English
DNS Resolution Explained: Build a TTL Cache and Packet Parser in Python
When a browser receives a hostname, the first visible wait may happen before HTTP begins: DNS resolution. For engineers, DNS is not merely a name-to-address lookup. The useful questions are which resolver answered, whether a cached record was still valid, what the response header reported, and how those choices affected latency.
This article follows the RFC 1034/1035 model and uses four deterministic requests to calculate the latency value generated by the companion lab.
1. Resolution Paths And Cache State
A stub resolver normally asks a recursive resolver. On a cache miss, that resolver may traverse root, TLD, and authoritative knowledge before answering. On a cache hit, it may return a record while its TTL remains valid. A DNS response header still matters: transaction ID connects response to question, flags report state, and answer count says whether an answer is present.
2. A Hand Calculation For TTL Latency
Set a miss to 42 ms, a hit to 1 ms, and issue requests at seconds [0, 10, 70, 80]. The entry populated at second zero expires before second seventy.
latencies = [42, 1, 42, 1] ms
average = (42 + 1 + 42 + 1) / 4 = 21.50 ms
hit_ratio = 2 / 4 = 50%A longer TTL is not automatically correct: it reduces resolution work but lengthens the stale-address period during migrations or failover.
3. Runnable Experiment
Environment: Python 3.10+ and Matplotlib. No root access, external network, or live DNS target is required; the run reads a bundled scenario file.
cd network-fundamentals-lab
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python src/dns_resolution_cache.pyexpiry = -1
for at_second in [0, 10, 70, 80]:
hit = at_second < expiry
latency = 1 if hit else 42
if not hit:
expiry = at_second + 60The generated dns-cache-results.csv records request time, cache state, latency, and expiry for auditing.
4. Reading A Header In C
For diagnosis, an IP address alone hides failures. The lab's C example decodes a fixed safe response header rather than sniffing real traffic:
cc -std=c11 -Wall -Wextra -O2 src/dns_packet_parser.c -o /tmp/dns_parser
/tmp/dns_parser
# txid=0x2a10 flags=0x8180 questions=1 answers=15. Animated Walkthrough
6. Engineering Checklist
- Log the queried name, record type, resolver, TTL, RCODE, and latency rather than only the final address.
- Coordinate lowered TTL windows with DNS migrations and rollback timing.
- Distinguish application, operating-system, and recursive-resolver cache behavior.
- Use
dig example.com A +noall +answer +statsfor observation only; its output is not the reproducible lab result.
FAQ
Does TTL zero eliminate stale responses?
It removes much of the cache benefit without controlling every intermediary. Planned, temporary low TTL is generally a more usable migration tool.
Why does this lab avoid packet capture?
Fixed bytes preserve repeatability and are sufficient for header reasoning, while captures add permission and environment variation.
References
- RFC 1034: Domain Names - Concepts and Facilities
- RFC 1035: Domain Names - Implementation and Specification
The next article takes the resolved address and calculates route selection and MTU boundaries.
Chinese
DNS 解析过程详解:从域名查询到 TTL 缓存的 Python 实验
Open as a full page浏览器输入一个域名之后,第一个可能阻塞请求的环节不是 HTTP,而是 DNS。DNS 的工程难点不在于记住“域名转 IP”,而在于理解递归解析、报文边界、TTL 缓存和失败时延之间如何相互作用。
本文从 RFC 1034/1035 的模型出发,用固定的四次查询实验,把缓存命中率如何改变用户感知延迟算出来。
一、从 stub resolver 到 authoritative server
应用通常把查询交给递归解析器。缓存缺失时,递归解析器可能依次询问 root、TLD 和 authoritative server;命中缓存时则直接返回仍在 TTL 有效期内的记录。响应报文的 header 至少携带 transaction ID、flags、question count 和 answer count。
二、手算 TTL 对平均延迟的影响
实验设缓存缺失为 42 ms,命中为 1 ms,查询发生在 t=[0, 10, 70, 80] 秒。第一次查询填充缓存并在 60 秒过期;70 秒时必须重新查询。
latencies = [42, 1, 42, 1] ms
average = (42 + 1 + 42 + 1) / 4 = 21.50 ms
hit_ratio = 2 / 4 = 50%这不是说 TTL 越长越好:更长 TTL 降低解析成本,但也会延长地址迁移或故障切换的陈旧窗口。
三、运行环境与 Python 实验
运行环境:Python 3.10+ 与 Matplotlib;无需 root、网络连接或真实 DNS 服务器。实验读取仓库中的固定场景并重建 CSV 与图。
cd network-fundamentals-lab
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python src/dns_resolution_cache.pyexpiry = -1
for at_second in [0, 10, 70, 80]:
hit = at_second < expiry
latency = 1 if hit else 42
if not hit:
expiry = at_second + 60生成的 dns-cache-results.csv 明确记录了每次请求、HIT/MISS、延迟和过期时间。
四、报文层:为什么需要读 header
应用故障排查时,仅看 IP 不够。transaction ID 关联查询与响应,QR/RCODE 区分响应和错误,answer count 可以说明响应是否真正返回数据。实验包中的 C 程序解析固定响应 header:
cc -std=c11 -Wall -Wextra -O2 src/dns_packet_parser.c -o /tmp/dns_parser
/tmp/dns_parser
# txid=0x2a10 flags=0x8180 questions=1 answers=1五、动画讲解:查询与缓存窗口
六、工程检查清单
- 记录查询域名、record type、resolver、TTL、RCODE 和完整耗时,而不是只记录最终 IP。
- 将权威 DNS 变更的 TTL 降低窗口与发布/回滚时间安排在一起。
- 排查延迟时区分应用 DNS 缓存、系统缓存和递归解析器缓存。
- 线上观察可使用
dig example.com A +noall +answer +stats,但其结果不可替代固定实验。
FAQ
TTL 为零能否消除陈旧响应?
