5 November 2019

DNS

by Q

Tl;DR

A DNS request is a application layer request that talks to DNS servers. DNS servers stores information that match hostname with its IP address. The standard port for DNS is 53.

The Domain Name System (DNS) is the phonebook of the internet. It is a lookup table for Domain Name-IP address.

# use ping to send packets to google.com
$ping google.com
PING google.com (172.217.9.78) 56(84) bytes of data.
64 bytes from ord38s09-in-f14.1e100.net (172.217.9.78): icmp_seq=1 ttl=51 time=5.48 ms
...

# use dig to send a DNS request about google.com
$dig google.com
; <<>> DiG 9.11.5-P4-RedHat-9.11.5-13.P4.fc30 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2309
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		116	IN	A	172.217.9.78

;; AUTHORITY SECTION:
google.com.		329	IN	NS	ns2.google.com.
google.com.		329	IN	NS	ns1.google.com.
google.com.		329	IN	NS	ns3.google.com.
google.com.		329	IN	NS	ns4.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		551	IN	A	216.239.32.10
ns2.google.com.		551	IN	A	216.239.34.10
ns3.google.com.		551	IN	A	216.239.36.10
ns4.google.com.		551	IN	A	216.239.38.10
ns1.google.com.		795	IN	AAAA	2001:4860:4802:32::a
ns2.google.com.		329	IN	AAAA	2001:4860:4802:34::a
ns3.google.com.		329	IN	AAAA	2001:4860:4802:36::a
ns4.google.com.		329	IN	AAAA	2001:4860:4802:38::a

;; Query time: 5 msec
;; SERVER: 130.126.2.131#53(130.126.2.131)
;; WHEN: Tue Nov 05 13:19:08 CST 2019
;; MSG SIZE  rcvd: 303

google.com is human-readable URL while 172.217.9.78 is machine-readable IP address. When a request is sent and the IP address is unknown, a DNS request will be automatically fired. DNS servers are responsible to return the correct IP address of the given hostname. It happens behind the scenes.

There are 4 types of DNS server:

DNS recursor
- A server designed to receive queries from client machines through applcations. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.
Root nameserver
- The index reference to other specific locations.
Top level domain(TLD) nameserver
- Servers that are categorized by the top level domain. For example, google.com’s TLD server is com
Authoritative nameserver
- The dictionary of hostname-IP combinations. It returns the IP address for the requested hostname back to the DNS recursor that made the initial request.

There are 8 steps in a DNS lookup:

A DNS recursive resolver receives a request about google.com
The resolver then queries a DNS root nameserver
The root nameserver responds the address of a TLD DNS server
The resolver then queries the TLD server
The TLD server then responds with the IP address of the domain’s nameserver
The resolver then queries the domain’s nameserver
The domain’s nameserver responds the IP address for google.com
The resolver responds the IP address to the client

There are 3 types of DNS queries:

Recursive query
- Client expects requested resource record or an error message if the hostname cannot be resolved
Iterative query
- Client receives the best answer from the DNS server if the exact hostname cannot be found. Client receives a referral to a DNS server authoritative for a lower level of the domain namespace. Client then makes query to the referral address until an error or timeout occurs.
Non-recursive query
- Client queries a DNS server for a record that the DNS server has access to either because it’s authoritative for the record or the record exists inside of its cache.

Reference:

Updated: 5 November 2019
tags: Network - Web