how the hell do dns server requests work?

13 views

how the hell do dns server requests work?

In: 1

I believe, in basic terms, it’s just a big table with two columns. IP address, and Domain Name, and matches one to the other.

For recursive DNS (what your computer probably does), you send a packet to a server saying “Please find out the AAAA record for google.com for me”. The recursive DNS server has a way to find out and does, or possibly already has the result and remembers. Then it tells you “The AAAA record for google.com says 2a00:1450:400a:800::200e”.

For authoritative DNS, which is how the recursive server finds out: You remember a few (about ten) addresses for _root servers_. You start asking there.

You send a packet to an authoritative server saying “What is the AAAA for google.com?” and it can either say “The AAAA for google.com is 2a00:1450:400a:800::200e and I know because I’m the authority” or “There is no such thing as google.com and I know because I’m the autority for com” or “I don’t know, I’m only the autority for ., but I _do_ know that for .com. you should ask one of these servers”.

If the server you are asking gives you the answer, you have the answer, if it sends you to another one (this is called _delegation_), you ask that one.

For lots of cool detail, please read [RFC1034](https://datatracker.ietf.org/doc/html/rfc1034) and [RFC1035](https://datatracker.ietf.org/doc/html/rfc1035).

DNS is a standard most internet hosts know about.
A DNS client sends a *DNS query* (question) to a configured DNS server and the DNS server will answer.

Although it is mostly used to request the IP address of a host, it is also be used to request certain configuration parameters or additional information. (Example to find out how to route e-mail on the sender side or perform checks wether e-mail addresses are spoofed on the receiving side.)

The DNS server can give you a direct answer, or refer you to another DNS server. (Or deny your request.)
The answers can be dynamic, based on your own IP address (location), etc…

The hostname you type into your webbrowser, wil result in a DNS request to lookup which IP address your browser will connect to.

DNS is a keystone of the modern internet and a lot of automatic configuration things will fail if DNS is not working.

DNS is a great big hierarchy of names, but processed right to left with the “top” of the hierarchy as the right-most part of the name. Every DNS server remembers whatever details it knows from previous requests identifying which servers own which names – or partial names – and knows where to send requests. Even if it doesn’t know who owns http://www.reddit.com, it knows who can point it in the right direction.

Even if it knows nothing yet, DNS servers ship with the “root” DNS servers pre-loaded. Their names are `a.root-servers.net` through `m.root-servers.net` and their IP addresses are included with the software. When all else fails, you can ask these servers and they can at least get the process started.

With all that said, let’s look at the actual steps involved. When you ask a DNS server for http://www.reddit.com, if it already knows the answer because someone else asked it recently, you get that copy. If not, it will ask the DNS server for `reddit.com` for the answer, if it knows who that is. If not, it will ask the `com` server who own it, if it knows who that is. If it doesn’t, it’s off to those root servers to ask. You’ll get information about the `com` servers who will be able to tell you who owns `reddit.com` who will be able to tell you what the IP address for `www.reddit.com` actually is. At each step the responses received are saved so that future queries can be sped up.

For the average user, however, this is all hidden. Your internet provider will have given you some DNS servers they own who do all this work for you. From your own computer’s standpoint, you just ask for `www.reddit.com` to one of these DNS servers and the answer comes straight back. This is a good thing because all the customers of that ISP will take advantage of the lookup work those DNS servers have done on their own so far and re-use the saved results.

There is the subtlety that there are 2 major types of DNS servers: those that do lookups like this while saving results for a certain amount of time (hours, maybe a day) and those that hold actual answers responding to the first type of server. The latter has the proper responses in its own database and doesn’t answer any queries unless the answer is in said database. It has the authority to say “that name does not exist” because it knows “anything matching *`.reddit.com` is in my database” and a request came in for something at reddit.com, but wasn’t in its database.

These are some very non 5 year old replies.

A DNS server is like a phone book. It stores IPs the same way a phone book stores phone numbers. Sometimes a name or a record can have more than one IP. Much like a business can have different phone numbers for different departments your DNS records could have different information based on your request. For example the MX record tells people where to send email.

Your computer sends electrical signals to port 53 to make a dns request. Think of a port like a door. Door number 53. Every computer and server on the internet sends data to and from doors. Some have doors open waiting for people to connect to them. As is the case with dns servers. The doors are numbered 1 to 65535. The same services often wait for connections in the same doors. So dns servers across the planet typically use 53.