它会显著减少缓存收益且仍无法消除所有中间行为;可控发布通常使用有计划的低 TTL 窗口。
为什么这篇文章不用抓包?
目标是让数值可重复。固定报文字节足以学习 header,而真实抓包会混入操作系统、网络与权限差异。
References
- RFC 1034: Domain Names - Concepts and Facilities
- RFC 1035: Domain Names - Implementation and Specification
下一篇从域名得到地址之后继续向下走,计算 CIDR 路由选择和 MTU 边界。
When a browser receives a hostname, the first visible wait may happen before HTTP begins: DNS resolution. For engineers, DNS is not merely a name-to-address lookup. The useful questions are which resolver answered, whether a cached record was still valid, what the response header reported, and how those choices affected latency.
This article follows the RFC 1034/1035 model and uses four deterministic requests to calculate the latency value generated by the companion lab.
1. Resolution Paths And Cache State
A stub resolver normally asks a recursive resolver. On a cache miss, that resolver may traverse root, TLD, and authoritative knowledge before answering. On a cache hit, it may return a record while its TTL remains valid. A DNS response header still matters: transaction ID connects response to question, flags report state, and answer count says whether an answer is present.
2. A Hand Calculation For TTL Latency
Set a miss to 42 ms, a hit to 1 ms, and issue requests at seconds [0, 10, 70, 80]. The entry populated at second zero expires before second seventy.
latencies = [42, 1, 42, 1] ms
average = (42 + 1 + 42 + 1) / 4 = 21.50 ms
hit_ratio = 2 / 4 = 50%A longer TTL is not automatically correct: it reduces resolution work but lengthens the stale-address period during migrations or failover.
3. Runnable Experiment
Environment: Python 3.10+ and Matplotlib. No root access, external network, or live DNS target is required; the run reads a bundled scenario file.
cd network-fundamentals-lab
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python src/dns_resolution_cache.pyexpiry = -1
for at_second in [0, 10, 70, 80]:
hit = at_second < expiry
latency = 1 if hit else 42
if not hit:
expiry = at_second + 60The generated dns-cache-results.csv records request time, cache state, latency, and expiry for auditing.
4. Reading A Header In C
For diagnosis, an IP address alone hides failures. The lab’s C example decodes a fixed safe response header rather than sniffing real traffic:
cc -std=c11 -Wall -Wextra -O2 src/dns_packet_parser.c -o /tmp/dns_parser
/tmp/dns_parser
# txid=0x2a10 flags=0x8180 questions=1 answers=15. Animated Walkthrough
6. Engineering Checklist
- Log the queried name, record type, resolver, TTL, RCODE, and latency rather than only the final address.
- Coordinate lowered TTL windows with DNS migrations and rollback timing.
- Distinguish application, operating-system, and recursive-resolver cache behavior.
- Use
dig example.com A +noall +answer +statsfor observation only; its output is not the reproducible lab result.
FAQ
Does TTL zero eliminate stale responses?
It removes much of the cache benefit without controlling every intermediary. Planned, temporary low TTL is generally a more usable migration tool.
Why does this lab avoid packet capture?
Fixed bytes preserve repeatability and are sufficient for header reasoning, while captures add permission and environment variation.
References
- RFC 1034: Domain Names – Concepts and Facilities
- RFC 1035: Domain Names – Implementation and Specification
The next article takes the resolved address and calculates route selection and MTU boundaries.
Search questions
FAQ
Who is this article for?
This article is for readers who want an intermediate-level guide to DNS Resolution Explained: Build a TTL Cache and Packet Parser in Python. It takes about 12 min and focuses on DNS, Python, C, RFC 1035.
What should I read next?
The recommended next step is CIDR, Longest Prefix Match, and MTU: Calculate IP Routing Step by Step, so the article connects into a longer learning route instead of ending as an isolated note.
Does this article include runnable code or companion resources?
