It is no secret that DNS is one of the most complex topics in engineering. As in all blog posts I wrote, let’s understand the purpose behind DNS in computer networks.
DNS stands for Domain Name System. In everyday language, you will hear people referring to domain names.DNS is a system that translates (resolves) domain names into IP addresses.
💡Domain name and hostname are synonyms — what to use depends on your preferences.
Engineers created domain names (e.g., wikipedia.org) because domain names are much easier to remember than IP addresses. (Since computers talk by using IP addresses, knowing the correct IP is a must).
Also, domain names do not frequently change, while the underlying IPs can change for multiple reasons (for instance, when the server’s lifetime comes to an end).
💡You can read here in detail about IP addresses. To recap, an IP address (IPv4) is a point-separated number that uniquely identifies a computer connected to the Internet (or a private network).
To remember this better, you can use the analogy of a phonebook. In the phonebook, you can easily find your friend’s phone number if you browse the pages by name. By doing this, you are translating the friend’s name into a sequence of numbers. (Numbers are hard to memorize, so you are using this mental shortcut). The same reasoning applies to DNS — it makes life easier.
DNS lookup is a process that starts after you type a web address in your browser and press enter.
This process has one goal: to find the computer that hides behind the domain name, the computer that serves the request. The IP address number identifies this computer (server).
Here are the steps that happen during the domain name resolution.
You type a web address in a browser and hit enter. For example, if you want to visit https://igorjovanovic.com
Your internet router is forwarding this request to the DNS server of your internet service provider (ISP), e.g., T-Mobile
The ISP’s servers might already have a copy of the IP address for the https://igorjovanovic.com domain name. This happens if someone in their network visited this domain recently and if the ISP stores that in their cache (temporary copy of data).
If the ISP does not have the IP address of the domain name, ISP forwards the request to the top-level DNS servers, which are called the Root Servers.
The Root Servers respond with the corresponding TLD (Top Level Domain) DNS servers, which are the following location to ask.
Since the domain name you are reaching out to is the .INFO domain, the root DNS server is going to return the responsible DNS server for the .INFO top-level domain (TLD)
At this point, TLD’s name servers are in charge of further resolving the question of what is the IP address behind https://igorjovanovic.com
Further, the TLD DNS server returns something called the authoritative name server. The authoritative means that the name server hosts the zone of the requested domain name. Another name for the authoritative name server is also the Second Level Domain (SLD) name server. This can be the name server of the hosting company where I registered my domain (e.g., Godaddy or AWS).
The authoritative server hosts the actual domain and knows the IP address of the server that hosts this web blog. The authoritative server passes this piece of info to the server that asked for it (to your internet service provider).
The information travels back through your ISP’s network and gets stored a few times along the way for future requests.
At this point, the IP address of the domain name https://igorjovanovic.com is known, and your browser establishes a direct connection with the server that hosts the website.
An Internet Service Provider or ISP is a company that you are paying for your internet connectivity. In exchange, the provider lets you use their network to connect to the Internet.
💡 See here the list of the top ISPs in 2022 in the world. Some of that you may recognize are T-Mobile, AT&T Internet, and WOW.
Every request you make from your computer to the outside network (the Internet) travels through your modem to the ISP’s servers. These servers direct the request further and return the results.
When you connect to any Wi-Fi network, before you see the “Connected” notification, your device will get configured to use the ISP’s DNS (this happens in a fraction of a second).
The successful connection to a Wi-Fi network also means that your device is now configured to use the ISP’s DNS server
💡 Read here how to find your ISP’s DNS server directly from your Wi-Fi settings (for Windows). This article will show you the same on macOS.
For completeness, here are the DNS settings of my internet connection.
172.20.10.1 is the DNS server’s IP address that my ISP forwards all the domain resolution queries to
So, all the queries to resolve a domain name into an IP address start by knocking on the door of the DNS server that your internet connection is configured to. This is most often the DNS server of your ISP.
ISP also maintains a list of web domains and IP addresses many people visit. If you want to visit one of those domains, ISP might answer right away and send you the IP address. We say that ISP holds this copy of data in their cache.
When ISP does not have the information, it simply forwards the request to the root servers.
If the internet service provider (ISP) does not have the IP of a given domain in their cache, the ISP forwards the request to the root servers.
💡You can see here the decentralized and distributed nature of DNS. All the players that take part work on a best-effort basis. Each says, “let me see if I have the IP of this domain; if I do not have it, I can give you the address of someone who might know more.”
Internet assigned numbers authority (IANA) is the agency that maintains the root server database. This database comes in the form of the rote zone file that contains all the TLD servers that resolve the queries further. IANA distributes the zone file to 12 operators that make the content of the file available on the Internet. The twelve operators run the root name servers of the world.
