DNS (Domain Name System) is perhaps the most commonly used service in the network. It translates domain names that are easy to remember, such as www.google.com, into IP addresses that are difficult to remember, such as 173.194.127.132, so that computers can accurately find the target machine in the network on the basis of facilitating human input. Dig (Domain Information Groper) is a commonly used dns analysis and Debugger. Generally, Linux and Mac have been installed by default.

# DNS Resolution

If you want to know what IP address www.waltersun.cn is resolved to, you can use the following command (ping command is also possible, but this article focuses on the dig command)

[walter@B-Q9VTML85-1821 ~ % dig www.waltersun.cn +noall +answer

; <<>> DiG 9.10.6 <<>> www.waltersun.cn +noall +answer
;; global options: +cmd
www.waltersun.cn.  230  IN  A  118.195.145.14

The parameters +noall and +answer are only for the sake of more concise output.

Ignore lines 3 and 4 first, and focus on the last line, which is divided into 5 parts:

  • The first part is the domain name we searched for;
  • The second part is the cache expiration time ttl (seconds), which is not concerned for the time being;
  • The third part is IN, which represents the category Internet, which is generally the same category;
  • The fourth part is very important, indicating the type of record in this row. The type of record in this row is A (Address), indicating that this is an A record and describing the address corresponding to the domain name;
  • Part 5 is easy to understand, it's the address. (119.195.145.14 is the public IP address of my website)

# dig command

How does the dig command know the IP address corresponding to the domain name? You can add the+stats parameter to make Dig print basic statistical information.

[walter@B-Q9VTML85-1821 ~ % dig www.waltersun.cn +noall +answer +stats

; <<>> DiG 9.10.6 <<>> www.waltersun.cn +noall +answer +stats
;; global options: +cmd
www.waltersun.cn.  1  IN  A  118.195.145.14
;; Query time: 70 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Fri Apr 29 20:06:32 CST 2022
;; MSG SIZE  rcvd: 50

The answer is: SERVER 223.5.5.5 in line 7, where 53 is the UDP (sometimes TCP) port used by DNS. Dig uses DNS configured with/etc/resolv. conf by default.

[walter@B-Q9VTML85-1821 ~ % cat /etc/resolv.conf
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search hz.ali.com
nameserver 223.5.5.5
nameserver 223.6.6.6

We can also specify Dig to use other domain servers to help us resolve domain names, such as using Google's 8.8.8.8:

[walter@B-Q9VTML85-1821 ~ % dig @8.8.8.8 www.waltersun.cn +noall +answer +stats

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.waltersun.cn +noall +answer +stats
; (1 server found)
;; global options: +cmd
www.waltersun.cn.  600  IN  A  118.195.145.14
;; Query time: 145 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Apr 29 20:12:11 CST 2022
;; MSG SIZE  rcvd: 61

Some internet services are deployed in various parts of the world, and at this time, service providers hope that Chinese users can access the IP addresses of Chinese computer rooms, while American users can access the IP addresses of American computer rooms. At this time, the domain name servers in the two places will return different results. We can use commands similar to the above to verify this. Readers can refer to the list of domestic and foreign DNS server addresses and try using servers from various countries to dig well-known websites such as google.com.

However, even so, whether it's 223.5.5.5 or 8.8.8.8, it's impossible to know all the domain name information around the world. In fact, billions of domain name information are distributed on countless domain servers around the world. We can take a look at the service that maintains www.waltersun.cn domain name information:

[walter@B-Q9VTML85-1821 ~ % dig www.waltersun.cn ns +noall +answer

; <<>> DiG 9.10.6 <<>> www.waltersun.cn ns +noall +answer
;; global options: +cmd

Add the ns parameter after dig www.waltersun.cn to indicate that we want to obtain domain name server information (instead of the default A record), but we did not receive any results from this query. Because this often means that the domain server of the domain name's upper level domain name (waltersun. cn) manages the Subdomain, we can dig waltersun. cn to see:

[walter@B-Q9VTML85-1821 ~ % dig waltersun.cn ns +noall +answer

; <<>> DiG 9.10.6 <<>> waltersun.cn ns +noall +answer
;; global options: +cmd
waltersun.cn.    3600  IN  NS  f1g1ns2.dnspod.net.
waltersun.cn.    3600  IN  NS  f1g1ns1.dnspod.net.

The result has two rows of records, similar to the result of dig A, each divided into five parts. The meanings of parts 1, 2, and 3 are consistent with those of record A. The fourth part represents the type of NS (Name Server), and the fifth part is naturally the address of the domain server.

Now we know that Dig requests the domain name information of waltersun.cn from the domain server 223.5.5.5, and f1g1ns2. dnspod.net and f1g1ns1. dnspod.net save the domain name information of waltersun.cn. So how can 223.5.5.5 know how to contact f1g1ns2. dnspod.net or f1g1ns1. dnspod.net? This involves the distributed architecture of DNS.

The entire DNS service is distributed according to the tree structure. The top level is the root domain name. The root domain name server stores the information of all the classified domain name servers, including com, net, edu, org, cn, and so on. Each classified domain name server contains the information of the next level domain name server. For example, the com domain name server contains the server information of microsoft.com, amazon.com, and so on.

