape at 8:03 AM on September 16, 2008

Whenever I've gone through this process with people and they've finally understood it, nearly universally they seem to realize it's not that important to them and they probably shouldn't have cared in the first place - and promptly forget everything learned.

Some people will ask about things they ultimately have no interest in - I've found that the best policy is to dumb it down to the point of inaccuracy for those who really have no requirement to know and who aren't savvy enough to appreciate it.
posted by wackybrit at 8:03 AM on September 16, 2008

Also, the naming resolution can be compared to calling 1-800-locksmiths as oppsed to 1-800-583-4851. Its easier for humans to remember 1-800-locksmiths.
posted by damn dirty ape at 8:04 AM on September 16, 2008

It's like a collection of business cards. I can ask the collection for someone's phone number, or where to send their mail. If I index it properly I can also ask what name belongs to a phone number.

The whole DNS system is like someone who is managing a business directory. You can become a member and have them pass your information to others, and you can ask them for details of the other members. Phone numbers, adresses, etc.
posted by splice at 8:07 AM on September 16, 2008

I usually explain this by giving a quick, broad sketch of the hierarchical structure of DNS, since that's the interesting part, and you can tell it as a story pretty easily, where you "ask" each delegated-to server about a more specific piece of the name. That way you can explain the role of the registrar and why you have to pay a fee, things like that. The actual format of the questions and answers that get handed around, even as far as NS and A records, are probably beyond what people care about.
posted by pocams at 8:33 AM on September 16, 2008

Why do these coworkers need to know this? *Do* they need to know this? wackybrit is right that if they don't need to know (and obviously aren't curious enough about the topic to seek an explanation on their own), they're not going to end up remembering anything you teach them.

If you can frame your education campaign in terms of WHY your coworkers need to know about DNS (as opposed to education for education's sake), it'll help make the time you spend on this worthwhile.
posted by katieinshoes at 8:42 AM on September 16, 2008

Response by poster: @katieinshoes
So, you want the long convoluted answer? Seriously, they know that if a client moves from Company X to us, DNS has to be somehow affected. That's where the knowledge ends. And when you have the new client saying or asking, "Ok, what do you want me to change?" leaves staff grasping what to ask or to tell, and that leads them down my path or asking someone else. It's more of a convenience for more of the staff to know what it is and what it does, and if there are more advanced questions, someone can take that.
posted by fijiwriter at 8:53 AM on September 16, 2008

I tend to gravitate toward the phone book or house address metaphor. I explain that while they may only ever think about going to "Bob's House," but that "Bob's House" is really "123 Maple St." If a client moves their hosting, this is equivalent to moving neighborhoods and so their address will need to be changed in the phone book, as well as their local post office being different in the new neighborhood (MX records).

I've found that most people will understand that computers have IP addresses ("a number," I tell them) that are connected to names ( I tell them "you won't ever have to know what a particular address is," and they understand the connection to the convenience of using hostnames.

That's it in a nutshell, IME.
posted by rhizome at 9:15 AM on September 16, 2008

People talk in words, computers talk in numbers. DNS is the translator.
posted by toomuchpete at 9:16 AM on September 16, 2008

I use "the White House" and "1600 Pennsylvania Avenue."
posted by kirkaracha at 10:10 AM on September 16, 2008

I explain that having to remember telephone numbers for people is annoying and while you do have numbers like 800-MATTRESS, that really is a specially requested phone number to coincide with the letters on a dialpad. Way back in the day when Al Gore was inventing the internet, he had a brilliant idea, that there should be some sort of way of associating more human terms with numbers. The entire point of DNS is so that you don't have to memorize a site's IP address (not to mention that many sites share an IP address).

Now who remembers which IP addresses match up with which domain names (and sub domains)? Well, you've got the root servers, but they don't keep track of this. Instead, the root servers keep track of what the authoritative DNS server is for a particular domain. When you register a domain, you need to indicate which DNS servers are its authoritative DNS servers. The authoritative DNS server is the server with all the records for each domain/subdomain. (I'll let someone else handle records).

