What is DNS and How Does it Work?

10 minute read

Hi, I’m Owen and this is owennelson.co.uk – but what links those names to me and my blog? Your brain does the work when it comes to recognising people, it remembers what they look like and usually does that rather well. Computers on the other hand, they can’t understand names. The domain name (owennelson.co.uk) is there to give us humans something memorable and recognisable. It actually gets resolved into an IP address which is something computers can use. The process for resolving domain names into IP addresses is called DNS (Domain Name System) and I’m going to walk you through how it works.

Let’s imagine that the internet is entirely offline, and each website is a building, if I told you to go and get the latest copy of owennelson.co.uk you’d have to get the yellow pages out and lookup my address. Then you’d have to drive over here, and I’d hand you a copy which you could take back and read. If you wanted to send me mail then you’d need my address for that, which may well differ from the one that has owennelson.co.uk. The point is, DNS provides the ability to use simple, recognisable text in the place of incredibly boring and hard to remember IP addresses.

The internet is built by humans and is extremely logical, it may seem like magic, but the essence of magic is the mystery and mystery is a result of not knowing what’s happening. Though, I will admit that it is amazing that half the things work when you consider how much is done with just electricity. But anyway, DNS is the internet’s equivalent of an incredibly large phone book, if you want to access a website then your computer performs a DNS lookup to find out what IP address the website can be obtained from.

Types of DNS Records

There are several types of DNS record and they all have specific use cases, here’s a list of the most generic ones and what they’re used for:

  • A – This is the simplest type and is used to resolve a domain name into an IPv4 address, an A record lookup is what is performed when you access websites for instance.
  • AAAA – These are the same as an A record but for IPv6 addresses.
  • CNAME – Canonical Name Records are used to point a domain name towards another domain name (i.e. an alias). These are commonly used for CDNs (Content Delivery Networks) and other purposes where it’s not practical to specify “hardcoded” IP addresses.
  • MX – Mail Exchanger records are used to specify email servers. These records don’t (but can, it’s bad practice to do so though) directly resolve to an IP address but rather to an A (or AAAA) record. I’ve built a tool for viewing these records which you can access from here: emailtools.io/apps/mx.
  • TXT – These are used to store text strings such as those used for SPF, DMARC and DKIM which are used to combat email spam. They’re also commonly used for validating domain ownership.
  • NS – Name Server records are a bit interesting, they’re used to delegate a subdomain (which is the bit before the domain i.e. subdomain.owennelson.co.uk) to another set of name servers.
  • CAA – This type of record, Certificate Authority Authorization is a newly adopted record type. It’s used to specify which Certificate Authorities are allowed to issue certificates for a domain.
  • PTR – Pointer Records are rather interesting as they work backwards, they’re used to resolve an IP address to a hostname. They are used for what is called “Reverse DNS” which plays an important role in combating email spam.
  • SOA – Start of Authority records are used to specify administrative information about the DNS zone. They specify an administrative email address, expiry and refresh/retry times and a serial number which is used for versioning.

Types of DNS Server

The next section will make a lot more sense if I explain this. There are several types of DNS server, here’s a list and explanation of the role they provide:

  • Recursive Resolver – These perform a full DNS lookup following the recursive process I talk about below.
  • Caching DNS Server – These are used to cache DNS lookups to reduce load on root, TLD and authoritative name servers, they also help decrease lookup times – they are often used in private networks and by ISPs.
  • Forwarding DNS Server – These don’t have the ability to perform a recursive lookup but instead forward any requests onto a server with a recursive ability.
  • Root Name Server – Explained below
  • TLD Name Server – Explained below
  • Authoritative Name Server – Explained below

The roles of recursive, caching and forwarding can (and often are) combined in some combination. Caching reduces the need to perform identical lookups for the time specified in a record’s TTL (time to live).

You can have a long chain of DNS servers if you so choose, though it will increase the time it takes to perform a lookup so it’s best to keep it as short as possible.

The DNS Resolving Process

Now we get to talk about something that took me a while to get my head around when it was first explained to me. We’ve answered the question of how a domain is transformed into an IP address but not where these DNS records come from. The process used for resolving DNS records is one of a hierarchical nature. As many millions of DNS lookups are performed each day, and as the system is of great interest to attackers, the system has to be widely distributed and resilient.

Okay, so, let’s say that I want to find out more information about me. Why? Because I’m weird? I don’t know, anyway, all I know is that I can get this information from owennelson.me. Let’s type that into our browser. Now, the browser doesn’t have the IP address cached as we haven’t visited it before, and if we had, the record will have expired anyway. So, the browser asks the computer, “Hey, do you know the IP address for owennelson.me?” the computer also doesn’t know so it goes and asks the next hop in the chain, which will usually be, your router.

The router doesn’t know so will forward the request on to what is by default, the DNS servers provided by your ISP (these will likely be recursive caching servers though could forward onto another server instead), they may know as someone else may have visited the site recently and consequently (if it caches the records), it’ll be able to tell us.

dnsFlow1 Overview of the process so far

If the ISP’s DNS server doesn’t know then it’ll have to perform a recursive lookup (or forward onto a server that can). Recursive lookups start by going to the root name servers. These store a list of the Top-Level Domains (TLDs) i.e. .com, .co.uk, .pro (there’s hundreds of them). The root name server will provide the IP addresses of the nameservers for that TLD, in our case, .me.

Little side note, there are 13 root name servers located around the globe (well, each IP address actually corresponds to a whole collection of servers located around the world thanks to magic known as Anycast).

dnsFLow2 The last hops of the recursive process

Anyway, we now have the IP address (or more likely, the A/AAAA record which is then resolved to an IP address) for name servers controlling the TLD. The server will then ask the TLD name server for the authoritative nameservers assigned to our domain, owennelson.me.

Finally, the authoritative nameserver will return the record we have requested, the A record belonging to owennelson.me. Our browser can now ask that IP address for my site and bam, we have a large picture of my face.

That entire process is completed in a few dozen milliseconds and will happen several times for each site you visit (as they usually include resources from other domains) and also hundreds of times a day for the software running on your computer. My home network performs somewhere around 10-20,000 lookups a day.


DNS is in essence, a fairly simple system. It’s made to seem complex because of its sheer scale. Little side note, when changing the authoritative name servers for a domain you own, it’s often accompanied by a message stating that it may take up to 48 hours for the changes to propagate. The delay is a result of lookups being cached by servers all around the world, in reality it’ll usually take a lot less time. It will depend on how long your records were set to be valid for (their Time to Live or TTL). Individual record changes will also take a while depending on what you set their TTL to (how long clients can consider them valid).

Anyway, that is a fairly in depth look at the process that is the DNS. There’s an awful lot more I could talk about such as DNSSEC, best practices, other record types etc, but I’ll save those for another day. If there’s anything you’d like to know, please leave a comment below or send me a message on social media or via email.

Short link on-te.ch/dns