View All Resources

Domain Name System (DNS)

Domain Name System (DNS) is a component of ISC's Network Names & Numbers service.

Overview
DNS

Information Systems & Computing operates the central Domain Name System (DNS) service. This service translates human-readable hostnames to IP addresses, allowing users and computers at Penn and around the world to find resources and services within the upenn.edu domain.

The DNS service is replicated across multiple servers in multiple, distinct data centers across the Penn campus and elsewhere around the world. The key service components include:

  • Assignments: a locally developed application for DNS content management, used by IT staff authorized to make DNS record changes for their respective units.
  • DNS Resolvers: Sometimes called recursive resolvers, these are the DNS servers that Penn client computers configure in their settings.
  • Authoritative DNS Servers: these are the DNS servers that serve Penn DNS data to the external world.

The following documents explain some aspects of the DNS service in more detail.

DNS server settings for Penn computers

Information Systems & Computing, University of Pennsylvania

This document contains information on manually configuring Domain Name System (DNS) server settings for computers operating on PennNet, the university's campus computer network.

If you are manually configuring DNS servers on a host, use the following IP addresses in the order given.

  • 128.91.18.1
  • 128.91.49.1
  • 128.91.94.1

The legacy DNS resolver addresses, listed below, were retired in April 2016, and will no longer respond to DNS queries. The new servers are faster, run more current software, use advanced techniques to achieve very high availability, and allow us to perform non-disruptive maintenance and software updates.

  • 128.91.2.13
  • 128.91.254.1
  • 128.91.254.4
  • 128.91.251.158

For client computers using the PennNet DHCP service, the correct order of DNS servers is already returned in the DHCP responses. This note is primarily intended for statically configured servers or other computers that aren't using DHCP to configure their DNS settings.

It is in your interest to specify precisely this order of servers. The primary DNS server has the largest cache of external DNS names and data, since it has built up that cache over time answering the largest number of queries from the campus. As a result it will tend to have better performance since it is often able to directly answer DNS queries from its cache rather than talking to remote DNS servers first. In turn, the secondary DNS server has the second largest cache of names.

Additional notes:

DNS clients automatically failover to alternate servers. But how quickly they failover depends on details of the client's operating system and software, and on DNS settings. If they don't failover quickly enough, this sometimes results in user visible performance problems. Windows computers generally failover very fast. Some UNIX based computers have longer timeouts, but can usually be tuned. For example, putting the line options timeout:1 in /etc/resolv.conf will tell the DNS client software to failover in 1 second rather than the default which might be substantially larger.

Many modern operating systems also maintain a local cache of recently queried DNS names and responses. This can improve performance too.

The Penn DNS resolver service is only provided to end-points that connect to it from a valid PennNet IP. In practice this means it is limited to on-campus computers and those that appear in Penn IP space through a VPN. Therefore, home computers and mobile devices in use remotely should be configured to use the local ISP's DNS servers or some other public DNS resolver service.

Some computers can be configured to use multiple DNS servers but in an order different than sequential failover, eg. round robin, random etc. However, we do not recommend such configurations. Querying in the recommended order will provide better performance, because the active cache of names is larger on the servers earlier on the list.

All the DNS servers have IPv6 addresses too. These will be announced in the near future for users or servers that wish to perform DNS queries over IPv6 transport. It is not necessary to contact the DNS servers over IPv6 in order to submit queries for names that resolve to IPv6 addresses.

Some local IT departments may have elected to run their own DNS resolvers for their users. If so, these instructions may not apply directly. Even in those cases, the IT department often sets up their local DNS servers to use the main Penn DNS servers as "forwarders," in which case, they should still use the order of servers specified in this document.

Why did we need to change the DNS server IP addresses?

The new DNS servers deployed in August 2013 employ anycast routing for high availability, in which each IP address is associated with multiple distinct servers located in different parts of the PennNet network infrastructure. This required the creation of new IP subnets (and hence new IP addresses) distinct from the original subnets that hosted the legacy DNS servers and which were shared with hundreds of other server computers.