There's also what's called a recursive DNS server, which is a DNS server that isn't authoritative, often run by ISPs.

Let's say you want to go to You type it into your browser and your computer is probably configured to use your ISPs DNS servers. Your computer asks for the IP address of, but your ISPs DNS server doesn't know. So it needs to ask for DNS server that is authoritative for that domain, so it goes and asks a root server what the authoritative DNS server is. When it gets that answer, it then asks the authoritative DNS server what the IP address is. Your computer then connects to the IP address, looking for

Your ISPs recursive DNS server will cache the response so it doesn't have to go through all those steps every time. The length of time it will cache the answer for depends on the TTL set by the authoritative DNS server, however, some ISPs ignore the value and cache for as long as they'd like.

If DNS failed, you'd still be able to access a site by its IP address, provided you remembered your site's IP address (hint: check your computer's cache). However, domains that share an IP address with other domains would have a problem. In the case of websites where and shared an IP address and a request was made directly for the IP address, only one site would load (which one would depend on the server's configuration). To view the other site, a user would need to edit their hosts file locally to indicate that the second site was at the IP address and then request the second site in their browser.
posted by Brian Puccio at 11:39 AM on September 16, 2008

How non-technical are these people, and why are they interested?

Since I work in the DNS world I'm constantly having to explain the fundamentals to curious friends and relatives. As wackybrit points out, most of them listen politely and then immediately forget everything I've told them, so I've pared down the explanation over time. For total beginners, I usually start with something like this:
Computers identify each other on the Internet using numbers. So when you look for a book at, or send email to someone at, how does your computer figure out what it's supposed to connect to? It uses the Domain Name System. That's what DNS stands for.

DNS is all about matching up domain names with the numbers that identify computers on the Internet. There are a bazillion of these matchups, and they're constantly changing, and it's pointless to try to compile a giant central directory of everything. Instead, the job is split up among a giant hierarchy of DNS servers everywhere.
Many people are happy to stop there. If they haven't glazed over yet and still actually seem interested, I'll go on.
DNS servers have two jobs to do:

- Proclaim their own domain names to the rest of the world.

- Figure out who has the reliable skinny on a given domain name, get the correct numbers from the source, and then keep track of whatever it's hunted down already because that's a lot of work.

The proclaiming is the easy part; the figuring-out-and-keeping track is a whole lot more complicated. (Some DNS servers do both jobs at once. The products I work with separate these functions out and are extra fast.)

The picture is more complicated than it looks because

- There isn't a one-to-one correspondence between names and numbers.

- In many situations, you'll need to set things up so some kinds of traffic use one number for a given name, and other kinds of traffic use a different number.
If they're actually interested in learning more, great, let's make some coffee, find a whiteboard, and go. But seriously, for really non-technical people I wouldn't venture more than this unless someone is specifically interested, and then I'd tailor additional explanations to their questions.
posted by tangerine at 1:21 PM on September 16, 2008 [1 favorite]

What business laypeople dealing with domains usually need to understand about DNS is the difference between their registrar, the root name servers, and their domain's name servers. I'd write up something like:

DNS is the system that maps the domain names we enter to the numerical addresses of the servers that run the services. Your ownership of a domain is recorded by the registrar you paid for it, and it's their responsibility to record the address of your domain's name servers and store those records in the root name servers, but they don't necessarily run either. The root name servers are run by a consortium of companies and schools, and your domain's name servers might be run by your registrar or by yourself or by anyone.

When we take over running a domain for a new client, they have to tell their registrar to change their records to list our name servers (which are and as the new authoritative name servers for that domain, and we have to tell our name servers the A and MX addresses of the client's Web and mail servers.

posted by nicwolff at 4:53 PM on September 16, 2008

« Older Web-based appointment scheduler for Exchange?   |   Go away, nightmares! Newer »
This thread is closed to new comments.