Search

What is a DNS Query, How DNS Query Works

A DNS Query is a request for information sent from a DNS Client to a DNS Server. Normally a DNS Query is a request sent from a DNS Client to a DNS Server, asking for the IP Address related with a Fully Qualified Domain Name (FQDN). When a DNS Client needs to find the IP Address of a computer known by its Fully Qualified Domain Name (FQDN), it queries DNS servers to get the IP Address.

The DNS Server operates using UDP, on Well-known Port number 53.

A DNS Query message from the DNS Client contains mainly below information.

1) Fully Qualified Domain Name (FQDN): Fully Qualified Domain Name (FQDN) of the resource the client is trying to resolve. If there is no DNS suffix provided by the application, the DNS Client will add it.

2) Query Type: What type of resource record, the client is trying to resolve

3) Class: Generally mentioned as IN (Internet) class

Consider the below example to learn how DNS Query from a DNS Client to DNS Server works.

Every computer in a TCP/IP network must be configured with the DNS Server IP Address as a part of TCP/IP configuration, as shown below. Here we have the DNS Server IPv4 Address configured as 8.8.8.8. Therefore the DNS Name Resolution Queries are answered by a DNS Server operating at IPv4 Address 8.8.8.8.

DNS IP Address Configuration

I am sitting at my desk, just powered-on my computer. I want to open the webpage www.omnisecu.com, for learning networking. I opened my favourite web browser Mozilla Firefox, entered the URL as shown below. Here my computer wants to resolve the name and its role is a DNS Client.

Firefox DNS

I remember the Fully Qualified Domain Name (FQDN) as www.omnisecu.com, but for IP communication, the computer needs to know the corresponding IPv4 address of www.omnisecu.com. To resolve the Fully Qualified Domain Name (FQDN) www.omnisecu.com to an IP address, DNS Client must send a DNS Query to the DNS Server.

Step 1) After entering the URL and hitting "Enter", the computer immediatly needs to resolve the Fully Qualified Domain Name (FQDN) to an IP Address. The DNS Resolver will prepare a DNS Query and will send it to the IP Address of DNS Server, configured in TCP/IP configuration settings (here it is 8.8.8.8).

Remember that the DNS Server operates using UDP, on Well-known Port number 53.

DNS Query topology

The wireshark capture screen shot of the above mentioned DNS Query is copied below.

DNS Query Captured

Key values to remember for a DNS Query message are tabulated below.

Description Value
Message Direction DNS Client to DNS Server
Source IPv4 Address Interface IP Address of the DNS Client
Destination IPv4 Address DNS Server IP Address (This case, it is 8.8.8.8)
Source Port Number Random UDP Port number opened by the TCP/IP protocol stack on DNS Client
Destination Port Number UDP 53 (DNS)

Step 2) After receiving the DNS Query from DNS Client, DNS Server will perform the name resolution steps. Finally will send a DNS Reply back to the DNS Client. The DNS Reply contains the answer for the DNS Query, if the name resolution process was succesful.

DNS Reply Topology

The wireshark capture screen shot of the above mentioned DNS Reply is copied below.

DNS Reply Captured

DNS reply capture shows that "www.omnisecu.com" is an Alias for "A Type" Resource Record "omnisecu.com". IPv4 Address for "omnisecu.com" is 74.220.199.26.

Key values to remember for a DNS Reply message are tabulated below.

Description Value
Message Direction DNS Server to DNS Client
Source IPv4 Address DNS Server IP Address (This case, it is 8.8.8.8)
Destination IPv4 Address Interface IP Address of the DNS Client
Source Port Number UDP 53 (DNS)
Destination Port Number Random UDP Port number opened by the TCP/IP protocol stack on DNS Client

There are mainly three types of DNS Queries. 1) Recursive Query 2) Iterative Query 3) Inverse Query.

 

 

Related Tutorials