How Does a DNS Query Work?


DNS Query Title Picture

One of the most underappreciated aspects of the internet today is the domain name server (DNS). We use them many times a day to get to our favorite websites. What most people don’t understand is that when we type a site into our internet browser search bar, we are querying a domain name server for the location of the site we want. So how then, does a DNS query work?

In this post we will cover all you need to know about domain name servers and their purpose on the internet.

My goal is for you to walk away from this post with a complete understanding for how DNS queries work. It wouldn’t hurt if you walked away with some appreciation for domain name servers too.

Alright, let’s take it from the top.

What is a Domain Name Server?

Domain name servers are essentially address books for the internet. They contain the locations of all the websites on the internet.

Every device that uses the internet is assigned an IP address. You will recognize an IP address as a series of four numbers separated by dots (e.g. 192.168.0.1). These four numbers detail the location of each device connected to the internet (it is also called an IPv4 address). Computers identify the computer or device they want to talk to by their IP address.

This is very much like our mail system today. You need to know the address of the person you want to send a letter to. If you don’t, your letter will never arrive at its intended location.

So how do computers know the IP addresses of the devices they want to communicate with?

We have domain name servers to thank for that. If it weren’t for domain name servers, we would have to memorize the IP addresses of all the websites that we go to.

That would get complicated.

Fully Qualified Domain Name

Rather than make everyone memorize the IP addresses of their favorite websites, the internet decided to make it easy by assigning a fully qualified domain name (FQDN) to each IP address. A FQDN is essentially a recognizable name that is linked to each IP address.

For example, the FQDN for the IP address of 172.217.10.238 is “google.com”.

What is easier to memorize? 172.217.10.238 or google.com?

I thought so.

What does DNS have to do with this?

Domain Name Servers are responsible for keeping track of which FQDN matches to each IP address.

It is important to note that one domain name server is not responsible for keeping a record of every single website on the internet. It is a shared responsibility by a network of domain name servers. These DNS work together to get you where you want to go on the internet.

How does a DNS query work?

When you type the FQDN of a website into your browser search bar (e.g. network-from-home.com), your request gets sent to a network of Domain Name Servers. The DNS network takes your request and attempts to look up the location of www.network-from-home.com based upon its IP address.

This process of translating an FQDN into an IP address is called domain name resolution. This is the primary service that domain name servers provide.

DNS structure

Before we discuss the different components that make up the DNS network, it is worth mentioning the structure of the domain name service.

The domain name service that is implemented on the internet is a hierarchy. As you will see, this hierarchy is a way of separating each domain (or address book of IP addresses) into logical groups. This makes it easier and faster for your DNS to find the IP addresses you are looking for.

At the top of the hierarchy you have what is called a root server. Below the root server you have top level domain (TLD) servers, and beneath TLD servers you have authoritative name servers. The authoritative name servers will hold the IP address information of the FQDN you are looking for. That being said, each of these DNS servers are important because they help you get closer to the IP address you are looking for.

Here is a visual representation of the DNS hierarchy:

DNS Hierarchy

It is important to keep in mind that the visual above is a scaled down version of what the DNS network really looks like. In reality, there are thousands of servers that make up this network.

Now that we have explained the DNS hierarchy, let’s learn more about the different players in the DNS query process.

Recursive DNS

The recursive DNS is the domain name server that carries out your IP address search for you. When you type an FQDN into your browser search bar, your recursive DNS is the one your browser contacts first.

Your recursive DNS will then take your request and ask the domain name server hierarchy what the IP address of your site is.

Here is an oversimplified visual of the recursive DNS’ role:

Recursive DNS

Recursive DNS are usually assigned by your internet service provider (ISP). They are often slow and insecure. What’s more is your search history is not private when using the ISP’s DNS.

The good news is you can choose which recursive DNS you want to use. There are many available that are much faster, more private, and more secure than what you are using now. Most of them are free and it is an easy change to make as well.

If you want to make your internet searches faster, more private, and more secure, check out our post: Will Changing Your DNS Improve Your Internet Speed?

Root server

The root server is the first DNS that your recursive DNS will talk to when trying to find the IP address of the site you want to access.

The root server will not know the IP address that the recursive DNS is looking for, but it will point the recursive DNS in the right direction. It does this by sending the recursive DNS the IP address of the top level domain server that pertains to the site you are looking for.

With the IP address of the top level domain server, the recursive DNS can ask the TLD if they know the IP address of the site you want. This continues the trip down the DNS hierarchy.

The interaction between a recursive DNS and root DNS looks something like this:

Root DNS and recursive DNS interaction

There are currently 13 DNS root servers and more than 1,500 top level domains that are stored on each root server. All the root servers hold a copy of these same 1,500+ top level domains. This allows the root servers to double check each other and make sure the information they are storing is accurate. Errors in the root server would prevent you from being able to search for sites on certain domains.

What are the top level domains? Read on to find out.

Top level domain server

Top level domain servers help guide your recursive DNS toward the IP address it is looking for. The TLD servers start the process of separating large groups of IP addresses into hierarchies. Based upon which hierarchy the website you are looking for falls into, that is the TLD that your recursive DNS will question.

You will have a better understanding of this once we provide some examples.

Top level domains are separated into two main categories: organizational hierarchies and geographical hierarchies.