We can use the+trace option of dig to carefully examine this process:

[walter@B-Q9VTML85-1821 ~ % dig waltersun.cn +trace
; <<>> DiG 9.10.6 <<>> waltersun.cn +trace
;; global options: +cmd
.      37  IN  NS  b.root-servers.net.
.      37  IN  NS  g.root-servers.net.
.      37  IN  NS  k.root-servers.net.
.      37  IN  NS  e.root-servers.net.
.      37  IN  NS  d.root-servers.net.
.      37  IN  NS  j.root-servers.net.
.      37  IN  NS  h.root-servers.net.
.      37  IN  NS  a.root-servers.net.
.      37  IN  NS  i.root-servers.net.
.      37  IN  NS  c.root-servers.net.
.      37  IN  NS  l.root-servers.net.
.      37  IN  NS  m.root-servers.net.
.      37  IN  NS  f.root-servers.net.
;; Received 228 bytes from 223.5.5.5#53(223.5.5.5) in 75 ms

cn.      172800  IN  NS  e.dns.cn.
cn.      172800  IN  NS  d.dns.cn.
cn.      172800  IN  NS  c.dns.cn.
cn.      172800  IN  NS  ns.cernet.net.
cn.      172800  IN  NS  a.dns.cn.
cn.      172800  IN  NS  f.dns.cn.
cn.      172800  IN  NS  g.dns.cn.
cn.      172800  IN  NS  b.dns.cn.
cn.      86400  IN  DS  57724 8 2 5D0423633EB24A499BE78AA22D1C0C9BA36218FF49FD95A4CDF1A4AD 97C67044
cn.      86400  IN  RRSIG  DS 8 1 86400 20220512050000 20220429040000 47671 . l8UxIo1T168LOpH4EoBWz1b3/d6KdQC3/5n4SUEfZgXxS4qAp26WT4YS 62qkmbLSlcLvWsMQ4PI+50NjcSLqHUYu5e2A6slrpIzG4N3KQsx2fijv u8t6Xm7BuY89CUZaUQIn7N14bRgYb9B/7Yvn/1+ZecH9Xa1zNKy6czRQ SglmVwV6prny4irYeWaQtiINz02GZ1xgV+ScCjips+07zovhzngxqhYV PFlyyeD3pO0sPAThGqR636S+97CASn4TGJki8kJnYE/u5C8zB8y/Y2DI EuQvZ1TFCIMvGr5dxOtJ9Lanrsc0PX3d6GGGB3v/20ZzBfyrRJYoxvS+ emo8lA==
;; Received 705 bytes from 192.36.148.17#53(i.root-servers.net) in 59 ms

waltersun.cn.    86400  IN  NS  f1g1ns1.dnspod.net.
waltersun.cn.    86400  IN  NS  f1g1ns2.dnspod.net.
3qdaqa092ee5belp64a74ebnb8j53d7e.cn. 21600 IN NSEC3 1 1 10 AEF123AB 3QHKTF6LTFG8AAFUUAJSR8RVAJP99SFU  NS SOA RRSIG DNSKEY NSEC3PARAM
3qdaqa092ee5belp64a74ebnb8j53d7e.cn. 21600 IN RRSIG NSEC3 8 2 21600 20220513133757 20220413130511 38388 cn. g+AhBfqp/RPdA6q61n4JFsO24Go4jkNZYEyTjW0nezf+wN+jj1N9CN87 sBDEwljwudxVhyjHBODdZTdlV0ZSyMYUvgZXfoIh90AR/bu8kzDhUdq+ wVdMye86MQts52L9oZq+SBywnYjW6MwJwkaPwtqoGUzit1xi0DogjaRB T8I=
0eisj5s8dnvffh6p994hrmn2he7ssfng.cn. 21600 IN NSEC3 1 1 10 AEF123AB 0GV380P4UKR14NG4STU2POQH1KH3TDOV  CNAME RRSIG
0eisj5s8dnvffh6p994hrmn2he7ssfng.cn. 21600 IN RRSIG NSEC3 8 2 21600 20220513133003 20220413130501 38388 cn. hussyf3qpMLFD27mS51w6N8FYDbpvvNgGyrEFbr2i2Ca1VWafFZDQAOh XuPVJ3GwydQRanxu1f5I5pG7DMNJH/e6ISm1cbCQlCC1Xyd7cAMuKhA7 MNEBil6wER9Y9R299FBYX2g2fSgTVImdQp6fapbOyv/wrF15B67Ffk/5 VbI=
;; Received 662 bytes from 203.119.28.1#53(d.dns.cn) in 4 ms

waltersun.cn.    180  IN  SOA  f1g1ns1.dnspod.net. freednsadmin.dnspod.com. 1616995624 3600 180 1209600 180
;; Received 118 bytes from 61.151.180.52#53(f1g1ns1.dnspod.net) in 12 ms

The 223.5.5.5 request from Dig directly did not know what the A record of waltersun.cn was, so it asked Dig to ask the root domain server. The root domain server also did not know, and asked Dig to ask the CN domain server. The CN domain server also did not know, so it asked Dig to ask f1g1ns2. dnspod.net and f1g1ns1. dnspod.net, and we know that these two domain servers store the A record of waltersun.cn. This question and answer based parsing method is called iterative resolution. In this way, each domain server only provides the best answer it knows.

Another parsing method is recursive resolution. If we do not add the+trace parameter to dig, dig will send a recursive parsing request to the domain server 223.5.5.5, which is equivalent to telling 223.5.5.5 to directly resolve to the final answer and then return it directly to dig. Usually, the client (dig) initiates recursive parsing requests to the domain name server, while the domain name server's requests to other domain name servers (such as 223.5.5.5 for the root domain name server) are iterative parsing requests.

Last Updated: 7/10/2023, 5:32:37 PM