DNS
Domain Name System (DNS) is an Internet service that translates domain names into IP addresses. Built on a distributed database, DNS makes it easier for people to access the Internet without having to remember a string of machine-readable IP addresses.
Domain hierarchy
Due to the large number of Internet users, the Internet namespace is based on a hierarchical tree structure. Any host or router connected to the Internet has a unique name in the DNS hierarchy. This name is called the domain name. A domain is a manageable division in the name space. Each domain has a label. Domain labels are separated with periods (.). Domains can be divided into subdomains and subdomains can be divided into lower-level subdomains. This creates top-level domains, primary domains, and subdomains. The following figure shows the domain hierarchy.
Example:
.com is a top-level domain (TLD).
aliyun.com is a primary domain and is also a first-level domain. In most cases, a primary domain indicates the name of an enterprise.
example.aliyun.com is a subdomain and is also a second-level domain.
www.example.aliyun.com is a subdomain of example.aliyun.com and is also a third-level domain.
DNS hierarchy
Similar to domain names, DNS servers are also managed in a hierarchical structure.A DNS server is a host that contains a database of public IP addresses and their associated domain names. Hundreds of DNS servers in many countries around the world form an organized network. The synergy of these DNS servers ensures that domain names can be translated into IP addresses as requested. The following table describes the four types of DNS servers required for domain name resolution.
Type | Function |
Root name server | If the local DNS server fails to resolve the requested domain name, the local DNS server forwards the request to the root name server. The root name server returns the IP address of the TLD name server to the local DNS server. |
TLD name server | A TLD name server manages registered second-level domains, such as www.example.com. The .com TLD domain server returns the IP address of the authoritative DNS server where the primary domain example.com is stored. |
Authoritative name server | An authoritative name server is the authority within a particular DNS zone and is responsible for maintaining the association between domain names and IP addresses within the zone. Alibaba Cloud DNS serves as an authoritative name server. |
Local DNS resolver or local DNS server | A local DNS server responds to a recursive request from the client and forwards the request to other DNS servers that may have the result until the resolution is complete. You can select a local DNS server from DNS servers assigned by ISPs or from public DNS servers such as Google Public DNS and 114DNS. |
Notes:
A dedicated DNS server is responsible for managing all domain names at each domain level. The root name server stores information about top-level domains.
DNS servers for each domain level store the IP address of the lower-level domain server to facilitate DNS queries.
DNS resolution
The results of DNS queries are usually cached in the local DNS server. If the local DNS server finds requested results in its cache, the local DNS server returns the resolution results to the requester and the following steps are skipped. The following example shows the eight steps that are required for DNS resolution if the local DNS server cannot find requested results in its cache.
1. The user enters example.com in a Web browser. The local DNS server starts the recursive query.
2. The local DNS server sends an iterative query to the Root server.
3. The root name server returns the IP address of the .com TLD server to the local DNS server.
4. The local DNS server sends the query to the .com TLD server.
5. The .com TLD server returns the IP address of the example.com authoritative name server to the local DNS server.
6. The local DNS server sends the query to the example.com authoritative name server.
7. The example.com authoritative name server returns the requested IP address to the local DNS server.
8. The local DNS server returns the requested IP address to the Web browser.
After the IP address associated with example.com is returned, the browser sends an HTTP request for the desired Web page.
9. The browser sends an HTTP request to the IP address.
10. The Web server at the IP address returns the Web page to be rendered in the browser.
Terms
recursive query
A recursive query is a kind of query, in which the DNS server that received your query will perform all the necessary operations to return an accurate query result. If the DNS server cannot find the requested result in its cache, the server forwards the request to other servers and returns the query result.
iterative query
In an iterative query, the DNS server does not return the query result by itself but returns the IP address of another DNS server. You must send the DNS request to this DNS server. This process repeats until the query result is returned.
DNS cache
DNS cache stores resolved data on a host that is in close proximity to the client that initiated the request. DNS data can be cached anywhere. This reduces recursive queries and allows users to obtain the requested results faster.
TTL
Time to live (TTL) is the longest period of time that a DNS record can be cached on a local DNS server. After the period of time expires, the local DNS server deletes the DNS record. After the DNS record is deleted, a DNS request will trigger a new recursive query or iterative query.
IPv4/IPv6 dual stack
IPv4/IPv6 dual stack is a protocol stack that allows a system to use both IPv6 and IPv4.
TLD server
The top-level domain (TLD) server.
Local DNS resolver
A local DNS resolver or local DNS server acts as a first port of call in the DNS process. A local DNS resolver can be a DNS server assigned by an ISP or a public DNS server, such as Google Public DNS.
Root server
If the local DNS server fails to resolve the requested domain name, the local DNS server forwards the request to the root name server. The root name server returns the IP address of the TLD server to the local DNS server.
DNS flood attack
In a DNS flood attack, the attacker uses a large number of puppet machines to send a multitude of DNS requests. If the number of DNS queries per second exceeds the maximum capacity of the DNS server, the resolution of the domain name times out and the business becomes unavailable.