Programming

A Look Inside DNS & Its Working.

If you are a visual learner, I already have a video on this topic. For the ones who love reading, let's start from the basics. Any websites you visit on the internet have an address, which are called IP addresses. You make a request to the server's IP address, expecting a response. As the websites on the internet grew, remembering the IP addresses of all servers was very hard, so DNS was introduced. DNS, i.e. Domain Name System The DNS system maps friendly, easy-to-remember names to the IP address of the server so you do not need to remember IP addresses (eg. 192.168.254.23). So if you visit https://dev.to your computer is actually making a request to the server IP address, which is translated from domain to IP by DNS. Is it that simple? The simple task of translating a name to IP becomes complex and requires a reliable system if all the computers on the internet are making requests for it. Using this image, we will start understanding each step. Browser when you visit a website, your browser is making a dns request to stub resolver to get the ip address of the website server. What is a stub resolver? Stub resolver is an operating system component that is used to make DNS requests for applications running on a computer. You can think of it as a library, which helps the applications running in the operating system to make DNS requests. For the DNS server, STUB resolver acts as a client, which is making DNS requests. What is a DNS recursive resolver? Getting the IP address of a domain involves making requests to multiple servers, which is done by a recursive resolver for us. Since it makes multiple requests repeatedly, hence its name is recursive resolver. The domain name is divided into 2 parts The part after ‘.’ is called a top-level domain TLD, and the part before the ‘.’ is called DOMAIN. Domain name to IP address is a record, and the records of the domain are held on a server, which are called authorative name servers. So the authoritative name servers ip address, which actually holds the record for all domain with '.com' TLD, is held on another server called the TLD server. So it states that for every different TLD, for example ‘.me’ ‘.com’ '.xyz', there will be different TLD servers. The DNS recursive resolver has the domain, and it knows the TLD of the domain to be queried. So it must know the location of the TLD server, and since there are multiple TLD servers. The IP address of the TLD server is provided by another server called a root name server. Request flow So the first request that a recursive resolver makes is to a root name server to find out what the IP address of the TLD server is. The second request it makes to the TLD server is to get the IP of the authoritative name server of that particular domain. The final request is made to the authoritative name server, and it returns the IP address of that domain, and then the resolver returns the IP to the STUB resolver, and finally your browser can make a request to that particular IP and get the consent of the website. See In action Use the dig command on linux (if you are on windows or mac, search for similar command) to see the process of requests by recursive resolver dig +trace blockx3.xyz This command will produce result something like this ; DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu +trace blockx3.xyz ;; global options: +cmd . 513851 IN NS a.root-servers.net. . 513851 IN NS b.root-servers.net. . 513851 IN NS c.root-servers.net. . 513851 IN NS d.root-servers.net. . 513851 IN NS e.root-servers.net. . 513851 IN NS f.root-servers.net. . 513851 IN NS g.root-servers.net. . 513851 IN NS h.root-servers.net. . 513851 IN NS i.root-servers.net. . 513851 IN NS j.root-servers.net. . 513851 IN NS k.root-servers.net. . 513851 IN NS l.root-servers.net. . 513851 IN NS m.root-servers.net. . 513851 IN RRSIG NS 8 0 518400 20250218050000 20250205040000 26470 . CY4QrS4dmuSrVo3HMfnNphtwmQ+TCGObgDI6figtrGbNWiOvEu8XCO9i 2qgYVpSDBJPWl1hqh2Iy66BB0ZWW9gXuzw4cTnv+QqmbjCfnTcFSxDIV poKAAWhkWFqVRb7G+hQzLe01uhHwoqzeMT5i1VYSAPvzR/irtl+QI7BS uAO6pjWIGMIzT6pC3FZdc2fPK4aeSEhzqh51E1vvWJG4UWL398FP5JOj 921ih2nwxfcgzAq2CtnXeE7VxutWpq1PsNs/Rf0khkolffVpqhoVC+nq 1IQdyPdPVusVCCsB0P170nFl6HB3kddqCPfB4xYDe+8AdZ/OyqeoexnH ii6waQ== ;; Received 525 bytes from 1.1.1.1#53(1.1.1.1) in 9 ms ;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable. ;; no servers could be reached ;

Feb 5, 2025 - 14:51
 0
A Look Inside DNS & Its Working.

If you are a visual learner, I already have a video on this topic.

For the ones who love reading, let's start from the basics.

Any websites you visit on the internet have an address, which are called IP addresses. You make a request to the server's IP address, expecting a response.
As the websites on the internet grew, remembering the IP addresses of all servers was very hard, so DNS was introduced.

DNS, i.e. Domain Name System

The DNS system maps friendly, easy-to-remember names to the IP address of the server so you do not need to remember IP addresses (eg. 192.168.254.23).

So if you visit https://dev.to your computer is actually making a request to the server IP address, which is translated from domain to IP by DNS.

Is it that simple?

The simple task of translating a name to IP becomes complex and requires a reliable system if all the computers on the internet are making requests for it.

Using this image, we will start understanding each step.

