When we enter “www.example.com” in the browser’s address bar and press Enter, a seemingly simple process unfolds in the background, quickly taking us to the target website. This process, which converts human-readable domain names into IP addresses that computers can understand, is called domain name resolution. It doesn’t happen instantly; instead, it involves a global, hierarchical, and distributed database system known as the Domain Name System (DNS). Understanding how DNS works is crucial for grasping the fundamental infrastructure of the Internet.
Overview of the Domain Name System
The Domain Name System (DNS) is a core service of the Internet. It acts as a distributed database that maps domain names to IP addresses, making it much easier for people to access the Internet without having to remember the IP addresses, which can only be directly read by machines. You can think of it as the “telephone book” or “address book” of the Internet world.
A complete domain name, such as “www.example.com.” (note the period at the end), is resolved from right to left. The period on the far right represents the root domain, which is usually omitted. Next comes the top-level domain, such as “.com”, “.org”, or “.cn”. Then there is the second-level domain, which is the part registered by the user, such as “example”. On the far left is the hostname or subdomain, such as “www”, “mail”, or “blog”. This hierarchical structure not only facilitates management but also enables the resolution process to be carried out in an efficient and layered manner.
Recommended Reading In-depth analysis of domain names: A complete technical guide and practical strategies from registration, resolution to management。
The complete steps for domain name resolution
From the moment a user enters a website address until the page begins to load, the domain name resolution process follows a clear path and involves the coordinated work of multiple layers of servers.
First step: Local search
When you enter a domain name in your browser and press Enter, the operating system first checks the local “DNS cache.” This cache may be stored either within the browser itself (modern browsers typically have their own DNS cache), in the operating system’s DNS cache, or on your home router. If you have visited that domain name recently, the corresponding IP address may still be stored there, and the resolution process will be completed immediately, very quickly. This is the starting point for what is known as “recursive resolution.”
Step 2: Query the recursive parser
If no record is found locally, the request is sent to a “recursive resolver.” This is usually a DNS server operated by your internet service provider, or a public DNS service provider such as Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1. The task of the recursive resolver is to diligently traverse the entire DNS system on your behalf in order to find the desired answer.
Step 3: Query the root domain name server
The recursive resolver first queries 13 sets of “root domain name servers” around the world. These servers do not store the IP addresses of specific domains, but they know the addresses of the “top-level domain servers” for each top-level domain (such as.com, .net). The root servers are responsible for providing the recursive resolver with the addresses of the TLD (Top-Level Domain) servers for the.com domain.
Step 4: Query the top-level domain name server
After obtaining the TLD (Top-Level Domain) server address, the recursive resolver proceeds to query the .com TLD server. The TLD server is responsible for managing all the second-level domains under it and knows the address of the “authoritative domain name server” that stores the authoritative information for the “example.com” domain.
Recommended Reading Fully Resolve Domain Names: A Complete Guide from Registration, Management to SEO Optimization。
Step 5: Query authoritative domain name servers
The recursive resolver finally queries the authoritative domain name server for “example.com”. This server is managed by the domain name owner or the hosting service provider, and it holds the definitive mapping of all host records (such as www, mail) to their corresponding IP addresses for that domain name. The authoritative server then returns the IP address corresponding to “www.example.com” (for example, 93.184.216.34) to the recursive resolver.
Step 6: Return the results and update the cache
The recursive parser has finally obtained the final IP address. It will first cache this result for a certain period of time (determined by the TTL value returned by the authoritative server) to ensure that subsequent identical queries can be responded to quickly. Then, it will pass the IP address back to your operating system, which will in turn deliver it to the browser.
Only at this point does the browser actually obtain the server address of the target website. It then establishes an HTTP connection and begins loading the web page content.
Detailed Explanation of DNS Record Types
The authoritative domain name servers store not only IP addresses but also various types of DNS records. Each of these records serves a specific purpose, working together to direct internet traffic.
A Record: The most basic type of record, used to map a domain name to an IPv4 address. For example, it can be used to point “www.example.com” to “93.184.216.34”.
AAAA record: Similar to the A record, it is used to point a domain name to an IPv6 address, in order to accommodate the new generation of internet protocols.
Recommended Reading How to Choose and Register a Domain Name Correctly: A Complete Guide from Beginners to Experts。
CNAME record: A type of record that allows you to associate one domain name with another domain name, rather than an IP address. For example, you can set “blog.example.com” as a CNAME record for “exampleblogplatform.com”. This means that when “blog.example.com” is requested, the resolver will then look up the A record for “exampleblogplatform.com” to obtain the corresponding IP address.
MX记录:邮件交换记录,指定负责接收该域名邮件的邮件服务器地址。发送到“@example.com”的邮件,就是根据MX记录来路由的。
TXT record: A text-based record commonly used to store descriptive information, such as SPF records for anti-spam purposes, DKIM keys for email verification, or domain name ownership verification codes.
NS Record: A domain name server record that specifies which authoritative DNS server is responsible for resolving the domain name. This is crucial for the hierarchical delegation of DNS resolution.
