核心 · Key Idea
In one line: DNS translates www.example.com (memorable for humans) into 93.184.216.34 (usable by machines). Every domain access starts with a DNS query.
What it is#
DNS is a globally distributed database organised hierarchically:
. (root)
└── com (top-level domain, TLD)
└── example.com (second-level)
├── www.example.com → A record → 93.184.216.34
└── mail.example.com → A record → 93.184.216.50
When your machine queries, it walks up the tree until it finds the answer.
Analogy#
打个比方 · Analogy
DNS is layered address books:
- You ask the front desk "how do I reach the head of marketing, Mr. Li?"
- They ask HQ, HQ asks the regional office…
- Eventually you get a phone number — then cache it for next time.
Key concepts#
A recordA Record
Domain → IPv4 address. Most common.
AAAA recordAAAA Record
Domain → IPv6 address.
CNAMECanonical Name
Domain → another domain (alias). Common with CDNs.
MXMail Exchange
Mail-receiving server for the domain.
TXTTXT Record
Arbitrary text, often for domain verification / SPF / DKIM.
TTLTime To Live
Cache duration in seconds — determines how fast a change propagates.
Recursive queryRecursive
You ask once; the resolver does the full walk for you.
How it works#
In practice most queries hit the local resolver cache, not the full path.
Practical notes#
dig www.example.comis the standard debug tool. On Windows:nslookup.dig +tracewalks the full path from root.- DNS changes don't apply instantly. Wait for TTL. Lower TTL (e.g. 60 s) hours before changing.
- Public DNS: 1.1.1.1 (Cloudflare), 8.8.8.8 (Google), 223.5.5.5 (Alibaba).
- DoH / DoT: DNS over HTTPS / TLS, encrypts queries; avoids ISP hijacking and snooping.
- DNS poisoning: some networks return wrong IPs — DoH or a different upstream resolver bypasses it.
Easy confusions#
Domain
`example.com`
What DNS resolves.
What DNS resolves.
URL
`https://example.com/path?x=1`
Full resource locator.
Full resource locator.
Further reading#
- HTTP
- HTTPS / TLS
- Cloudflare — integrates authoritative + recursive DNS