DNS record types, servers, and queries
How does DNS work
DNS is the global system for translating IP addresses into human-readable domain names. For example, when a user tries to access a web address such as “example.com,” their web browser or application performs a DNS query against the server, providing the hostname. The DNS server takes the hostname and converts it into a digital IP address that a web browser can connect to.
A component called DNS Resolver is responsible for checking if a hostname is available in the local cache. If not, it communicates with a series of DNS name servers so that it finally receives the IP address of the service that the user is trying to access and returns it to the browser or the application. This usually takes less than a second.
DNS types: The 3 DNS query types
There are three types of the queries in the DNS system:
Iterative query
In an iterative query, the DNS client provides a hostname, and the DNS resolver “must” answer – responds with either a relevant resource record or an error message if it cannot be found. Then, the resolver starts a recursive query process, starting with the DNS root server until it finds the authoritative name server (for more information about trusted name servers, see DNS server types below) that holds the IP address and other information the requested hostname.
Recurring query
In an iterative query, the DNS client provides a hostname, and the DNS resolver returns the best possible answer. If the DNS resolver has the relevant DNS records in its cache, it replaces them. If not, it forwards the DNS client to the root server or another trusted name server closer to the requested DNS zone. Finally, the DNS client must repeat the query directly to the pointed DNS server.
Non-recurring query
The non-recursive query is one in which the DNS resolver already knows the answer. It either returns the DNS record immediately because it stores it in the local cache, or it queries the DNS name server and is authoritative for the record, meaning it holds the correct IP address for that hostname. In some case, there is no need for additional rounds of queries (as in recursive or iterative queries). Instead, the response is immediately returned to the customer.
DNS types: 3 types of DNS servers
Below are the most common DNS servers that resolve hostnames to IP addresses.
DNS resolver
The DNS resolver (recursive resolver) is designed to receive DNS queries, which include a human-readable hostname such as “www.example.com,” and is responsible for tracking the IP address of that hostname.
DNS root server
The root server is one of the first step in the journey from the hostname to the IP address. The root DNS server extracts the top-level domain (TLD) from the user’s query – e.g., www.example.com —… provides details for the .com TLD name server. This server will provide details of the domains containing the .com DNS zone, including “example.com.”
There are 13 root servers worldwide, denoted by letters A through M, operated by organizations such as the Internet Systems Consortium, Verisign, ICANN, the University of Maryland, and the US Army Research Laboratory.
Certified DNS Server
Top-level servers in the DNS hierarchy determine which DNS server is the “authoritative” name server for a given hostname, meaning that it keeps the updated information for that hostname.
The authoritative name server is also the last stop in the name server query – it takes the hostname and returns the correct IP address to the DNS resolver (or if it can’t find the domain, it returns the message NXDOMAIN).
DNS Types: Top 10 Types of DNS Records
DNS servers create a DNS record to provide important information about a domain or hostname, especially its current IP address.
The most common types of the DNS records are:
- Address assignment record (A record) – Also known as a DNS host record, it stores the hostname and its corresponding IPv4 address.
- IP Address Record 6 (AAAA Record) – Stores a hostname and its corresponding IPv6 address.
- Canonical Name Record (CNAME Record) – Can be used to name a hostname to another hostname. When the DNS client requests a record containing a CNAME, which points to another hostname, the DNS resolution process is repeated with the new hostname.
- Mail exchanger record (MX record) – identifies an SMTP email server for the domain that routes outgoing email messages to an email server.
- Nameserver records (NS record) – Specifies that a DNS zone, such as “example.com,” is delegated to the specified authorized name server and provides the address of the nameserver.
- Reverse lookup indicator records (PTR record) – allow the DNS resolver to provide an IP address and receive a hostname (reverse DNS lookup).
- Certificate record (CERT record) – stores encryption certificates — PKIX, SPKI, PGP, etc.
- Service location (SRV record)—Service location record, like MX but for other communication protocols.
- Text history (TXT record) – typically holds machine-readable data such as opportunistic encryption, sender policy framework, DKIM, DMARC, etc.
- The onset of Validity (SOA record) – This record appears at the beginning of the DNS zone file and indicates the authorized name server for the current DNS zone, contact details for the domain administrator, the domain’s serial number, and information about how frequently the DNS information for this zone should be updated.