Image description

Browser

when you visit a website, your browser is making a dns request to stub resolver to get the ip address of the website server.

What is a stub resolver?

Stub resolver is an operating system component that is used to make DNS requests for applications running on a computer. You can think of it as a library, which helps the applications running in the operating system to make DNS requests. For the DNS server, STUB resolver acts as a client, which is making DNS requests.

What is a DNS recursive resolver?

Getting the IP address of a domain involves making requests to multiple servers, which is done by a recursive resolver for us. Since it makes multiple requests repeatedly, hence its name is recursive resolver.

Image description The domain name is divided into 2 parts The part after ‘.’ is called a top-level domain TLD, and the part before the ‘.’ is called DOMAIN. Domain name to IP address is a record, and the records of the domain are held on a server, which are called authorative name servers.

So the authoritative name servers ip address, which actually holds the record for all domain with '.com' TLD, is held on another server called the TLD server.

Image description

So it states that for every different TLD, for example ‘.me’ ‘.com’ '.xyz', there will be different TLD servers.

Image description

The DNS recursive resolver has the domain, and it knows the TLD of the domain to be queried. So it must know the location of the TLD server, and since there are multiple TLD servers. The IP address of the TLD server is provided by another server called a root name server.

Request flow

So the first request that a recursive resolver makes is to a root name server to find out what the IP address of the TLD server is. The second request it makes to the TLD server is to get the IP of the authoritative name server of that particular domain. The final request is made to the authoritative name server, and it returns the IP address of that domain, and then the resolver returns the IP to the STUB resolver, and finally your browser can make a request to that particular IP and get the consent of the website.

See In action

Use the dig command on linux (if you are on windows or mac, search for similar command) to see the process of requests by recursive resolver

dig +trace blockx3.xyz This command will produce result something like this

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> +trace blockx3.xyz
;; global options: +cmd
.                       513851  IN      NS      a.root-servers.net.
.                       513851  IN      NS      b.root-servers.net.
.                       513851  IN      NS      c.root-servers.net.
.                       513851  IN      NS      d.root-servers.net.
.                       513851  IN      NS      e.root-servers.net.
.                       513851  IN      NS      f.root-servers.net.
.                       513851  IN      NS      g.root-servers.net.
.                       513851  IN      NS      h.root-servers.net.
.                       513851  IN      NS      i.root-servers.net.
.                       513851  IN      NS      j.root-servers.net.
.                       513851  IN      NS      k.root-servers.net.
.                       513851  IN      NS      l.root-servers.net.
.                       513851  IN      NS      m.root-servers.net.
.                       513851  IN      RRSIG   NS 8 0 518400 20250218050000 20250205040000 26470 . CY4QrS4dmuSrVo3HMfnNphtwmQ+TCGObgDI6figtrGbNWiOvEu8XCO9i 2qgYVpSDBJPWl1hqh2Iy66BB0ZWW9gXuzw4cTnv+QqmbjCfnTcFSxDIV poKAAWhkWFqVRb7G+hQzLe01uhHwoqzeMT5i1VYSAPvzR/irtl+QI7BS uAO6pjWIGMIzT6pC3FZdc2fPK4aeSEhzqh51E1vvWJG4UWL398FP5JOj 921ih2nwxfcgzAq2CtnXeE7VxutWpq1PsNs/Rf0khkolffVpqhoVC+nq 1IQdyPdPVusVCCsB0P170nFl6HB3kddqCPfB4xYDe+8AdZ/OyqeoexnH ii6waQ==
;; Received 525 bytes from 1.1.1.1#53(1.1.1.1) in 9 ms

;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
xyz.                    172800  IN      NS      x.nic.xyz.
xyz.                    172800  IN      NS      y.nic.xyz.
xyz.                    172800  IN      NS      z.nic.xyz.
xyz.                    172800  IN      NS      generationxyz.nic.xyz.
xyz.                    86400   IN      DS      3599 8 2 B9733869BC84C86BB59D102BA5DA6B27B2088552332A39DCD54BC4E8 D66B0499
xyz.                    86400   IN      DS      18130 8 2 5AA5961266594CCEAC50949A99219FE004F130E1864A427143E9FF2E 641CAC6F
xyz.                    86400   IN      RRSIG   DS 8 1 86400 20250218050000 20250205040000 26470 . cvKzs7LpC+sJLTzxPeaCgJhaHmGefPv4ujvMQXdzC+TXcMussJwQeaHw 8SUarW+1D8W2hPDLvu6xd3pukH4e+T7ay/VPmAznF9dQLyz7BNUUVSKi 8F1/G3ZOeCbf97IwGQ9FxuRjyN5B1NzLr6Y/kLDEis9zFcb0RF9v2wPV loMHJYiPxaTr8SYV2Hbwf2p7ubbM6OJlaneJBnrZTRjgxYRqZ9vXnAx+ gc52G7Kp0I4Ldi+YXYEHXrEDUXjBS04Ttt8uLLSuVlaHoVROSvoa/rVI uaN0HhXtjkekEzgAPeNuO7839Av9ozJloFOPOWYiJT+ANuxA05nSr8YU 7KfjRw==
;; Received 679 bytes from 192.58.128.30#53(j.root-servers.net) in 0 ms

