What is a DNS query? How does a DNS query work?
A DNS query is a message that a client sends to the DNS server. It contains a list of questions that the DNS server answers. A DNS query can contain multiple questions that the server will reply to, but a server might also reply with its own additional information.
Here are 3 different DNS query types. Depending on the query type, the DNS server behaves differently when it answers requests.
In a non-recursive query, the DNS server is expected to hold and return the answer for the requested hostname. The DNS server will proceed to return the answers from its own local cache or database. If the DNS server is unable to find information about the requested hostname, it will respond with an empty response instead.
A recursive query tells the querying DNS server or resolve that it should provide an answer for the send questions. If the server itself serves as an authoritative server for this domain, it should respond with the normal response. If however, the server is not an authoritative server for this domain, it should start a recursive query process to resolve the domain name itself and then return the resulting records.
In an iterative DNS query, the DNS client asks the server to resolve the requested questions to the best of its abilities. If the DNS server is the authoritative server or contains the information about the request in its cache, it will provide the answer to the client. However, if the DNS server is unable to determine aresponse, it will send back a referral to other DNS servers which might be able to provide the answer.
There are over 45 different query and answer types available designed to retrieve different pieces of information from the nameservers. These are mapped to DNS records, which the server returns as answers. Out of the 45+ query types, most domains only use these 9:
The A record maps the requested hostname to the corresponding IPv4 address. This allows the browser to translate a domain name and route it to the correct server.
The AAAA record is similar to an A record, however, it works with IPv6 addresses. Similarly, it allows the browser to translate a domain name to the correct server.
Also known as Canonical Name record, the CNAME record is used as an alias to another hostname. When returned to the client, the client will then query the hostname with another request to resolve the returned alias into an A or AAAA record. The server can also include this record within the response already.
Short for Mail Exchanger, the MX record specifies the hostname of an SMTP email server for the domain. This is then used to route incoming emails for this domain by email services.
The TXT or Text record is used to carry human or machine readable text data. This can be used for various purposes such as verification, authentication or passing other data.
Short for Name Server record, the NS record contains the information about the nameservers responsible for providing DNS information for the queried domain, for example ns1.doman.com.
Short for Reverse-lookup Pointer, the PTR record is used to map a reverse mapping from an IP to a fully qualified hostname. This is used in a process called reverse DNS lookup.
Short for Service Location, the SRV record works similarly to an MX record, but is used for other communication protocols to help with discovery.
Short for Start of Authority, the SOA record serves as an administrative record for a domain name zone. It indicates the Authoritative Name Server for the current domain, contact details, serial number and information about any DNS changes. It also hints to the resolve how often the DNS information should be refreshed for this domain.
A DNS query is constructed from a packet that consists of multiple parts as illustrated on the diagram below. The same format is shared between the query and answer DNS packet.
The header contains information about the length of the packet, capabilities of the client, and the number of questions contained in the query. After that, the packet includes the list of encoded queries and any additional information sent by the client.
Usually, DNS queries are quite small and consist of around 50-100 bytes of data.
Generally, a DNS query is sent with a UDP packet that is transmitted by the client to the server. This is primarily for performance reasons as UDP is generally considered much faster than other standard network protocols. If for whatever reason, the server does not reply however, the client might attempt to retry the connection via a TCP connection.
A server might also request the client to re-send the query using TCP in case the DNS response does not fit into a UDP packet. This allows the server to upgrade the connection to return long responses.
Recently, a new protocol has also appeared called DoH (DNS over HTTPS) that uses the HTTP protocol to perform DNS resolution. This was designed to provide a more secure way of hostname resolution thanks to encryption.
Domain Name System. A protocol that resolves names to IP addresses that devices can use to contact other servers.
Transmission Control Protocol.
User Datagram Protocol.
A service that resolves domain names into network addresses.