Understanding DNS: Basics, Query Process, Packet Structure, and Security

DNS Overview

The Domain Name System (DNS) is a distributed hierarchical database that maps human‑readable hostnames (e.g., www.google.com) to IP addresses. Routers operate on fixed‑length IP addresses, while users prefer memorable names, so DNS bridges the two.

Basic DNS Concepts

DNS operates as an application‑layer protocol using a client‑server model over UDP port 53. DNS servers typically run BIND on UNIX machines. The system provides services such as host aliasing, mail server aliasing, and load distribution across redundant servers.

DNS Hierarchical Design

DNS uses a distributed, layered architecture consisting of root servers, top‑level domain (TLD) servers, and authoritative servers. Root servers (over 400 worldwide) delegate queries to TLD servers (e.g., .com, .org), which in turn point to authoritative servers for specific domains.

Example resolution for www.amazon.com:

The client contacts a root server, which returns the IP of the .com TLD server.

The client queries the TLD server, receiving the IP of an authoritative server for amazon.com.

The client finally queries the authoritative server, which returns the IP address of www.amazon.com.

DNS Query Process

When a user types a URL, the browser extracts the hostname and sends a DNS query to a resolver. The resolver performs the following steps:

Send a query to a root server.

Receive the TLD server address.

Query the TLD server for the authoritative server.

Query the authoritative server for the final IP address.

Return the IP to the browser, which then initiates a TCP connection to the web server.

Note: Resolvers cache responses; identical subsequent queries are answered from the cache without contacting upstream servers.

DNS Caching

Caching occurs at multiple levels: browser cache, operating‑system resolver cache, and intermediate DNS resolvers. Cached records have a Time‑to‑Live (TTL) that determines how long they remain valid.

DNS Message Format

DNS messages consist of a header (12 bytes) and four sections: Question, Answer, Authority, and Additional. The header contains fields such as Transaction ID, Flags, Question Count, Answer Count, etc. (Name, Value, Type, TTL) Common resource record (RR) types include A, AAAA, CNAME, MX, PTR, and SRV. An example A record response for mobile-gtalk.l.google.com shows an IP of 63.233.189.188 with a TTL of 5 seconds.

DNS Security

DNS is vulnerable to several attacks: DoS/DDoS overload of root or TLD servers, DNS spoofing (cache poisoning), DNS tunneling, DNS hijacking, and others. Mitigations include DNSSEC, which adds digital signatures to DNS data, and DNS firewalls that provide rate‑limiting and caching fallback.

Conclusion

The article provides a thorough introduction to DNS, covering its architecture, query workflow, packet details, caching behavior, and security considerations, offering a solid foundation for interview preparation or deeper study of internet name resolution.