Understanding DNS: Principles, Resolution Process, and Performance Optimization

Domain Name System (DNS) translates human‑readable 域名 into machine‑readable IP addresses, allowing users to type memorable names like www.baidu.com instead of numeric IPs.

A domain consists of several labels separated by dots, with the right‑most label representing the highest level; for example, in www.baidu.com , com is the top‑level domain, baidu the second‑level, and www the third‑level.

DNS servers store the mapping between domain names and IP addresses. Four classes of servers exist: 根域名服务器 (root servers), 顶级域名服务器 (top‑level domain servers), 权威域名服务器 (authoritative servers), and 本地域名服务器 (local resolvers). The root servers (13 globally) know the IPs of all TLD servers.

When a host queries www.baidu.com , the resolution proceeds as follows: The host sends a DNS query to its local resolver. The local resolver forwards the query to a root server. The root server replies with the IP of the relevant TLD server (e.g., for com ). The local resolver contacts the TLD server, which returns the IP of the authoritative server for baidu.com . The local resolver queries the authoritative server, which provides the final IP address. The authoritative server sends the answer back to the local resolver. The local resolver returns the IP address to the original host.

The interaction between the host and the local resolver is called a 递归查询 , while the communication among the hierarchical DNS servers is an 迭代查询 .

After a network connection is established, the host learns the IP of its local DNS server via DHCP. Root server IPs are hard‑coded into operating systems, so every computer knows them.

Because a full resolution may involve eight DNS messages, performance can suffer. DNS improves speed by using UDP (port 53) for most queries—UDP is faster than TCP, though TCP is used when responses exceed 512 bytes or for zone transfers.

Caching further reduces latency: local resolvers store recent Name‑Value mappings for a TTL (time‑to‑live) period, and client machines can view their cache with ipconfig/displaydns and clear it with ipconfig/flushdns .

When a local resolver performs poorly, users can manually change the DNS server settings (e.g., via Windows Control Panel → Network → IPv4 properties) to use public DNS services. Common public DNS server addresses include: Alibaba 223.5.5.5 223.6.6.6 Tencent 119.29.29.29 182.254.116.116 Baidu 180.76.76.76 114.114.114.114 Google 8.8.8.8 8.8.4.4 114DNS 114.114.114.114 114.114.115.115

DNS records are stored as Resource Records (RR) containing four fields: Name , Value , Type , and TTL . For example, an A record maps a domain to an IPv4 address, while an NS record points to the name server responsible for a domain.

A DNS message consists of several sections: transaction ID, flags (including QR and TC), question count, answer count, authority count, additional count, followed by the question, answer, authority, and additional sections. Each section contains resource records as described above.

Wireshark captures of a DNS query and its response illustrate these fields (images omitted for brevity).