DNS Resolution: How It Works Simplified

DNS Resolution is the process of converting a human-readable hostname (like www.google.com) into a machine-readable IP address (like 142.250.190.46).When we request a website, our computer doesn't just know where it is. It follows a structured hierarchy to find the answer.

1. The Local Search (Caching)

   Our browser and operating system keep a temporary "memory" (cache) of websites we've visited recently. If the IP is there, the resolution is instant.

2. The Recursive Resolver

   If the local cache is empty, our computer asks a Recursive Resolver (usually managed by our ISP or a service like Cloudflare). This server's entire job is to go out into the internet and find the IP for us. It queries the three main layers of DNS infrastructure in order: Root nameservers, TLD nameservers, Authoritative nameservers.

Recursive resolver workflow

• Root Nameservers: These sit at the top of the hierarchy. They don't know the IP, but they know who manages Top-Level Domains (like .com or .net).

• TLD Nameservers: These servers manage all domains under a specific extension. They point the resolver to the specific server that holds the domain's records.

• Authoritative Nameservers: This is the final destination. This server holds the actual A Record (the IP address) for the domain.

What is dig ?

dig (Domain Information Groper) is a command-line tool used to query DNS servers. While a browser can walk through the DNS resolution processs in milliseconds, we can use dig to pause at each layer of the internet's hierarchy.

‘dig’ commands

1. Layer 1: The Root Name Servers (dig . NS)

   The root is the starting point of every DNS query. The . represents the Root. There are 13 logical root servers worldwide. This output tells us that these 13 servers are the "bosses" of the internet. They don't know where google.com is, but they know exactly where to find the servers for .com.

    dig com. NS
   

   output:

    ;; ANSWER SECTION:
    com.            172800    IN    NS    e.gtld-servers.net.
    com.            172800    IN    NS    b.gtld-servers.net.
    com.            172800    IN    NS    j.gtld-servers.net.
    com.            172800    IN    NS    m.gtld-servers.net.
    com.            172800    IN    NS    i.gtld-servers.net.
    com.            172800    IN    NS    f.gtld-servers.net.
    com.            172800    IN    NS    a.gtld-servers.net.
    com.            172800    IN    NS    g.gtld-servers.net.
    com.            172800    IN    NS    h.gtld-servers.net.
    com.            172800    IN    NS    l.gtld-servers.net.
    com.            172800    IN    NS    k.gtld-servers.net.
    com.            172800    IN    NS    c.gtld-servers.net.
    com.            172800    IN    NS    d.gtld-servers.net.
   

2. Layer 2: TLD Name Servers (dig com. NS)

   Once we know the root, we move to the Top-Level Domain (TLD). For google.com, the TLD is .com. They manage every single domain name ending in .com. They provide the link to the specific "Authoritative" servers for any .com website.

    dig com. NS
   

   output:

    ;; ANSWER SECTION:
    com.            172800    IN    NS    a.gtld-servers.net.
    com.            172800    IN    NS    b.gtld-servers.net.
    com.            172800    IN    NS    c.gtld-servers.net.
    com.            172800    IN    NS    d.gtld-servers.net.
    com.            172800    IN    NS    e.gtld-servers.net.
    com.            172800    IN    NS    f.gtld-servers.net.
    com.            172800    IN    NS    g.gtld-servers.net.
    com.            172800    IN    NS    h.gtld-servers.net.
    com.            172800    IN    NS    i.gtld-servers.net.
    com.            172800    IN    NS    j.gtld-servers.net.
    com.            172800    IN    NS    k.gtld-servers.net.
    com.            172800    IN    NS    l.gtld-servers.net.
    com.            172800    IN    NS    m.gtld-servers.net.
   

3. Layer 3: Authoritative Name Servers (dig google.com NS)

   Now we get to the specific servers that actually hold the data for the domain you are looking for. These servers provide the final answer (the A Record).

    dig google.com NS
   

   output:

    ;; ANSWER SECTION:
    google.com.        21600    IN    NS    ns1.google.com.
    google.com.        21600    IN    NS    ns2.google.com.
   

How it differs from a Browser

When we type a URL into a browser, it gives us the final answer (the IP). It hides all the "behind-the-scenes" errors. dig shows us the entire conversation, including:

• Which server gave the answer.

• How long the answer is valid (Time To Live).

• Any technical errors (like NXDOMAIN if the site doesn't exist).

Summary: The Resolution Flow

• You → Root: "Where is .com?"

• Root → You: "Ask the TLD servers at a.gtld-servers.net."

• You → TLD: "Where is google.com?"

• TLD → You: "Ask Google's servers at ns1.google.com."

• You → Authoritative: "What is the IP for google.com?"

• Authoritative → You: "The IP is 142.250.190.46."