1. Domain name system - DNS

Domain Name System (DNS) is one of the core and indispensable components of the Internet. The Domain Name System (DNS) was designed to address a seemingly simple yet fundamental problem: the mapping between domain names (human-readable and easy-to-remember identifiers) and IP addresses (unique identifiers of devices on the network). Serving as the “address book of the Internet”, DNS enables devices to communicate efficiently using domain names instead of complex and hard-to-remember IP addresses.

Conceptually, the Domain Name System (DNS) is a distributed system organized in a hierarchical tree structure. Each node in the DNS tree represents a domain or a subdomain, managed by DNS servers (also known as name servers). The system operates on the principles of delegation and distributed management, where each level of the DNS hierarchy is responsible for storing and providing mapping information for a specific domain. This design not only enables DNS to scale globally, serving billions of users and devices, but also ensures stability and resilience in the face of network failures.

The primary function of DNS servers is to provide domain name resolution services. When a user enters a domain name into a web browser — for example, www.vnnic.vn — the DNS servers translate this domain name into its corresponding IP address, enabling the device to connect to the desired service. This process takes place through a series of DNS queries, handled by different servers across various hierarchical levels of the DNS system.

2. Domain Name System Architecture

The Domain Name System (DNS) is a distributed database characterized by the following features: 

  • It allows local management of different portions within the global domain name system.

  • The data in each portion can be accessed across the entire network through a client–server mechanism. 

  • The database ensures the stability and consistency of the overall domain name system. 

    Within the DNS, the domain name space is organized in a hierarchical tree structure, which is used to arrange and manage domain names effectively 

According to the hierarchical tree structure, domain names are divided into several levels:

Root Domain: The highest level in the Domain Name System, represented by a dot (“.”). The root domain has no specific name but serves as the starting point for all domain names.

  • Top-Level Domain (TLD): The domain immediately below the root, for example: .vn, .us, .com, .net, etc.

  • Second-Level Domain: The domain located below the TLD, for example: vnnic.vn, vnpt.vn, viettel.vn, etc.

  • Third-Level Domain: The domain located below the second level, for example: mail.vnnic.vn.

  • Fourth-Level Domain: The domain located below the third level, for example: mx.mail.vnnic.vn.

  • Lower Levels: Additional sub-levels may exist as needed, depending on organizational and management requirements.

This hierarchical model ensures the uniqueness of each domain name and supports efficient management and information lookup across the entire domain name system.

The list of Top-Level Domains (TLDs), including generic Top-Level Domains (gTLDs), country-code Top-Level Domains (ccTLDs), and new generic Top-Level Domains (new gTLDs), can be found at: Root Zone Database 

3. Structure of the ccTLD ".vn"

In Viet Nam, the country-code top-level domain (ccTLD) ".vn" has been delegated by ICANN as the national domain name. 

The structure of Viet Nam ".vn" domain name is defined in Circular No. 48/2025/TT-BKHCN dated December 25, 2025, issued by the Ministry of Science and Technology.

1. The Vietnam national domain name

“.vn” includes non-accented domain names and Vietnamese language domain names:

a) Non-accented domain names are ASCII code domain names, in which the characters constituting the domain name are characters prescribed in the ASCII code table, including non-accented domain names at all levels subordinate to the Vietnam national domain name “.vn”;

b) Vietnamese language domain names are multilingual domain names, in which the characters constituting the domain name are characters prescribed in the Vietnamese character table, the extended Vietnamese character table according to standard TCVN 6909:2001, and the hyphen “-”, including Vietnamese language domain names at all levels subordinate to the Vietnam national domain name “.vn”.

2. The structure of the Vietnam national domain name ".vn" includes:

a) Shared second-level ".vn" domain names classified by sector;

b) Shared second-level ".vn" domain names classified by administrative unit;

c) Private second-level ".vn" domain names;

d) Third-level ".vn" domain names, which are domain names subordinate to shared second-level ".vn" domain names classified by sector and shared second-level ".vn" domain names classified by administrative unit.

3. Shared second-level ".vn" domain names classified by sector

These are Vietnam national domain names ".vn" named according to fields of activity in economic and social life and are intended for shared use without being allocated separately to any specific agency, organization, enterprise, or individual, including:

a) COM.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in the fields of commerce and services;

b) BIZ.VN: Agencies, organizations, enterprises, and individuals may register; suitable for business, production, and startup activities;

c) EDU.VN: Reserved exclusively for agencies, organizations, and enterprises operating in the fields of education and training;

d) GOV.VN: Reserved exclusively for state agencies and public non-business units at central and local levels for the purpose of state management;

