Deep dive into DNS

aditya goel
6 min readApr 2, 2023

If you want to learn about the entire end to end process of what happens, when someone enters a particular website into the browser, you can have a look at this page here.

Question:- What is DNS ?

Answer → DNS stands for Domain Name System. DNS is Internet’s directory. It translates human-readable domain-names, such as google.com into the machine-readable IP-Address.

Question:- Explain the process of DNS-LookUp, on a high level ?

Answer → This process is an elaborate and elegant process. DNS information is heavily cached at various places :-

  • First, Browser checks for this information from its own caches for a short period of time.
  • Next step, if the DNS mapping is not being found, then it checks with the Machine’s Operating-System which also caches this information for a short period of time.
  • Next, if the DNS mapping is still not being found from the OS’s cache, then Browser makes a query out to the Internet to a DNS-Resolver. This further sends out the chain of requests, until the DNS-mapping is being found. This step involves many servers in the DNS Infrastructure.

Finally, the Browser has the IP-address of the server.

Question:- Explain something about the DNS-Servers ?

Answer → There are different types of DNS-Servers in the DNS-hierarchy, each serving a different purpose.

  • When a Browser makes a DNS-Query, it’s basically asking to a DNS-Resolver.
  • This DNS-Resolver could be from our ISP OR from popular DNS-Providers like CloudFlare’s 1.1.1.1 OR Google’s 8.8.8.8

If the DNS-Resolver doesn’t have the answer in its cache, it finds the right authoritative-name-servers and asks it.

Question:- What are Authoritative Name-Servers ?

Answer → The “Authoritative Name-Servers” are the one that holds the answer. When we update a domain’s DNS-records, we are updating it’s Authoritative Name-Servers.

Question:- How does DNS-Resolver finds the Authoritative Name-Servers ?

Answer → There are 3 main levels of Authoritative-Name-Servers :-

  • Root Name-Servers.
  • Top Level Domain Name-Servers.
  • Authoritative Name-Servers for domains.

Question:- Explain about the Root Name-Servers ?

Answer → Pl find details about the Root Name-Servers :-

  • The Root Name-Servers store the IP-Addresses of Top Level Domain Name-Servers.
  • There are 13 Logical Root Name-Servers and each root name-server has got a unique IP-Address assigned to it.
  • There are actually many physical servers behind each aforementioned IP-Address.
  • Through the magic of AnyCast, we get routed to anyone server, which is closest to us.

Question:- Explain about the Top Level Domain Name-Servers ?

Answer → Pl find details about the Top Level Domain Name-Servers :-

  • The TLD Name-Servers store the IP-Address of Authoritative-Name-Servers for all the domains under them.
  • There are many types of TLD-names. For e.g. we are familiar with “.com”, “.org”, “.edu”. There are also country code TLD like “.de” and “.uk”. There are many others as well.
  • The Authoritative-Name-Servers for a domain provide authoritative answers to DNS-Queries.

Question:- Explain about the Authoritative Name-Servers ?

Answer → When we register a domain, the registrar runs the authoritative name-servers by default, but we can change them to others.

Note that, Cloud Providers like AWS and CloudFlare runs robust Authoritative Name-Servers.

Question:- Walk through the life of a typical DNS-Query ?

Answer → These are the following steps involved into this process :-

Step #1.) User types google.com into the browser.

  • The Browser first checks it’s Cache to find it’s corresponding IP-Address.
  • If Cache has no answer, it makes an Operating-System call to get the answer. The OS call would most likely have its own cache.

Step #2.) If the answer is not found in the OS-Cache, it makes a call to the DNS-Resolver. The DNS-Resolver first checks it’s own cache.

Step #3.) If the answer is not found in the DNS-Resolver-Cache OR say the answer has expired, it asks the Root Name-Servers.

Step #4.) The Root Name-Servers first responds with the list of “.com” TLD Name-Servers.

Note that, since “.com” is such a common TLD, the resolver most likely already caches the IP-Addresses for those “.com” TLD Name-Servers.

Step #5.) The DNS-Resolver then reaches out to the “.com” TLD Name-Servers.

Step #6.) The “.com” TLD Name-Servers returns the Authoritative-Name-Servers for “google.com”.

Step #7.) The DNS-Resolver then reaches out to the Authoritative-Name-Servers of “google.com”.

Step #8.) The Authoritative-Name-Servers of “google.com”, then returns the IP-Address of the “google.com”.

Step #9.) The DNS Resolver then returns the IP-Address to the Operating-System. OS then returns it to the Browser.

Question:- When some changes are made at DNS-level, it usually takes too long for the changes to reflect ?

Answer → There are two reasons for the same :-

1.) DNS Propagation is slow, because there is a TTL on each DNS-record. And some of the default TTLs are pretty long.

2.) Not every DNS-Resolver is a good-citizen i.e. some of the DNS-Resolvers might not honor the TTL.

Question:- What steps can be taken to mitigate this risk ?

Answer → There are two primary ways for the same :-

Approach #1.) Reduce the TTL for the record that we want to change, to something very short (say 60 seconds), well in advance, before the update actually has to happen.

This gives ample time to all the DNS-Servers to receive the shortened TTL, which would allow the actual record update to take effect based on the new shortened TTL.

Approach #2.) Leave the server running on the old IP-Address for a while. Only decomission the server, when traffic dies down to an acceptable level.

That’s all for now in this particular blog. Thank you for reading till here. Hope you have enjoyed reading it. If yes, please do clap on this page and we shall see you in the next document.

--

--

aditya goel

Software Engineer for Big Data distributed systems