How the Domain Name System Works
The Domain Name System.
At its most basic level, Domain Name System (DNS
) is a directory of translations between human readable domain names (such as google.com or amazon.com), and IP Addresses
What is an IP Address?
An Internet Protocol address (IP
Address) is a numerical label assigned to each device connected to a computer network, that uses the Internet Protocol for communication. It serves two main functions, network interface identification and location addressing.
There are two versions of IP Addresses available and in common use, IPv4 and IPv6. IPv6 started to become more widespread after the mid 2000s, due to the rapid exhaustion of IPv4 addresses available. You can easily tell the difference between an IPv4 (22.214.171.124) and an IPv6 address (0:0:0:0:0:ffff:808:808) by the length of the address.
Every device on a network needs to have an IP Address. IP Addresses can be public, or private and reserved IP Addresses are used for private IP Addresses.
- Class A — 10.0.0.0/8 10.0.0.0–10.255.255.255
- Class B — 172.16.0.0/12 172.16.0.0–172.31.255.255
- Class C — 192.168.0.0/16 192.168.0.0–192.168.255.255
IP Addresses are a huge topic in their entirety, I will follow up with a post dedicated to IP Addresses in the future
DNS Resolution is the process of converting a hostname into an IP Address.
There are 4 operations that are required to load a webpage.
The recursor is a server designed to receive queries from clients. It will act as a middleman between the client and the DNS nameserver. It will return data from its cache if it exists, or will directly lookup the root nameserver.
The Root Nameserver
The root nameserver contains information that makes up the root zone, which is the global list of top level domains. The root zone contains;
- generic top level domains such as .com, .net, and .org
- country code top level domains such as .uk for the UK
- internationalised top level domains, which are essentially top level domain names written in the countries local character sets
Top Level Domain Nameserver
A TLD (top-level domain) is the highest level of domain names in the root zone of the DNS of the Internet. Internet Corporation for Assigned Names and Numbers (ICANN) looks after most top-level domains.
The authoritative nameserver is the last operation in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor. This server holds the actual DNS records (A, CNAME, etc) for a particular domain
Authoritative DNS Server vs Recursive DNS Resolver?
The main difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end of the query.
The client will make a request to recursive DNS server to find the IP address associated with the website, assuming your operating system and web-browser do not already have it cached.
The recursive server will check to see if itself has the IP cached, and if is within a valid time to live (TTL). If not, it starts a recursive (repeating a process and referring back to itself) process of going through the authoritative DNS server hierarchy.
The authoritative DNS server is responsible for the IP “mapping” of the intended website. The authoritative servers will respond to the recursive servers.
Authoritative servers are typically managed by web-hosting companies, and the recursive servers are mainly used to lessen the load on the authoritative servers, and provide a level of caching.
DNS lookups (A guide when nothing is cached)
A user types a website into a browser, such as in this example hackernoon.
com The request is initially picked up by a DNS recursive resolver.
The DNS recursive resolver queries a DNS root nameserver (.).The root server then responds with the address of a Top Level Domain, and is pointed toward the .com top level domain, and a request is made to it.The top level domain nameserver responds with the IP address of the domain’s nameserver, hackernoon.
The recursive resolver the sends a query to the domain’s nameserver, and the IP address for hackernoon.
com is then returned to the resolver from the nameserver. The IP is then sent back to the web browser and the browser then makes a HTTP request to the IP address, and the content returned from the server is rendered
DNS Query Types
In a typical DNS lookup, three types of queries are used.
In an ideal situation cached record data will be available, allowing a DNS name server to return a non-recursive query.
Recursive DNS query
For a recursive query, the DNS client requires that a DNS server will respond to the client with either the resource record or an error message if the resolver can’t find the record.
Iterative DNS query
For an iterative DNS query, the DNS client will allow the DNS server to return the best answer it can.
If the queried DNS server does not have a match for the query name, it returns a referral to a DNS server authoritative. The DNS client then makes a query to the referral address. This process continues with additional DNS servers down the query chain until either an error or timeout occurs.
Non-Recursive DNS query
For a non-recursive query, the DNS Resolver already knows the answer.
It either immediately returns a DNS record because it already stores it in local cache, or queries a DNS Name Server which is authoritative for the record. In both cases, there is no need for additional rounds of queries, so a response is immediately returned to the client
DNS caching, and where does DNS caching occur?
Caching temporarily stores data in a location that results in improvements in performance and reliability for data requests.
DNS caching stores data closer to the requesting client so that the DNS query can be resolved earlier and other queries can be avoided. This improves load times.
DNS data can be cached in a variety of locations, each of which will store DNS records for a set amount of time determined by a time-to-live (TTL).
Browser DNS caching
Web browsers are designed to cache DNS records for a set amount of time.
The closer the DNS caching occurs to the web browser, the fewer processing steps must be taken in order to check the cache and make the correct requests to an IP address.
The browser cache is the first location checked for the requested record.
Operating system DNS caching
Your operating system is the last place a cache can be used before a DNS query leaves your machine.
When a record is not cached in your browser, the operating system resolver checks its own cache to see if it has the record.
If it does not, it then sends a DNS query outside the local network to a DNS recursive resolver inside the Internet service provider (ISP), which is usually the default, or the resolver set within your router.
When the recursive resolver receives the DNS query, it will also check to see if the requested host translation is already stored inside its cache.
The recursive resolver also has additional functionality depending on the types of records it has in its cache.
How the recursive resolver efficiently resolves?
If the resolver does not have the A records, but does have the NS records for the authoritative nameservers, it will query those name servers directly, bypassing several steps in the DNS query. This shortcut prevents lookups from the root and .com nameservers (in our search for example.com) and helps the resolution of the DNS query occur more quickly.
If the resolver does not have the NS records, it will send a query to the TLD servers (.com in our case), skipping the root server.
In the unlikely event that the resolver does not have records pointing to the TLD servers, it will then query the root servers. This event typically occurs after a DNS cache has been purged
Subscribe to get your daily round-up of top tech stories!