What is DNS?
Domain Name System (DNS) is a core Internet service that can translate domain names into IP addresses or translate IP addresses into domain names. Built on a distributed database, DNS makes it easier for people to access the Internet without the need to remember strings of machine-readable IP addresses.
Domain hierarchy
To accommodate the increasing number of Internet users, a hierarchical tree structure is used for naming on the Internet. Any host or router connected to the Internet has a unique name in the DNS hierarchy. This name is a domain name. A domain is a manageable division in the DNS namespace. Grammatically, each domain name is a series of labels separated with dots (.). Domains can be divided into subdomains, and subdomains can be divided into lower-level subdomains. This creates top-level domains, primary domains, and subdomains. The following figure shows the domain hierarchy.
Example:
.com is a top-level domain (TLD).
aliyun.com is a primary domain and is also a first-level domain. In most cases, a primary domain indicates the name of an enterprise.
example.aliyun.com is a subdomain and is also a second-level domain.
www.example.aliyun.com is a subdomain of example.aliyun.com and is also a third-level domain.
DNS hierarchy
Similar to domains, DNS servers are also managed in a hierarchical structure. A DNS server is a host that contains a database of public IP addresses and their associated domain names. The DNS servers deployed around the world form an organized network. The synergy of these DNS servers ensures that domain names can be translated into IP addresses as requested. The following table describes the four types of DNS servers required for DNS resolution.
Type | Capability |
Root name server | The root name server is also known as the root server. If the local DNS server fails to resolve the requested domain name, the local DNS server forwards the DNS request to the root server. The root server then returns the IP address of the TLD server to the local DNS server. |
TLD name server | The TLD name server is also known as the TLD server. A TLD name server manages its registered second-level domains, such as www.example.com. The .com TLD domain server returns the IP address of the authoritative name server where the primary domain example.com is stored. |
Authoritative name server | The authoritative name server is also known as NS. An authoritative name server is the authority within a particular DNS zone and is responsible for maintaining the mappings between domain names and IP addresses within the zone. Alibaba Cloud DNS serves as an authoritative name server. |
Local DNS server | The local DNS server is also known as the local DNS. A local DNS server responds to recursive requests from clients and forwards the requests to other DNS servers that may return DNS results until the DNS resolution is complete. You can also select a local DNS server from DNS servers assigned by Internet service providers (ISPs) or from public DNS servers such as Google Public DNS and 114DNS. |
A dedicated name server is responsible for managing all domain names at each domain level. The root server stores information about top-level domains. Name servers for each domain level store the IP addresses of the lower-level name servers to facilitate DNS queries.
DNS resolution
The following section describes the process of DNS resolution when a user accesses a website by using the domain name example.com.
1. The user enters example.com in a web browser to initiate a query to the local DNS server. If the DNS result is cached in the local DNS server, the local DNS server directly returns the IP address that corresponds to the domain name example.com to the web browser. In this case, skip to Step 9. If no DNS result is cached in the local DNS server, proceed to Step 2.
2. The local DNS server initiates a query to the root server.
3. The root server returns the IP address of the .com TLD server to the local DNS server.
4. The local DNS server initiates a query for the domain name example.com to the .com TLD server.
5. The .com TLD server returns the IP address of the example.com authoritative name server to the local DNS server.
6. The local DNS server initiates a query to the example.com authoritative name server.
7. The example.com authoritative name server returns the IP address that corresponds to the domain name examle.com to the local DNS server.
8. The local DNS server returns the requested IP address to the web browser.
9. The web browser accesses the web server by using the IP address.
10. The web server returns the web page in the browser.
Terms
recursive query
A recursive query is a kind of query, in which the DNS server that received your query will perform all the necessary operations to return an accurate query result. If the DNS server cannot match the requested result in its cache, the server forwards the request to other servers and returns the query result.
iterative query
In an iterative query, the DNS server returns the best answer it has. If the DNS server does not have the requested resource record in the cache, it responds with a reference to a DNS server for a lower level of the domain name. Then, the client sends a query to the lower-level DNS server. This process continues with additional DNS servers until the final answer is returned.
DNS cache
The DNS cache stores DNS records close to the clients that initiate requests, which means that DNS records can be cached in a variety of locations. This mechanism is designed to streamline the recursive query process and allow users to obtain request results faster.
TTL
The time to live (TTL) specifies the longest period of time that a DNS record can be cached on a local DNS server. Once the TTL expires, the local DNS server deletes the record. If a user sends a request to the domain again afterward, the local DNS server makes a new recursive or iterative query.
IPv4/IPv6 dual stack
IPv4/IPv6 dual stack is a protocol stack that allows a system to use both IPv6 and IPv4.
DNS flood attack
In a DNS flood attack, the attacker uses a large number of puppet machines to send a multitude of DNS requests to a DNS server. If the number of DNS queries per second exceeds the maximum capacity of the DNS server, the resolution of the domain name times out, and the business may become unavailable.
URL forwarding
URL forwarding, also known as URL redirection, navigates a user from a source URL to a target URL based on settings on the DNS server.
ECS
EDNS Client Subnet (ECS) is an extension to the DNS protocol that allows a DNS resolver to send the IP address of a client to an authoritative DNS server.
DNSSEC
Domain Name System Security Extensions (DNSSEC) introduces digital signatures to verify the authenticity and integrity of DNS response packets. DNSSEC can prevent attacks such as DNS spoofing, protect users from being redirected to fraudulent URLs, and finally improve the trust of users on the Internet.