DNS Resolution

DNS Resolution

What is DNS ?

DNS is the domain name system or service it translates the domains and FQDN's (hostnames) into IP address so the server can be connected to on the network level. Without DNS everyone would need to enter an IP address into the search bar instead of a friendly easy to remember domain name such as ljshost.com.

So How Does It Work ?

It's really quite simple there many servers around the world running a DNS service such as Bind.
These servers serve DNS information for various domains.

Resolution Process

First thing we need to talk about is the holy of holy's the 13 root name servers, if anything happened to these servers then no more internet for anyone they are the source from where all DNS information comes. The root servers are referenced as a single .

a.root-servers.net.
b.root-servers.net.
c.root-servers.net.
d.root-servers.net.
e.root-servers.net.
f.root-servers.net.
g.root-servers.net.
h.root-servers.net.
i.root-servers.net.
j.root-servers.net.
k.root-servers.net.
l.root-servers.net.
m.root-servers.net.

Now we have a starting point we can begin to explain how we get from here to .debian.com. DNS works in reverse which might seem confusing at first but will make perfect sense once you see how we get from the root servers to the next level. When you enter debian.com into your browser the following happens.

Step 1

Every computer or internet connected has one or more DNS servers that it is configured to use any attempt to resolve a name will first be asked to this server, if it has the record it will return it to the user and the resolution process is complete, if not this DNS server will ask the root server.

Step 2

Using the Linux dig command with a trace is a great example to show how the process works

dig +trace debian.com

This command will display the resolution process for debian.com


The first part of the output shows the root server providing the information for the GLD .com name servers


. 129258 IN NS f.root-servers.net.
. 129258 IN NS h.root-servers.net.
. 129258 IN NS l.root-servers.net.
. 129258 IN NS a.root-servers.net.
. 129258 IN NS k.root-servers.net.
. 129258 IN NS e.root-servers.net.
. 129258 IN NS d.root-servers.net.
. 129258 IN NS i.root-servers.net.
. 129258 IN NS m.root-servers.net.
. 129258 IN NS j.root-servers.net.
. 129258 IN NS b.root-servers.net.
. 129258 IN NS c.root-servers.net.
. 129258 IN NS g.root-servers.net.





;; Received 698 bytes from 192.42.93.30#53(g.gtld-servers.net) in 129 ms

com. 600 IN NS b.gtld-servers.net.
com. 600 IN NS k.gtld-servers.net.
com. 600 IN NS m.gtld-servers.net.
com. 600 IN NS d.gtld-servers.net.
com. 600 IN NS i.gtld-servers.net.
com. 600 IN NS c.gtld-servers.net.
com. 600 IN NS f.gtld-servers.net.
com. 600 IN NS e.gtld-servers.net.
com. 600 IN NS g.gtld-servers.net.
com. 600 IN NS a.gtld-servers.net.
com. 600 IN NS j.gtld-servers.net.
com. 600 IN NS l.gtld-servers.net.
com. 600 IN NS h.gtld-servers.net.



Next we can see the GLD server e.gtld-servers.net gave us the name servers for debian.com

debian.com. 172800 IN NS sec1.rcode0.net.
debian.com. 172800 IN NS sec2.rcode0.net.
debian.com. 172800 IN NS dnsnode.debian.org.

;; Received 418 bytes from 192.12.94.30#53(e.gtld-servers.net) in 117 ms

And finally dnsnode.debian.org provided the IP for debian.com

debian.com. 300 IN A 140.211.15.34
debian.com. 300 IN A 149.20.20.22
debian.com. 300 IN A 5.153.231.4
debian.com. 300 IN A 128.31.0.62
debian.com. 300 IN A 130.89.148.14

;; Received 1179 bytes from 194.146.106.126#53(dnsnode.debian.org) in 49 ms


As you see, DNS is very simple it's just like state, city, town, name in the Telephone directory.


Caching (TTL)

With the billions of DNS requests made every day this system would quickly become overloaded and fail, to solve this problem each server keep a record of all information it has served for a period of time. Each DNS record has a time limit, when this time has expired that DNS server will discard the record and begin the resolution process again from the root servers. Caching records for a period of 24 hours or more reduces the number of root level requests made to a minimum and reduces overall global DNS load.

Good one !!

Is Godaddy or Cloudflare using these ways for their DNS services?

Those techniques are pretty high and I need time to read and study them.

Yes Chris,

Godaddy and CloudFlare will use this resolution process just like any other internet user or service provider.

Very easy to understand guide for everyone! Good job.

Thank you for the post, defiantly some good information in here!

Update: As an addtion to my DNS resolution article I thought I would expand on the topic with whois and Glue records.

How does DNS work with Whois ?

As we all know when you have a new domain or change hosting provider on an existing domain, the name servers for the domain must be updated by the domain registrar for that domain.

To expand on my previous article on how DNS resolution works I thought it would be interesting to discuss where the link between whois name server records and the DNS resolution process is made. Registered DNS operators also maintain the whois database. For example when you type debian.com into your browser the name server you are using will begin the resolution process as explained above starting with the whois server

Their is one exception to this rule which is the IP Glue record which "Glues" the name servers to the IP address in the whois record.

Glue Records which are also referred to as custom name servers. Custom nameservers are useful for many different reasons for example a VPS or dedicated server owner might like to have their own name servers to register domains under that they want to host on the server.

Custom name servers are also essential for resellers as they can register and update their customers domains under their own brand which creates the white labeled hosting that all reseller hosting providers offer.

Here is how glued and Unglued name servers appear on a whois record

Without With Glue Record

Nameserver: ns1.somedomain.com.
Nameserver: ns2.somedomain.com.

With Glue Record

Nameserver: ns1.somedomain.com. xxx.xxx.xxx.xxx
Nameserver: ns2.somedomain.com. xxx xxx xxx xxx

As you can see with a Glue record the IP of the correct name servers to ask is included in the whois record, this answer is not authoritative and only acts as a pointer allowing for the loop to be resolved.


So Why Are Glue records needed ?

If the name servers for a domain are a subdomain of the domain the resolution process with get stuck in a loop and be unable to resolve. This does sound confusing but it's quite simple.

Lets try to visualize what is happening with all these name servers talking to each other and you will see why the glue record is needed.

1. Nameserver asks the whois server what are name servers for somedomain.com
2. Whois server - ns1.somedomain.com. ns2.somedomain.com.
3. Hi root server whats the IP for the .com name server
4. Hi .com server whats the IP for the somedomain.com name server
5 .com name servers says ask ns1.somedomain.com
6. Hi somedomain.com whats the IP for ns1.somedomain.com
7. Somedomain.com says ask ns1.somedomain.com
8. Whats the IP for ns1.somedomain.com
9. Ask ns1.somedomain.com


Without Glue records this is where we get stuck, the name servers for somedomain.com are a sub domain of somedomain.com so we can't find out the IP addess to connect with ns1.somedomain.com Once the IP are glued to the whois record the looping problem is solved.

With this tutorial many peoples will easy learn about the DNS Resolution.
Thank you for this great tutorial.