How Does DNS Resolution Works ?
The internet can seem like magic. We open a browser, type any URL, and its website opens within a few seconds. But have you ever wondered how the internet knows which website URL you typed in the browser?
Like in our daily life, if we want to send a parcel to a friend's home, we need to know their address to send the parcel. In this case, you know your friend's address.
But on the internet, who knows the website's address? Every website has its IP address, and remembering IP addresses for users is not possible. Suppose you are typing 142.250.194.238 in the browser to open google.com; how difficult it is to remember these numbers. So the internet provides the facility of Domain Names, which are used to point to these IPs.
For example: https://google.com → 142.250.194.238
Now another question arises: if there are thousands of websites on the internet and each website has a mapping to its IP, then who keeps track of these? The answer is DNS (Domain Name System). In this blog, we are going to cover how DNS resolution works.
What is DNS and why name resolution exists ?
DNS (Domain Name System) is the phonebook of the internet where it stores the mapping of names with IPs (numbers). We humans always use easy names such as google.com, but computers do not understand these names. They communicate using numbers called IP addresses.
Here, DNS works as a translator. It converts the website name (domain name) into its IP address so that the browser can find and load the website.
Why does name resolution exist?
As we already mentioned, humans always find easy ways to do things. In this case, remembering the IP address of any website is not possible for humans, as there are millions of websites on the internet. Also, the IP address of a server can change due to server upgrades, cloud migration, or load balancing. So it would be difficult for users to remember IPs.
To solve this problem, DNS provides name resolution, which translates a domain name into its corresponding IP address. This allows users to access the website using simple names, while computers can still locate the correct server.
What is the dig command and when it is used ?
Sometimes a website does not opens and we thought that "The server is down”. But in many cases, the server is actually running - the real problem is DNS.
To check this, we used a diagnostic tool called dig.
The dig ( domain information groper) is an open source tool. Dig is used to interrogate DNS name servers. It performs DNS lookups and displays the answers that are returned from the queried servers.
For example : -
dig chaicode.com
When is it used?
dig is commonly used when:
Troubleshooting DNS issues: When a website is not opening,
dighelps us find the reason.Verifying Record Propagation: When we change DNS settings, we can use the
digcommand afterward to know if new records are updated everywhere on the Internet.Tracking DNS Resolution: By using
dig + trace, we can see the full journey of the request.Reverse DNS Lookup: Using
dig -x <IP>, we can find the domain name connected to a particular IP address.Direct Querying: We can directly ask a specific DNS server to get the result, instead of using our local network cache.
Understanding dig . NS and root name servers
Command :
dig . NS
Result :
The dig . NS asks DNS :
“Give me the Name Servers of the root domain (.)”
Here dot (.) represents the root of the entire DNS hierarchy - the top-most level of the internet’s naming system.
All domain like .com , .org , .in lies under this.
Root Name Servers :
Root DNS servers are the top-level DNS servers on the internet. They do not know the IP address of a specific website, but they direct the resolver to the correct TLD (Top-Level Domain) servers such as .com, .org, or .in when a query is made.
So dig . NS command queries the root DNS servers and returns the list of the root name servers. These servers do not store TLD domains themselves; they only tell the resolver which TLD servers (like .com, .org, .in) should be contacted next.
Understanding dig com NS and TLD name servers
Command :
dig com NS
Result :
The dig com NS asks DNS :
“Which Name Servers are responsible for the
.comdomain ? “
Here we are directly querying the TOP - Level Domain (TLD) itself.
TLD name servers :
TLD servers manage domain extensions like .com, .org, and .in. They do not provide the final IP address of a website; instead, they tell the resolver which authoritative name servers are responsible for that particular domain.
TLD is the last part of the domain that is written after dot (.)
For example :
google.com -> .com is the TLD
amazon.in -> .in is the TLD
wikipedia.org -> .org is the TLD
Domain Structure :
website-name + TLD
So, the dig com NS command requests the NS records for the .com zone and returns the list of .com TLD name servers. These servers do not provide the final IP address of a website; instead, they direct the resolver to the authoritative name servers for a specific domain
Understanding dig google.com NS and authoritative name servers
Command :
dig google.com NS
Result :
This command asks DNS :
“Which name server are responsible for the domain
google.com?”
Instead of root servers or TLD servers, we are now directly querying the domain’s own DNS servers, which are called the Authoritative name servers for that domain.
Authoritative Name Servers :
Authoritative Name servers are computers that contain a database of public IP addresses and their associated hostnames and translate those names to IP addresses as requested.
It is the final source of truth.
These servers stores records like :
A record
AAAA record
MX record
TXT record
CNAME
So, the dig google.com NS command requests the NS records for the domain google.com and returns the list of its authoritative name servers. These servers store the real DNS records of the domain and provide the final answer (such as the IP address) when a resolver asks for it.
Understanding dig google.com and the full DNS resolution flow
Command :
dig google.com
Result :
This command asks a DNS resolver :
“What is the IP address of google.com ? “
This command request the A record - the actual Ip address of the website.
DNS Resolution Flow : -
When you type google.com in browser, the request is not directly send to server but it follow a step by step path : -
Step 1 : - Browser Cache
The browser first check its memory: “If I recently visited this website ? ”. If yes, it already has the IP address saved and the website opens immediately.
Step 2: - OS Cache
If the browser does not know the IP, your computer’s operating system checks its local DNS cache.
If IP found there, the IP is returned and the websites load.
Step 3: - DNS Recursor
If the IP is still not found, the request goes to a DNS resolver. The resolver acts like a helper that searches the internet on you behalf and also saves the cache.
Step 4: - Root Name Server
The resolver sends the request to a root server. The root server does not know the websites IP address, it tells that which TLD servers manages that domain.
Step 5: - TLD Server
The resolver then ask to TOP Level Domain Server (TLD). The TLD server does not give the IP address, it tells which authoritative server manages that domain.
Step 6: - Authoritative Name Server
Finally, the resolver contacts the Authoritative name server. This server stores the real DNS records of the domain ad returns the correct IP address.
Step 7: -
The resolver sends the IP address to you browser. Now the browser connects to that IP address and loads the website on your screen.
Final Words
Here’s what you have learned :
dig
DNS Recursor
Root Name Server
TLD Name Server
Authoritative Name Server
