How DNS resolution works when entering “example.com” into browser?

• Browser cache check: the brwoser first checks its own cache to see if it has the IP of “example.com”
• Operating system cache check: operating system also maintain a DNS cache
• Resolver or Recursive DNS servers cache check: the system makes a request to the recursive DNS servers provided by your Internet Service Provider (ISP), or another provider like Google DNS or Cloudflare. These servers also maintain a DNS cache
  • handle requests from clients, such as web browsers
• Root DNS server: Resolver contacts a root DNS server for the address of TLD DNS server (.com)
• TLD NDS server: Resolver queries the TLD DNS server (.com) for the address of authoritative DNS server of “example.com”
• Authoritative DNS Server: Resolver queries the authoritative DNS server for the IP address of “example.com”
  • Domain Name Server most commonly refers to the “Authoritative DNS Server” where knows the actual IP address
  • GoDaddy serves as an Authoritative DNS Server. They store the DNS records for these domains
• Returning the IP address to browser: the browser can then make a request to the IP address to get the website data
• Caching the IP address

Which layer of the OSI model does DNS resolution happen at?

• Application Layer (Layer 7)
  • DNS is a high-level application protocol designed to resolve human-friendly domain names into IP addresses.
  • This process is a service provided to applications so they can use IP networks correctly, which is a primary function of Layer 7.
• Transport Layer (Layer 4)
  • Although DNS primarily operates at the application layer, it’s also important to note that DNS uses protocols at the transport layer to exchange data.
  • DNS typically uses UDP (User Datagram Protocol) for query and response messages, but it can also use TCP (Transmission Control Protocol) for larger data exchanges (like zone transfers) or when a UDP packet is dropped.

DNS settings

• A : 用來解析IP位址, 將 HostName 對應到某個IP.
• CNAME : 將 HostName 對應某個網域.
• MX : 郵件伺服交換記錄, 對應郵件伺服器使用.
• TXT : 文件記錄,這幾乎用不到, 特殊用途.
• SRV : 資源記錄,一樣用不到, 特殊用途.
• AAAA : 等同A記錄,只不過A是IPv4,而AAAA是IPv6.
• NS : Name Server, 指定你的DNS要交由哪個NS進行解析.

只能指向 domain 或 ip

例如 :

• example.com -> 106.173.25.11
• a.example.com -> ttt.example222.com

無法解析到 / 之後, 因為這不是 dns 的工作 :

• example.com -> ttt.example.222.com/home

只允許特定 host

只開放 example.com, www.example.com, db.example.com

A (Host) 設定
@       45.33.60.10             => example.com
db      45.33.60.10             => www.example.com
www     45.33.60.10             => db.example.com

將 www.example.com 導到 example.com

A (Host) 設定
@     45.33.60.10
*     45.33.60.10

CName (Alias)
www   example.com

將 example.com 導到 www.example

這要在 http server (nginx) 設定

解決 DNS 一直沒有更新問題

解法: 直接用 google 的 dns server (8.8.8.8)

我的 macbook 預設的 DNS 第一個是 seednet, 第二才是 google

我在 godaddy 的 dns 設定將 domain 指向新 IP 時, 在半小時內就生效了

但不管本機 DNS cache 怎麼清 ping 出來的一直是錯的 IP,

用 dig 及 nslookup 以 google dns 去找都可以找到正確的 IP,

猜想是不是 seednet 的 dns server 的資料一直是舊的, 造成我一直抓不到正確的 IP,

索性最後直接把本機的 DNS 改成 googld dns, 問題都解決了, 改的方法如下 :

到 系統偏好設定 -> 網路 -> USB 乙太網路 下面 進階 -> 新增 8.8.8.8

不需要改 /etc/resolv.conf, 因為改它是沒有用的, mac 每次開機都會自動產生一份檔案

dig

顯示 domain 經由 dns 路徑的主機

$ dig +short NS blog.example.com
test-user.github.io.
github.map.fastly.net.

顯示完整的 DNS 路徑

dig +trace blog.example.com

; <<>> DiG 9.8.3-P1 <<>> +trace blog.example.com
;; global options: +cmd
.                       369863  IN      NS      k.root-servers.net.
.                       369863  IN      NS      e.root-servers.net.
(...略...)
;; Received 228 bytes from 168.95.1.1#53(168.95.1.1) in 205 ms          // 第一個 dns server IP, 中華電信 DNS server

tw.                     172800  IN      NS      d.dns.tw.
tw.                     172800  IN      NS      i.dns.tw.
(...略...)
;; Received 508 bytes from 192.5.5.241#53(192.5.5.241) in 266 ms        // 第二個 dns server IP
example.com.                 86400   IN      NS      ns73.domaincontrol.com.
example.com.                 86400   IN      NS      ns74.domaincontrol.com.
;; Received 84 bytes from 61.220.48.1#53(61.220.48.1) in 114 ms         // 第三個 dns server IP

blog.example.com.            3600    IN      CNAME   test-user.github.io.
;; Received 60 bytes from 216.69.185.47#53(216.69.185.47) in 201 ms     // 第四個 dns server IP

1. 先找到全球性的根節點, 問到 .tw 的 dns 主機位置

2. 在 dns.tw 主機問到 example.com 主機位置在 ns73.domaincontrol.com 及 ns74.domaincontrol.com, 這兩個都是我的 domain 商 godaddy 幫我安排的 dns server

3. 在 godaddy ns server 中問到需要 CNAME 到 test-user.github.io

nslookup

找出 domain 的 dns server

nslookup blog.example.com
Server:     106.187.35.20
Address:    106.187.35.20#53        // 第一個 dns server IP, linode DNS server

Non-authoritative answer:
blog.example.com canonical name = test-user.github.io.
test-user.github.io   canonical name = github.map.fastly.net.
Name:   github.map.fastly.net
Address: 103.245.222.133

ref

• DNS 設定