How does DNS affect your surfing speed?

This article introduces DNS-related knowledge in detail, including the working principle of DNS, how to improve the speed of domain name resolution, and DNS records and messages.

1. Domain Name and Domain Name Server

In daily Internet surfing, people prefer to enter the domain name of the website in the browser instead of the IP address for the sake of easy memory. For example, if you want to visit Baidu, you will enter www.baidu.com instead of 202.108.22.5 (or other IP addresses of Baidu website).

However, the identifier recognized in computer network communications is not the domain name, but the IP address, because it can provide the location information of the host on the Internet and is of fixed length, making it easier for devices such as routers to handle.

In order to compromise the different preferences of humans and computers, DNS (Domain Name System) came into being. Its main task is to find the corresponding IP address based on the domain name.

The following will first introduce domain names and domain name servers, and then introduce the working principle of DNS.

A domain name consists of several English character strings (not case-sensitive), and each character string is separated and connected by a period (."). The one to the right indicates a higher level domain name.

For example, Baidu's domain name is www.baidu.com, where com is the top-level domain name (first-level domain name), baidu is the second-level domain name, and www is the third-level domain name.

The domain name server (also called DNS server) is responsible for storing the mapping relationship between domain names and IP addresses. When we need to obtain the IP address corresponding to a domain name, we only need to query it from the domain name server.

Since there are so many domain names, if they are all stored in one domain name server, not only will the query speed be slow, the server pressure will be high, and it will be difficult to ensure the reliability of the service. Therefore, DNS adopts a distributed design solution, and a large number of domain name servers are organized in a hierarchical manner and distributed all over the world.

Generally speaking, domain name servers can be divided into the following four categories:

• Root domain name server: The highest level domain name server. There are 13 root domain name servers on the Internet (named in sequence from A to M, in the format of [a~m].root-servers.net). Each root domain name server knows the IP addresses of all top-level domain name servers, such as the IP address of the top-level domain name server responsible for the com domain.
• Top-level domain name server: For each top-level domain name, such as com, org, edu, etc., there is a corresponding top-level domain name server. The top-level domain name server knows the IP addresses of all authoritative domain name servers it manages. For example, the top-level domain name server responsible for the com domain knows the IP address of the authoritative domain name server responsible for the baidu.com domain.
• Authoritative domain name server: A website needs to register its domain name and IP address with the corresponding authoritative domain name server. For example, the domain name and IP address of the website www.baidu.com are stored in the authoritative domain name server responsible for the baidu.com domain.
• Local DNS server: The local DNS server does not belong to the hierarchy of the above DNS servers, but it is very important to the DNS system. Each ISP (such as a university or a company) has a local DNS server (also called the default DNS server). The details are introduced in the next section.

2. Domain name resolution process

Now that we know the basics of domain names and domain name servers, let's take a look at the specific process of domain name resolution. Taking the Baidu domain name as an example, let's see how our host obtains the IP address of www.baidu.com.

1. The requesting host sends a DNS query message to the local domain name server, asking what the IP address of www.baidu.com is;
2. The local domain name server forwards this query message to the root domain name server;
3. The root domain name server finds that the top-level domain name to be queried is com, so it sends a response message to the local domain name server, which encapsulates the IP address list of the top-level domain name server responsible for the com domain;
4. After receiving the response message from the root domain name server, the local domain name server selects the IP address of one of the top-level domain name servers and sends a query message to it;
5. The top-level domain name server finds that the second-level domain name to be queried is baidu, so it sends a response message to the local domain name server, which encapsulates the IP address list of the authoritative domain name server responsible for the baidu.com domain;
6. After receiving the response message from the top-level domain name server, the local domain name server selects the IP address of one of the authoritative domain name servers and sends a query message to it;
7. The authoritative domain name server finds the IP address of www.baidau.com by querying the database, and encapsulates this information into a response message and sends it to the local domain name server;
8. The local domain name server sends the response message to the original request host. Our host knows Baidu's IP address, and the DNS query process ends.

In this process, the interaction between the requesting host and the local domain name server is called a recursive query, while the interaction between the local domain name server and the relevant servers in the domain name server hierarchy is called an iterative query.

How does the requesting host know the IP address of the local domain name server?

When the user plugs in the network cable or connects to WIFI, the computer will be assigned an IP address through the DHCP protocol. At the same time, it will also obtain the IP address of the local domain name server!

How does the local domain name server know the IP address of the root domain name server?

There are a total of 13 root domain name servers on the Internet. Their IP addresses are fixed and therefore integrated into the operating system. Every computer knows them!

In order to resolve the IP address of Baidu's domain name, a total of 8 DNS messages were sent. The user originally just wanted to interact with Baidu's server, but it took a lot of time to resolve the domain name. If this is done every time, wouldn't it be too slow? Therefore, there needs to be some way to improve the speed of domain name resolution.

3. Improve domain name resolution speed​

(1) TCP or UDP

We all know that TCP is more reliable than UDP, but slower.

Which transport layer protocol should DNS use?

• If the TCP protocol is used, not only a three-way handshake is required to establish a connection, but also congestion control is required. Then the domain name resolution speed will be very slow, which is not conducive to user experience.
• If UDP protocol is used, what happens if the packet is lost? If the IP address cannot be resolved, how can the target website be accessed? This is not conducive to user experience.

In fact, DNS mainly uses UDP. In special cases, TCP is also used, and the port number is 53.

Generally speaking, DNS messages are relatively small, and only one packet is needed to carry all the information. Since there is only one packet, there is no need to consider which packet is not delivered, and a packet can be resent directly. Therefore, there is no need to use a complex protocol like TCP, and the UDP protocol can be used directly. The DNS protocol handles timeout and retransmission issues by itself to provide reliability services.

