DNS is the reason you can visit sites like blog.serhatsari.dev without memorizing complex IP addresses. Curious to know how it works?
Our computers need IP addresses to access websites and services. Every website has an IP address and it could be like 121.7.106.83 or 123.52.35.23. Since we use many websites in our daily lives, it would be hard for us to memorize all these IP addresses. That's where DNS comes in.
Before diving into DNS, let's first understand what a domain is, and more specifically, what a Fully Qualified Domain Name (FQDN) is.
FQDN (Fully Qualified Domain Name)
We use domain names to access websites like serhatsari.dev. and github.com. FQDN is the complete version of a domain name that indicates the precise location of a host or website. Here is an example of FQDN:
It contains several fields that Domain Name System (DNS) uses to locate the IP addresses of the websites or services.
Note: Every domain implicitly ends with a dot (.) that represents the root of the DNS hierarchy.
DNS (Domain Name System)
DNS (Domain Name System) translates domain names into their corresponding IP addresses. When you type a website address into your browser, DNS servers quickly find the right IP address for that domain so that your device can use this IP to connect to the website. Without DNS, we'd have to remember IP addresses for every website we visit.
Definition: The DNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database.
DNS Architecture
DNS can be viewed as a globally distributed set of databases that store mappings between domain names and their associated IP addresses—essentially functioning like a large-scale key-value store. If all DNS does is match domain names to IP addresses, then why don’t we just have one huge database with every domain in the world?
Such a centralized approach would introduce a single point of failure, severely limit scalability, and lead to significant performance bottlenecks under high query loads. To address these challenges, DNS is architected as a hierarchical and distributed system, enabling improved fault tolerance, horizontal scalability, and low-latency resolution across globally distributed networks.
DNS Classes
To improve efficiency and scalability, DNS relies on three main types of servers: root DNS servers, TLD servers, and authoritative servers. Each type handles a distinct part of the lookup process. This creates a tree-like structure, as shown below:
So, let's take a detailed look at each class type:
1- Root DNS Servers: These servers are the starting point for resolving domain names. They know the IP addresses of the TLD name servers. They can tell us where to find the nameservers for each top-level domains like .com, .net.
There are over 1,900 instances of root servers distributed worldwide. These instances are replicas of 13 unique root servers, managed by 12 different organizations and coordinated by the IANA (Internet Assigned Numbers Authority).
Note: You can view the locations of the root servers on the Root Servers website.
Note: You can see the list of the the nameservers for the Root DNS zone in IANA website
2- TLD (Top-Level Domain) DNS Servers: TLD DNS servers store information about domain names within a specific TLD, such as .com or .org. They respond to queries by providing the IP addresses of the authoritative DNS servers for the requested second-level domain like serhatsari.dev.
There are TLD servers for various domain extensions like country-code domains (.uk, .fr) or generic domains (.com, .edu). They are managed by different organizations and are typically distributed worldwide for redundancy and faster access.
3- Authoritative DNS Servers: These servers are the final source of truth for domain name resolution. When a query reaches an authoritative DNS server, it provides the IP address or other resource records (like MX records for email routing) of the requested domain. Authoritative servers store the DNS records for specific domains, and they respond to queries from users or other DNS servers.
Local DNS server
A local DNS server is responsible for handling DNS queries within a specific network, such as a private network or an ISP's network. It often stores previously resolved domain names in its cache to speed up future queries. When a device requests a domain, the local DNS server first checks its cache to see if it has the IP address. If the record is not found, the local DNS server acts as a DNS resolver by querying higher-level DNS servers (like root, TLD, and authoritative servers) to resolve the domain name.
DNS Resolvers
DNS resolver refers to the software or service that initiates the DNS query process. It can be part of the local DNS server, but it is responsible for querying DNS servers (root, TLD, authoritative) to resolve domain names into IP addresses. If a local DNS server does not have the required domain information in its cache, the resolver begins the process of querying other DNS servers, retrieves the IP address, and then returns it to the requesting device. DNS resolver is the part of the system that performs the actual resolution.
DNS Flow
Let's see how DNS works to get the IP address(es) of the blog.serhatsari.dev domain:
0- We are gonna be using Cloudflare's DNS resolver (1.1.1.1) and dig command throughout this flow.
1- At first, our DNS client should send a DNS query to root servers to learn the IP address(es) of the (.dev) TLD servers. So let's first see the root servers.
$ dig +short . NS @1.1.1.1
a.root-servers.net.
b.root-servers.net.
c.root-servers.net.
d.root-servers.net.
e.root-servers.net.
f.root-servers.net.
g.root-servers.net.
h.root-servers.net.
i.root-servers.net.
j.root-servers.net.
k.root-servers.net.
l.root-servers.net.
m.root-servers.net.
It returns the domain names for all root servers. Let's get the IP address of the a.root-servers.net. root server.
$ dig +short a.root-servers.net. A @1.1.1.1
198.41.0.4
2- Now, we know the IP address of the one of the root servers. We can learn which TLD servers manages .dev top-level domain by sending a query to that root server.
$ dig +norecurse +noanswer dev @198.41.0.4
;; AUTHORITY SECTION:
dev. 172800 IN NS ns-tld1.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld3.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld5.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld2.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld4.charlestonroadregistry.com.
;; ADDITIONAL SECTION:
ns-tld1.charlestonroadregistry.com. 172800 IN A 216.239.32.105
ns-tld1.charlestonroadregistry.com. 172800 IN AAAA 2001:4860:4802:32::69
ns-tld3.charlestonroadregistry.com. 172800 IN A 216.239.36.105
ns-tld3.charlestonroadregistry.com. 172800 IN AAAA 2001:4860:4802:36::69
ns-tld5.charlestonroadregistry.com. 172800 IN A 216.239.60.105
ns-tld5.charlestonroadregistry.com. 172800 IN AAAA 2001:4860:4805::69
ns-tld2.charlestonroadregistry.com. 172800 IN A 216.239.34.105
ns-tld2.charlestonroadregistry.com. 172800 IN AAAA 2001:4860:4802:34::69
ns-tld4.charlestonroadregistry.com. 172800 IN A 216.239.38.105
ns-tld4.charlestonroadregistry.com. 172800 IN AAAA 2001:4860:4802:38::69
* I shortened the output of the dig command.
We can see the servers and their IP addresses that are responsible for the .dev top-level domain.
3- Then we can query one of these .dev TLD servers to learn the nameservers that manages serhatsari.dev domain.
$ dig serhatsari.dev @216.239.32.105
;; QUESTION SECTION:
;serhatsari.dev. IN A
;; AUTHORITY SECTION:
serhatsari.dev. 10800 IN NS kurt.ns.cloudflare.com.
serhatsari.dev. 10800 IN NS hadlee.ns.cloudflare.com.
This gave us the nameservers that manages our domain. Here we see kurt.ns.cloudflare.com. and hadlee.ns.cloudflare.com. are responsible for serhatsari.dev.
Let's get the IP address(es) of the hadlee.ns.cloudflare.com. nameserver.
$ dig +short hadlee.ns.cloudflare.com.
108.162.194.67
162.159.38.67
172.64.34.67
For this nameserver, we have 3 IP addresses.
4- Lastly, we can use one of these IP address of the nameserver to learn the IP address of our domain: blog.serhatsari.dev.
$ dig +short blog.serhatsari.dev 108.162.194.67
104.21.90.130
172.67.200.166
108.162.194.67
And we got the result :-)