All Products
Search

This Product

    Alibaba Cloud DNS:Basic DNS concepts

    Document Center

    Alibaba Cloud DNS:Basic DNS concepts

    Last Updated:May 27, 2026

    Learn key Alibaba Cloud DNS concepts including domain hierarchy, DNS resolution, caching, and TTL.

    DNS

    DNS (Domain Name System) translates domain names into IP addresses for both the Internet and corporate intranets. This process is called domain name resolution. As a distributed database, DNS lets users access resources by name instead of memorizing IP addresses. The DNS protocol runs over UDP on port 53. By network environment, DNS is categorized into public DNS and internal DNS. By functional role, it is categorized into authoritative DNS and recursive DNS.

    Domain hierarchy

    Domain names follow a hierarchical tree structure, with dot-separated labels forming a unique name for each Internet-connected host or router.

    image

    Examples

    • .com is a top-level domain name;

    • aliyun.com is a primary domain name, also called a second-level domain;

    • example.aliyun.com, www.aliyun.com are subdomains, also called third-level domains;

    • test.example.aliyun.com is a subdomain of a subdomain, also called a fourth-level domain.

    DNS server hierarchy

    The DNS resolution process involves 4 levels of DNS servers, as follows:

    Server type

    Function

    Root name server

    Also called Root Server. When the local DNS cannot resolve a query locally, it queries the root name server to obtain the TLD name server address.

    TLD name server

    Manages primary domains registered under it. For example, the .com TLD name server returns the authoritative name server address for "example.com".

    Authoritative name server

    Unique within a specific zone, it maintains domain-to-IP mappings for that zone. With Alibaba Cloud DNS public authoritative resolution, you can add DNS records. The server returns configured IP records to users.

    Local DNS resolver

    Also called Local DNS Server. Handles recursive requests from clients by tracking queries until obtaining the final result. Examples: auto-assigned DNS on user machines, ISP-assigned DNS, and public DNS services such as Google DNS (8.8.8.8) or 223.5.5.5.
    Note

    Each domain level has a dedicated name server, with the root name server at the top level. Each layer stores the IP addresses of the next lower-level servers, enabling step-by-step resolution.

    DNS resolution process

    When you access a website using example.com, DNS resolution proceeds as follows.

    1. The user enters example.com in the browser, which queries the local DNS resolver. If the resolver has cached data for example.com, it returns the IP address directly (skip to step 9). Otherwise, it continues to step 2.

    2. The local DNS resolver queries the root name server.

    3. The root name server returns the address of the .com TLD name server to the local DNS resolver.

    4. The local DNS resolver sends a query request for example.com to the .com TLD name server.

    5. The .com TLD name server returns the address of the authoritative name server that provides authoritative resolution for example.com to the local DNS resolver.

    6. The local DNS resolver sends a query request to the authoritative name server.

    7. The authoritative name server returns the IP address corresponding to the domain name example.com to the local DNS resolver.

    8. The DNS resolver feeds the IP address into the browser.

    9. The Web browser accesses the website server using the IP address.

    10. The website server returns the webpage information.

    image

    Recursive resolution (Recursive Query)

    A single DNS server handles the entire query process and returns the final result directly. For example:

    • The client submits "Please find the IP of www.example.com" to the local DNS (recursive server).

    • If the recursive server does not know the answer, it will continuously query the root DNS, TLD, and authoritative DNS, following each step until it obtains the final answer.

    • The user only needs to wait for the recursive server to provide the final resolution result.

    Characteristics

    • The user only needs to ask once and wait once.

    • The recursive server bears higher load because it completes the entire query.

    • This is the most common method between clients and local DNS.

    Common applications

    • Regular users/PCs/browsers: Only use recursive queries and do not process iterative queries.

    • Local DNS servers (such as your broadband carrier, public 8.8.8.8, or company intranet DNS): Usually take on the role of recursive resolution and initiate iterative queries externally (to root, TLD, authoritative DNS).

    • Public DNS servers: Recursive for users, iterative for higher-level DNS.

    Iterative resolution (Iterative Query)

    The DNS server only provides the next referral it knows. If it lacks the answer, it tells you where to ask next, and you query each step yourself. For example:

    • The client asks the local DNS: "What is the IP of www.example.com?"

    • The local DNS does not know and queries the root DNS. The root DNS does not directly answer with the IP but responds: "You should ask the TLD server." Here, the root DNS is performing iterative resolution.

    • The local DNS asks the TLD server, and the TLD tells you "go find this authoritative DNS." Here, the TLD server is performing iterative resolution.

    • This continues until the authoritative server is found and the final result is obtained.

    Characteristics

    • The client needs to ask at each step.

    • The server load is relatively low, but the client burden is high (not typically used this way).

    Common applications

    • Root DNS servers, TLD servers, authoritative DNS servers.

    • Self-built DNS servers for enterprises, schools, etc.

    • Public DNS servers: Recursive for users, iterative for higher-level DNS.

    DNS cache

    A DNS cache stores resolution data geographically close to the requesting client. Caching can occur at any level in the query hierarchy to reduce latency and recursive query volume.

    TTL

    Time to Live (TTL) is a DNS record value that specifies how long a recursive resolver caches the record. After expiration, the resolver discards the cached record and performs a fresh query on the next request.

    To configure TTL values for your DNS records, follow How to configure TTL.

    IPv4/IPv6 dual stack

    A dual IP stack, or dual stack, allows a system to run both IPv4 and IPv6 protocol stacks simultaneously in parallel.

    DNS query flood attack

    A DNS query flood attack is a DoS attack in which compromised machines send massive volumes of queries to a target DNS server. When queries per second exceed server capacity, legitimate requests may time out, impacting service availability.

    URL forwarding

    URL forwarding (URL redirection) uses server-side settings to redirect requests from one domain to another website.

    edns-client-subnet

    edns-client-subnet is a DNS extension protocol that allows recursive resolvers to pass client IP information to authoritative DNS servers.

    HTTPDNS mobile resolution concepts

    Application terminal

    Terminal devices and applications that access network services, such as mobile devices, IoT devices, and apps.

    DNS over HTTPS (DoH)

    Encrypts DNS traffic over TLS-encrypted HTTP connections (RFC 8484). Supported by Alibaba Cloud Public DNS.

    DNS over TLS (DoT)

    Encrypts DNS traffic over TLS-encrypted TCP connections (RFC 7858). Supported by Alibaba Cloud Public DNS.