💡The root zone file is a list of all the top-level domain names across the globe, together with the responsive authority of a given domain (their IP address). The list includes both country-based (e.g. .NL or .CO.UK) and generic domains (such as .COM or .INFO). There are around 1,500 TLDs in the root zone. Here is the database of all the TLD servers that IANA maintains within the root zone.
Currently, 13 root name servers handle the requests for the entire planet. These are necessary for the Internet to work. (There are many more physical servers behind each root name server to avoid service failure).
Here are the 13 root name servers, the IP address where to access them, and the operator name responsible for keeping the name server up and running.
Name server
IP address IPv4 / IPv6
Operator
a.root-servers.net
198.41.0.4, 2001:503:ba3e::2:30
VeriSign, Inc.
b.root-servers.net
199.9.14.201, 2001:500:200::b
University of Southern California (ISI)
c.root-servers.net
192.33.4.12, 2001:500:2::c
Cogent Communications
d.root-servers.net
199.7.91.13, 2001:500:2d::d
University of Maryland
e.root-servers.net
192.203.230.10, 2001:500:a8::e
NASA
f.root-servers.net
192.5.5.241, 2001:500:2f::f
Internet Systems Consortium, Inc.
g.root-servers.net
192.112.36.4, 2001:500:12::d0d
US Department of Defense (NIC)
h.root-servers.net
198.97.190.53, 2001:500:1::53
US Army (Research Lab)
i.root-servers.net
192.36.148.17, 2001:7fe::53
Netnod
j.root-servers.net
192.58.128.30, 2001:503:c27::2:30
VeriSign, Inc.
k.root-servers.net
193.0.14.129, 2001:7fd::1
RIPE NCC
l.root-servers.net
199.7.83.42, 2001:500:9f::42
ICANN
m.root-servers.net
202.12.27.33, 2001:dc3::35
WIDE Project
NOTE: VeriSign hosts 2 root servers and that is why there are 12 operators and 13 root name servers.
The organizations/operators make sure that servers get evenly distributed geographically. Here is a picture that shows the physical locations where the root servers reside.
Root servers location
The requests for domain name resolution always go against one of the 13 root name servers. To avoid lengthy waiting times, the underlying physical servers are pretty much evenly distributed across the globe (as in the picture).
The final task of the root name server is to respond to the domain resolution query.
💡The root name servers simply respond back with the responsible TLD server (e.g. .COM servers or .CO.UK) that is in line for asking further.
Depending on the Top Level Domain (TLD) you visit, the root servers will return the corresponding DNS server to your ISP. For example, in the domain name https://igorjovanovic.INFO, the corresponding DNS Server to ask further is that of the .INFO domain.
💡At this point, DNS is one step closer to answering the question of the IP address behind the igorjovanovic.INFO domain.
On the IANA website, you can see the responsible name servers (DNS servers) for the resolution of .INFO domains. Here is a copy/paste directly from the IANA database.
Name Servers (DNS servers) of the .INFO domains
HOST NAME
IP ADDRESS(ES)
a0.info.afilias-nst.info
199.254.31.1 2001:500:19:0:0:0:0:1
a2.info.afilias-nst.info
199.249.113.1 2001:500:41:0:0:0:0:1
b0.info.afilias-nst.org
199.254.48.1 2001:500:1a:0:0:0:0:1
b2.info.afilias-nst.org
199.249.121.1 2001:500:49:0:0:0:0:1
c0.info.afilias-nst.info
199.254.49.1 2001:500:1b:0:0:0:0:1
d0.info.afilias-nst.org
199.254.50.1 2001:500:1c:0:0:0:0:1
Host name of the DNS servers that resolve all the .INFO domains, together with the IP addresses of the machines (both IPs v4 and v6)
Based on the table that your ISP gets from the Root Servers, the ISP can send the query to one of the INFO DNS servers.
💡.INFO DNS server still does not know the IP behind https://igorjovanovic.com but knows the DNS server that KNOWS the answer.
We say that the TLD DNS server returns the authoritative name servers of the domain in question. For my domain, this answer could contain something like this.
HOSTNAME / IP ADDRESS
ns1.bluehost.com 162.88.60.37
ns2.bluehost.com 162.88.61.37
💡 BlueHost is a solid hosting solution if you are looking for where to host your website. You can find their offer here.
After the TLD DNS server responds, your ISP has the address where to knock further. The good news is that the address in hand is the final one.
The DNS server that runs behind ns1.bluehost.com and ns2.bluehost.comknows the answer to the question of what is the IP address of the domain name igorjovanovic.com.
That is why we call these name servers the authoritative name servers. They are the authority when it comes to answering the question of the IP address for the igorjovanovic.com domain — the one who knows is the authority.
💡You can also hear people calling the authoritative name servers the second-level domain (SLD) name servers.
Just for curious readers, I want to explain something you might have spotted here.
