Approximate scheme of DNS operation

Started by JPinto, Oct 28, 2022, 03:40 AM

Previous topic - Next topic

JPintoTopic starter

I work in web hosting: we host user sites on our servers.
In view of the huge number of questions that both beginners and experienced users ask us, I want to explain some principles, aspects and features of this branch of the IT sphere. I'm not sure that the number of questions from our users will decrease, but it's worth trying.
Even if you don't use hosting, I assume that this information can be informative.

In fact, the domain (domain name), for example, - this is a simplified symbolic representation of the server address on which web site itself is located. To show the site in your browser, your device (computer, tablet, smartphone, etc.), after you enter the name of the site in the browser's address bar, launches a rather confusing at first glance chain of requests.

What happens when you type the site address (domain) in the browser, for example " "?
1. The browser sends a request to the server of your Internet provider.

2. The ISP's server looks into its DNS cache, and if there are addresses does not find, accesses the root DNS server of the zone .com, because it is in this zone that the domain of the site we need is located.

3. The root server, receiving a request, looks into its database and searches there for records with the names and IP addresses of the DNS hosting provider, which hosts a site on its servers, popularly called . Having found these records, he transmits them to the Internet provider's server.

4. By accessing the DNS of the hosting provider, the ISP's server receives the IP of the server hosting the site with the name , and puts it in the database of its DNS cache. And also accesses this IP directly to the server where the site is hosted.

5. The hosting provider's server finds the necessary data in its insides by the requested domain and transmits it back.

6. The Internet provider transmits the received data to your browser, which renders website to you.

There are several nodes that communicate with each other while you wait. In ideal conditions, all communication between them takes place in a fraction of a second. And after entering the address into the browser, you get the site within a couple of seconds, most of which takes the transfer of site data over the communication channel between the hosting provider and your computer.

The DNS cache is needed to unload the communication channels of the global network. But if you look deeper, it becomes obvious that its presence has negative consequences: when transferring a site to another server, a site visitor may not see the site for some time, because the DNS cache of his Internet provider stores data about the old IP address of the site's domain name.
The speed of updating the DNS cache varies from Internet service providers: from four hours to four days.
On average, they update the DNS cache within 6 hours. In large cities, the update occurs more often: 2-4 hours.

I apologize for the possible tongue-tied. Translation from IT to human is quite difficult, but I try. If something is still not clear - write questions in the comments, I will try to answer.


In short: the domain names system stores information on each domain name on the Network. The system is multilevel and distributed throughout the Internet. Duplicated many times.
In a simplified form, what is stored in it: the domain name itself, the IP of the physical server where the site of this domain is located, the IP of servers of various services of this domain name, for example, the IP address of the server that serves the mail of this domain, and some other service records.

I didn't really understand what "Different dns in the settings" means, but I assume that we are talking about several ns servers in the domain settings.
This duplication is necessary for fault tolerance. If one ns server is not responding for some reason, the other one will respond.


Well, there are always several ns, this requirement has become mandatory for a long time. This is both safer and more practical. Using multiple servers can and will help to hide the server from unauthorized access. Most likely, different dns are really different ns servers in this case


It is better for beginners to tell about the hosts file so that they do not buy domains for themselves, but raise the web server locally, make virtual domains through hosts and play there.

If newcomers want to raise their DNS server, they may fall under a vulnerability when they can send a small request, and the response to it will go to the target victim, and very large.
So, without any viruses, without installing a botnet, just by getting a list of open (incorrectly configured DNS servers), you can quickly organize ddos through them.