All Products
Search

This Product

    Alibaba Cloud DNS:Terms

    Document Center

    Alibaba Cloud DNS:Terms

    Last Updated:Aug 01, 2025

    This topic introduces the basic concepts of Alibaba Cloud DNS to help you understand the fundamentals and better use the product features.

    DNS

    DNS (Domain Name System) is one of the fundamental systems of the Internet and an important basic service system for corporate intranets. It is responsible for converting Internet domain names and corporate intranet domain names into IP addresses. This conversion process is called "domain name resolution," which is why DNS is also known as the "domain name resolution system," serving as a signpost for network access. DNS is a distributed database that maps domain names to IP addresses, allowing users to access network resources and services more conveniently without having to remember IP address strings that can be directly read by machines. The DNS protocol runs on the UDP protocol and uses port 53. Based on the network environment it serves, DNS can be categorized into public DNS and internal DNS. Based on the functional role in the resolution chain, DNS can be categorized into authoritative DNS and recursive DNS.

    Domain hierarchy

    Domain names use a hierarchical tree structure for naming. Each host or router connected to the Internet has a unique hierarchical name. Domain names consist of a sequence of labels separated by dots (periods). The domain name hierarchy is shown in the following figure:

    image

    Examples

    • .com is a top-level domain name;

    • aliyun.com is a primary domain name, also called a second-level domain;

    • example.aliyun.com, www.aliyun.com are subdomains, also called third-level domains;

    • test.example.aliyun.com is a subdomain of a subdomain, also called a fourth-level domain.

    DNS server hierarchy

    The DNS resolution process involves 4 levels of DNS servers, as follows:

    Server type

    Function

    Root name server

    Full name: Root Name Server, abbreviated as Root Server. When the local DNS server cannot find the resolution result locally, it first queries the root name server and obtains the IP address of the TLD name server.

    TLD name server

    Full name: Top-Level Domain Name Server, abbreviated as TLD Server. It is responsible for managing second-level domains registered under that TLD name server. For example, in "www.example.com", .com is the top-level domain server. When queried, it can return the address of the authoritative name server for the first-level domain "example.com".

    Authoritative name server

    Full name: Authoritative Name Server, abbreviated as NS. It is unique within a specific zone and is responsible for maintaining the mapping between domain names and IP addresses within that zone, such as Alibaba Cloud DNS.

    Local DNS resolver

    Full name: Local DNS Server, abbreviated as Local DNS. The local DNS server responds to recursive requests from clients and ultimately tracks until it obtains the resolution result. Examples include automatically assigned DNS on the user's machine, ISP-assigned DNS, and public DNS services such as Google DNS or 223.5.5.5.

    Note

    Each level of domain has its dedicated domain name server, with the root name server at the top level. Each layer of domain name servers stores the IP addresses of the lower-level domain name servers, enabling step-by-step queries.

    DNS resolution process

    The domain name resolution process when accessing a website through the domain name example.com is as follows.

    1. The user enters example.com in the Web browser and initiates a query request to the local DNS resolver. If the local DNS resolver has cached resolution data, it directly returns the IP address corresponding to the domain name example.com to the Web browser, and jumps to step 9. If the local DNS resolver does not find cached resolution data, it continues to step 2.

    2. The local DNS resolver queries the root name server.

    3. The root name server returns the address of the .com TLD name server to the local DNS resolver.

    4. The local DNS resolver sends a query request for example.com to the .com TLD name server.

    5. The .com TLD name server returns the address of the authoritative name server that provides authoritative resolution for example.com to the local DNS resolver.

    6. The local DNS resolver sends a query request to the authoritative name server.

    7. The authoritative name server returns the IP address corresponding to the domain name example.com to the local DNS resolver.

    8. The DNS resolver feeds the IP address into the browser.

    9. The Web browser accesses the website server using the IP address.

    10. The website server returns the webpage information.

    image

    Recursive resolution (Recursive Query)

    The DNS server completes the entire query process for you. Each step is handled by this server, and it returns the final result directly to you. For example:

    • The client submits "Please find the IP of www.example.com" to the local DNS (recursive server).

    • If the recursive server does not know the answer, it will continuously query the root DNS, TLD, and authoritative DNS, following each step until it obtains the final answer.

    • The user only needs to wait for the recursive server to provide the final resolution result.

    Characteristics

    • The user only needs to ask once and wait once.

    • The recursive server has a relatively high load because it needs to complete the entire query process.

    • This is the most common method between clients and local DNS.

    Common applications

    • Regular users/PCs/browsers: Only use recursive queries and do not process iterative queries.

    • Local DNS servers (such as your broadband carrier, public 8.8.8.8, or company intranet DNS): Usually take on the role of recursive resolution and initiate iterative queries externally (to root, TLD, authoritative DNS).

    • Public DNS servers: Recursive for users, iterative for higher-level DNS.

    Iterative resolution (Iterative Query)

    The DNS server only helps you find "the next clue it knows." If it does not have the answer itself, it tells you where to ask next, and you must complete the entire query process yourself. For example:

    • The client asks the local DNS: "What is the IP of www.example.com?"

    • The local DNS does not know and queries the root DNS. The root DNS does not directly answer with the IP but responds: "You should ask the TLD server." Here, the root DNS is performing iterative resolution.

    • The local DNS asks the TLD server, and the TLD tells you "go find this authoritative DNS." Here, the TLD server is performing iterative resolution.

    • This continues until the authoritative server is found and the final result is obtained.

    Characteristics

    • The client needs to ask at each step.

    • The server load is relatively low, but the client burden is high (not typically used this way).

    Common applications

    • Root DNS servers, TLD servers, authoritative DNS servers.

    • Self-built DNS servers for enterprises, schools, etc.

    • Public DNS servers: Recursive for users, iterative for higher-level DNS.

    HTTPDNS mobile resolution concepts

    Application terminal

    Refers to specialized terminal devices and application services for network access, including but not limited to mobile terminals, IoT devices, APP applications, etc.

    DNS over HTTPS (DoH)

    Used to encrypt DNS request traffic. Alibaba Cloud Public DNS provides DNS resolution through TLS-encrypted HTTP connections as specified in RFC 8484.

    DNS over TLS (DoT)

    Used to encrypt DNS request traffic. Alibaba Cloud Public DNS provides DNS resolution through TLS-encrypted TCP connections as specified in RFC 7858.