DNS questions

Hello! Here are some questions & answers. The goal isn't to get all the questions "right". Instead, the goal is to learn something! If you find a topic you're interested in learning more about, I'd encourage you to look it up and learn more.

what's the most common thing we use DNS for?

turning a hostname (like google.com) into an IP address (like 19.3.2.15)

what command line tool can you use to make DNS queries?

dig or host!

$ dig google.com will give you the IP address for google.com

is it possible to go the opposite direction -- get the hostname for an IP address?

yes!

$ dig -x 172.217.13.174
will do a "reverse DNS lookup" for 172.217.13.174.

do reverse DNS queries always work?

nope!

$ dig -x 172.217.13.174
will do a "reverse DNS lookup" for 172.217.13.174. This is actually looking up the PTR record for 174.13.217.172.in-addr.arpa

do DNS servers only store IP addresses?

nope!

there are many types of DNS records (A, NS, MX, PTR, SOA, etc). A records store IPv4 addresses.

can a hostname have many IP addresses?

yes!

there can be many A records for the same name with different IPs.

are IPv4 addresses and IPv6 address stored in the same kind of record?

nope!

IPv4 addresses are in A records and IPv6 addresses are in AAAA records.

when you send email to someone@gmail.com, are you using DNS?

yes!

you need the IP address of gmail.com's mail server to send the email. the mail server for a hostname is in the MX DNS record

when you update an A record, will everyone get your new IP right away?

nope!

DNS servers all use caching, so it depends when the cache expires.

what decides how long a DNS response gets cached for?

the TTL!

every DNS response has a parameter called the "TTL" ("time to live"). If you set a shorter TTL, you can update your DNS records faster!

do DNS clients have to respect the TTL?

nope!

some clients will ignore the TTL and cache the response for a different amount of time instead (like a day)

what's 8.8.8.8?

a popular DNS server hosted by Google. anyone can make DNS queries to it.

when you ask 8.8.8.8 for an IP address for reddit.com, where does it get that information?

from reddit.com's nameserver

every domain name has a nameserver (actually usually more than one) which is the source of truth for DNS queries about that domain

is reddit.com's nameserver a DNS server?

yes!

there are 2 kinds of DNS servers:

"authoritative": source of truth, like reddit.com's DNS server. These have a authoritative database of IP address.

"recursive": like 8.8.8.8. they just query authoritative nameservers and cache

how does 8.8.8.8 get an IP address for a reddit.com nameserver?

it queries the .com nameserver

every TLD (.com, .io, etc) has DNS servers that store the nameservers for every domain with that TLD.

how does 8.8.8.8 get an IP address for a .com nameserver?

it queries a root nameserver!

There are root nameservers that can tell you where the TLD nameservers are. They're a.root-servers.net to m.root-servers.net.

how does 8.8.8.8 know the IP address of the root nameservers?

they're hardcoded!

Every recursive nameserver hardcodes the addresses of the root nameservers so that it has an IP address to start with.

do you need to use 8.8.8.8 to make a DNS query for reddit.com?

nope!

you can just make a DNS query to reddit.com's nameserver yourself! (or more likely: use any other recursive DNS server you want)

does DNS use TCP or UDP?

it can use either!

UDP is more common, but we're seeing a recent move to encrypted DNS over HTTPS which uses TCP.