DNS (Domain Name System), is a hierarchical and distributed naming system used to convert human-readable domain names into machine-readable IP addresses. We can use dig www.ykaros.site +trace to show a detailed step-by-step view of how the DNS resolution process unfolds, starting from root DNS servers down to the authoritative DNS servers.
Root DNS Server
The first part shows details for root DNS servers where they start with a dot (.) represent the root DNS servers and there are 13 of them, from a.root-servers.net. to m.root-servers.net. The last line is an RRSIG (Resource Record Signature) record, used for providing cryptographic signatures for the associated NS records. Let’s dig into it:
- 8: The algorithm used to sign (RSA/SHA-256)
- 0: Number of labels of the RRSET
- 518400: The TTL (Time to Live) of the RRSIG record (in seconds)
- 20240116170000: The expiration date
- 20240103160000: The inception date
- 30903: The key tag
- .: Signer’s name
- b1uPMq5/1: The Signature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| ; <<>> DiG 9.10.6 <<>> www.ykaros.site +trace
;; global options: +cmd
. 342267 IN NS c.root-servers.net.
. 342267 IN NS h.root-servers.net.
. 342267 IN NS a.root-servers.net.
. 342267 IN NS l.root-servers.net.
. 342267 IN NS e.root-servers.net.
. 342267 IN NS b.root-servers.net.
. 342267 IN NS i.root-servers.net.
. 342267 IN NS f.root-servers.net.
. 342267 IN NS d.root-servers.net.
. 342267 IN NS g.root-servers.net.
. 342267 IN NS k.root-servers.net.
. 342267 IN NS j.root-servers.net.
. 342267 IN NS m.root-servers.net.
. 428658 IN RRSIG NS 8 0 518400 20240116170000 20240103160000 30903 . b1uPMq5/173mbq1JX9U2W38gSTzWkpiDVsA3sMPBKZIXhr61h89W3c96 oyd+REdRsdVKV2X14bpXDhYCrteHHv8gmXRM+8GjKepPORvUzVo82jP4 xT5dQZTSFVbkFb7qH7gZLgDPiQxrwcBqySQlAc2xhcEOVEIXWf5Pek89 96palcC0d4Avx3wO/M883dxFKpW+Y5Z9aNoJDlFoS4FhNaQqHBuhRvxz c/TeyiL9O2oWDqCCe4qVKB/e2BQhi21DMgt5Cx6Q2CS/jIcr4NgOBk3c X8UJ6GfTAc8Zuw9tupQSMssx4ZiIEnqouyhy5RqCXNG7bpy/Shsm6tZ2 xBtHzA==
|
Top Level Domain (TLD) DNS Server
Then the root servers send queries to TLD servers to query site..
1
2
3
4
5
6
7
8
9
| ;; Received 1109 bytes from 10.173.91.33#53(10.173.91.33) in 55 ms
site. 172800 IN NS a.nic.site.
site. 172800 IN NS b.nic.site.
site. 172800 IN NS e.nic.site.
site. 172800 IN NS f.nic.site.
site. 86400 IN DS 51676 8 1 90DDBEEEB973B0F8719ED763FB6EEDE97C73ABF5
site. 86400 IN DS 51676 8 2 883175F6F5C68EA81563B62D1B2B79B6A997D60DC6E20CC70AFD0CD6 B7E82F62
site. 86400 IN RRSIG DS 8 1 86400 20240117170000 20240104160000 30903 . mmwjDLH4smT/Luwcxp73hnrDYvKVvKBhTUq85PEpJvYLJjJ+8iROo/hR Und3191XZOvf2HMP3UHH5s+9nigGJ6WnYS1rXn2qFGJtiVTScO9+tVPf 8WxXVB8wpmniioDDdN6WwHaC+PrGbQd/RX+ZlSeIXI+rmPt1o67zhttY /J+toj6rZiCRZEPl0yoL0FeeVOS7s2KIojFL0se99gEks13D/urnSuFz mCMtVCrnpoGpfUV498EUqMCXQexCNOvnZdy+rE2r8CqmwsDYY+SSDnTl PJUXVIcLHQ+ZRmebY9H8tZVkXV0dwXOt7C8UcKRRZJu4jrBs0rSwNVjd 4M47pw==
|
Authoritative Name Server
Once the resolver obtains the authoritative name servers for the top-level domain (TLD), it will continue the trace by querying the authoritative servers for each subsequent level of the domain until it reaches the authoritative name servers for the specified subdomain. Finally, it states that the domain “www.ykaros.site” is a Canonical Name (CNAME) record pointing to “ykaros.github.io.”.
1
2
3
4
5
6
7
8
9
10
11
| ;; Received 659 bytes from 198.97.190.53#53(h.root-servers.net) in 30 ms
ykaros.site. 3600 IN NS dns1.registrar-servers.com.
ykaros.site. 3600 IN NS dns2.registrar-servers.com.
.
.
.
;; Received 590 bytes from 185.24.64.61#53(b.nic.site) in 17 ms
www.ykaros.site. 1799 IN CNAME ykaros.github.io.
;; Received 74 bytes from 156.154.132.200#53(dns1.registrar-servers.com) in 13 ms
|