đ) NET.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in the field of establishing and providing network services;

e) ORG.VN: Reserved exclusively for agencies, organizations, and enterprises; suitable for economic, political, cultural, and social activities;

g) INT.VN: Reserved exclusively for agencies, organizations, and enterprises; suitable for international activities;

h) AC.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in the fields of scientific research and knowledge development;

i) PRO.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in highly specialized fields;

k) INFO.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in the field of providing information online;

l) HEALTH.VN: Agencies, organizations, enterprises, and individuals may register; suitable for activities in the fields of pharmaceuticals, medicine, and healthcare;

m) NAME.VN: Agencies, organizations, enterprises, and individuals may register according to names such as full names, abbreviations, trade names, aliases, etc., of such agencies, organizations, enterprises, or individuals;

n) ID.VN: Reserved exclusively for individuals who are Vietnamese citizens; suitable for use for personal images, products, and brands in the online environment;

o) IO.VN: Agencies, organizations, enterprises, and individuals may register; suitable for technology applications, platforms, and services in the online environment;

p) AI.VN: Agencies, organizations, enterprises, and individuals may register; suitable for use for activities and services related to the field of artificial intelligence;

q) AP.VN: Agencies, organizations, enterprises, and individuals may register; suitable for use for activities involving software development, mobile applications, and digital platforms;

r) AD.VN: Agencies, organizations, enterprises, and individuals may register; suitable for use for activities involving promotion, marketing, design, content creation, and digital brand development;

s) ON.VN: Agencies, organizations, enterprises, and individuals may register; suitable for use for online activities, e-commerce, digital learning, and service development on technology platforms;

t) Other domain names planned for shared use or protected by the Ministry of Science and Technology to ensure requirements for the management and development of Internet resources in Vietnam.

4. Shared second-level ".vn" domain names classified by administrative unit

These are domain names named after provincial-level administrative units and are intended for shared use according to Internet resource planning without being allocated separately to any specific agency, organization, enterprise, or individual.

The list of shared second-level ".vn" domain names classified by administrative unit is issued in Appendix I attached to this Circular.

5. Private second-level ".vn" domain names

These are Vietnam national domain names ".vn" intended for agencies, organizations, enterprises, and individuals to register for use according to specific requirements.

6. Third-level ".vn" domain names

These are domain names subordinate to shared second-level ".vn" domain names classified by sector and shared second-level ".vn" domain names classified by administrative unit, intended for agencies, organizations, enterprises, and individuals to register for use according to specific requirements.

The Domain Name System (DNS) is organized in a hierarchical structure. The top level is called the ROOT, denoted by “.”. The global organization responsible for managing the DNS system is the Internet Corporation for Assigned Names and Numbers (ICANN). This organization manages the highest level of the DNS (the ROOT level) and therefore has the authority to allocate domain names at the next lower levels.

4. How to read a domain name

Consider the domain name www.example.com.vn

A domain name is read from left to right. In this example, the domain name is composed of the labels “www”, “example”, “com”, and “vn”. The first label, “www”, commonly represents a service or a host name. The next part, “example”, is the third-level domain, followed by “com”, which is the second-level domain, and finally “vn”, which is the top-level domain (TLD).

Based on the hierarchical structure of the domain name space described above, users can easily determine which sector or organization a domain belongs to and which country manages it.
In this case, since the domain name ends with “.vn”, it is part of Viet Nam’s country-code top-level domain (ccTLD), managed by the Vietnam Internet Network Information Center (VNNIC).

The second-level domain “.com” indicates that the domain is registered for organizations operating in the commercial or business sector.

5. Domain Naming Rules

A domain name should be simple and easy to remember, reflecting the purpose and scope of the organization that owns it.

Each domain name can contain up to 63 characters, including the dots (“.”). Domain names may consist of letters (a–z, A–Z), digits (0–9), and the hyphen (“-”) character

6. What is a Name Server

A name server is a server that stores the database used to translate between domain names and IP addresses. In accordance with the hierarchical structure of the Domain Name System (DNS), each level and type of domain has corresponding name servers responsible for serving domains at that level and of that type. Root-level name servers contain the database managing top-level domains (TLDs), while each country operates its own national-level name servers for managing country-code domains (ccTLDs).

The DNS system defines two types of name servers: Primary Name Server and Secondary Name Server.

Primary Name Server (also known as Primary DNS Server, Master DNS Server, or simply DNS Primary or DNS Master):
This server is responsible for managing and storing the authoritative data of a DNS zone. All resource records (RRs) within the zone are created, modified, or deleted on this server. It is considered the official source of DNS data for the zone it manages.

Secondary Name Server (also known as Secondary DNS Server, Slave DNS Server, or simply DNS Secondary or DNS Slave):
This server is a replica of the Primary DNS Server, designed to act as a backup and load-sharing system. Its data is replicated from the Primary DNS Server through a synchronization process called zone transfer, ensuring that both servers maintain identical sets of DNS data.

7. DNS ROOT Server

The DNS Root Server (or Root Name Server) is the highest-level domain name server in the hierarchical structure of the Domain Name System (DNS). Root servers do not store information about specific domain names; instead, they provide information about authoritative name servers for lower-level domains. When a DNS resolver cannot find the requested information in its cache, it sends a query to a root server. The root server responds with a list of top-level domain (TLD) name servers (such as those for .vn, .us, .com, .net, etc.).

