How does DNS work? See how this "translator" converts domain names and IP addresses

  [[277197]]

1. What is DNS?

DNS (Domain Name System) is the abbreviation of "Domain Name System". It is a naming system for computers and network services organized into a domain hierarchy. It is used in TCP/IP networks. The service it provides is to convert host names and domain names into IP addresses. You can think of it as a huge phone book.

For example, if you want to access the domain name math.stackexchange.com, you must first find out its IP address through DNS: 151.101.129.69.

DNS is such a "translator". Its basic working principle can be represented by the following figure:

2. DNS domain name space structure

The Domain Name System is a hierarchical and distributed database that contains various types of data, including host names and domain names. The names in the DNS database form a hierarchical tree structure called the domain namespace.

DNS domain name space structure

Root domain: DNS domain names use a trailing period '.' to specify names at the root or higher level of the domain hierarchy.

Top-level domain: used to indicate a country, region or organization. It uses three characters, such as com -> commercial company, edu -> educational institution, net -> network company, gov -> non-military government agency, etc.

Second-level domain: A registered name used by an individual or organization on the Internet. It is composed of two characters, such as cn -> for China, jp -> for Japan, uk -> for the United Kingdom, hk -> for Hong Kong, etc.

Host: The host name is at the bottom of the domain name space structure. The host name and domain name together form the FQDN, and the host name is the leftmost part of the FQDN.

3. DNS acquisition process

DNS is an application layer protocol. In fact, it works for other application layer protocols, including but not limited to HTTP, SMTP, and FTP, and is used to resolve the host name provided by the user into an IP address.

The specific process is as follows:

① The DNS client is running on the user's host, that is, our PC or mobile client is running the DNS client.

② The browser extracts the domain name field from the received URL, which is the host name being visited, such as http://www.baidu.com/, and transmits this host name to the client of the DNS application.

③The DNS client sends a query message to the DNS server, which contains the host name field to be accessed (including a series of cache queries and the work of the distributed DNS cluster).

④The DNS client will eventually receive a reply message, which contains the IP address corresponding to the host name.

⑤Once the browser receives the IP address from the DNS, it can initiate a TCP connection to the HTTP server located by the IP address.

IV. DNS Service Architecture

The function of DNS service: resolve domain names into IP addresses, and resolve IP addresses into domain names.

Suppose that some applications (such as a web browser or mail reader) running on the user's host need to convert host names to IP addresses. These applications will call the client side of DNS and specify the host name that needs to be converted. (On many UNIX-based machines, the application needs to call the function gethostbyname() to perform this conversion.) After receiving the DNS client on the user's host, it sends a DNS query message to the network. All DNS request and reply messages use UDP datagrams sent through port 53 (as for why UDP is used, please refer to Why can there only be 13 domain name root servers? - Guo Wuxin's answer) After a delay of several milliseconds to several seconds, the DNS client on the user's host receives a DNS reply message that provides the desired mapping. This query result is then passed to the application that calls DNS. Therefore, from the perspective of the application calling the user's host, DNS is a black box that provides a simple and direct conversion service. But in fact, the black box that implements this service is very complex. It consists of a large number of DNS servers distributed around the world and an application layer protocol that defines how the DNS server communicates with the querying host.

5. Why does DNS not adopt a single-point centralized design, but a distributed cluster working method?

A simple design pattern for DNS is to use only one DNS server on the Internet, which contains all mappings. In this centralized design, clients send all query requests directly to a single DNS server, and the DNS server responds directly to all query clients. Although this design is very tempting, it is not suitable for the current Internet. Because the current Internet has a huge and growing number of hosts, this centralized design will have single point failures, communication capacity (hundreds of millions of hosts send query DNS message requests, including but not limited to all HTTP requests, email message servers, TCP long connection services), long-distance time delay (for example, Australia to New York), and high maintenance costs (because all host name-IP mappings must be updated at a service site) and other problems.

There are generally three types of DNS servers: root DNS servers, top-level DNS servers, and authoritative DNS servers.

6. DNS service working process

When a DNS client needs to query a name used in a program, it queries a local DNS server to resolve the name. Each query message sent by the client includes three pieces of information to specify the questions that the server should answer.

• Specifies the DNS domain name, expressed as a fully qualified domain name (FQDN).
• Specifies the query type, which can specify resource records by type, or be a specialized type of query operation.
• The specified category of a DNS domain name.

For DNS servers, it should always be specified as the Internet class. For example, the specified name can be the fully qualified domain name of the computer, such as im.qq.com, and the specified query type is used to search for address resource records by that name.

DNS queries are resolved in a variety of different ways. Clients can also sometimes answer queries locally by using cached information from previous queries. A DNS server can answer queries using its own cache of resource record information, or it can query or contact other DNS servers on behalf of the requesting client to fully resolve the name and then return the answer to the client. This process is called recursion.

In addition, the client can also try to contact other DNS servers to resolve the name. If the client does this, it will use independent and additional queries based on the server's answer. This process is called iteration, that is, the interactive query between DNS servers is an iterative query.

The DNS query process is as follows:

DNS query process

1. Enter the domain name www.qq.com in the browser. The operating system will first check whether there is a URL mapping relationship in its local hosts file. If so, it will call the IP address mapping first to complete the domain name resolution.

2. If there is no mapping for this domain name in hosts, search the local DNS resolver cache to see if there is a mapping relationship for this URL. If so, return directly to complete the domain name resolution.

3. If there is no corresponding URL mapping relationship between hosts and the local DNS resolver cache, the first step is to find the preferred DNS server set in the TCP/IP parameters. Here we call it the local DNS server. When this server receives the query, if the domain name to be queried is included in the local configuration area resources, it returns the resolution result to the client to complete the domain name resolution. This resolution is authoritative.

4. If the domain name to be queried is not resolved by the local DNS server area, but the server has cached this URL mapping relationship, then this IP address mapping will be called to complete the domain name resolution. This resolution is not authoritative.

5. If the local zone file and cache resolution of the local DNS server are both invalid, the query will be performed according to the settings of the local DNS server (whether the forwarder is set). If the forwarding mode is not used, the local DNS will send the request to 13 root DNS servers. After receiving the request, the root DNS server will determine who is authorized to manage the domain name (.com) and return an IP address of the top-level domain name server responsible for the domain name. After receiving the IP information, the local DNS server will contact the server responsible for the .com domain. After receiving the request, if the server responsible for the .com domain cannot resolve it, it will find a next-level DNS server address (http://qq.com) that manages the .com domain and give it to the local DNS server. When the local DNS server receives this address, it will find the http://qq.com domain server and repeat the above steps to query until the www.qq.com host is found.

6. If the forwarding mode is used, this DNS server will forward the request to the upper-level DNS server, which will resolve it. If the upper-level server cannot resolve it, it will either look for the root DNS or forward the request to the upper-level server, and so on. Regardless of whether the local DNS server uses forwarding or root hinting, it will eventually return the result to the local DNS server, which will then return it to the client.

The query from the client to the local DNS server is a recursive query, while the interactive query between DNS servers is an iterative query.