Advanced Concepts and Optimization of DNS Resolution
In addition to basic parsing, there are various techniques and strategies used to enhance the reliability, security, and performance of parsing processes.
DNS Caching and TTL: As mentioned earlier, caching is key to improving the speed of DNS resolution. Each DNS record comes with a “Time To Live” (TTL) value, which tells the resolver how long the record can be cached. A shorter TTL means that changes to the record take effect more quickly, but it increases the load on the resolution servers; a longer TTL improves speed and reduces the load, however, the propagation of changes is slower.
DNS Load Balancing: By configuring multiple A records (each corresponding to a different IP address) for the same hostname, DNS can enable simple round-robin load balancing. When a user makes a request, the authoritative DNS server can return one of the IP addresses in sequence or based on a specific strategy, thereby distributing the traffic across multiple servers.
DNS Security Extensions (DNSSEC): Traditional DNS queries are transmitted in plaintext, making them vulnerable to hijacking and spoofing attacks. DNSSEC adds digital signatures based on public-key cryptography to DNS data, verifying the authenticity and integrity of the information. This ensures that users are directed to the correct websites and not to malicious impersonation sites.
Anycast routing: Many large public DNS service providers and root/top-level domain name servers use Anycast technology. This means that the same IP address is used by multiple data centers around the world. User requests are automatically routed to the nearest node based on the user's location or the network topology, which significantly reduces latency, improves availability, and enhances resistance to attacks.
summarize
Domain name resolution is a fundamental internet service that converts human-readable domain names into machine-readable IP addresses. The process involves a sophisticated, hierarchical, and recursive series of queries that start with local caches, proceed through recursive resolvers, root servers, and top-level domain (TLD) servers, and ultimately reach authoritative domain name servers. Understanding the different types of DNS records (such as A records, CNAME records, and MX records) and their functions is essential for managing and configuring domain names. Technologies like caching, DNS security extensions, and Anycast can further enhance the performance, reliability, and security of the resolution process. Mastering the principles of domain name resolution is like possessing a roadmap to the internet world—essential knowledge for every developer and operations professional.
FAQ Frequently Asked Questions
How long does it take to take effect after modifying DNS records?
After modifying a DNS record, the time it takes for the changes to take effect globally depends on the record’s TTL (Time To Live) value. Until the TTL expires, the old record may still be cached in resolvers around the world. Typically, you need to wait for one full TTL cycle (which can range from a few minutes to several hours) for the changes to be fully recognized. Additionally, the propagation of the modified record by some registrars or DNS providers themselves may also take additional time.
What is DNS pollution or hijacking?
DNS pollution refers to the act of attackers or certain network nodes forging DNS responses, causing domain names to be resolved to incorrect IP addresses. This can prevent users from accessing the intended websites or redirect them to malicious sites. DNS hijacking, on the other hand, typically involves maliciously altering DNS results at the local network or ISP level. Using public DNS services that support DNS security extensions can help effectively counter such threats.
What is the difference between public DNS and DNS provided by ISPs?
The DNS servers provided by ISPs are usually physically located closer to you, which may result in lower latency. Public DNS services, on the other hand, are operated by third-party companies. The advantages of public DNS include potentially better privacy policies, stronger resistance to interference (due to features like Anycast and large caches), and faster query speeds. Additionally, public DNS services generally do not insert advertisements or make other modifications to the DNS responses, as some ISPs may do.
What are the main differences in the use of CNAME records and A records?
An A record directly maps a hostname to a fixed IP address, representing the final point of resolution for that hostname. A CNAME record, on the other hand, serves as an alias for another hostname; the resolver must perform an additional query to find the actual domain name that the alias points to. A key limitation of CNAME records is that they cannot coexist with other records with the same name. For example, the root domain of a domain name generally cannot have a CNAME record, as this would interfere with the resolution of other records such as MX records.
Why is it sometimes that the IP address obtained from a Ping command different from the IP address displayed when accessing a website using a web browser?
This is usually caused by intelligent DNS resolution or CDN (Content Delivery Network) services. Authoritative DNS servers may return different IP addresses based on the geographical location of the user’s device or the user’s internet service provider, in order to direct the user to the most appropriate server location. As a result, the IP address obtained when you perform a Ping from your computer (which may point to a nearby CDN node) may differ from the IP address obtained when testing from another location; however, both addresses ultimately point to the same website.
What's next, what's next?
Extended reading and practical knowledge
The following are related to the topic of this article and are suitable for further in-depth reading. Prioritize starting with the article that is closest to your current problem, and gradually expanding to surrounding topics usually works better.
- Starting from scratch: A step-by-step guide on how to efficiently apply for and configure a personal website domain name
- What is a domain name? A comprehensive guide for beginners to experts, from registration to resolution.
- A detailed explanation of the entire domain name resolution process: from entering a website address to the behind-the-scenes journey of loading the web page
- What is a domain name? A comprehensive explanation of its definition, types, and common questions.
- Domain Name Resolution and DNS Configuration: A Comprehensive Guide from Beginner to Expert