The resolver then continues querying down the hierarchy until it reaches the authoritative name server responsible for the specific domain being requested. Through this mechanism, the root name servers play a critical role in enabling domain name resolution across the global DNS. There are 13 main root name servers distributed worldwide to ensure the availability, stability, and reliability of the DNS system. These servers are identified by letters A through M.

8. Resource Records
Record A

An A Record (Address Record) is one of the most fundamental and commonly used DNS record types. It maps a domain name to an IPv4 address, allowing the DNS resolver to translate a human-readable name into a numerical IP address. This enables network connections between clients and servers. The A record forms the foundation of online services operating over the IPv4 protocol.

Syntax:  

domain == IN A <IPv4 Address>

Example: 

academy.vnnic.vn IN A 14.225.18.34

AAAA Record

An AAAA Record (Quad-A Record) is a DNS record type used to map a domain name to an IPv6 address. Defined in RFC 3596, it extends the functionality of the A record, which was originally designed for IPv4.
With the global transition to IPv6 to address IPv4 exhaustion, the AAAA record plays a crucial role in enabling services to operate effectively in modern IPv6-based networks.

Syntax:  

domain IN AAAA <IPv6 address of the server>

Example: 

ipv6.vnnic.vn IN AAAA 2001:0db8:85a3:0000:0000:8a2e:0370:7334

CNAME Record

A CNAME Record (Canonical Name Record), standardized in RFC 1035, is used to define an alias for an existing domain or host that has an A record.

The CNAME record allows one machine or service to be known by multiple domain names. In other words, multiple domain names can point to the same IP address through a CNAME record.

To declare a CNAME record, there must first be an A record specifying the canonical domain name — the primary domain that points to the server’s IP address. Any additional domain names that refer to the same resource are declared as alias domains through the CNAME record.

Syntax: 

alias-domain IN CNAME canonical-domain.

Example: 

training.vnnic.vn IN CNAME academy.vnnic.vn.

academy.vnnic.vn IN A 14.225.18.34

In this example, training.vnnic.vn is an alias of academy.vnnic.vn, and both domain names point to the same IP address 14.225.18.34

MX Record

An MX (Mail Exchange) Record specifies the mail transfer agent (MTA) responsible for receiving email messages on behalf of a domain.

For example, to ensure that email messages sent to addresses in the form user@vnnic.vn are delivered to the mail server mail.vnnic.vn, the DNS database must include the following MX record: vnnic.vn IN MX 10 mail.vnnic.vn

The parameters in the MX record above are:

  • vnnic.vn : the domain name used for email addresses.

  • mail.vnnic.vn: the hostname of the mail transfer server (MTA), i.e., the machine responsible for handling email delivery.

  • 10 : the priority value, which can be any integer between 1 and 255. A lower number indicates a higher priority, meaning the mail will be delivered to that server first.

Example:

vnnic.vn.               IN      MX      10 mailgw1.vnnic.vn.

vnnic.vn.               IN      MX      20 mailgw2.vnnic.vn.

In this configuration, all emails sent to user@vnnic.vn will first attempt delivery to mailgw1.vnnic.vn. If mailgw1.vnnic.vn is unavailable, the messages will be redirected to the backup server mailgw2.vnnic.vn.

NS Record

An NS (Name Server) Record specifies the authoritative DNS servers for a given domain. It indicates which name servers store and manage the DNS data for that domain. Each domain must have at least two authoritative name servers for redundancy and stability.

Syntax: 

<domain> IN NS <name server hostname>

Example:

vnnic.vn. IN NS dns1.vnnic.vn.

vnnic.vn. IN NS dns2.vnnic.vn.

In this example, the domain vnnic.vn is managed by the name servers dns1.vnnic.vn and dns2.vnnic.vn. This means that all DNS records such as A, CNAME, MX, and subdomain entries for vnnic.vn are stored and managed on these servers.

PTR Record

The PTR (Pointer) Record is used for reverse DNS lookup, allowing an IP address to be resolved back to its corresponding domain name. While most DNS queries map domain names to IP addresses, PTR records perform the opposite function.

PTR Record example:

12.0.162.203.in-addr.arpa IN PTR mail.vnnic.vn

This record allows the DNS to return the domain name mail.vnnic.vn when queried with the IP address 203.162.0.12.

TXT Record

A TXT (Text) Record, defined in RFC 1035, allows administrators to store arbitrary text information in the DNS database. Originally designed for descriptive or administrative notes, TXT records are now widely used for email authentication and security mechanisms.

Basic Syntax:

<domain> IN TXT "<text>"

Example:

vnnic.vn.   IN   TXT   "v=spf1 include:_spf.vnnic.vn ~all"

Explanation:

  • vnnic.vn is the domain name.

  • TXT is the record type

  • “v=spf1 include: spf.vnnic.vn ~all” is the text string, in this case, used to configure SPF (Sender Policy Framework).

Common Uses of TXT Records:

  • Email authentication via SPF, DKIM, and DMARC to prevent email spoofing.

  • Storing custom data required by specific applications or cloud services.

  • Domain verification and configuration on cloud and SaaS platforms.