Of course, sometimes the DNS message is relatively large, for example, a domain name may contain many IP records in the response message. When the server responds, it will set the TC flag in the message to 1, indicating that the response length exceeds 512 bytes, and this message only returns the first 512 bytes. When our host receives the response, it will use the TCP protocol to resend the original query request to obtain the complete message.

In addition, in order to prevent the local domain name server (primary domain name server) from crashing and causing the domain name to be unable to be resolved, the machine also needs to set up an auxiliary domain name server. When the primary domain name server crashes, the auxiliary domain name server continues to provide domain name resolution services. The auxiliary domain name server will periodically (usually every 3 hours) send query requests to the primary server to achieve synchronization. At this time, more data is transmitted, so the TCP protocol is used.

(2) DNS Cache

Even if the UDP protocol is used, it is still very slow if you need to start from the root server and query layer by layer every time, and the domain name servers in the hierarchical structure will receive a large number of requests, further reducing the processing speed!

In order to improve the speed of domain name resolution and reduce the pressure on domain name servers, DNS widely uses caching technology.

When a user visits a website, the local domain name server will cache the mapping relationship between the resolved domain name and IP address for a certain period of time. Before the cache expires, when the user visits the same website again, the local domain name server can directly return the query result without asking the root domain name server, top-level domain name server, etc., which can greatly reduce the number of DNS messages transmitted!

In fact, not only is a high cache set in the local domain name server, but the user host also has a cache. For Windows computers, you can query the current DNS cache through the command ipconfig/displaydns. For example, when I visit Baidu, the local computer will cache the following information:

Although caching improves the DNS resolution speed, it cannot guarantee consistency, because the mapping relationship between a website's domain name and IP address is not permanent, and the cached resolution result may be invalid. Therefore, the DNS cache time cannot be set too long!

Windows computers can also clear the local cache using the command ipconfig/flushdns.

(3) Switch the local domain name server

As mentioned earlier, when performing domain name resolution, the host will initiate a recursive query to the local domain name server. If the performance of the local domain name server is poor or the cache is not configured correctly, then our Internet access speed will become very slow. Therefore, choosing a good local domain name server will help improve surfing speed!

By default, when the machine is connected to the Internet, it will automatically obtain a DNS server address through the DHCP protocol. So if the performance of this server is not good, how can I change it?

Taking Windows as an example, you can modify the IP address of the local domain name server through Control Panel ​—> Network and Internet ​—> Network Connections ​—> Internet Protocol Version 4 (TCP/IPv4).

The IP addresses of common public DNS servers on the Internet are as follows:

​In general, the automatically acquired local domain name server is located in the same subnet as the host, and the speed is quite fast. However, if you find that the speed of opening a web page is very slow during Internet access, you can also try to use the public DNS server above, and the speed may be improved.

4. DNS records and messages

In fact, the domain name server stores not only the domain name and IP address, but also a resource record (RR).

A resource record contains four parts: Name, Value, Type, and TTL.

TTL refers to the lifetime of a record, measured in seconds, which determines the expiration time of the cached record.

The meaning of Name and Value varies with the Type. Here are some common examples:

• When Type = A (A is the abbreviation of Address, which can also be represented by the number 1), Name represents the domain name, and Value represents the corresponding IP address, such as (www.example.com, 93.184.216.34, A, 86400).
• When Type = NS (NS is the abbreviation of Name Server, which can also be represented by number 2), Name represents a domain, and Value is the domain name of the domain name server responsible for resolving the domain, such as (baidu.com, ns1.baidu.com, NS, 172800). This record is used to route DNS queries along the hierarchical query chain.

If a name server is the authoritative name server for a particular domain, it will have an A record that contains that domain.

If a name server is not authoritative for a particular domain name, it will contain an NS record that specifies which name server to resolve the domain name, and an A record that provides the IP address of the name server in the Value field of the NS record.

Next, let's introduce the specific content of the DNS message. DNS messages are divided into two categories: query messages and answer messages, both of which have the same format, as shown in the following figure:

• Transaction ID: An identifier used to identify a DNS query. A query message and its corresponding reply message have the same transaction ID, so it can be used to distinguish which request the DNS reply message responds to.
• Flags: This field contains several flags, such as a "QR" flag that indicates whether the message is a query message (0) or a reply message (1), and a "TC" flag that indicates whether the message length is greater than 512 bytes.
• Number of questions: corresponds to the number of query questions below (supports querying multiple domain names at the same time, usually one).
• Number of answer resource records: corresponds to the number of resource records related to the answer question below (a domain name may correspond to multiple IP addresses, so there will be multiple answer records).
• Number of authoritative resource records: corresponds to the number of resource records related to the authoritative domain name server below.
• Number of additional resource records: corresponds to the number of resource records related to the additional information below.
• Query question: This area is the query content, including the query domain name and query type (such as www.example.com, A).
• Answer the question: This zone is the query result and contains one or more resource records (such as www.example.com, 93.184.216.34, A, 300).
• Authoritative domain name server: This zone contains records of other authoritative domain name servers, that is, it contains resource records pointing to authoritative domain name servers to continue the resolution process. (such as baidu.com, ns1.baidu.com, NS, 172800).
• Additional Information: This area contains other helpful information, such as the IP address of the authoritative domain name server.

Finally, use Wireshark to capture a DNS query message and answer message:

Query message:

Reply message:

​​

This article is reproduced from the WeChat public account "Yifeng Shuoma", the author is "Yifeng Shuoma", and you can follow it through the following QR code.

Please contact the "Yifeng Shuo Ma" public account for reprinting this article.