What is DNS?
The Internet’s phonebook is called the Domain Name System (DNS). Domain names allow humans to access online information, such as espn.com and nytimes.com. Internet Protocol (IP), addresses are used by web browsers to interact with the Internet Protocol. DNS converts domain names into IP addresses so that browsers can load Internet resources. Every device connected to the Internet is assigned a unique IP address that other machines can use to locate it. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
How does DNS work?
DNS resolution is the conversion of a hostname, such as www.example.com, into a computer-friendly IP address (such 192.168.1.1). Each device connected to the Internet is assigned an IP address. This address allows them to locate the correct device. It is similar to a street address that is used to locate a house. A translation must be made between the user’s input (example.com), and the machine-friendly address needed to locate example.com webpage. Understanding the DNS resolution process is important. It’s essential to know about the hardware components that a DNS query must pass through. The DNS lookup is done “behind the scenes” by the web browser and does not require any interaction beyond the initial request.
Four DNS servers are involved in loading a website:
- DNS recursor: The recursor is a kind of librarian who is asked to locate a book in a library. DNS recursor – This server is designed to respond to queries sent by clients via web browsers. The recursor will typically make additional requests to satisfy the DNS query of the client.
- Root nameserver – The root server is responsible for translating human-readable host names into IP addresses. It is like an index in a book that points to various racks of books. It serves as a reference point to other locations.
- TLD nameserver – The top-level domain server (TLD), can be compared to a particular rack of books in a library. This nameserver hosts the final portion of the hostname. In example.com, it is “com”.
- Authoritative nameserver: This last nameserver can be compared to a dictionary in a stack of books that can translate a particular name into its definition. The authoritative nameserver is where the nameserver query ends. If the authoritative server has access, it will provide the IP address of the requested hostname back to the DNS Recursor (the librarian), that received the initial request.
What is the difference between an authoritative DNS server and a recursive DNS solver?
Both terms refer to servers (groups or servers) that are part of the DNS infrastructure. However, each server performs a different function and lives in different places within the DNS query pipeline. The recursive resolver is located at the beginning of a DNS query, while the authoritative nameserver is located at the end.
Recursive DNS resolver
Recursive resolvers are computers that respond to recursive requests from clients and take the time to find the DNS record. It makes a series of requests to reach the authoritative DNS nameserver for the requested records. If no record is found, it will return an error or times out. Recursive DNS resolvers don’t always have to make multiple requests to find the records required to reply to clients. Instead, caching is a data persistence process that helps to shorten the time between requests by serving the requested resource earlier in the DNS lookup.
Server for authoritative DNS
An authoritative DNS server, in simple terms, is a server that holds and manages DNS resource records. This is the DNS server that responds to the query with the resource record. It allows the web browser to request the IP address to access the website or other web resources. Because it is the last source of truth for certain DNS records, an authoritative nameserver can answer queries using its own data. It is worth noting that in cases where the query is for a subdomain, such as foo.example.com and blog.cloudflare.com a second nameserver will be added after the authoritative nameserver. This is responsible for storing the subdomain’s CNAME records.
Cloudflare offers a unique DNS service that is different from many others. OpenDNS, Google DNS, and Comcast all have data center installations of DNS Recursive Resolvers. These resolvers enable quick and simple queries through optimized clusters and DNS-optimized computer system systems. However, they are fundamentally different from the nameservers hosted on Cloudflare. Cloudflare has infrastructure-level nameservers which are essential to the operation of the Internet. Cloudflare partially hosts the froot server network. This is a key example. F-root is a root-level DNS nameserver infrastructure component that handles billions of Internet requests each day. We are able to handle large volumes without interruption of service thanks to our Anycast network.
What are the steps involved in a DNS lookup?
DNS refers to the translation of a domain name into an IP address. It is helpful to trace the DNS lookup’s journey from a web browser through the DNS lookup process and back again. Let’s look at the steps. Not all DNS lookup information is stored locally on the querying machine or remotely in the DNS infrastructure. A DNS lookup typically involves 8 steps. The DNS lookup process is faster when DNS information has been cached. Here’s an example of the 8 steps that are skipped when no cached DNS information is available.
