Understanding DNS: Why It Exists, Hierarchical Structure, Protocol Details, Caching, and Practical Insights

Recalling student days, the author notes how students memorized complex strings like domain names and IP addresses, and how they eagerly searched open‑source learning material on forums, embodying the spirit of open sharing that leads to technical curiosity about the Internet.

Why DNS Exists

Humans cannot remember raw IP addresses such as 112.80.248.76 ; typing a memorable domain like www.baidu.com is analogous to looking up a phone number in a contact list. DNS acts as the Internet’s address book, translating human‑readable domain names into IP addresses.

With over 300 million registered domain names and an estimated trillion DNS queries per second, a single monolithic server cannot handle the load. DNS must therefore be a distributed system capable of supporting massive read traffic.

URL Hierarchy

A typical domain like www.baidu.com contains three levels separated by dots: the top‑level domain (TLD) com , the second‑level domain baidu , and the third‑level subdomain www . Behind the TLD lies an implicit root zone, completing the full hierarchical tree.

When many domains share common prefixes, they form a tree‑like structure, similar to school → grade → class, allowing efficient lookup by traversing the hierarchy.

DNS Principles

DNS is a high‑concurrency distributed system designed with two key ideas: (1) split services according to the hierarchical domain structure, and (2) employ multi‑level caching to reduce the number of queries each server must handle.

Using URL Hierarchy to Split Services

Each DNS server maintains information for one or more zones (a set of domains). When a client queries www.baidu.com , the request is routed through a chain of servers: local resolver → root server → TLD server → authoritative server, each step narrowing the search space.

Adding Multi‑Level Cache

Before contacting any remote server, the resolver checks several caches in order: browser cache, OS cache, /etc/hosts , and the nearest DNS server’s cache. Only if all caches miss does the resolver query the root and subsequent authoritative servers.

Because cached records contain the hierarchical relationships, a resolver can often skip the root lookup entirely and go directly to the relevant TLD or second‑level server.

DNS Protocol Format

DNS operates as an application‑layer protocol (similar to HTTP) carried over UDP. A DNS message consists of fields such as Transaction ID, Flags (including QR, OpCode, RCode), Queries (Name, Type, Class), and Answers.

Transaction ID : matches request and response.

QR : 0 for query, 1 for response.

OpCode : operation code, usually 0 for standard query.

RCode : response code (0 = no error, 1 = format error, 2 = server failure, etc.).

The Queries section specifies what is being looked up (e.g., Name = baidu.com , Type = A for address, Class = IN for Internet). The Answers section returns the resolved data, such as IP addresses.

Packet Capture

Using dig www.baidu.com and Wireshark, one can observe the DNS request and response packets. The request is a UDP datagram containing the query fields; the response includes the same Transaction ID and one or more Answer records with IP addresses.

dig www.baidu.com

Summary

DNS is a highly scalable distributed system that splits service responsibilities using the hierarchical domain tree.

Multi‑level caching dramatically reduces the number of queries each server processes, improving performance.

Clients obtain DNS server addresses via DHCP when they connect to a network.

Root server IPs are baked into every DNS implementation, ensuring that any resolver can start the lookup process.

Final Thoughts

The article ends with two open questions: (1) Although DNS primarily uses UDP, does it ever use TCP? (2) With only 13 IPv4 root servers, what would happen if they were all taken offline?