How does DNS work? Step by step tutorial

In fact, this question is very clear every time I look at it, but I forgot it after a long time, so I am going to record it this time. Go deep into the details of this process and see more in the future.

How does DNS work

Step 1 Request cache information:

When you start visiting a, the first thing to do is to access the local cache query to see if there is an ip address that caches this address. If you can get it back directly, then visit. This cache comes from what you saved after the previous visit. Another concept involved here is the cached TTL. So what is TTL (Time To Live)?

TTL (Time to Live) is a setting for each DNS record that specifies when the resolver should cache (or remember) DNS queries before the query expires, and when a newly generated DNS query record expires.

So when we retrieve an address before, we will cache the TTL for so long. When we start a new request now, we can use it directly after querying this cache.

Let’s take a look at the DNS cache after chrome has visited the URL.

Open the address chrome://net-internals/#dns in chrome 

This is the parsing data that revisits google after I cleaned up the cache once. You can see that you can display the mapping of the IP address and hostname that the DNS queries to, including things like expiration time. It can be clearly seen that the TTL is expired after how many s have elapsed. The unit of TTL is milliseconds.

Step1 + View local hosts:

If there are no records that are still alive on the browser cache, they will query the hosts file of the local operating system. The hosts file stores the relationship between the corresponding ip address and ns. If you find the corresponding pointer, it will return. ? 

Step2 Recursively query the ISP server:

If the cache is not queried locally, then the query will recursively ask the ISP service. ISP’s recursive query service also has its own cache, so your query usually ends here.

Step3 ask the root domain name server:

If the ISP server doesn’t know where the domain name you are querying, then you need to query the root name server. The 13 DNS server roots in the world act like a DNS phone book-like role. Although they don’t know the IP address of the address you are looking for, they can direct you to know the address.

Step 4 – ask the TDL server:

When the root domain name server receives the query request, it will open the domain name you have queried to see your top-level domain part. For example, check Then you will get .com from right to left and directed to TDL (top-level domain query). Different top-level domains have different query servers such as .tv .cn .org and so on. These top-level domain query servers don’t actually have the direct answer we need, which is the IP address we need. But they can also direct us to the server with this information. The root domain name server will return the .com ns (name server) address if it finds it is .com.

Step 5 – Ask the authoritative server:

The TLD server TDL will review this request and get the part to direct this query to the specified authoritative name server (again by returning the ns address). These authoritative domain name servers are responsible for understanding all information about a particular domain by storing DNS records. There are a variety of types of records stored to contain different types of information. For example, the address we want to know above, then we are asking the authoritative domain name server to know the A address.

Step 6 – Retrieve the record from this query:

Now that we have queried this record, the ISP server will retrieve this record and record it (stored in its own cache based on TTL). If someone asks who knows the address of later, there is no need to ask the root server because he has already cached the answer. Of course, after the TTL expires, a look up process will be performed again to ensure that your cache is as real-time as possible to cope with changes on the Internet.

Step 7 – Retrieve this record from the ISP:

Once the ISP gets the record, it will be returned to our computer that initiated the query. Our browser will also cache this record. Then we access this ip address and establish a connection (tcp/ip protocol) based on the returned address. Then we will be happy to see the content on the browser!

Here is actually a question about the division of a domain name, this is also a relatively easy to confuse.

For example This is a top-level domain, is not a top-level domain, just a www host on the top-level domain It can also be called a second-level domain name. can be called a three-level domain name.

In fact, there are some disputes or different statements on top-level domains and second-level domains. For example, .com. In fact, this is the top-level domain name. It seems to be recognized. Just need to understand, the usual saying is that I don’t confuse the kind I mentioned earlier.

Leave a Comment