In this tutorial we will examine what happens when you use DNS to lookup or resolve a domain name to an IP address.
We look at how DNS lookups work, and the exact process involved when looking up a domain name. We follow the client DNS query as it is processed by the various DNS servers in the response chain.
Before we start it might be useful to compare DNS name resolution with a standard question and answer that takes place in everyday life.
Let’s assume you want to know what country Casablanca is in.
Well the first thing you would probably do is ask one of your friends.
So you ask Bob but Bob doesn’t know so he would probably suggest you ask John as he travels a lot, and he might know. ( this is a referral)
So you ask John who again might know and give you the answer or again he might suggest you ask someone else. ( another referral)
This continues until you get an answer.
On the other hand you could also just ask bob, and tell him to get back to you when he’s found the answer. In this case Bob does all the chasing for you.
These exact processes are used when doing a domain name to IP address Lookup using DNS.
Recursive or non Recursive Queries
When a client or DNS server requests a DNS server to resolve a domain name it can use a recursive or non recursive query.
Recursive queries are generally used by clients i.e. PCs and they tell DNS server to respond only with an answer and not a referral.
Non recursive or Iterative queries are used by DNS servers and essentially instruct the other DNS server to return an answer or return the address of another DNS server that may know the answer.
The Domain name structure is an inverted tree like structure starting at the root.
You can consider it a parent child type relationship with the root being the parent.
The way in which it is constructed is that parents know about their children, but children don’t necessary know about their parents.
Therefore you can only traverse down the tree from the root and not up the tree.
The Root servers are responsible for the Root, and know all of the domain name servers that are responsible for all of the second level domain names. e.g. .com, .net, .org etc
So if you contact a root server looking to resolve the name www.mydomain.com it might not know the IP address itself, but it would know the IP address of a server that knows about the .com domain name.
Because almost all domain name queries need to use the root server there are many of them and they are busy.
DNS clients and DNS server both use caching to speed up the domain name lookup process and to ease traffic on the root servers.
If a client queries domain server A looking to resolve www.mydomain.com, and in turn domain server A queries domain server B etc then the result will be stored in a cache on
- the client ( windows only)
- domain server A
- domain server B
If another client needs to resolve the same domain name using server A then server A can respond using the cached result.
You can check the DNS cache on a Windows machine with the command:
Domain Name Lookup Examples
The schematic below shows two DNS lookups. In the first Lookup the local DNS server performs an interactive query and is directed down the domain tree to resolve the name.
In the second query the Local server knows the answer and so returns the result from cache.
- What would happen if client 1 makes a request for www.mydomain.com followed by ftp.mydomain.com
- After about 1 minute Client 1 makes another request for www.mydomain.com .
- The first request would need to go to the root and work down the tree. The second request goes direct to the server responsible for the mydomain domain as the local server already knows who it is.
- If the client2 uses Windows then it uses it’s local DNS cache. If client2 is Linux machine then it will need to go the local DNS server, which will return it from it’s cache.
Related Tutorials and Resources:
- DNS for Beginners
- Understanding Host name resolution methods.
- DNS Zones and Zone Files Explained
- Understanding IP addresses
- DNS wiki
- DNS Essentials video