What is DNS

The Domain Name System(DNS) is the phonebook of the internet.

DNS translates domain names to IP addresses so browsers can load internet resources.

How does DNS work?

In order to understand the process behind the DNS resolution, its important to learn about the different hardware components and DNS query must pass between. For the web browser the DNS lookup occurs behind the scenes and requires no interaction from the users computer apart from the initial request

There are 4 DNS servers involved in loading a webpage

1. DNS recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library.

   1. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers.

   2. Typically the recursor is then responsible for making additional requests in order to satisfy the clients DNS query

2. Root nameserver

   1. it it the first step in translating human readable host names into IP addresses.

   2. It can be thought of like an index in a library that points to different racks of books. - typically it serves as a reference to other more specific locations

3. TLD nameserver

   1. the top level domain server can be thought of as a specific rack of books in a library

   2. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of hostname.

4. Authoritative nameserver

   1. the final nameserver can be thought of as an dictionary of rack of books, in which a specific name can be translated into the definition.

   2. the authoritative nameserver is the last stop in the namespace query. If the authoritative nameserver has access to the requested record, it will return the IP address for the requested hostname back tot he DNS recursor that made the initial request.

What is a DNS resolver?

It is a type of server that manages the "name to address" translation, in which an IP address is matched to domain name and sent back to the computer that requested it. DNS resolvers are also known as recursive resolvers

Computers are configured to talk to specific DNS resolvers, identified by IP address. Usually the configuration is managed by users ISP on home or wireless connections and by a network admin on office connections. Users can also manually change which DNS resolver their computers talk to

What is the difference between an authoritative DNS server and recursive DNS resolver?

One way to think about the difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.

Recursive DNS resolver

This responds to a recursive requests from a client and takes the time to track down the DNS record.

It does this by making a series of requests until it reaches the authoritative DNS nameserver for the requested record.

Caching is the data persistence process that helps short-circuit the necessary requests by serving requested resource record earlier in the DNS lookup

![[DNS_Record_Request_Sequence.png]]

Authoritative DNS server

It is a server that actually holds and is responsible for DNS resource records. This is the server at the bottom of the DNS lookup chain that will respond with queried resource record, ultimately allowing the web browser making the request to reach the IP address needed to access a website or other web resources.

An authoritative nameserver can satisfy queries from its own data without needing to query another source, as it is the final source of truth for certain DNS records.

Its worth mentioning that in instances where the query is for a subdomain such as foo.example.com or blog.cloudflare.com an additional nameserver will be added to the sequence after authoritative nameserver, which is responsible for storing the subdomains CNAME record.

![[CNAME_DNS_Request_Sequence.png]]

Often DNS lookup information will be cached either locally inside the querying computer or remotely in the DNS infrastructure. There are typically 8 steps in DNS lookup. When DNS information is cached, steps are skipped from the DNS lookup process which makes it quicker.

The 8 steps in a DNS lookup

This is considering that there is no cache present in any of the following steps. If there is cache present in any one of the step then the next steps are skipped and the response is directly sent to client.

1. A user types coachbeardjr.localplayer.dev into a web browser and the query travels into the internet and is received by a DNS recursive resolver.

2. The resolver then queries a DNS root nameserver

3. The root server then responds to the resolver with the address of a Top Level Domain DNS nameserver which stores the information for its domains.

   1. When searching for localplayer.dev our request is pointed towards .dev TLD

4. The resolver then makes a request to the .dev TLD

5. The TLD server then responds with the IP address of the domains nameserver localplayer.dev

6. Lastly the recursive resolver sends a query to the domains nameserver

7. The IP address for cocahbeardjr.localplayer.dev is then returned to the resolver from the nameserver

8. The DNS resolver then responds to the web browser with the IP address of the domain requested initially.

Once the 8 steps of the DNS lookup have returned the IP address for coachbeardjr.localplayer.dev , the browser is able to make request for web page.

1. The browser makes HTTP request to the IP address

2. The server at that IP returns the webpage to be rendered in the browser.

![[DNS_Lookup_query.png]]

What is a DNS resolver?

The DNS resolver is the first stop in the DNS lookup, and it is responsible for dealing with the client that made the initial request.

The resolver starts the sequence of queries that ultimately leads to a URL being translated into the necessary IP address

A typical uncached DNS lookup will involve both recursive and iterative queries.

Its important to differentiate between a recursive DNS query and a DNS resolver. The query refers to the request made to the DNS resolver requiring the resolution of the query.

A DNS recursive resolver is the computer that accepts a recursive query and processes the response by making the necessary requests.

types of DNS queries

In a typical DNS lookup three types of queries occur. By using a combination of these queries, an optimized process for DNS resolution can result in a reduction of distance traveled.

In an ideal situation cached record data will be available, allowing a DNS name server to return a non-recursive query.

• Recursive query

  • in a recursive query, a DNS client requires that a DNS server will respond to the client with either the requested resource record or an error message if the resolver cant find the record.

• Iterative Query

  • in this situation the DNS client will allow a DNS server to return the best answer it can.

  • If the queried DNS server does not have a match for the query name, it will return a referal to a DNS server authoritative for a lower level of the domain namespace

  • This process continues with additional DNS servers down the query chain until either an error or timeout occurs

• Non-recursive Query

  • typically this will occur when a DNS resolver client queries a DNS sever of a record that it has access to either because its authoritative for the record or the record exists inside of its cache.

  • Typically a DNS server will cache DNS records to prevent additional bandwidth consumption and load on upstream servers.

DNS Caching.. Where and How??

The purpose of caching is to temporarily stored data in a location that results in improvements in performance and reliability for data requests.

DNS caching involves storing data closer to the requesting client so that the DNS query can be resolved earlier and additional queries further down the DNS lookup chain can be avoided, thereby improving load times and reducing bandwidth consumptions.

DNS data can be cached in a variety of locations, each of which will store DNS records for a set amount of data determined by a TTL

Browser DNS Caching

Modern Web Browsers are designed by default to cache DNS records for a set of amount of time. The closer the DNS caching occurs to the web browser, fewer processing steps must be taken in order to check the cache and make the correct requests to an IP address.

When a request is made for a DNS record, the browser cache is the first location checked for the requested record.

OS level DNS caching

The operating system level DNS resolver is the second and last local stop before a DNS query leaves your machine. The process inside operating system that is designed to handle this query is commonly called a stub resolver or DNS client.

When a stub resolver gets a request from an application, it first checks its own cache to see if it has the record. If it does not, it then sends a DNS query(with a recursive flag set), outside the local network to a DNS recursive resolver inside the internet service provider

When the recursive resolver inside the ISP receives a DNS query, like all previous steps, it will also check to see if the requested host-to-IP address translation is already stored inside its local persistence layer.

The recursive resolver inside the ISP receives a DNS query, like all previous steps, it will also check to see if the requested host-to-IP address translation is already stored inside its local persistence layer.

The recursive resolver also has additional functionality depending on the types of records it has in its cache

1. if the resolver does not have A records, but does have the NS records for the authoritative nameservers, it will query those nameservers directly, bypassing several steps in the DNS query. This shortcut prevents lookups from the root and .com nameservers and helps the resolution of the DNS query occur more quickly.

2. If the resolver does not have the NS records, it will send a query to the TLD servers skipping the root server

3. In the unlikely event that the resolver does not have records pointing to the TLD servers, it will then query the root servers. This event typically occurs after a DNS cache has been purged.