In the previous article "DNS Series (1): Why does the updated DNS record not take effect? " , we mainly explained DNS and DNS propagation, we know that network communication is mainly carried out through IP addresses, and the Domain Name System (DNS) is to ensure that users can access the corresponding website server after entering the domain name in the browser. So how does this process work?
DNS records
DNS records are instructions located in authoritative DNS servers that provide details about a domain and hostname, including which IP addresses are associated with the domain, and how requests for the domain are handled.
When we enter the website address in the browser, the browser will first look up the IP address belonging to the domain name in the internal cache of the computer.
A DNS record consists of a series of text files written in DNS syntax. There is a separate line for each DNS record. Records generally follow the following format:
<name> <ttl> <class> <type> <rdlength> <radata>
-
< name >: refers to the domain, which is the name entered by the user in the browser
-
<ttl>: TTL stands for "time to live" and represents how long (in seconds) a record can be temporarily stored in the cache
-
<class>: In theory, there are different classes of DNS records. In practice, however, the record is often the Internet (ie IN),
-
<type>: different record types
-
<rdlength>: Specifies the size of subsequent data fields (optional value)
-
< rdata >: The resolved domain name information (such as IP address)
We can use Dig command to query DNS record information, for example: www.example.com
www.example.com. 69288 IN A 93.184.216.34
This means that the record can be stored in the cache for 69288 seconds, it refers to a DNS record (IN) on the Internet, and points to a class A record, and the domain name is resolved to an IP address (93.184.216.34).
DNS record type
We mentioned above that there are different types of DNS records. This actually refers to the type of information in the records. The more common ones are as follows:
A record
Most DNS resolutions on the Internet are done through Class A records and point to an IPv4 address. Through this record, after the user enters the domain name in the browser, the client sends an HTTP request to the corresponding IP address. Since the size of an IPv4 address is always 4 bytes, the value of rdlength is always 4.
AAAA records
AAAA records, also known as "quad A", function the same as A records. However, it points to an IPv6 address. Because the length of IPv6 is 128 bits (16 bytes), rdlength is also predefined as 16 here.
SOA records
SOA records contain zone information for zone files or DNS servers. Because DNS zone transfer is the process of sending DNS record data from a primary name server to a secondary name server, and SOA records are transferred first, an SOA record is required for each DNS zone.
CNAME record
A CNAME record (canonical name record) points the record value to an alias domain, not an IP address. For this type, the rdata field is populated with a domain name that can continue to point to the next domain name or IP address.
MX records
MX records refer to mail exchanges or SMTP email servers. Multiple MX records can exist, and the order of use is determined by specifying a priority.
PTR records
PTR records (pointers) are DNS records that allow reverse lookups. Contrary to the "A" record, it can look up the corresponding domain name by IP address.
NS records
NS (Domain Name Server) records define the jurisdiction of a particular area. A domain typically has multiple NS records that indicate the domain's primary and secondary nameservers. A properly configured NS record tells the Internet where to find the domain's IP address to load a website or application.
TXT record
TXT records contain text for user or machine readable information. A domain can have many TXT records.
SRV records
Through SRV records, the server can provide host and port information for some specific services, such as instant messaging. Some Internet protocols require the use of SRV records to function.
In addition to these common DNS records, there are many less commonly used record types, such as: APL, CAA, DNAME, and so on. Knowing the DNS records, the next step is to take a detailed look at how DNS requests these records.
DNS request
Whenever we enter a URL in the search bar of the browser, a request is made to the local name server (Local DNS). Local DNS is a component that checks if a record is in the local cache, and its queries are recursive/iterative queries.
Client and Local DNS are recursive query, which is the most common query method. Specifically, if Local DNS cannot respond to the request, it will continue to send query requests to other root domain name servers on behalf of the client, that is, continue the query for the client, rather than let the client perform the next query by itself.
And between Local DNS and other name servers is an iterative query. Specifically, if the DNS server requested by Local DNS cannot answer the query, then it will return the address of the next DNS server as a response. Then Local DNS sends a new request to the next DNS server, and continues to search until the record is found.
Therefore, the overall query process of Local DNS is to first record the previously obtained IP address in the cache, and then deliver the result to the client according to the request. If the required record is not in the Local DNS cache, the request will be forwarded to the corresponding ISP's DNS server. If the current DNS server cannot answer this query, it will forward the request to a different DNS server.
Note that recursive queries are usually faster than iterative queries. Because the recursive DNS server caches the result of every query it performs and saves the result for a TTL time. When a recursive resolver receives a query for an IP address already in its cache, it can quickly serve the result to the client without having to communicate with other DNS servers. However, allowing recursive queries on an open DNS server creates security holes, and this configuration is vulnerable to DNS amplification attacks and DNS cache poisoning.
Knowing the DNS records, next time you encounter the error message that the website cannot be accessed, you can prioritize whether there is a DNS problem. If you're a website administrator, you can check to see if your DNS records are misconfigured, or if your DNS server isn't responding. If you are a website visitor, you can try to switch the network or change the local DNS to solve it.