Organizational hierarchies

Organizational hierarchies are divided by the purpose of the domain. This is why you see universities with .edu at the end of their website names. Most university websites will end with .edu and this is an example of an organizational hierarchy.

Other examples of organizational top level domains are:

Organizational domain examples

Geographical hierarchy

Geographical hierarchies are divided by the location of the domain. This is why you see other countries with different endings for their websites. An example of this is Australian-based websites ending in “.au”.

Other examples of geographical top level domains are:

Geographical Domain Examples

As you can see, the top level domain servers only care about the ending of the website you are looking for. This is the first major category that helps point your recursive DNS down the right path.

To recap, the root server will send your recursive DNS the IP address of the TLD server that pertains to the site it is looking for (e.g. the .com TLD). Your recursive DNS will then ask the .com TLD if they have the IP address of the site you are looking for.

Once the top level domain server is asked for the IP address of a specific site in its domain, it points the recursive DNS further down the DNS hierarchy to an authoritative nameserver.

TLD DNS and recursive DNS interaction

Let’s take a look at the authoritative nameserver.

Authoritative nameserver

The authoritative nameserver is the lowest level of the DNS hierarchy. This is the server that actually knows the IP address of the site you want to visit.

Authoritative nameservers are responsible for storing the IP addresses of the different locations in a given domain. In this example where we are trying to find the IP address for network-from-home.com, the authoritative nameserver is jarred.ns.cloudflare.com.

The network-from-home.com website is hosted by Cloudflare, which explains why the Cloudflare nameserver knows its IP address.

When the recursive DNS asks the Cloudflare nameserver what the IP address is, it responds with the IP address for network-from-home.com because it has that information stored on it. No further steps are required.

Authoritative nameserver interaction with recursive DNS

With the IP address of network-from-home.com in hand, the recursive DNS can respond to the browser with this information.

This ends the DNS hierarchy lookup process.

Internet browser

What happens after your recursive DNS delivers the IP address to your browser?

At this point your browser does what you wanted it to in the first place. It contacts the website you want to access by reaching out to its IP address.

Once your request is received from the web server, it sends your browser the webpage you want to look at.

Browser and Web Server Interaction

At long last, your browser will show you the webpage you wanted.

DNS name resolution process

I know that was a lot of information to take in all at once.

To make things easier, let’s break down the steps of a DNS query in one place so it is easier to follow along:

DNS Resolution Step-By-Step

See, it’s not so bad.

If a visual example is easier for you to follow, here is a high-level view of the process:

DNS Query Process

When you consider this all happens in less than a second, you realize how amazing domain name resolution is.

DNS are some of the most underappreciated pieces of equipment on the internet, and the internet is very easy to use because of them.

Let’s move on before I nerd out too much about the benefits of DNS.

Does DNS resolution occur every time I search for a site?

Despite the fact that DNS resolution happens very quickly, it will not happen every time you go to a different website.

If every device on the internet had to perform DNS resolution for every website they visited, the DNS hierarchy would quickly become overwhelmed. This would result in slower resolution times. No one would be happy about this.

DNS cache

To prevent this problem and further speed up resolution times, your device’s operating system keeps a copy of all your recent website searches. This is called your DNS cache.

For any website that you have recently accessed, your operating system will remember the IP address for the fully qualified domain name. This prevents your recursive DNS from having to find the IP address for you. This makes it much faster to get to websites that you frequently visit.

On top of that, DNS cache reduces the burden on the DNS hierarchy. With less people querying the DNS hierarchy, the hierarchy can quickly respond when devices need to find an IP address.

Even if your operating system doesn’t have an IP address in its cache, your recursive DNS has a cache of IP addresses as well. Thousands of people use the same recursive DNS, so if someone else recently searched for the same website that you want to get to, the recursive DNS will have the IP address in its cache. When your device asks for the IP address of a website, it will respond with the IP address without having to ask the DNS hierarchy.

Talk about efficiency!

What if I have the IP address of a site? Can I skip the DNS resolution process?

So far in this post we’ve discussed finding an IP address when you know the fully qualified domain name of the site. What if you only have the IP address and not the fully qualified domain name?

Unfortunately there are no shortcuts here. You can’t avoid DNS resolution simply by typing the IP address of the site you are looking for into the browser.

The reason for this is that some IP addresses host many different websites. The web server you are contacting can only tell what site you are trying to reach by the FQDN that is sent to it. This is included in your request for the web page. When you type an IP address into a browser search bar, the FQDN for the IP address will be found by the DNS.

The process of finding the FQDN for an IP address is called reverse DNS.

I know. Not very original is it?

Anyway, the process for reverse DNS is different than the forward DNS process of finding an IP address for a FQDN. Although the steps involved in reverse DNS are out of the scope of this post, there are some good articles online explaining how it works if you want to learn more.

Wrap up

Hopefully you now have a thorough understanding of DNS and how a DNS query works.

If you are looking to learn more about the recursive DNS you are using (and how to change it), check out our post: Will Changing Your DNS Improve Your Internet Speed?

As always, if you have any questions about DNS feel free to leave a comment below or reach out to me via the Contact Me page.

Ross Ricky

Ross Ricky is an engineer and cybersecurity professional who wants nothing more than for you to get the most out of your home network.

Recent Posts