Open in app

Sign in

Write

Sign in

Navigating the web: Everything that happens in a DNS lookup

Rohit S
6 min readJan 23, 2024

What is a DNS?

The Domain Name System (DNS) is a fundamental component of the internet, serving as a crucial translator between human-readable domain names and machine-friendly IP addresses. In this blog, we will delve into the intricacies of DNS lookups, exploring the various stages involved in translating a domain name into an IP address.

A DNS lookup is the process of translating a domain name (e.g., www.google.com) into its corresponding IP address, enabling communication on the internet.

DNS Lookup Journey

Here is the complete journey of getting your IP Address from domain.

Credits - https://xiaolishen.medium.com/

1. Local DNS Cache

The DNS lookup journey starts with the local cache. A local DNS cache can exist at various levels, including the browser, the operating system, and even within the network infrastructure. Let’s explore each of these:

Browser Cache:

  • Some web browsers maintain their own DNS cache. When you visit a website, the browser may store the resolved IP addresses of the associated domain names.
  • Browser caches are specific to the individual application and are separate from the operating system’s DNS cache. You can check your chrome’s dns cache here chrome://net-internals/#dns

Operating System DNS Cache:

  • The operating system itself often maintains a DNS cache at the system level. This cache is shared among all applications and services running on the operating system.
  • If not found in browser cache, the browser calls gethostbyname library function (varies by OS) to do the lookup. gethostbyname checks if the hostname can be resolved by reference in the local hosts file (whose location varies by OS) before trying to resolve the hostname through DNS.

Network DNS Cache:

  • In addition to local caches on individual devices, some network devices, such as routers and DNS proxies, may also maintain their own DNS caches.
  • Network-level caching can benefit all devices connected to the same network. It helps reduce the overall load on external DNS servers and improves the efficiency of DNS resolution for all devices within that network.

2. DNS Query

When a user or application attempts to access a domain, and the local DNS cache is checked but doesn’t contain the required information, the system initiates a DNS query.

The system sends a DNS query to the DNS resolver. The resolver is either configured locally on the operating system or provided by the Internet Service Provider (ISP).

  • If the DNS server is on the same subnet then the network library follows the ARP process for the DNS server. If the DNS server is on a different subnet, the network library follows the ARP process for the default gateway IP.
Credits-https://nitropack.io/
  • DNS recursor — The recursor is responsible for recursively resolving DNS queries. When a client, such as a web browser, sends a DNS query to the recursor, the recursor navigates the DNS hierarchy to find the IP address associated with the requested domain. Recursor has its own cache.
  • Root nameserver — The root server is the first step in translating (resolving) human readable host names into IP addresses. A root name server is a fundamental component of the Domain Name System (DNS) infrastructure. There are 13 sets of root name servers strategically distributed worldwide. Each set consists of multiple servers managed by different organizations.
  • TLD nameserver A TLD name server is responsible for authoritative information within a specific top-level domain (TLD), such as .com or .us. It maintains DNS records for domain names in that TLD, including gTLDs like .com, .org, and .net, as well as ccTLDs like .us, .uk, and .ca. TLD name servers are crucial components in the DNS hierarchy, providing authoritative details for their respective TLDs.
  • Authoritative nameserver — An authoritative nameserver is a DNS server that holds and provides authoritative information about a specific domain or set of domains. It is the ultimate source of truth for DNS records associated with those domains. When a DNS resolver needs information about a domain, it queries the authoritative nameservers for that domain to obtain accurate and up-to-date data.
Credits — https://blog.bytebytego.com

What are the type of dns records?

