Second in a series. View the first post here.
In the last post introducing the dig(1) command, you’ll recall seeing an entry like this:
$ dig +noall +answer google.com google.com. 300 IN A 22.214.171.124
Every DNS record has a similar format to this, and the fields are:
|Name||The domain name.|
|TTL||Time To Live, the number of seconds for which this entry should be cached.|
|Class||A code describing what kind of network the record is for, in practice always `IN` (for “Internet”).|
|Type||The kind of record: `A` for IPv4 address, `CNAME` for an alias to another name, `MX` for the domain’s mail server, etc.|
|RData||The thing that this record points to. Depending on the Type field, this can be an IP address, another domain name, or other kinds of entries.|
In this case, the answer says “The IPv4 address (
A) of the domain name
google.com. is 126.96.36.199, and you can cache that fact for the next five minutes.”
You can request other kinds of records with the
-t option. For example, if you want to know, “What host do I connect to to send mail to someone with a gmail.com address?” you want the
$ dig -t mx +noall +answer gmail.com gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com. gmail.com. 3599 IN MX 20 alt2.gmail-smtp-in.l.google.com. gmail.com. 3599 IN MX 30 alt3.gmail-smtp-in.l.google.com. gmail.com. 3599 IN MX 40 alt4.gmail-smtp-in.l.google.com. gmail.com. 3599 IN MX 10 alt1.gmail-smtp-in.l.google.com.
This says “Try gmail-smtp-in.l.google.com first (priority 5); if that doesn’t work, try these others in increasing priority order.” Or if you need to know what the authoritative nameservers (type
NS) are for
$ dig -t ns +noall +answer google.com google.com. 21599 IN NS ns3.google.com. google.com. 21599 IN NS ns2.google.com. google.com. 21599 IN NS ns4.google.com. google.com. 21599 IN NS ns1.google.com.
Authoritative who-what? This, combined with the TTL field, is where the “distributed database” part comes in: every domain has one authoritative nameserver (or at most a handful), which is the canonical data source for information about that domain. This is true not just of domain names that you or I would buy, but the so-called top-level domains (TLDs) as well. Ever wonder what the canonical nameserver for the
.com. space is?
$ dig -t ns +noall +answer com com. 13307 IN NS d.gtld-servers.net. com. 13307 IN NS h.gtld-servers.net. com. 13307 IN NS m.gtld-servers.net. com. 13307 IN NS g.gtld-servers.net. com. 13307 IN NS i.gtld-servers.net. com. 13307 IN NS l.gtld-servers.net. com. 13307 IN NS j.gtld-servers.net. com. 13307 IN NS e.gtld-servers.net. com. 13307 IN NS c.gtld-servers.net. com. 13307 IN NS a.gtld-servers.net. com. 13307 IN NS k.gtld-servers.net. com. 13307 IN NS b.gtld-servers.net. com. 13307 IN NS f.gtld-servers.net.
But when you type
google.com into your browser’s address bar, it doesn’t go to the authoritative nameserver every time. Your computer is configured to talk to a recursive resolver, which accepts DNS queries just like an authoritative nameserver but will follow the chain of lookups to find what the authoritative response is. It will then cache the result records according to their TTL, and the next time you look up the same address, it’ll just return it from its cache.
Try looking up
google.com. again, and you’ll see the TTL decrease:
$ dig +noall +answer google.com google.com. 232 IN A 188.8.131.52
That’s your internet provider’s recursive resolver telling you, “Hey, I know this one (at least for the next four minutes). It’s 184.108.40.206.”
That’s how DNS works as a global distributed database: anyone can query it, there’s always one canonical source of a given record, and the results are cached by the server your users are querying. By now it should also be obvious that this is why DNS changes take time to propagate: the higher the TTL (a common value is 86400 seconds, or 1 day), the longer it will take for all of your site’s users to see the same records.
Up next: how I used this to debug a problem with AWS.