Original link: http://www.ruanyifeng.com/blog/2022/08/dns-query.html
Through DNS query, the IP address of the domain name can be obtained to access the website.
So, how exactly is DNS lookup done? This article describes the steps behind it in detail through examples.
1. DNS server
The IP address corresponding to the domain name is stored in the DNS server.
We enter the domain name, and the browser will automatically send a request to the DNS server in the background to obtain the corresponding IP address. This is a DNS query.
For example, if I enter the domain name
es6.ruanyifeng.com , the browser will query the DNS server for what its IP address is, and then send an access request to that IP.
There are many public DNS servers on the Internet. This article selects 184.108.40.206 provided by Cloudflare for demonstration.
2. The dig command
The command-line tool dig can interact with DNS servers, and we’ll use it to demonstrate DNS queries. If you haven’t installed it yet, you can search for the installation method, it is very easy under Linux system.
Its query syntax is as follows (the dollar sign
$ is the command line prompt).
$ dig @[DNS 服务器] [域名]
To query the domain name from 220.127.116.11, execute the following command.
$ dig @18.104.22.168 es6.ruanyifeng.com
Normally, it would output a whole bunch of stuff.
Find the ANSWER SECTION section in it, which gives the answer to the query, and the IP address corresponding to the domain name is 22.214.171.124.
3. The tree structure of domain names
You may ask, does the DNS server (such as 126.96.36.199) store the IP addresses of all domain names (including second-level and third-level domains) in the world?
of course not. DNS is a distributed system, 188.8.131.52 is only the user query entry, it also needs to query other DNS servers to obtain the final IP address.
To explain the complete query process of DNS, we must understand that the domain name is a tree structure .
The top-level domain name is the root domain name (root), then the top-level domain name (TLD for short), then the first-level domain name, the second-level domain name, and the third-level domain name.
(1) Root domain name
The starting point of all domain names is the root domain name, which is written as a dot
. and placed at the end of the domain name. Because this part is the same for all domain names, it is omitted. For example,
example.com is equivalent to
example.com. (with one more dot at the end).
You can try, add a dot at the end of any domain name, and the browser can interpret it normally.
(2) Top-level domain names
The level below the root domain name is the top-level domain name. It is divided into two categories: generic top-level domains (gTLDs, such as .com and .net) and country-specific top-level domains (ccTLDs, such as .cn and .us).
Top-level domain names are controlled by ICANN, an international domain name management organization, which entrusts commercial companies to manage gTLDs and countries to manage their own country-specific domain names.
(3) First-level domain name
A first-level domain name is a domain name registered by yourself under a certain top-level domain name. For example,
ruanyifeng.com was registered under the top-level domain name
(4) Second-level domain name
A second-level domain name is a subdomain of a first-level domain name, which is set by the domain name owner without permission. For example,
es6 is the second-level domain name of
Fourth, the domain name query step by step
The significance of this tree structure is that only the upper-level domain name can know the IP address of the lower-level domain name, which needs to be queried step by step.
Each level of domain name has its own DNS server, which stores the IP address of the lower-level domain name.
Therefore, if you want to query the IP address of the second-level domain name
es6.ruanyifeng.com , you need three steps.
The first step is to query the root domain name server to obtain the IP address of the top-level domain name server
.com(also known as the TLD server).
The second step is to query the TLD server
.comto obtain the IP address of the first-level domain name server
The third step is to query the first-level domain name server
ruanyifeng.comto obtain the IP address of the second-level domain name
The three steps are shown in turn below.
5. Root Domain Name Server
There are a total of 13 root name servers in the world (all of them are server clusters). Their domain names and IP addresses are as follows.
The IP address of the root domain name server is unchanged and integrated in the operating system.
The operating system will select one of them and query the IP address of the TLD server.
$ dig @184.108.40.206 es6.ruanyifeng.com
In the above example, we select
220.127.116.11 and issue a query to it asking for the IP address of the TLD server for
The output of the dig command is as follows.
Because it cannot give the IP address of
es6.ruanyifeng.com , there is no ANSWER SECTION in the output, but only one AUTHORITY SECTION, which gives the domain names of
com. ‘s 13 TLD servers.
There is also an ADDITIONAL SECTION below, which gives the IP addresses of the 13 TLD servers (including both IPv4 and IPv6 addresses).
6. TLD server
After we have the IP address of the TLD server, we can choose another one and then query.
$ dig @18.104.22.168 es6.ruanyifeng.com
In the above example, 22.214.171.124 is a randomly selected TLD server for .com, and we ask it for the IP address of
The returned result is as follows.
It still has no ANSWER SECTION part, only AUTHORITY SECTION, which gives two DNS servers for the first-level domain name ruanyifeng.com.
The following ADDITIONAL SECTION is the IP address corresponding to the two DNS servers.
Seven, the DNS server of the first-level domain name
The third step is to query the DNS server of the first-level domain name for the IP address of the second-level domain name.
$ dig @126.96.36.199 es6.ruanyifeng.com
The returned result is as follows.
This time, I finally got ANSWER SECTION, and got the IP address of the final second-level domain name.
So far, the three-step DNS query has been completed.
8. Types of DNS Servers
To sum up, there are a total of four servers mentioned above.
- root name server
- TLD server
- first-level domain name server
They both belong to DNS servers and are used to accept DNS queries. But the roles are different and belong to different categories.
8.1 Recursive DNS Servers
The latter three servers are only used to query the IP address of the next-level domain name, while 188.8.131.52 automates the step-by-step query process, so that users can get the results at one time, so it is called a recursive DNS server (recursive DNS server), that is Automatic recursive query.
The DNS server we usually talk about generally refers to the recursive DNS server. It automates DNS lookups, just query it.
It has a cache inside, which can save the results of previous queries. The next time someone queries, it will directly return the results in the cache. So it can speed up the query and reduce the burden on the source DNS server.
8.2 Authoritative DNS Servers
The official name of the first-level name server is called the Authoritative Name Server.
“Authoritative” means that the IP address of the domain name is given by it, unlike a recursive server that cannot control itself. After we purchase a domain name, setting the DNS server is setting the authoritative server for the domain name.
8.3 Four DNS Servers
To sum up, DNS servers can be divided into four types:
- root name server
- TLD server
- authoritative name server
- recursive nameservers
Their relationship is as shown below.
Knowing the principle of DNS query, it is not difficult to write a recursive DNS server by yourself. There are many references on the Internet, if you are interested, you can try it out.
9. Reference URL
- Building a Recursive DNS Resolver , Timothy Andrew
- Authoritative Vs Recursive DNS: What You Need To Know , Serena Raymond
- DNS server type , Cloudflare
This article is reproduced from: http://www.ruanyifeng.com/blog/2022/08/dns-query.html
This site is for inclusion only, and the copyright belongs to the original author.