Yes. Use the run notes, resource cards, and download links on the page to reproduce the example or inspect the companion files.
How does this article fit into the larger site?
It is connected to the article context block, learning routes, resources, and project timeline so readers can move from concept to implementation.
Article context
Network Fundamentals
A reproducible route through DNS, TCP, TLS, HTTP/3, proxy tunnels, load balancing, and shared caches with code and figures.
A runnable DNS guide covering resolution paths, response headers, TTL cache latency, and deterministic Python/C experiments.
Download share card Open share center
Companion resources
Network Fundamentals / GUIDE
Network Fundamentals Lab README
Setup, no-privilege safety boundary, ten Python experiments, and three C examples.
Network Fundamentals / DATASET
DNS TTL results CSV
HIT/MISS state, expiry, and latency for four fixed lookups.
Network Fundamentals / ARCHIVE
Network fundamentals full lab bundle
Bundles Python/C source, fixed scenarios, ten result CSVs, and protocol/proxy figures.
Network Fundamentals / TOOL
Network request path visualizer
Adjust TTL, prefixes, loss, handshake RTT, and cache paths in the browser.
Project timeline
Published posts
- DNS Resolution Explained: Build a TTL Cache and Packet Parser in Python A runnable DNS guide covering resolution paths, response headers, TTL cache latency, and deterministic Python/C experiments.
- CIDR, Longest Prefix Match, and MTU: Calculate IP Routing Step by Step Calculate CIDR ranges, longest-prefix route choice, and MTU/MSS payload segmentation with runnable Python and C examples.
- TCP Reliability and Congestion Window: A Runnable Sequence Number Experiment Track TCP sequence numbers, cumulative ACKs, loss, retransmission, and congestion-window changes with safe local experiments.
- HTTPS and TLS 1.3 Handshake: Keys, Certificates, and RTT in Practice Understand TLS 1.3 message flights, certificate authentication, ephemeral key agreement, and handshake latency with a safe teaching model.
- HTTP/2, HTTP/3, and CDN Caching: Read Page Speed from a Waterfall A deterministic browser-waterfall model for HTTP/2, HTTP/3, QUIC streams, and CDN cache hits or misses.
- Forward Proxy vs Reverse Proxy: Connection Paths, Trust Boundaries, and Latency A reproducible guide to forward proxies, reverse proxies, tunnels, TLS boundaries, and latency segments.
- HTTP CONNECT and HTTPS Proxy Tunnels: TLS Boundaries and Handshake Latency An RFC-based explanation of CONNECT tunnels, encrypted HTTPS payloads, and modeled first-request latency.
- SOCKS5 Proxy Explained: Protocol Bytes, DNS Resolution Boundaries, and Leakage Risk Decode safe SOCKS5 CONNECT bytes and compare local-DNS and proxy-side hostname resolution boundaries.
- Reverse Proxy Load Balancing: Queues, Health Checks, and a Reproducible Scheduler Compare round robin and load-aware queue selection while reasoning about health checks and retry boundaries.
- Proxy Cache Revalidation: Cache-Control, ETag, and Observable Correctness Use an RFC 9111 shared-cache model to calculate MISS, HIT, and 304 revalidation latency and correctness boundaries.
Published resources
- Network Fundamentals Lab README Setup, no-privilege safety boundary, ten Python experiments, and three C examples.
- Network fundamentals full lab bundle Bundles Python/C source, fixed scenarios, ten result CSVs, and protocol/proxy figures.
- DNS TTL results CSV HIT/MISS state, expiry, and latency for four fixed lookups.
- CIDR and MTU results CSV Longest-prefix route and 3600-byte payload segmentation results.
- TCP cwnd events CSV Per-round ACK, window, and deterministic retransmission events.
- TLS 1.3 flight results CSV Message direction, timing, and teaching shared value in a fixed RTT model.
- HTTP/CDN waterfall results CSV Phase timing for HTTP/2 and HTTP/3 in cold and warm cache models.
- Proxy path latency results CSV Phase timing for direct access, forward-proxy tunneling, and reverse-proxy cache paths.
- CONNECT/TLS timeline CSV Records CONNECT authority, tunnel establishment, and the encrypted HTTPS-request boundary.
- SOCKS5 DNS boundary CSV Stores ATYP, destination bytes, request length, and modeled local DNS counts.
- Proxy load-balancing queue CSV Compares backend selection and queue waiting for round robin and least queue.
- Proxy cache revalidation CSV Records MISS, HIT, 304 revalidation, object age, and response latency.
- Network request path visualizer Adjust TTL, prefixes, loss, handshake RTT, and cache paths in the browser.
- Network fundamentals topic share card A 1200x630 SVG card for the DNS, TLS, HTTP/3, proxy tunnel, and caching topic hub.
Next notes
- Add IPv6 and QUIC observation notes
- Review caching and protocol benefits with real-user metrics