What is a DNS query?

Introduction

A DNS query is a message sent by the client to the DNS server. It contains a list of "questions" that the DNS server will reply to with an answer. A DNS query can contain multiple questions that the server will reply to, but a server might also reply with its own additional information.

Types of DNS Queries

There are 3 different DNS query types possible that dictate different behavior on the DNS server that is replying to the request.

- Non-Recursive Query

In a non-recursive query, the DNS server is expected to hold and return the answer for the requested hostname. The DNS server will proceed to return the answers from its own local cache or database. If the DNS server is unable to find information about the requested hostname, it will respond with an empty response instead.

- Recursive Query

A recursive query tells the querying DNS server or resolve that it should provide an answer for the send questions. If the server itself serves as an authoritative server for this domain, it should respond with the normal response. If however, the server is not an authoritative server for this domain, it should start a recursive query process to resolve the domain name itself and then return the resulting records.

- Iterative Query

In an iterative DNS query, the DNS client asks the server to resolve the requested questions to the best of its abilities. If the DNS server is the authoritative server or contains the information about the request in its cache, it will provide the answer to the client. However, if the DNS server is unable to determine aresponse, it will send back a referral to other DNS servers which might be able to provide the answer.

Types of DNS Query Records

There are over 45 different query and answer types available designed to retrieve different pieces of information from the nameservers. These are mapped to so called DNS records which the server then returns as answers. Our of the 45+ query types, it is usually only 9 that are commonly used by the majority of domains. These are:

- A Record

The A record maps the requested hostname to the corresponding IPv4 address. This allows the browser to translate a domain name and route it to the correct server.

- AAAA Record

The AAAA record is similar to an A record, however, it works with IPv6 addresses. Similarly, it allows the browser to translate a domain name to the correct server.

- CNAME Record

Also known as Canonical Name record, the CNAME record is used as an alias to another hostname. When returned to the client, the client will then query the hostname with another request to resolve the returned alias into an A or AAAA record. The server can also include this record within the response already.

- MX Record

Short for Mail Exchanger, the MX record specifies the hostname of an SMTP email server for the domain. This is then used to route incoming emails for this domain by email services.

- TXT Record

The TXT or Text record is used to carry human or machine readable text data. This can be used for various purposes such as verification, authentication or passing other data.

- NS Record

Short for Name Server record, the NS record contains the information about the nameservers responsible for providing DNS information for the queried domain, for example ns1.doman.com.

- PTR Record

Short for Reverse-lookup Pointer, the PTR record is used to map a reverse mapping from an IP to a fully qualified hostname. This is used in a process called reverse DNS lookup.

- SRV Record

Short for Service Location, the SRV record works similary to an MX record, but is used for other communication protocols to help with discovery.

- SOA Record

Short for Start of Authority, the SOA record serves as an administrative record for a domain name zone. It indicates the Authoritative Name Server for the current domain, contact details, serial number and information about any DNS changes. It also hints to the resolve how often the DNS information should be refreshed for this domain.

What is the structure of a DNS query?

A DNS query is constructed from a packet that consists of multiple parts as illustrated on the diagram below. The same format is shared between the query and answer DNS packet.

What Is a DNS Query? How Does a DNS Query Work?

The header contains the information about the length of the packet, capabilities of the client and the number of questions contained in the query. After that, the packet includes the list of encoded queries and any additional information sent by the client.

Usually, DNS queries are quite small and consist of around 50-100 bytes of data.

Which network protocols does DNS use?

Generally, a DNS query is send with a UDP packet that is transmitted by the client to the server. This is primarily for performance reasons as UDP is generally considered much faster than other standard network protocols. If for whatever reason, the server does not reply however, the client might attempt to retry the connection via a TCP connection.

A server might also request the client to re-send the query using TCP in case the DNS response does not fit into a UDP packet. This allows the server to upgrade the connection to return long responses.

Recently, a new protocol has also appeared called DoH (DNS over HTTPS) that uses the HTTP protocol to perform DNS resolution. This was designed to provide a more secure way of hostname resolution thanks to encryption.

Glossary

DNS

DNS is a protocol that resolves names (such as bunny.net) to computer IP addresses (like 1.1.1.1) that your computer can use to contact other servers to obtain information or data

TCP

TCP refers to the Transmission Control Protocol.

UDP

UDP refers to the User Datagram Protocol (UDP).

DNS Resolver

DNS resolver is a service used by a client or computer to resolve domain names into network addresses.