View All Resources

Domain Name System (DNS)

Domain Name System (DNS) is a component of PennNet's Network Names & Numbers.

Overview
DNS

Information Systems & Computing operates the central Domain Name System (DNS) service. This service translates human-readable hostnames to IP addresses, allowing users and computers at Penn and around the world to find resources and services within the upenn.edu domain.

The DNS service is replicated across multiple servers in multiple, distinct data centers across the Penn campus and elsewhere around the world. The key service components include:

  • SOLIDserver: A platform by Efficient IP for managing DNS, DHCP, and IP Address management (DDI), that enables LSP's to manage host registrations and DNS data for their organizations.
  • DNS Resolvers: Sometimes called recursive resolvers, these are the DNS servers that Penn client computers configure in their settings.
  • Authoritative DNS Servers: These are the DNS servers that serve Penn DNS data to the external world.

The following documents explain some aspects of the DNS service in more detail.

DNS server settings for Penn computers

Information Systems & Computing, University of Pennsylvania

This document contains information on manually configuring Domain Name System (DNS) server settings for computers operating on PennNet, the university's campus computer network.

If you are manually configuring DNS servers on a host, use the following IP addresses in the order given.

  • 2607:f470:1001:1001::1
  • 2607:f470:1002:1002::1
  • 2607:f470:1003:1003::1
  • 128.91.18.1
  • 128.91.49.1
  • 128.91.94.1

The DNS servers use advanced techniques to achieve very high availability, and allow us to perform non-disruptive maintenance and software updates.

For client computers using PennNet DHCP, the correct order of DNS servers is already returned in the DHCP responses. This note is primarily intended for statically configured servers or other computers that aren't using DHCP to configure their DNS settings.

It is in your interest to specify precisely this order of servers. The primary DNS server has the largest cache of external DNS names and data, since it has built up that cache over time answering the largest number of queries from the campus. As a result it will tend to have better performance since it is often able to directly answer DNS queries from its cache rather than talking to remote DNS servers first. In turn, the secondary DNS server has the second largest cache of names.

Additional notes:

DNS clients automatically failover to alternate servers. But how quickly they failover depends on details of the client's operating system and software, and on DNS settings. If they don't failover quickly enough, this sometimes results in user visible performance problems. Windows computers generally failover very fast. Some UNIX based computers have longer timeouts, but can usually be tuned. For example, putting the line options timeout:1 in /etc/resolv.conf will tell the DNS client software to failover in 1 second rather than the default which might be substantially larger.

Many modern operating systems also maintain a local cache of recently queried DNS names and responses. This can improve performance too.

The Penn DNS resolvers only respond to end-points that connect to it from a valid PennNet IP. In practice this means it is limited to on-campus computers and those that appear in Penn IP space through a VPN. Therefore, home computers and mobile devices in use remotely should be configured to use the local ISP's DNS servers or some other public DNS resolver service.

Some computers can be configured to use multiple DNS servers but in an order different than sequential failover, eg. round robin, random etc. However, we do not recommend such configurations. Querying in the recommended order will provide better performance, because the active cache of names is larger on the servers earlier on the list.

It is not necessary to contact the DNS servers over IPv6 in order to submit queries for names that resolve to IPv6 addresses.

Some local IT departments may have elected to run their own DNS resolvers for their users. If so, these instructions may not apply directly. Even in those cases, the IT department often sets up their local DNS servers to "forward" to the main Penn DNS servers, in which case, they should still use the order of servers specified in this document.