I hope this post is easier to understand than ChatGPT or DeepSeek. If they can write better than me, I will be a failure!
Okay, enough chit-chat, let's get started.
Before DNS
Before we dive into DNS, let's take a look at what happened before it.
Before the modern Internet in the 80s, there was something called ARPAnet. It was the first packet-switched network at the time, and is considered the ancestor of the modern Internet.
ARPAnet used a file called HOSTS.TXT to map server domain names to network addresses (aka IP addresses).
This file looked something like this:
There was only one "master" HOSTS.TXT file, maintained exclusively by the Stanford Research Institute (SRI). This started to cause problems, and why?
The traffic and server pressure were enormous: All devices had to look up names on SRI's servers, and the SRI servers were about to collapse.
Name conflicts are becoming more and more frequent: the Internet has grown, and there are only a few good names that people want to use, so conflicts are increasing.
Files are getting fatter: file sizes have increased to 100-200KB. This may not seem like much now, but it was a bottleneck under the infrastructure conditions of the 1980s.
These problems are so serious that they directly led to the birth of DNS.
DNS debuts
DNS architecture
DNS (Domain Name System) is best understood as a distributed and hierarchical system.
What does it mean?
Distributed: It means that DNS operates on many interconnected servers (that is, DNS servers).
Hierarchical: DNS is organized into a tree structure, and the upper servers manage the lower servers. I will explain this in detail later when I talk about DNS zones.
DNS records
Now we know that DNS is a bunch of servers organized in a tree structure that communicate with each other. So what do these servers store?
DNS servers store DNS records. Let's take a look at an example:
Let's go through what each field means in detail:
Domain name: This is the domain name on the Internet, such as chatgpt.com. Note the dot . at the end, which indicates the root domain (usually it can be omitted).
TTL: Time to Live (in seconds). This means how long you can cache this record locally. If it expires, you have to ask the authoritative server for a new one.
Category: This thing is almost always IN, which stands for "Internet". There are other categories, such as CH or HS, but they are basically not used now.
Type: Indicates what kind of data this record stores. The most common types are:
A: represents an IPv4 address.
AAAA: represents an IPv6 address.
CNAME: means canonical name, which is to give another domain an alias.
MX: mail exchanger, specifies who will receive mail for this domain (followed by the priority, the smaller the number, the higher the priority).
TXT: text record, can store any text (such as verification information, security policy, etc.).
Data: The actual information you are looking for. What it is depends entirely on the type field.
DNS Zones
Remember when we said that DNS is a big tree?
Well, a DNS zone can represent the entire tree, a branch of the tree, or a node in the tree.
In the diagram below, I circled two branches, labeled zone 1 and zone 2. But how the zones are divided is actually quite arbitrary.
The key point is this: the DNS server at the root of a zone is responsible for managing all servers under it. For example, the example.com server manages hello and world (if they are subdomains).
DNS Server
The term "DNS server" is used very loosely, which is one of the most confusing things for me when I was learning DNS.
In short, any server that runs DNS software can be called a DNS server. But there are four core roles you must know:
Authoritative domain name servers: These servers store the official DNS records for all domains in the DNS zone they are responsible for. For example, the authoritative server for .com stores records for all websites ending with .com.
Recursive resolver: A program that specifically helps customers (such as your computer) find DNS information and caches the results. For example, if a customer says "I want to visit www.example.com", the recursive resolver will take care of the complex query process and finally return the correct IPv4 address (A record) of example.com directly to you. The DNS server provided by your router or ISP (such as China Telecom and China Unicom) usually does this job.
Cache server: It is specially used to store previously queried DNS results, so that the next time you ask, you can get a quick answer.
Forwarder: It does not query itself, but forwards the received DNS query request to another server that can query (usually a recursive resolver) for processing.
A physical DNS server can do several things at the same time. For example, a recursive resolver usually also has its own cache function (that is, a cache server).
DNS query example
Enough of the terminology, let's see an animated picture (think about it)! To see how all this works together, please give a chestnut: a client queries the IP address (A record) of hello.world.com for the first time.
The request content is: A hello.world.com? (meaning: What is the IP address of hello.world.com?)
Next, a recursive DNS query is performed. The process is roughly like this:
The client asks the router/local DNS: "Hey, what is the IP address of hello.world.com?" (There is no local cache).
The local DNS (recursive resolver) starts working:
First check if it is in its own cache, no.
It goes to ask the root domain server: "Who should be in charge of .com?"
The root server replies: "These TLD servers (top-level domain servers) are in charge of .com, and the address is X.X.X.X".
Ask the .com TLD server: "Who should I contact for world.com?"
The .com TLD server replies: "world.com is managed by these authoritative servers, the address is Y.Y.Y.Y."
Ask the world.com authoritative server:
"What is the IP address of hello.world.com?"
The world.com authoritative server replies: "Here it is, the A record for hello.world.com is 143.54.1.8."
Results are sent back and cached:
The recursive resolver gets the final answer, 143.54.1.88, and happily sends it back to the client (all the way through the router).
This result is cached along the way: the ISP's resolver will cache it, your router (if it supports it) may also cache it, and your computer operating system will cache it as well. How long is it cached? Look at the TTL value of the record, which usually ranges from a few hours to a few days (for example, 1 to 72 hours).
Connection established: The client browser gets the IP address 143.54.1.88, and can finally send HTTP requests to this address to load web pages.
Conclusion
DNS is a complicated thing, not because it is difficult in itself, but because there are so many things to understand.
Even with these conceptual explanations and example demonstrations, we have only uncovered a corner of the world of DNS. What it can do in the real world and the impact it brings are far richer and more profound than what we have talked about here.
