How DNS Resolution Works?

Problem without DNS

Before I start, I expect you to have basic understanding of IP addresses. You know, they are just numerical label that is given to each devices in a computer network to uniquely identify them, right?

So, let suppose I wanna talk to a web server. I must have the IP address of that server right? So basically if I wanna access anything in the internet(network of computer network) I must need to know the IP addresses. Wait, wouldn’t this gonna give you a headache? Internet is suppose to make your life easier now it is making you remember lots of things.

Solution before DNS

To solve this, computers started using a hosts.txt file to map hostname to IP address. It was manual text file stored in each computer(you can still finds that file : etc/hosts).

It looks sth like:

192.168.1.10        server1
192.168.03.12       server2

This file was manually maintained/ updated by system administrators. Even today, every computer still has a hosts file. It’s mainly used for testing or blocking websites.

DNS

As you know more manual work quickly become problem. And we know every problem has a solution(either it’s already found or we will have to… haha). Don’t worry somebody has already found the solution.
Do you remember every contact numbers that you have in your phone? Hell No. Then what you do? you just open phonebook and type name and you can get number and make a phone call.

So there is something named DNS that is like the phonebook of the internet.

DNS is distributed(no single server controls DNS, it’s spread across many servers worldwide), robust(keeps working even some servers fail) and scalable(can handle billions of request ) system of the interne. It translates human-readable domain names like(www.google.com) into IP address that computers use to communicate. Without DNS we would have to remember IP address for every website.

DNS does note exist to serve browsers. Browers are just one of its users. Email, security, cloud, verification all use DNS

DNS tells you who should you talk to next.

But DNS does not only translate the human readable domain names to an IP address. It does much more than that:

• translates domain names into IP addresses.

• Guides your request to the correct server across the internet.

  ex. Your browser asks DNS for cs.harvard.edu → DNS tells which authoritative server to contact.

• Directs emails to the right mail servers (MX records)

  ex. Sending email to example@mail.com → DNS points to Gmail’s mail servers

• Handles subdomains and organizes services

  ex. cs.harvar.edu .. cs is subdomain

• Supports load balancing and faster content delivery (CDNs)

  ex. www.netflix.com DNS may give IP of the nearest server to your location.

• Caches results to make internet access faster

  ex: Visiting www.youtube.com again → your local DNS cache returns IP instantly

DNS Hierarchy

DNS hierarchy is the structured organization of domain servers. It is tree like structure starting from root server branching down to subdomain. This structure makes DNS distributed, robust and scalable.

1. Root Server

This is the top most level in the DNS system. This is the first POC(point of contact). Root servers know the location of all TLD(top-level domains) servers. There are 13 root server groups globally(with many copies). So in reality, there are hundreds of physical root server instances worldwide, but only 13 logical root servers from the DNS perspective.

This is the top most level in the DNS system. There are the first POC(point of contact). Root serves know the location of all TLD(top level domains) servers. There are 13 root server groups globally(with many copies). So in reality, there are hundreds of physical root server instances worldwide, but only 13 logical root servers from the DNS perspective.

2. Top Level Domain

TLD is the last part of the domain name that comes after the last dot(.). TLD servers manages domains under specific TLD like .com, .edu, .org etc.

Example: .edu TLD server knows where the cs.harvard.edu’s authoritative server is.

.edu is Top level deomain

.edu’s TLD server doesn’t know the exact IP of cs.harvard.edu itself.
But it knows which server is authoritative for harvard.edu (the second-level domain).

3. Second level Domain

The second-level domain is the part of a domain name that comes directly before the top-level domain (TLD). It is usually the name of organization, company etc.

Second level domain’s authoritative server stores the actual DNS record for this domain.

harvard.edu → harvard is second level domain and .edu is the TLD

Authoritative server for second level domain is where DNS records live.

4. Sub Domain

A subdomain is a part of a domain that comes before the second-level domain.
It is used to organize different sections or services of a website and can have its own DNS records.
If needed, it can also have its own authoritative server, separate from the main domain.

cs.harvard.edu → cs is the subdomain of harvard.edu (second-level domain) with .edu as the TLD.

Subdomains let you divide or manage a domain without buying a new domain.

DNS Resolution

when you type google.com in browser, what happens actually? let’s discuess

1. Check host.txt file

Your computer first checks the hosts file (already discussed above) If it finds an entry here (for google.com → ip address), it skips all other steps and uses this IP.

2. Query Initiation

Now, your computer or device verifies its local DNS cache to see if it already has the IP address corresponding to google.com . If it doesn't have the IP address, the DNS resolution process begins.

3. Recursive DNS Server

Next, your computer sends a query to a recursive DNS server, often provided by your internet service provider or a public DNS resolver like Google Public DNS. These servers are responsible for carrying out DNS resolution on behalf of the client. This is the point of contact. Recursive DNS server first check its local cache .

If you are from Nepal, do you remember Nepal once banned tiktok. The authorities did not block TikTok’s IP addresses directll but they blocked access only at the DNS level. This means that the ISPs’ DNS servers refused to translate TikTok’s domain name (like www.tiktok.com) into its corresponding IP address, making it impossible for users to reach the site using default settings. However, users who switched to public DNS servers such as Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8 were still able to access TikTok, because these DNS servers could resolve the domain normally. In other words, the ban affected only the domain resolution at the ISP DNS level and did not block the actual TikTok servers or their IP addresses.

4. DNS Hierarchy

If the recursive DNS server doesn't have the IP address for the google.com either, it initiates the DNS resolution process by sending a request to the root DNS servers. These servers are critical to the DNS infrastructure and store a list of the top-level domain (TLD) servers for each domain extension like .com, .org, .net, etc. g1 TLD servers: The root DNS servers respond to the recursive DNS server with the IP address (i.e. .com ) of the TLD server that manages the specific domain extension requested like .com, .org, etc. The recursive DNS server then sends a query to the .com TLD server.

5. Authoritative DNS Servers

The TLD server responds to the recursive DNS server with the IP address of the authoritative DNS server for google.com. The authoritative DNS servers store the DNS records (such as A records, CNAME records, MX records, etc.) for specific domain names. The recursive server fetches the IP from here and sends it back to your device. Usually, the IP is also cached locally to speed up future requests.