Webserver – Do Servers Hold One Website Only?

dnsipwebserver

As from what I understand the DNS link the domain name with the IP address of the server the website is stored on, does that mean each server can only hold one website? If they don't, how does calling the server's IP address know which website I want if there are many on the same server?

Best Answer

Basically: the browser includes the domain name in the HTTP request, so the webserver knows which domain was requested and can respond accordingly.

HTTP requests

Here's how your typical HTTP request happens:

The user provides a URL, in the form http://host:port/path.
The browser extracts the host (domain) part of the URL and translates it into an IP address if necessary, in a process known as name resolution. This translation can occur via DNS, but it does not have to (for example, the local hosts file on common OSes bypasses DNS).
The browser opens a TCP connection to the specified port, or defaults to port 80, on that IP address.
The browser sends an HTTP request. For HTTP/1.1, it looks like this:
```
GET /path HTTP/1.1
Host: example.com
```
(The Host header is standard and required in HTTP/1.1. It was not specified in the HTTP/1.0 spec, but some servers support it anyway.)

From here, the webserver has several pieces of information it can use to decide what the response should be. Note that it is possible for a single webserver to be bound to multiple IP addresses.

The requested IP address, from the TCP socket
- The IP address of the client is also available, but this is rarely used - sometimes for blocking/filtering
The requested port, from the TCP socket
The requested hostname, as specified in the Host header by the browser in the HTTP request.
The requested path
Any other headers (cookies, etc.)

As you seem to have noticed, the most common shared hosting setup these days puts multiple websites on a single IP address:port combination, leaving just Host to differentiate between websites.

This is known as a Name-based Virtual Host in Apache-land, while Nginx calls them Server Names in Server Blocks and IIS prefers Virtual Server.

What about HTTPS?

HTTPS is a bit different. Everything is identical up to the establishment of the TCP connection, but after that an encrypted TLS tunnel must be established. The goal is to not leak any information about the request.

In order to verify that the server actually owns this domain, the server must send a certificate signed by a trusted third party. The browser will then compare this certificate with the domain it requested.

This presents a problem. How does the server know which host (website)'s certificate to send, if it needs to do this before the HTTP request is received?

Traditionally, this was solved by having a dedicated IP address (or port) for every website requiring HTTPS. Obviously, this becomes problematic as we start running out of IPv4 addresses.

Enter SNI (Server Name Indication). The browser now passes the hostname during the TLS negotiations, so the server has this info early enough to send the correct certificate. On the server side, configuration is very similar to how HTTP virtual hosts are configured.

The downside is the hostname is now passed as plain text before encryption, and is essentially leaked information. This is usually considered an acceptable tradeoff, considering the hostname is normally exposed in a DNS query anyway.

What if you request a site by IP address only?

What the server does when it does not know which specific host you requested depends on the server implementation and configuration. Typically, there is a "default", "catchall" or "fallback" site specified that will provide responses to all requests that do not explicitly specify a host.

This default site can be its own independent site (often showing an error message), or it could be any of the other sites on the server, depending on the preference of the server admin.

Related Solutions

How DNS Servers Work – Comprehensive Guide

Your computer has a list of DNS servers that it can query for further information. On a unix or linux system, this is stored in /etc/resolv.conf. In Windows, it's configurable in your network settings. Often, your DNS server will be supplied by your DHCP server, possibly along with other settings like default domain, proxy servers, etc.

The location of the DNS server you use doesn't matter much. As long as your computer has an IP address and a working default route (i.e. you can ping the DNS server), you should be able to make DNS queries.

DNS servers don't have to know "all" domains. They only need to know who is "authoritative", which it learns from a set of "root" servers. Each DNS server has a list of "root" servers, and this list changes infrequently. On one of my DNS servers, there are 18 root servers configured, and this configuration came when I installed the DNS server two years ago, and if the list of root servers has changed since then, enough of them are accessible that I haven't noticed it.

My DNS server, when asked to resolve a domain it doesn't know, makes a query to a root server to find out what other DNS server is authoritative for the domain. The response it gets may contain additional "NS" records and be marked non-authoritative, in which case my DNS server knows that it has to "follow the chain" and make a new query to a new server. Eventually, it finds a DNS server that provides authoritative information, and queries can be made that are not just NS records. A (address) and MX (mail exchange) are of course the two most common.

Each TLD (top-level domain) like COM, NET, ORG, CA, UK, etc maintains its own registry of subdomains. (A "subdomain" is any domain within another domain, so "example.com" is a subdomain within "com", and "com" is even a subdomain within ".", the "root".) The rules for each registry apply only to the TLD it administers -- that is, there's a completely different set of criteria for each country-code TLD, and the "generic" TLDs are administered by different organizations with different policies. But they all maintain DNS servers for their TLD, which, from a command line, you can see using basic DNS query tools:

[ghoti@pc ~]$ host -t ns ca.
ca name server c.ca-servers.ca.
ca name server e.ca-servers.ca.
ca name server z.ca-servers.ca.
ca name server a.ca-servers.ca.
ca name server f.ca-servers.ca.
ca name server sns-pb.isc.org.
ca name server j.ca-servers.ca.
ca name server k.ca-servers.ca.
ca name server tld.isc-sns.net.
ca name server l.ca-servers.ca.
[ghoti@pc ~]$ host -t ns info
info name server c0.info.afilias-nst.info.
info name server d0.info.afilias-nst.org.
info name server b2.info.afilias-nst.org.
info name server b0.info.afilias-nst.org.
info name server a2.info.afilias-nst.info.
info name server a0.info.afilias-nst.info.
[ghoti@pc ~]$

When you buy a domain from a registrar (of which there are many), that registrar submits information about the domain to the registry (of which there is just one per TLD). It is the responsibility of each registry to maintain the list of registered domains within their TLD, and maintain the DNS servers that provide this info to other servers.

Find DNS Server Address in Windows 7 – How to Locate

If you know your public IP address simply enter in a command prompt window:

nslookup <your public IP>

You can also specify the name server to check against by appending it to the above command.

You can get your current IP address from sites like http://whatismyip.com