Mastering DNS: From Basics to HTTPDNS and Global Load Balancing

1. DNS

1.1 Understanding DNS

DNS (Domain Name System) translates hostnames and domain names into IP addresses and is the first step in network communication.

1.2 DNS Concepts

1.2.1 DNS Hierarchy

DNS is a tree‑structured hierarchy with a root zone ("."), top‑level domains (TLDs) and second‑level domains, forming fully qualified domain names (FQDN).

1.2.2 Authoritative DNS

权威DNS是经过上一级授权对域名进行解析的服务器，同时它可以把解析授权转授给其他人，如COM顶级服务器可以授权xxorg.com的权威服务器为NS.ABC.COM，NS.ABC.COM还能把授权转授给NS.DDD.COM，NS.DDD.COM就成了ABC.COM实际上的权威服务器。

1.2.3 Recursive DNS

Recursive DNS (Local DNS) forwards queries to authoritative servers and caches results until the TTL expires.

1.2.4 Public DNS

Public DNS is an open recursive service provided by ISPs or third‑party providers.

1.2.5 Forwarding DNS

Forwarding DNS acts as an intermediate between the client and a recursive DNS, often implemented by home routers.

1.3 DNS Record Types

A record: maps a domain to an IPv4 address.

MX record: directs email to a mail server.

CNAME record: creates an alias for a domain.

NS record: specifies the authoritative name servers for a domain.

TXT record: stores arbitrary text, often for verification.

1.4 DNS Resolution Process

Using dig +trace www.baidu.com shows the step‑by‑step queries from the root servers to TLD servers, then to the authoritative servers, finally returning the IP addresses.

macdeiMac:~$ dig +trace www.baidu.com
... (output omitted for brevity) ...

Running nslookup www.baidu.com confirms the resolved IPs.

macdeiMac:~$ nslookup www.baidu.com
Server:  114.114.114.114
Non‑authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 180.101.49.11
Address: 180.101.49.12

2. DNS Problems

2.1 ISP Hijacking

Hijacking occurs when an ISP or malicious party alters DNS records to redirect users to unintended IPs.

2.2 Cache Staleness

If a recursive DNS caches an outdated record, users may be directed to the wrong server after the authoritative IP changes.

2.3 Forwarding Issues

Some ISPs forward queries to other providers' DNS, which can introduce latency or throttling.

3. Global Load Balancing (GSLB)

GSLB (Global Server Load Balancing) distributes traffic across geographically dispersed servers based on load, latency, and health, ensuring users are served by the optimal node.

3.1 Intelligent DNS

Intelligent DNS is an application of GSLB that makes routing decisions using real‑time metrics.

4. HTTPDNS

4.1 What is HTTPDNS?

HTTPDNS uses HTTP requests to query DNS servers, bypassing traditional UDP‑based DNS and avoiding ISP interference.

4.2 Features of HTTPDNS

4.2.1 Prevents Hijacking

Since the client contacts the DNS service directly over HTTP, ISP‑level hijacking is eliminated.

4.2.2 Precise Scheduling

HTTPDNS can obtain the client’s IP address for accurate geo‑routing.

4.2.3 Reduces Connection Failures

Algorithms prioritize reliable servers based on recent success metrics.

4.3 HTTPS IP Content

When using HTTPDNS, the host in the URL is replaced by the resolved IP, which can cause TLS handshake failures if the certificate’s domain does not match the IP.

5. Common Questions

5.1 How does a host know the DNS server IP?

Through DHCP configuration or manual settings.

5.2 Why does DNS use UDP?

UDP requires only a single request and response packet, minimizing overhead compared to TCP.