These are the 8 steps to a DNS lookup
- When a user typed “example.com” into a web browser, the query traveled to the Internet and was received by a DNS Recursive Determiner.
- The resolver queries the DNS root nameserver (. ).
- The root server responds to the resolver by displaying the address of a Top Level Domain DNS (TLD) DNS Server (such as.com and.net). This server stores information about its domains. Our request for example.com is directed to the.com TLD.
- The resolver then requests the.com TLD.
- The TLD server responds then with the IP address for the domain’s nameserver (example.com).
- Finally, the recursive solver sends a query to the domain’s nameserver.
- The resolver then returns the IP address of example.com to the nameserver.
- The DNS resolver responds to the browser with the IP address for the domain that was requested originally.
After the DNS lookup has completed 8 steps, the browser can make a request for the requested web page.
- The browser sends an HTTP request to the IP address.
- Step 10: The server at this IP returns the webpage that will be rendered in the browser
What is DNS resolution?
The DNS resolver is the first step in the DNS lookup. It is responsible for dealing directly with the client who made the initial request. The DNS resolver initiates the sequence of queries that eventually leads to the URL being translated into an IP address.
Notice: An uncached DNS lookup can include both iterative and recursive queries.
It is important to distinguish between a DNS query that is recursive and one that is recursive. A query is a request for a DNS resolution that requires the resolution of the query. DNS recursive resolvers are computers that receive a recursive question and process it by making the required requests.
What are the different types of DNS queries?
Three types of queries are possible in a DNS lookup. A combination of these queries can optimize DNS resolution and reduce the distance traveled. A perfect situation will have cached data, which allows a DNS server to return a nonrecursive query.
There are three types of DNS queries
- Recursive query: A DNS client will ask for a DNS server to respond with the requested resource record, or an error message if it can’t.
- Iterative query – In this case, the DNS client will give the DNS server the best answer possible. If the query DNS server doesn’t have a match, it will refer the query to a DNS server authoritative at a lower domain namespace level. The DNS client will then send a query to this address. The process continues until an error occurs or a timeout occurs.
- Non-recursive queries – this is when a DNS resolver client asks a DNS server to retrieve a record it has access to. It can either be authoritative for the record, or it exists in its cache. A DNS server will typically cache DNS records to reduce bandwidth consumption and load on downstream servers.
What is DNS caching? What is DNS caching?
Caching temporarily stores data in a location that improves performance and reliability when data requests are made. DNS caching is the temporary storage of data near the client to resolve DNS queries earlier. Additional queries further down the DNS lookup chains can be avoided. This can improve load times and reduce bandwidth/CPU usage. DNS data can be stored in many locations. Each location will store DNS records for a specific time period determined by a time to live (TTL).
Caching DNS for browsers
Modern web browsers automatically cache DNS records for a certain time. This is clear: the DNS cache must be located closer to the browser to allow for fewer steps to verify the cache and send the correct requests to the IP address. The browser cache is checked first for any DNS records when a request for one is made. In Chrome, you can see the status of your DNS cache by going to chrome://net-internals/#dns.
DNS caching at the OS level
The DNS resolver at the operating system level is the last stop before a DNS query leaves your computer. This query-handling process is known as a “stub solver” or DNS client. A stub resolver receives a request from an app. It first checks its cache to determine if it has that record. If it doesn’t, it sends a DNS query outside of the local network to an ISP DNS recursive solver. The ISP’s recursive resolver will receive a DNS query. Like all other steps, it will also check if the requested host-to-IP-address translation has been stored within its local persistence layer. Recursive resolvers also have additional functionality depending on the type of records they have in their cache.
- If the resolver doesn’t have the A records but has the NS records for authoritative nameservers it will query these name servers directly. This bypasses several steps in the DNS query. This prevents the resolver from looking up the root and.com nameservers (in our search to find example.com) and speeds up the DNS query resolution.
- If the resolver doesn’t have the NS records it will send a query to the TLD servers (.com for our case) and skip the root server.
- If the resolver doesn’t have records pointing at the TLD servers it will query the root servers. This happens after a DNS cache is deleted.