DNS zones are hierarchical, stemming from a single root. Below this are TLDs (top level domains) and ccTLDS (country code top level domains).
- Root zone (
Internal DNS resolution
gethostbyname() provides name resolution. At a high level, it considers a number of sources for results.
Hosts files contain IP address => name pairs:
Its location is platform dependent:
- On Linux:
- On macOS:
- On Windows:
Query the DNS resolver cache:
- Linux: depends on configuration.
- Enable private data in logs:
sudo log config --mode "private_data:on"
- View DNS queries since enabling private data:
log stream --predicate 'process == "mDNSResponder"' --info
- Disable private data in logs:
sudo log config --mode "private_data:off"
- On pre-High Sierra versions, send the INFO signal to
sudo killall -INFO mDNSResponder
- Enable private data in logs:
Clear the resolver cache:
- Linux: depends on configuration.
dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Root hints (
cache.dns) provide the location of the root servers, required for seeding DNS clients.
DNS queries requiring recursive queries or receiving cached responses are non-authoritative answers. Authoritative come only from the nameserver hosting the zone.
DNS queries that a server doesn't hold the answer for can be forwarded (from the root, to the TLD, to the domain's nameserver) in a process called recursion. Queries made in this fashion are known as iterative queries.
Conditional forwarding is more specific than forwarding. It can speed up lookups by allowing requests for specific domains to be directed straight to the appropriate nameserver, saving the iterative queries to get to the domain.
- Forward lookup zones resolve hostnames to IP addresses.
- Reverse lookup zones resolve IP addresses to hostnames, e.g. for mail lookup. Their zone names will be in the format
SOAstart of authority records contain metadata about the zone:
- Serial number, incremented on every change to signal modifications.
- Primary authoritative nameserver.
- Hostmaster contact
- Minimum (default) TTL
- Refresh interval
- Retry interval
- Expires after
AAAA(IPv6) address records, pointing at IP addresses.
CNAMEare canonical name records, pointing at other names.
SRV, service lookup zones, contain a hostname and port number pair, along with a priority and weight value.
TXTrecords contain arbitrary text and are often used for ownership verification.
PTRrecords "point" at host canonical hostnames for hosts.
MX, or mail exchanger, records point at SMTP servers for a domain. These include a priority value indicating a failover order.
NAPTRname authority pointer.
SPF(Sender Policy Framework) records are deprecated in favour of using
TXTrecords for compatibility reasons.
All records have their own TTL, which can optionally override the zone default specified in the SOA.
Zone use cases
Primary DNS zones are authoritative sources of information for their zones. These zones are read/write, accepting resource record updates.
Secondary DNS servers are read-only copies of the zone. Zone transfers allow the contents of DNS zones to be copied over the DNS protocol (AXFR to full sync, IXFR for delta).
Stub zones contain only the SOA and NS records for the authoritative nameservers for the domain. This allows responding to recursive queries.
"Cache-only DNS" and "caching resolver" configurations require being able to service requests from clients and caching records over time.
The header section comprises:
IDis populated with an identifier by the querying client, used to match requests and responses.
QRindicates whether the packet contains a request (
0) or response (
OPCODEindicates the operation type:
0: standard query.
1: inverse query.
AAdetermines whether the responding nameserver is authoritative for the zone.
TCindicates that the message was truncated.
RDindicates that a request wishes to use recursion.
RAspecifies whether recursion is available in the responding nameserver.
Zis reserved for future use and must be
RCODEcontains the response status.
QDCOUNTspecifies the number of question resource records in the question section.
ANCOUNTspecifies the number of answer resource records in the answer section.
NSCOUNTspecifies the number of nameserver resource records in the nameserver section.
ARCOUNTspecifies the number of authoritative resource records in the authority section.
Question sections comprise:
QNAMEspecifies the name being queried.
QTYPEspecifies the desired resource record type:
QCLASSspecifies the query class:
1: Internet (
IN) is the only widely used, though others are allocated.
Resource records make up a number of sections:
- Answer section
- Authority section
- Additional section
They comprise the following fields:
NAMEspecifies the domain name.
TYPEspecifies a resource type.
CLASSspecifies the resource class.
TTLprovides the number of seconds a record may be cached.
RDLENGTHspecifies the length of the
RDATAcontains the record data.
Zone transfers, sometimes referred to by the query type AXFR, is a DNS transaction that allows replicating DNS zones across servers.
If it's possible to deliver a the result over a single packet, UDP is favoured, else TCP will be used.
There are two types of zone transfer:
AXFRqueries return the complete contents of the specified zone.
IXFRqueries return partial results, requiring that the server store delta information between the current and several previous versions.
- Netmask ordering is the behaviour of listing resource records for addresses in the same subnet as the client first in the returned results. Since clients work down resource records in the order they're given, this should favour the "local" record over others.
- Round robin load balancing offers a poor-man's load distribution mechanism: the DNS server can permute the order of multiple address resource records.
EDNS(0) expands the size of several parameters of the original protocol which limited its expansibility. It was proposed in RFC 2671 and later revised by RFC 6891.
The extensions are facilitated through the use of a new optional (
OPT) pseudo-resource record type to preserve backwards compatibility (old responders ignore them and new responders don't include the records unless they exist in the request).
Troubleshooting should follow the order of the DNS resolution process:
- Check the local cache, if applicable.
- Check the local zones.
- Check the conditional forwarders.
- Check forwarders.
- Check the root hints.
Tools are platform-specific:
nslookupis all you've got on Windows by default.
drill(and the BIND utility
dig) are more feature rich.