Understanding DNS: How the Internet Knows Where to Go

When you type a web address like www.bing.com into your browser, something interesting happens behind the scenes. The Domain Name System (DNS) springs into action. DNS is essentially the Internet’s phone book. It translates human friendly domain names into the numerical IP addresses that computers use to identify each other.

What Happens When You Enter a Domain Name

Every device connected to the Internet has a DNS resolver configured, often your Internet provider’s or a public one such as Google DNS (8.8.8.8). When you try to visit a website:

Your DNS resolver checks if it already knows the IP address for that domain (from its cache).

If it doesn’t, it asks an even higher-level DNS server, known as a root server, where to find more information.

The Role of Root Servers

There are 13 main root DNS servers operated by organizations like Verisign and ICANN. These servers don’t store every web address instead, they know where to find the top-level domain (TLD) servers, such as .com, .net, or .io.

You can find the complete list of root servers here: https://www.iana.org/domains/root/servers.

For example, running a command like:

root@pp:~# nslookup -type=NS com. l.root-servers.net
Server:         l.root-servers.net
Address:        199.7.83.42#53

Non-authoritative answer:
*** Can't find com.: No answer

Authoritative answers can be found from:
com     nameserver = a.gtld-servers.net.
com     nameserver = b.gtld-servers.net.
com     nameserver = c.gtld-servers.net.
com     nameserver = d.gtld-servers.net.
com     nameserver = e.gtld-servers.net.
com     nameserver = f.gtld-servers.net.
com     nameserver = g.gtld-servers.net.
com     nameserver = h.gtld-servers.net.
com     nameserver = i.gtld-servers.net.
com     nameserver = j.gtld-servers.net.
com     nameserver = k.gtld-servers.net.
com     nameserver = l.gtld-servers.net.
com     nameserver = m.gtld-servers.net.
a.gtld-servers.net      internet address = 192.5.6.30
b.gtld-servers.net      internet address = 192.33.14.30
c.gtld-servers.net      internet address = 192.26.92.30
d.gtld-servers.net      internet address = 192.31.80.30
e.gtld-servers.net      internet address = 192.12.94.30
f.gtld-servers.net      internet address = 192.35.51.30
g.gtld-servers.net      internet address = 192.42.93.30
h.gtld-servers.net      internet address = 192.54.112.30
i.gtld-servers.net      internet address = 192.43.172.30
j.gtld-servers.net      internet address = 192.48.79.30
k.gtld-servers.net      internet address = 192.52.178.30
l.gtld-servers.net      internet address = 192.41.162.30
m.gtld-servers.net      internet address = 192.55.83.30
a.gtld-servers.net      has AAAA address 2001:503:a83e::2:30
b.gtld-servers.net      has AAAA address 2001:503:231d::2:30

Returns a list of authoritative name servers for the .com domain (like a.gtld-servers.net, b.gtld-servers.net, and so on).

How the Chain Continues

Once your resolver learns which server manages the .com domain, it asks one of those servers for information about the second-level domain "bing" assuming bing.com is the domain we are trying to resolve. That query returns another set of authoritative servers, such as Microsoft’s own DNS servers hosted under azure-dns.com.

Finally, those servers respond with the actual IP address of www.bing.com, and your browser uses that to load the page.

Verify by: 

$ root@pp:~# nslookup -type=NS bing.com a.gtld-servers.net
Server:         a.gtld-servers.net
Address:        192.5.6.30#53

Non-authoritative answer:
*** Can't find bing.com: No answer

Authoritative answers can be found from:
bing.com        nameserver = dns1.p09.nsone.net.
bing.com        nameserver = dns2.p09.nsone.net.
bing.com        nameserver = dns3.p09.nsone.net.
bing.com        nameserver = dns4.p09.nsone.net.
bing.com        nameserver = ns1-204.azure-dns.com.
bing.com        nameserver = ns2-204.azure-dns.net.
bing.com        nameserver = ns4-204.azure-dns.info.
bing.com        nameserver = ns3-204.azure-dns.org.
ns1-204.azure-dns.com   internet address = 13.107.236.204
ns1-204.azure-dns.com   has AAAA address 2603:1061:0:700::cc

This provides the authoritative servers for second level domains. Then that provides the IP address correspondingly. 

Usually this traffic is done on UDP port 53 in plain text format. Other secure ways is like DOH (DNS over https), DOT (DNS over TLS), DNSCrypt etc.

***

Understanding DNS: More Than Just Domain to IP Mapping

When most people think about the Domain Name System (DNS), they imagine a simple process.  Translating a website name into an IP address. However, DNS is far more than a basic directory. It’s a sophisticated system that helps the internet run smoothly, managing various types of records that handle everything from email delivery to site aliases and security verification's.

Here’s a breakdown of what DNS actually includes:

Name Servers:

These are the authoritative servers that store DNS records for a particular domain. They respond to queries about your website’s IP address and other related services.

A Record (Address Record):

Maps a domain name to its corresponding IPv4 address (for example, linking example.com to 192.0.2.1).

AAAA Record (IPv6 Address Record):

The IPv6 equivalent of an A record, mapping a domain name to a 128-bit IPv6 address (for instance, example.com to 2001:0db8::1).

MX Record (Mail Exchange):

Specifies the mail servers responsible for handling email for your domain. MX records ensure that messages sent to @yourdomain.com reach the correct mail server.

PTR Record (Pointer Record):

Provides reverse DNS lookup, mapping an IP address back to a domain name -- often used for email server verification and network troubleshooting.

CNAME Record (Canonical Name):

Acts as an alias for another domain. For example, www.bypramod.com might be an alias for bypramod.com, helping keep site structure consistent while simplifying maintenance.

TXT Record (Text Record):

Originally meant for descriptive text, TXT records now often store important verification data, such as security or authentication tokens for SPF, DKIM, and DMARC (used to prevent email spoofing).

***