💡ns1.bluehost.com and ns2.bluehost.com exist in pairs (there are two of them). Had there been only ns1.bluehost.com, upon its failure, the domain name could not be resolved and you would get an error. Because of that, there is also ns2.bluehost.com to safeguard against the name server failure. You see now that one name server is a backup to the other.
Finally, the ISP can ask the authority DNS server to find the IP address of the igorjovanovic.com domain. Here is the address that the ISP uses to ask this question.
HOSTNAME / IP ADDRESS
ns1.bluehost.com 162.88.60.37
ns2.bluehost.com 162.88.61.37
💡I use BlueHost as a hosting company for many of my projects. You can find here their hosting offer if you also need a hosting solution.
Once the ISP gets the answer from the authoritative DNS server, the ISP has the million-dollar answer: the IP address behind igorjovanovic.com.
The answer would look similar to this.
HOSTNAME/ TTL / RECORD / IP
igorjovanovic.com. 86400 A 85.25.111.71
💡NOTE: I did not provide the real IP address/ name servers of the website just to avoid bots scanning this text, but you can easily find it out yourself since it is public.
Since the ISP has the target IP address, it stores a copy in its cache and passes it back to your laptop (browser). Now your browser knows the IP address, and all the subsequent requests to igorjovanovic.com do not need domain name resolution but execute directly. (This is why you might wait a bit longer when you visit a website for the first time, but all the coming requests go much faster).
As you can see in the previous sections, multiple organizations manage DNS. This is possible thanks to the DNS zones.
Cloudflare defines DNS zones as below.
A DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator.
CloudFlare
DNS zones are text files that hold DNS records. Every DNS zone stores DNS records of a specific part of the domain namespace. This makes the administration of the entire DNS easier since it sets the administrative responsibilities.
💡DNS servers (name servers) store the DNS zones and, consequently, DNS records.
At the top, there is a Dot (.) DNS zone (administrated by the root servers). Then, there are .TLD DNS zones for every top-level domain (.com, .net, .nl, .co.uk, etc.). Further down the chain, there is the domain DNS zone that contains the records of the actual domain (e.g., the letters before .info in igorjovanovic.com represent a domain name DNS zone).
A domain name can also have a subdomain, so blog.igorjovanovic.com can be a separate subdomain DNS zone of the igorjovanovic.com domain.
You can see some of this logic in the illustration below.
DNS records are the actual data points of the entire DNS ecosystem. Thanks to DNS records, DNS can respond to the question of what is the IP address behind the igorjovanovic.com domain.
These are the most important DNS records for you to understand.
Record A – The (A)ddress of a given domain name (hostname) expressed in the IP format. This is the most important record out there because it connects the domain name to the actual server that can handle the request.
Record AAAA – Exactly the same as the A record but made for the IPv6 (the newer version of the IP addresses), while the A record works with IPv6 addresses.
Record CNAME – This record simply points one domain to the other. For instance, when company-one.com takes over company-two.com, they can add the CNAME record to the company-two.com domain and redirect traffic to company-one.com.
Record NS – This is the name server record. It stores the address of the name server that knows the A record (the IP address) of a domain name in question. The entire DNS heavily uses NS records to navigate from the root servers to the authoritative server.
Record MX – (MX) Mail exchange record stores the mail server responsible for handling emails sent to a given email address. Without this record, your email (e.g. [email protected]) would bounce back if the example.com domain name does not have the MX record with a valid mail server.
DNS is a distributed database of computer systems that work together to resolve a domain name into an IP address of the target computer. DNS uses the standard internet protocols (TCP and UDP) for this communication. So, this is more the name of the entire mechanism.
DNS Server/Name Server is a physical server that stores (manages) DNS records of a given domain name. This server has DNS software installed on it. Depending on the person, some might call it a name server, while others refer to it as a DNS server — it is the same thing. This server has an IP address to use to connect to it.
NS (Name Server) record is a DNS record type that connects the domain name to its nameserver. Every name server has its subdomain.
In this post, you learned that DNS is a sort of a phone book of The Internet. Humans made it so that we do not have to remember IP addresses, as we are awful at remembering numbers.
DNS makes it possible to dial a specific computer by entering its human-friendly name in your browser.
No one owns DNS, and it is one extensive network of DNS servers maintained by different organizations (operators). This system comes together once you enter a domain name in your browser.
Distributed nature of DNS makes it possible to resolve any domain into an IP address in a step-by-step process. This process starts at the root servers and travels through the TLD DNS servers before hitting the authoritative DNS server (the server that knows the IP address).
DNS records are the actual data points that help DNS resolve queries. DNS records live within DNS servers (name servers).
Now that you know how The Internet works, share this post with others who can benefit from it. If you think I made a mistake somewhere or have a suggestion, write in a comment. I will see you in the next post!
Experienced tech professional with a strong track record in web services and fintech. Collaborating with Silicon Valley's multi-billion tech giants and offering a range of services committed to excellence. Check the Services page for how I can help you too.