There are many different types of DNS records, each with its own specific purpose. Some of the most commonly used DNS record types include:

  • A Record (Address): Associates a domain name with an IPv4 address, enabling the translation of human-readable domain names into numerical IP addresses.
  • AAAA Record (IPv6 Address): Similar to the A record but for IPv6 addresses, facilitating the resolution of domain names to IPv6 addresses.
  • CNAME Record (Canonical Name): Establishes an alias or nickname for a domain or subdomain, mapping it to the canonical (official) name.
  • MX Record (Mail Exchange): Specifies the mail servers responsible for handling email messages directed to a particular domain.
  • TXT Record (Text): Stores arbitrary text data associated with a domain, commonly used for purposes like domain verification or adding additional information for security.
  • NS Record (Name Server): Identifies the authoritative name servers responsible for hosting DNS records for a specific domain.
  • SOA Record (Start of Authority): Holds administrative details about a DNS zone, including the primary name server, zone serial number, and refresh interval. It serves as the starting point for DNS zone management.

A Deep Dive into DNS Communication

DNS Header:

At the heart of a DNS message lies the DNS header, containing essential information about the communication. Key components include the ID for matching responses with queries, flags indicating the nature of the message (query or response), and counts for questions, answers, authority records, and additional records.

For instance:

Header:
  ID: 12345
  QR: 0 (Query)
  Opcode: Standard Query
  AA: 0
  TC: 0
  RD: 1 (Recursion Desired)
  RA: 0
  Z: 0
  RCODE: 0
  QDCOUNT: 1
  ANCOUNT: 0
  NSCOUNT: 0
  ARCOUNT: 0

DNS Payload:

The payload consists of different sections, each serving a specific purpose. The Question Section holds the query itself, specifying the domain name, query type (e.g., A for IPv4 address), and query class (e.g., IN for Internet). Depending on the type of message, additional sections like Answer, Authority, and Additional may be present, providing comprehensive details about the DNS resolution.

Consider a simplified DNS query:

Question Section:
  QNAME: www.google.com
  QTYPE: A
  QCLASS: IN

Transmission:

DNS messages, encapsulated within UDP datagrams, are transmitted over the network to the DNS server on port 53. UDP is the preferred protocol for DNS queries due to its lower overhead and faster performance.

DNS Response Example:

Header:
  ID: 12345
  QR: 1 (Response)
  Opcode: Standard Query
  AA: 1 (Authoritative Answer)
  TC: 0
  RD: 1
  RA: 1 (Recursion Available)
  Z: 0
  RCODE: 0
  QDCOUNT: 1
  ANCOUNT: 1
  NSCOUNT: 0
  ARCOUNT: 0

Question Section:
  QNAME: www.google.com
  QTYPE: A
  QCLASS: IN

Answer Section:
  NAME: www.google.com
  TYPE: A
  CLASS: IN
  TTL: 300
  RDLENGTH: 4
  RDATA: 142.250.192.36

Let’s Try it out

//Windows
nslookup google.com 8.8.8.8


//Unix/Linux
dig google.com 8.8.8.8

What is rDNS?

rDNS stands for Reverse Domain Name System. It is also known as reverse DNS lookup or PTR (Pointer) record. While the traditional DNS maps domain names to IP addresses, rDNS performs the opposite task by mapping IP addresses to domain names.

Example (IPv4):

  • Given IP address: 192.168.1.1
  • Reverse the octets: 1.1.168.192
  • Construct the reverse domain: 1.1.168.192.in-addr.arpa
  • Query the authoritative DNS server for the PTR record.
  • Receive a response containing the associated domain name.

Note:

  • Not all IP addresses have corresponding PTR records, as it depends on the network administrator’s configuration.
  • rDNS is commonly used for security checks, email authentication, and obtaining human-readable information about IP addresses accessing a network.

Conclusion:

The DNS lookup is an important step to obtain the IP address to make the connection and transfer data. The DNS log serves as a critical record of domain name system activities, providing insights into the resolution of domain names to IP addresses and vice versa. This is just the first step of the journey in the internet. There is much more will happen like connections, encryptions and data transfers.

Follow me and stay connected for further insights and learning opportunities!

https://www.linkedin.com/in/itherohit/

www.itherohit.dev

DNS
Networking
Web Development
Software Development
Software Engineering

--

--

Rohit S

Written by Rohit S

428 Followers

Software Engineer itherohit.dev

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams