Skip to main content
Hashnodecoffee-with-aniruddha

Command Palette

Search for a command to run...

How DNS Resolution Works

Published
4 min read
A
Aniruddha D

Focused on : Product Design and Development

Code Architecture, Scaling, Data processing

Team building and co-ordinate with management

Use of AI Agent to build effective web applications

Building Live real time B2C business platforms

1. What Is DNS and Why Name Resolution Exists

Resolvers are described as client-side components that:

  • Query a nameserver

  • Interpret responses

  • Return results to applications

The resolver itself is typically a stub resolver, meaning most of the work is done by nameservers .

The resolution process works because the namespace is structured as an inverted tree, and every nameserver knows the domain names and addresses of the root nameservers.

The book explains that if all root nameservers were unreachable, resolution would fail globally.

Caching significantly improves performance and reduces load on the root servers.

From a system-design perspective:

  • Applications → call resolver

  • Resolver → sends recursive query

  • Nameserver → performs resolution

  • Root → TLD → Authoritative

  • Result cached for efficiency

2. What Is the dig Command and When It Is Used

This analyzes a sample dig query to a root server and explains:

  • The header fields

  • The QR, AA, RD, RA flags

  • Question, Answer, Authority, Additional sections

Important details from the book:

  • qr indicates a response

  • aa indicates authoritative answer

  • rd means recursion desired

  • ra means recursion available

dig is therefore a diagnostic tool used to:

  • Inspect DNS messages

  • View delegation

  • Verify authority

  • Examine flags and sections

  • Troubleshoot resolution

3. Understanding dig . NS — Root Name Servers

The root nameservers know where the authoritative nameservers for each top-level zone

Resolution must start at the root in the absence of cached information.

The book explicitly notes that there are 13 root nameservers distributed across the Internet.

The example dig output as:

  • 13 NS records for the root

  • 13 corresponding A records

Thus:

dig . NS

Queries the root zone’s NS records and returns the authoritative root nameservers.

System-design implication:
Root servers do not know host IPs; they only delegate to TLD servers.

4. Understanding dig com NS — TLD Name Servers

The book explains that root nameservers provide the names and addresses of nameservers authoritative for top-level zones.

Resolution works by being referred to nameservers closer to the queried domain.

Therefore:

dig com NS

Returns the authoritative nameservers for the .com zone.

This reflects the delegation hierarchy described:
Root → TLD → Second-level domain.

5. Understanding dig google.com NS — Authoritative Name Servers

  • Zones contain resource records describing hosts and delegation

  • NS records list the servers authoritative for a zone

  • DNS does not distinguish primary vs slave for resolution purposes — NS records only identify authoritative servers

Thus:

dig google.com NS

Returns the authoritative nameservers for the google.com zone.

From a system-design viewpoint:

NS records define the authority boundary for a zone.

6. Understanding dig google.com — Full DNS Resolution Flow

The resolution process is described step-by-step:

If a nameserver cannot answer from its local data, it queries the “closest known” nameservers.

If necessary, resolution falls back to the root zone because every nameserver knows the root nameservers.

The distinguishes:

  • Recursive queries (resolver → nameserver)

  • Iterative queries (nameserver → nameserver)

Recursive queries require the nameserver to return a final answer, not a referral.

Iterative queries return the best information available (often a referral).

Caching then shortens future lookups and reduces dependency on root servers.

Putting this together for:

dig google.com

Resolution flow:

  1. Stub resolver sends recursive query

  2. Nameserver checks cache

  3. If not found:

    • Query root

    • Get referral to TLD

    • Query TLD

    • Get referral to authoritative

    • Query authoritative

  4. Return A/AAAA record

  5. Cache results

The debug output example in Chapter 13 even shows createfetch for “. NS” during resolution.

7. Behind the Scenes: Recursive Resolvers

  • Resolvers send recursive queries by default

  • Nameservers perform iterative queries to other nameservers

  • Recursion places most of the burden on a single nameserver

  • Caching improves performance and reduces root load

This is precisely how modern recursive resolvers (ISP DNS, 8.8.8.8, etc.) operate.

8. Connecting dig google.com to Real Browser Requests

The resolver is a library routine linked into applications.

When a browser needs to connect:

  1. It calls the resolver.

  2. The resolver sends a recursive query.

  3. The nameserver performs resolution.

  4. The IP is returned.

  5. The browser establishes TCP/TLS.

Without successful resolution, applications cannot connect.

#dns#networking#internet#osi-model

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

coffee-with-aniruddha

12 posts

Anirudha, A Tech professional, Experienced in Web Development, Writing these blogs to share the knowledge.