How does your domain name become an IP address?

[[420883]]

This article is reprinted from the WeChat public account "SH's Full Stack Notes", author SH's Full Stack Notes. Please contact SH's Full Stack Notes public account for reprinting this article.

Maybe everyone knows or has been asked a question, which is the classic question "What happens from entering a URL in the browser to displaying the page?" Although this question is simple, the differences in the levels of different people can really be seen from the details of the answers.

This article mainly talks about the first step after entering the URL - domain name resolution

The domain name is similar to www.google.com, and through the ping command, you can query the IP address of the corresponding domain name.

Why do we need both a domain name and an IP?

Domain name and IP coexistence

First of all, let me explain why the current situation of coexistence of domain names and IP addresses occurs. There are two main reasons:

• Improve user experience
• Improve operational efficiency

To explain separately, the IP address is 32 bits long. If it is usually expressed in decimal, it looks like this - 192.168.1.0. But imagine, if we need to enter such a long string of numbers to visit a website, the experience must be quite bad. First of all, it is painful for many people to remember such a long string of numbers, not to mention that we must use more than one website frequently.

In addition, if you promote your website to other people, you say a lot of blah blah, and then say "If you are interested, please visit our website 192.168.1.0", and then nothing happens.

This is why domain names are still used today to make it easier for the human brain to remember.

Why do we still need IP addresses? Because the IP address in IPv4 only needs 4 bytes, while the domain name represented by a string requires at least dozens of bytes, and the longest can even reach hundreds of bytes, which will greatly increase the burden on the underlying routers.

This is why IP addresses are still used. People use domain names, and the router layer uses IP addresses, just like what we write is characters we can recognize, and the computer finally recognizes a bunch of binary.

DNS resolution

After knowing this background, we can take a look at how the "domain name" is converted into an "IP address".

First of all, we know that a request will be sent to the DNS server, so the question is, how does the browser know the address of the DNS server?

The answer is that it is pre-configured. Of course, this is not the only way, DNS can also be dynamically assigned through DHCP (Dynamic Host Configuration Protocol).

For example, the DNS configuration in MacOS looks like this.

Of course, you can also view and modify it through the command line, the address is /etc/resolv.conf.

With a DNS server, you might think that the next thing is very simple:

I send you a domain name, and you return me the corresponding IP address. Then the question is, there are tens of thousands of DNS servers on the Internet now, how do I know which server the data is on? Do I have to traverse and request these tens of thousands of servers one by one?

I believe you definitely don't realize that it takes so long from entering a domain name in a browser to displaying the page, which also shows that it is definitely not traversing one server at a time.

Domain Name Composition

To understand how DNS optimizes it, we need to know the components of a domain name. Seeing this, you may think:

• What does it consist of? Isn't it just a bunch of strings?

In fact, a domain name is composed of different domains, and each part separated by . is a domain.

For example, suppose the domain name we are analyzing is www.google.com. Based on our usual thinking of writing the delivery address of express delivery, the sizes of the various parts of this domain may be like this:

• www > google > com

But it is not actually like this, instead:

• . > com > google > www

You may even find that the largest dot is . In fact, the complete domain name should be www.google.com. The dot represents the root domain, because the root domain has the same meaning for all domain names, so we usually omit the last dot.

Each domain has its own unique name:

• . > com > google > www

Root domain | First-level domain | Second-level domain | (subdomain) | Host name

Of course, we know that we can also divide the second-level domain name into subdomains, similar to mail.google.com.

So after reading this, you should be able to understand the concept that domain names are composed of levels. Let me give you a more common example.

• www.google.com, a division of Google. https://mail.google.com/mail/u/0/#inbox

DNS Hierarchy

After understanding the stratification of domain names, the question of how DNS optimizes domain name resolution is easily solved, that is - stratification.

The DNS server will store the domain name data in a distributed manner on each DNS server, but the data of the same domain will be stored on the same DNS server. The same DNS server can store data of multiple domains.

This may sound a bit abstract, but a picture is worth a thousand words, so here it is:

With the data layered, querying the data will be rhythmic.

Query domain name data

A picture is worth a thousand words. With the layered mechanism, the entire query process will look like this:

First, it will query the configured DNS server, which is usually the local or intranet DNS server. If it can't find it, it will ask the root domain for it, saying, "Hey, man, I need the IP address of www.google.com."

I looked at the root domain and found that it was not there, but I knew the DNS server address of the com domain, so he might know it.

Then the DNS server of the com domain takes a look and says, I don’t know the IP address of www.google.com, but I know the address of the DNS server of the google.com domain, so he may know it. You can ask him.

Keep asking like this and you will eventually find the IP address corresponding to www.google.com.

Root DNS Servers

After reading the above process, you may still have some questions. Because when you look for a DNS server to query the IP address, the initial DNS server IP address is configured by the local computer. So when doing hierarchical queries, how do I know which root servers there are? And how do I know what the IP addresses of these root servers are?

The answer is built-in.

Our devices, or all devices that can access the Internet, have a list of root servers built in. There are a total of 13 root DNS servers, namely [am].root-servers.net, and the addresses of these root servers can be obtained directly without any query.

Of course, if you think about it, you will know that 13 servers can hardly handle the requests of global Internet users. In fact, there are many mirror servers for these 13 servers.

seeing is believing

After talking about so many abstract concepts, let's use the dig command to actually operate it.

As you can see, the full domain name under the QUESTION SECTION is www.google.com. It includes the root domain. What do the IN and A at the end mean?

This is because when querying a DNS server, three parameters are required, namely:

• Domain name (e.g. www.google.com)
• Network type (Class was originally designed with multiple networks in mind, but there is only one network, the Internet, so the value of this parameter will always be IN )
• Type (for example, A for an IP address and MX for the address of a mail server)

In the ANSWER SECTION, there is the response result of the DNS service. The above figure shows that there are a total of 6 DNS records, and their corresponding IP addresses are returned later.

The 69 is the TTL, which is in seconds, indicating that there is no need to send the request again within 69 seconds.

At the bottom is the statistical information, the time taken for this DNS query, and the address and port of the requested DNS server. This server address is the address of the DNS server configured on our machine.

The sharp-eyed may have noticed that the above figure does not include any requests to the root servers. This is because the command omits this part. We can view the detailed hierarchical query process by adding the +trace command line parameter.

This time we take www.36kr.com as an example.

As you can see, all the root domain name servers are listed in the above figure, and then the com domain is searched for, and then the 36kr.com domain is searched for, and finally the IP address of www.36kr.com is obtained.

Cache mechanism

Of course, it is obviously unreasonable to start searching from the root server every time, because the correspondence between domain names and IP addresses does not change frequently, so the DNS server will cache the results.

And, in the following figure:

I only wrote that there is domain information of the same level in one DNS server, but in fact, domain information of different levels may exist in the same DNS server. For example, the com domain and the google.com domain may be on the same machine.

However, this cache has an expiration date. If the DNS data changes during this period, the data in the cache will be incorrect and you will need to manually delete the DNS.