|
The
Domain Name System (DNS) is the phonebook of the
Internet. Humans access information online
through domain names, like nytimes.com or
espn.com. Web browsers interact through Internet
Protocol (IP) addresses. DNS translates domain
names to IP addresses so browsers can load
Internet resources.
Each device connected to the Internet has a
unique IP address which other machines use to
find the device. DNS servers eliminate the need
for humans to memorize IP addresses such as
192.168.1.1 (in IPv4), or more complex newer
alphanumeric IP addresses such as
2400:cb00:2048:1::c629:d7a2 (in IPv6).
How does
DNS work?
The
process of DNS resolution involves converting a
hostname (such as www.example.com) into a
computer-friendly IP address (such as
192.168.1.1). An IP address is given to each
device on the Internet, and that address is
necessary to find the appropriate Internet
device - like a street address is used to find a
particular home. When a user wants to load a
webpage, a translation must occur between what a
user types into their web browser (example.com)
and the machine-friendly address necessary to
locate the example.com webpage.
In order to understand the process behind the
DNS resolution, it�s important to learn about
the different hardware components a DNS query
must pass between. For the web browser, the DNS
lookup occurs � behind the scenes� and requires
no interaction from the user�s computer apart
from the initial request.
There are 4 DNS servers involved in loading a
webpage:
-
DNS recursor - The recursor can be
thought of as a librarian who is asked to go
find a particular book somewhere in a
library. The DNS recursor is a server
designed to receive queries from client
machines through applications such as web
browsers. Typically the recursor is then
responsible for making additional requests
in order to satisfy the client�s DNS query
-
.Root nameserver - The root server is
the first step in translating (resolving)
human readable host names into IP addresses.
It can be thought of like an index in a
library that points to different racks of
books - typically it serves as a reference
to other more specific locations.
-
TLD nameserver - The top level domain
server (TLD) can be thought of as a specific
rack of books in a library. This nameserver
is the next step in the search for a
specific IP address, and it hosts the last
portion of a hostname (In example.com, the
TLD server is �com�).
-
Authoritative nameserver - This final
nameserver can be thought of as a dictionary
on a rack of books, in which a specific name
can be translated into its definition. The
authoritative nameserver is the last stop in
the nameserver query. If the authoritative
name server has access to the requested
record, it will return the IP address for
the requested hostname back to the DNS
Recursor (the librarian) that made the
initial request.
What's the
difference between an authoritative DNS server
and a recursive DNS resolver?
Both
concepts refer to servers (groups of servers)
that are integral to the DNS infrastructure, but
each performs a different role and lives in
different locations inside the pipeline of a DNS
query. One way to think about the difference is
the recursive resolver is at the beginning of
the DNS query and the authoritative nameserver
is at the end.
Recursive DNS resolverThe
recursive resolver is the computer that responds
to a recursive request from a client and takes
the time to track down the DNS record. It does
this by making a series of requests until it
reaches the authoritative DNS nameserver for the
requested record (or times out or returns an
error if no record is found). Luckily, recursive
DNS resolvers do not always need to make
multiple requests in order to track down the
records needed to respond to a client; caching
is a data persistence process that helps
short-circuit the necessary requests by serving
the requested resource record earlier in the DNS
lookup.
Authoritative
DNS server
Put simply, an authoritative DNS server is a
server that actually holds, and is responsible
for, DNS resource records. This is the server at
the bottom of the DNS lookup chain that will
respond with the queried resource record,
ultimately allowing the web browser making the
request to reach the IP address needed to access
a website or other web resources. An
authoritative nameserver can satisfy queries
from its own data without needing to query
another source, as it is the final source of
truth for
certain DNS records.
It�s worth mentioning that in instances where
the query is for a subdomain such as
foo.example.com or blog.cloudflare.com, an
additional nameserver will be added to the
sequence after the authoritative nameserver,
which is responsible for storing the subdomain�s
CNAME record.
There is a key difference between many DNS
services and the one that Cloudflare provides.
Different DNS recursive resolvers such as Google
DNS, OpenDNS, and providers like Comcast all
maintain data center installations of DNS
recursive resolvers. These resolvers allow for
quick and easy queries through optimized
clusters of DNS-optimized computer systems, but
they are fundamentally different than the
nameservers hosted by Cloudflare.
Cloudflare maintains infrastructure-level
nameservers that are integral to the functioning
of the Internet. One key example is the f-root
server network which Cloudflare is partially
responsible for hosting. The F-root is one of
the root level DNS nameserver infrastructure
components responsible for the billions of
Internet requests per day. Our Anycast network
puts us in a unique position to handle large
volumes of DNS traffic without service
interruption.
What are
the steps in a DNS lookup?
For most situations, DNS is concerned with a
domain name being translated into the
appropriate IP address. To learn how this
process works, it helps to follow the path of a
DNS lookup as it travels from a web browser,
through the DNS lookup process, and back again.
Let's take a look at the steps.
Note: Often DNS lookup information will be
cached either locally inside the querying
computer or remotely in the DNS infrastructure.
There are typically 8 steps in a DNS lookup.
When DNS information is cached, steps are
skipped from the DNS lookup process which makes
it quicker. The example below outlines all 8
steps when nothing is cached.
-
A user types �example.com� into a web
browser and the query travels into the
Internet and is received by a DNS recursive
resolver.
-
The resolver then queries a DNS root
nameserver (.).
3. The root server then responds to the
resolver with the address of a Top Level
Domain (TLD) DNS server (such as .com or
.net), which stores the information for its
domains. When searching for example.com, our
request is pointed toward the .com TLD.
-
The resolver then makes a request to the
.com TLD.
-
The TLD server then responds with the IP
address of the domain�s nameserver,
example.com.
-
Lastly, the recursive resolver sends a query
to the domain�s nameserver.
-
The IP address for example.com is then
returned to the resolver from the nameserver.
-
The DNS resolver then responds to the web
browser with the IP address of the domain
requested initially.
-
Once the 8 steps of the DNS lookup have
returned the IP address for example.com, the
browser is able to make the request for the
web page:
-
The browser makes a HTTP request to the IP
address.
-
The server at that IP returns the webpage to
be rendered in the browser (step 10).
By:
Madura Rajapaksha
Madura is an undergraduate of Sri Lanka Institute
of Information Technology, Faculty of Computing
who is currently following Bachelor of Science
Honors degree specializing in Cyber Security,
currently, he is working as an Intern -
Information Security Engineer at Sri Lanka CERT|CC
|
