Understanding DNS

In this post I will explain How DNS Works in my own words.

DNS stands for Domain Name System. It is way for naming the Address of computers or resources in a Network. All of the computers in a network is associated with an IP Address, like IP address of google.com is something like Now its tough for a person to remember such big numbers. So we have a simple and more human friendly way of naming these computers which is done by DNS.

So now how does the DNS work ? When we type in a website name in a browser the IP address of the server mapped to the name needs to be found out to display the web page. So there is a process by which this IP address is searched. Let’s understand what are the steps that are carried out for  finding the address.

First, Ask the Browser

Whenever we type in a website name in a browser the browser searches its cache to check if the IP address mapped to the website is present.

Then, Ask the OS

If the Browser doesn’t have the address it then asks the OS to check if it has the address.

Ask the Resolver

If the OS doesn’t have the address it points to the IP address of the Resolver server that will Resolve the IP address of the website. It is the role of the Resolver to find the IP address of the website and bring it back to the OS. These are usually the Servers provided by the ISPs serving the Internet. If you do a cat /etc/resolv.conf in a Linux Machine you will get an output similar to

# Generated by NetworkManager

These are the IP addresses of the Resolvers that are responsible for finding the IP address of  website when a request comes to it. So it first checks its cache to see if it has the IP address of the website requested. If it doesn’t find the IP address it then goes to the Root to find the same.

Ask the Root

The Root server knows the addresses of the Top Level Domain (TLD) Server for the website. There are total 13 Root Servers spread all over the world. Well that doesn’t mean there are only 13 servers. Basically it means there are 13 unique names for the server. Each one is distributed over multiple servers to handle the load. The Resolver gets the address of the TLD Server from the Root and goes there to find the IP address of the website. Each time the Resolver gets the address it saves it to its memory.

Ask the TLD Server

The Top Level Domain is the .com part in google.com . Similar to that there can be various Top Level Domains such as .org, .gov, net, .edu etc. Also there are country specific  domains like .in, .us. .jp etc. The Root server knows the addresses of these TLD servers. The TLD then gives the address of Authoritative the Nameservers for the website domain.

Ask the Authoritative Nameservers (DNS Servers)

The Authoritative Nameservers are the one that contains the actual address of the website. Their names are similar to ns1.google.com, ns2.google.com etc. These are often simply called the DNS Servers as they contain the records of the address corresponding to a specific website name. Whenever you purchase a Domain the Domain Registrar send the name of these DNS Servers to the the TLDs. That way a TLD can say which DNS Server contains the address of a website. The DNS Server gives the Resolver the IP address of the website.

You can find the names of the DNS Servers of a website and the website IP address using the dig command. Here is a sample output of dig command.

[ananyo@localhost ~]$ dig google.com

; <<>> DiG 9.11.4-RedHat-9.11.4-1.fc28 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33490
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8114e77595b2cc097e7725a95b59fdf1b2d1c4d480039c49 (good)
;google.com. IN A

google.com. 40 IN A

google.com. 31267 IN NS ns3.google.com.
google.com. 31267 IN NS ns2.google.com.
google.com. 31267 IN NS ns4.google.com.
google.com. 31267 IN NS ns1.google.com.

ns1.google.com. 206437 IN A
ns2.google.com. 210049 IN A
ns3.google.com. 210049 IN A
ns4.google.com. 210049 IN A
ns1.google.com. 210874 IN AAAA 2001:4860:4802:32::a
ns2.google.com. 341654 IN AAAA 2001:4860:4802:34::a
ns3.google.com. 57401 IN AAAA 2001:4860:4802:36::a
ns4.google.com. 304702 IN AAAA 2001:4860:4802:38::a

;; Query time: 35 msec
;; WHEN: Thu Jul 26 22:29:29 IST 2018
;; MSG SIZE rcvd: 331

Finally, return it to the OS, then Browser

The Resolver finally gives back the IP address of the website to the OS which then caches it for future requests. The OS then gives it back to the Browser which sends the request to the IP address and serves the Page. So if you enter the IP address of the google.com in the browser that we got from dig command ( it will point to the same page.

The Best part of this is the entire things just takes few seconds to complete!