Demystifying DNS for web developers

Gain an understanding of the Domain Name System and how it all works!

Joseph Gefroh
Sep 6, 2017 · 7 min read

DNS —you use it every day, but it’s not something that’s very easy to learn about. I know when I first started my website, I didn’t understand a thing about it. It took a while to truly grasp what I was doing.

I’m going to save you the effort and explain as simply as possible how DNS works from a practical, simplified point of view.

What is a Domain Name?

A domain name is a unique text identifier for a website or server. It is generally a human-readable string.

Parts of a Domain Name

The Domain Name format is as follows:

is the top-level domain, which is the root that encompasses all other domains within it. , , and are examples of TLDs.

The is subdivided into . , and are examples of domains of the TLD.

These domains can be split further into (which can then be split into additional ). and are examples of subdomains.

Technically, is a of the , but that’s not what most people are generally referring to when they use the term .

To illustrate, I’ve broken down the following domain names:

  • is the domain (a subdomain of )
  • is the top-level domain.

  • is the subdomain of
  • is the domain (a subdomain of )
  • is the top-level domain

  • is the subdomain of
  • is the domain (a subdomain of )
  • is the top-level domain

  • is a subdomain of
  • is a subdomain of
  • is the domain (a subdomain of )
  • is the top-level domain

  • is the domain (a subdomain of )
  • is the top-level domain

Now that you know what a domain name is, allow me to introduce the system that controls domain names, the aptly named Domain Name System, or DNS for short.

What is DNS?

DNS, the Domain Name System, is responsible for one thing: turning Domain Names like into numeric IP addresses like that computers can actually understand.

You see, computers don’t actually know what is. They only understand numbers. So whenever you try to go to in the browser, your computer first has to figure out what the heck that is.

It contacts a Domain Name Server, asking it to return the IP address that is associated with . If the Domain Name Server knows what it is, it’ll return it. Otherwise it’ll ask another domain name server what it is. This process repeats until the IP address associated with the Domain Name is retrieved from the head honcho domain name servers (the root name servers).

Getting your own domain name

You obviously don’t want people to have to memorize a random string of numbers (your IP address) to go to your website. You’ll want to buy your own domain name. To do that, you go to a Domain Name Registrar like Namecheap, GoDaddy, or Enom.

When you purchase a Domain Name from a Domain Name Registrar, you register a domain name with the domain name servers and effectively control the ability to create record for that domain name.

When you control a domain, you also control all of its subdomains. Because I control , I also control , where can be any subdomain, or combination of subdomains.

If you create a record for a domain name, you tell the domain name server about the changed information. This domain name server will then tell all of the other domain name servers about the change, effectively propagating the news until everyone knows about it.

Different kinds of records

There’s multiple kinds of records you can create for a domain name that are of particular interest for web developers:

  • A records
  • AAAA Records
  • CAA Records
  • CNAME records
  • MX Records
  • TXT Records

A

A records are the bread and butter of DNS.

An A record maps a domain name to an IPv4 address. It’s what you use to point to , or to . It’s telling the world’s computers “Hey! When you go to , you should actually go to the IP address instead.”

AAAA

AAAA records are just like A records, except they map a domain name to an IPv6 address instead of an IPv4 address. A while ago the world literally ran out of IP addresses, so a new set was created with a much larger address space.

  • Whenever you see a set of 4 number separated by a dot, you know it is an IPv4 address.
  • If you see sets of 4 hex characters separated by a colon, it’s likely an IPv6 address.

CAA

CAA records, Certificate Authority Authorization Records, are a way to whitelist what Certificate Authorities are allowed to issue SSL certificates on behalf of your domain name.

You don’t need to set this unless you’re exceptionally concerned.

CNAME

CNAME records, known as Canonical Name Records, are essentially aliases to other domain names. You can create a CNAME record for a domain name to point to another domain name and it’ll use the target domain name’s information.

MX

MX Rrecords, known as Mail Exchange Records, tells what email server is associated with a particular domain. You can set this record to change email providers, for example.

Normally the email provider, such as Google, will tell you what values you should set these records to.

TXT

TXT records are ways to associate arbitrary text with a specific Domain Name. These values are meaningless to the Domain Name System.

You’ll primarily use them to verify that you own a particular Domain Name for services and vendors that require such verification, such as Google Search Console. The rationale behind it is that if you have permission to create a TXT record with arbitrary data for a particular domain name, you probably own it.

There’s other kinds of records such as PTR, SRV, and NAPTR records, but you generally don’t use them regularly as a web developer.

Changing Registrars

Sometimes you’ll want to transfer your domain name to another provider or registrar, perhaps because one registrar provides better service than the other.

To transfer, you follow a short process (which varies slightly depending on various conditions such as vendor or domain):

  • You unlock the domain name if it is locked.
    Locked domain names can’t be transferred.
  • You receive an authorization code (called an EPP code) that permits the transfer.
  • You start the transfer and provide the EPP code you received.
  • Whoever is set as the point of contact for the domain name will receive an email asking them to approve or reject the transfer.
  • Approve the transfer and it’ll happen.

You can also choose to keep a domain name with a registrar but have it managed by another service. To do this, you would change the nameservers associated with the domain name.

Special things to note

Propagation

You may have heard the term “propagation” being thrown around when discussing DNS. Propagation refers to the time it takes for DNS records to be updated or “take effect” for most users.

Because the DNS records aren’t just on one server but on many, it takes time for an update to a DNS record originating on one server to reach all of the other servers. The servers have to contact each other, and the users’ systems have to update their DNS records with the new information.

DNS records are typically cached, and until the cache expires or is busted, people won’t be updated. This process can takes about 24–48 hours.

You can check the status of the propagation of DNS changes you make by looking at a propagation tool such as whatsmydns.

As a side note, services like Amazon’s Route 53 propagate DNS changes orders of magnitude faster than other services.

Masking

Masking a domain means that your domain name will forward a user to another website, but the user will not notice that the domain name has changed.

For example, I mask and point it to , users will see the content of but see in the URL.

Redirect / Forwarding

Redirecting or forwarding means that your domain name will transfer the user to another website.

For example, I redirect to , users will see the content of and also see that their URL now says .

WHOIS

When you register a domain name, you’re required to provide contact information and other information to verify your identity. These records are public and readily available — they can be looked up via the service.

If you want to hide your identity and keep people from knowing your connections to a domain name, most registrars let you purchase WHOIS protection. Instead of using your personal information, the vendor will instead use their own personal information on your behalf, effectively hiding your association to the domain name.

Diving deeper — see what the computer sees

You can see what the computer sees by using command-line tools to manually perform a DNS lookup. Doing this can be useful in debugging if you are receiving different data then you’d expect, or just want to know how it all works.

Windows

In the command prompt, run .

nslookup jgefroh.com

will return the A record for .

If you want to retrieve a different record type, enter the prompt and type:

set type=<TYPE>

where is one of the possible record types (eg. ).

Mac

In the terminal, use the command.

dig jgefroh.com

will return the A record for .

If you want to retrieve a different record type, you can specify it after the domain name, like below:

dig jgefroh.com TXT

I hope you found this guide helpful! If you feel like I oversimplified anything, made something to complicated, or missed an important detail, please let me know!

Joseph Gefroh

Written by

Enjoy my article? Add me on LinkedIn! https://www.linkedin.com/in/jgefroh/