Computer Networks
How DNS Resolution Works
Every time you visit a website, a chain of queries happens across continents: a root server in Sweden → TLD in Virginia → authoritative in Singapore - all within 50 milliseconds. Understanding this process is the key to diagnosing problems and optimizing.
- **Deployment:** understanding TTL saves you from hours of downtime during migrations
- **Diagnostics:** dig +trace shows exactly where the problem is
- **Performance:** caching is critical for website speed
Предварительные знания
Recursive Query
**Recursive query** - the client asks the resolver to find the full answer. The resolver traverses the DNS hierarchy and returns the final result. The client receives a ready IP address.
ISP resolvers and public ones (8.8.8.8, 1.1.1.1) accept recursive queries. Authoritative servers (ns1.google.com) do not - they only answer for their own zone.
**Why is recursion disabled on authoritative servers?** 1) Security - an open recursive server can be used for DDoS amplification. 2) Load - an authoritative server must quickly respond for its own records, not spend resources on others'.
What does the RD=1 flag in a DNS query mean?
Iterative Query
**Iterative query** - the server only responds with what it knows. If it doesn't know the answer, it returns a referral to another server. The resolver visits the servers itself. This is how the resolver interacts with the DNS hierarchy.
**Referral:** The response 'I don't know, but ask X' is called a referral. It contains NS records for the next level. The resolver caches not only answers but also referrals - this speeds up subsequent queries to the same TLD.
What does the root server return for a query about www.example.com?
DNS Caching
**Caching** - the key to DNS speed. Each level (browser, OS, resolver) stores answers. A repeated query for google.com doesn't go to root servers - the answer is already in cache.
**Negative caching:** 'Domain does not exist' (NXDOMAIN) is also cached. This protects against repeated useless queries. TTL for negative cache is usually shorter (5-60 minutes).
Where is DNS cache checked first?
TTL - Record Lifetime
**TTL** (Time To Live) - how many seconds a record can be stored in cache. Set by the domain owner. Low TTL = fast updates, but more queries. High TTL = less load, but changes propagate slowly.
**TTL and deployment:** Before major changes (hosting migration, server switch) reduce TTL in advance! If TTL = 1 day and you changed the IP, some users will see the change only after 24 hours.
Why reduce TTL before a migration?
Root Servers - the DNS Foundation
**Root servers** - 13 logical servers (a-m.root-servers.net) that know the addresses of all TLD servers. Physically - hundreds of servers worldwide via anycast. Without them, DNS doesn't work.
**Why 13?** A historical limit: the response must fit in a 512-byte UDP packet. 13 NS records with A records ≈ 500 bytes. EDNS exists now, but the number 13 remained. Anycast allows hundreds of physical servers.
If root servers go down, the internet will stop working
Thanks to caching, the internet will work for hours or even days without root servers
Resolvers cache responses, including referrals to TLDs. While TTL hasn't expired, queries won't reach root. Plus, anycast makes total failure nearly impossible - you'd have to shut down hundreds of servers on all continents.
How many physical root servers exist?
Key Ideas
- **Recursive query:** the resolver finds the full answer on behalf of the client
- **Iterative query:** the server responds with a referral to the next level
- **Caching:** browser → OS → resolver, each level caches
- **TTL:** record lifetime; reduce before migration!
Related Topics
Resolution is at the heart of DNS:
- DNSSEC — Cryptographic verification of responses
- DoH / DoT — Encrypting DNS queries
- GeoDNS — Different answers for different regions
Вопросы для размышления
- Why is an ISP resolver usually faster than 8.8.8.8?
- What would happen if TTL = 0? (this is forbidden, but theoretically?)
- How does anycast ensure the fault tolerance of root servers?