;; UDP setup with 2a04:2b00:13cc::1:42#53(2a04:2b00:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ff::42#53(2a04:2b00:13ff::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2001:67c:13cc::1:42#53(2001:67c:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ee::42#53(2a04:2b00:13ee::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13cc::1:42#53(2a04:2b00:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ff::42#53(2a04:2b00:13ff::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2001:67c:13cc::1:42#53(2001:67c:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ee::42#53(2a04:2b00:13ee::42) for blockx3.xyz failed: network unreachable.
blockx3.xyz.            3600    IN      NS      dion.ns.cloudflare.com.
blockx3.xyz.            3600    IN      NS      nataly.ns.cloudflare.com.
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 900 IN NSEC3 1 1 0 - 2TJP61HRH0BQP2HJ34JUU7VA1J23PCRO NS SOA RRSIG DNSKEY NSEC3PARAM
6s3p73q4afrm6vqrcuod60pb1g734kqp.xyz. 900 IN NSEC3 1 1 0 - 6S62PHU98JJSL59927DFT1P49TPLDQ8P NS DS RRSIG
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 900 IN RRSIG NSEC3 8 2 900 20250220025356 20250121012356 65206 xyz. lBGYS4VdleLIc2G1kte18ziguj1enpLCL8ZGn+Bxdjf2h5os3rlaQo28 nd0w2ytj+Z7nGD3n+vjWQmTerScHkaggzHtFgAOUjTl/wSKD/vWqvR4W 6uOi69dC835D9T9qRTbnuSkLdWCnE9WMhA1Q3+JfMDBSlaPK1mz++NgU sF8=
6s3p73q4afrm6vqrcuod60pb1g734kqp.xyz. 900 IN RRSIG NSEC3 8 2 900 20250226025354 20250127012354 65206 xyz. YOKi1x3DISv0rQ/zZclUsv7loYDXW//TCpfqBbfx7IzLqdjFeVWLWoCP VcSolF3JlQTBP2sGz5xZ1g7h/KYl82ytlphsd/URN3Flbg9lMe1Bcr9u E++R5/Dvr/U8rPrcIM2on4mwBXjTvS3GcxD88ashEYu8uZUMoPQsCjP/ i6w=
;; Received 610 bytes from 194.169.218.42#53(x.nic.xyz) in 149 ms

blockx3.xyz.            300     IN      A       104.21.45.168
blockx3.xyz.            300     IN      A       172.67.217.3
;; Received 72 bytes from 172.64.33.156#53(dion.ns.cloudflare.com) in 29 ms

The steps

STEP 1: A request is made to the root name server to find the address of TLD servers. 

.                       513851  IN      NS      a.root-servers.net.
.                       513851  IN      NS      b.root-servers.net.
.                       513851  IN      NS      c.root-servers.net.
.                       513851  IN      NS      d.root-servers.net.
.                       513851  IN      NS      e.root-servers.net.
.                       513851  IN      NS      f.root-servers.net.
.                       513851  IN      NS      g.root-servers.net.
.                       513851  IN      NS      h.root-servers.net.
.                       513851  IN      NS      i.root-servers.net.
.                       513851  IN      NS      j.root-servers.net.
.                       513851  IN      NS      k.root-servers.net.
.                       513851  IN      NS      l.root-servers.net.
.                       513851  IN      NS      m.root-servers.net.

Step 2: second request is made to TLD server to find the address of authoritative name server. 

xyz.                    172800  IN      NS      x.nic.xyz.
xyz.                    172800  IN      NS      y.nic.xyz.
xyz.                    172800  IN      NS      z.nic.xyz.

Step 3: final request is made to authoritative name server to find the ip address of the website 

blockx3.xyz.            3600    IN      NS      dion.ns.cloudflare.com.
blockx3.xyz.            3600    IN      NS      nataly.ns.cloudflare.com.

Now finally the ip address is returned to our computers.

Are your dns query secured ?

dns request can be seen by any one of you are on open network and if you are not using secure dns. Check the video to setup a secured private DNS server for yourself.

Conclusion

Now you know how the DNS is resolved.A developer or devops engineer or any field in IT require you to know the basics of technology we are using. I keep posting about the technologies on my twitter.

Social links

X.com : https://x.com/anisharaz
Github.com : https://github.com/anisharaz

Next read

anisharaz

A Look Inside Docker & Its working.

ANISH ARAZ ・ Jan 23

#docker #learning #linux #architecture
Read More

Tags:

Previous Article

10 Creative & Open Source Portfolio Templates

Next Article

Unlocking the Power of React: The Definitive Guide to Crafting Dynamic User Expe...

Related Posts

Difference Between Clojure, Kotlin and Scala

Difference Between Clojure, Kotlin and Scala

Jan 26, 2025  0

Node v22.4.1 (Current)

Node v22.4.1 (Current)

Feb 2, 2025  0

Jan 27, 2025  0