Skip to main content
Hashnodei_codefullstack

Command Palette

Search for a command to run...

Understanding How DNS Resolution Works: A Simple Guide

Updated
4 min read
A
arnab samanta

What is DNS and why name resolution exists?

The Domain Name System (DNS) maps IP addresses to hosts connected to either the public or private internet via a process called DNS resolution, making it an essential part of an organization’s infrastructure. It not only allows users to easily search for and access websites or other publicly available services, but also facilitates communication between hosts on a local network.

Key Types of DNS Queries/Resolution

  • Recursive Resolution(Most commonly used): The DNS client (user device) demands a complete answer or an error from the recursive resolver. The resolver acts on the client's behalf, querying multiple servers until the IP address is found.

  • Iterative Resolution: In this method, the DNS server answers a query with the best information it has, such as referring the request to another DNS server (e.g., a root server refers the resolver to a TLD server). The resolver then directly queries the next server in the chain.

  • Non-Recursive Resolution: The DNS server already has the IP address stored in its cache or is the authoritative server for the record, so it returns the answer directly without needing to query other servers.

What is the dig command and when it is used?

The dig (Domain Information Groper) command is a powerful command-line network tool used to query DNS (Domain Name System) servers to diagnose, troubleshoot, and display detailed information about domain records. It is primarily used to perform DNS lookups, check mail exchange (MX) records, verify name server propagation, and trace query paths.

Key details and usage

  • Troubleshooting: Identifying why a website is not resolving, verifying propagation during DNS changes, or checking if a DNS server is responding correctly.

  • DNS Information Gathering: Fetching specific records, such as finding the mail server (MX) for a domain or checking the Time-to-Live (TTL) of records.

  • Reverse Lookups: Finding the domain name associated with a specific IP address.

  • Security Verification: Checking for DNSSEC signatures to confirm authenticity

Common Commands

  • dig example.com: Basic lookup for a domain.

  • dig example.com MX: Query for mail exchange records.

  • dig @8.8.8.8 example.com: Perform a query using a specific DNS server (e.g., Google DNS).

  • dig +short example.com: Provides only the IP address, omitting technical details.

  • dig +trace example.com: Traces the DNS query path from root servers to the final answer

Dig in details a bit more just bear with me …

Great set of topics. Let’s walk through them step-by-step in the exact order DNS really works, using dig as our microscope 🔍.
I’ll keep it conceptual first, then show what the dig command tells you.

dig . NS — Root Name Servers

What does . mean?

  • . (dot) represents the DNS root zone

  • It’s the top of the DNS hierarchy

  • Every domain lookup starts here

Command

dig . NS

What you’ll see

You’ll get results like:

.       518400  IN  NS  a.root-servers.net.
.       518400  IN  NS  b.root-servers.net.
...

What this means

  • These are the root name servers

  • There are 13 logical root servers (a to m)

  • They do NOT know IPs of websites

  • They only answer:
    “Who handles .com?”
    “Who handles .org?”

Key point

Root servers know where TLD servers are, not websites.

dig com NS — TLD Name Servers

What is a TLD?

  • TLD = Top Level Domain

  • Examples: .com, .in, .org, .net

Command

dig com NS

What you’ll see

com.    172800  IN  NS  a.gtld-servers.net.
com.    172800  IN  NS  b.gtld-servers.net.
...

What this means

  • These are TLD servers for .com

  • Managed by organizations like Verisign

  • They do NOT know IP addresses of google.com

  • They only know:
    Which name servers are responsible for google.com

Key point

TLD servers know authoritative servers for domains, not IPs.

dig google.com NS — Authoritative Name Servers

Command

dig google.com NS

What you’ll see

google.com.  21600  IN  NS  ns1.google.com.
google.com.  21600  IN  NS  ns2.google.com.
google.com.  21600  IN  NS  ns3.google.com.
google.com.  21600  IN  NS  ns4.google.com.

What this means

  • These are authoritative name servers

  • Controlled by Google

  • These servers:
    Store actual DNS records (A, AAAA, MX, TXT, etc.)

Key point

Authoritative servers give final, trusted answers.

dig google.com — Full DNS Resolution Flow

Command

dig google.com

What happens behind the scenes (very important)

Your system’s recursive resolver does this automatically:

 Ask Root Server (.)
   → "Who handles .com?"

 Ask TLD Server (.com)
   → "Who handles google.com?"

 Ask Authoritative Server (ns1.google.com)
   → "What is the IP of google.com?"

 Final Answer returned to you

Final output example

google.com.  300  IN  A  142.250.190.14

This means:

  • google.com → IP address

  • TTL = how long it can be cached

Visual Hierarchy

. (Root)
 └── com (TLD)
     └── google.com (Authoritative)
         └── A / AAAA / MX / TXT records
#dns#dig

More from this blog

i_codefullstack

44 posts