The Magic of DNS: How the Internet Knows Where to Go

Shweta NigamShweta Nigam
4 min read

Table of contents

DNS (Domain Name System) is like the phonebook of the internet. Instead of remembering complex IP addresses (e.g., 172.217.169.78), DNS lets you type human-friendly domain names (like google.com) and magically finds the correct address for your request.

But behind the scenes, DNS is a complex, hierarchical, and distributed system that involves multiple layers of caching, queries, and records to ensure websites load almost instantly.

How DNS Works Step by Step

When you type google.com in your browser, a series of events take place:

  1. Browser Cache Check:

    • Your browser first checks if it has recently resolved google.com. If found, it uses the cached IP.

  2. OS-Level Cache Check:

    • If the browser doesn’t have the IP, your operating system (Windows/macOS/Linux) checks its local cache.

  3. Recursive DNS Resolver (ISP DNS or Custom DNS like Google DNS 8.8.8.8)

    • If no cache is found, the request is sent to a DNS resolver, usually provided by your ISP.

  4. Root DNS Server Lookup:

    • If the resolver doesn’t know the answer, it asks the Root DNS Servers (located globally).

    • The root servers don’t store IPs but tell the resolver where to find the TLD Name Servers.

  5. TLD (Top-Level Domain) Name Server Lookup:

    • For google.com, the .com TLD Name Server (operated by Verisign) is queried.

    • It doesn’t have the exact IP but directs the resolver to the Authoritative Name Server for google.com.

  6. Authoritative Name Server Lookup:

    • The resolver queries Google's authoritative DNS servers, which provide the correct IP address.

  7. Response and Caching:

    • The resolved IP (142.250.190.14 for google.com) is sent back to your browser.

    • The result is cached at multiple levels to speed up future lookups.

  8. Connecting to the Website:

    • Your browser uses the IP to establish a TCP/UDP connection and fetch the webpage via HTTP/HTTPS.

Internals of DNS

DNS Components

  1. Resolvers:

    • These are the "middlemen" that handle DNS lookups (e.g., Google DNS 8.8.8.8, Cloudflare DNS 1.1.1.1).

  2. Root Name Servers:

    • There are 13 root name servers globally, operated by different organizations (e.g., Verisign, ICANN).

    • These act as the starting point for DNS resolution.

  3. TLD (Top-Level Domain) Servers:

    • Manage domains like .com, .org, .net, .in, etc.

  4. Authoritative Name Servers:

    • The final source of truth for domain-to-IP mappings (e.g., Google’s authoritative server for google.com).

DNS Records (Magic Behind the Scenes)

DNS stores different types of records, each serving a purpose:

  • A Record: Maps a domain to an IPv4 address.

  • AAAA Record: Maps a domain to an IPv6 address.

  • CNAME Record: Creates an alias for a domain (e.g., www.example.comexample.com).

  • MX Record: Used for email servers (Mail Exchange).

  • TXT Record: Stores arbitrary text (used in SPF, DKIM, and security verification).

  • NS Record: Points to the authoritative name servers.

  • PTR Record: Used for reverse DNS lookup (IP → Domain).

DNS Caching (Speeds Up Everything)

DNS caching helps avoid redundant queries by storing previously resolved addresses. It occurs at multiple levels:

  • Browser Cache

  • Operating System Cache

  • ISP Resolver Cache

  • CDN & Edge Servers Cache (like Cloudflare, Akamai)

💡 Example:
If you visit facebook.com, your resolver caches the IP. The next time, it fetches it instantly without querying root/TLD servers.

DNS Security and Challenges

While DNS is powerful, it has vulnerabilities:

1️⃣ DNS Spoofing/Poisoning

  • Attackers trick your resolver into storing a fake IP for a domain.

  • This redirects users to malicious sites.

2️⃣ DDoS Attacks on DNS Servers

  • Overloading DNS servers can disrupt website access globally.

3️⃣ Man-in-the-Middle Attacks

  • Attackers intercept DNS queries and modify responses.

🔐 How DNS Security is Improved?

  • DNSSEC (DNS Security Extensions) → Uses cryptographic signatures to verify responses.

  • Encrypted DNS (DoH & DoT) → Encrypts DNS queries to prevent spying and manipulation.

    • DoH (DNS over HTTPS): Encrypts DNS traffic using HTTPS (e.g., Cloudflare 1.1.1.1).

    • DoT (DNS over TLS): Encrypts DNS using TLS for extra security.

Fun Facts About DNS

💡 The first ever domain name registered was symbolics.com (1985).
💡 Google processes trillions of DNS queries every day.
💡 The .com TLD is the most popular, followed by .org and .net.
💡 Facebook, Google, and Cloudflare operate their own public DNS servers (8.8.8.8, 1.1.1.1).
💡 DNS is highly resilient—even if some servers fail, your internet still works due to redundancy.

DNS in the Real World

🔹 Websites like youtube.com, amazon.com depend on fast DNS resolution to load quickly.
🔹 Businesses use CDNs (like Cloudflare, Akamai) to route traffic via the nearest server for speed.
🔹 ISPs often log DNS queries—privacy-focused users switch to Google DNS 8.8.8.8 or Cloudflare 1.1.1.1.

Conclusion

DNS is the backbone of the internet, translating domain names into IPs in milliseconds. It’s fast, distributed, and resilient, making web browsing seamless. Whether you're streaming Netflix, checking emails, or visiting a website, DNS is always working behind the scenes to connect you to the right place.

0
Subscribe to my newsletter

Read articles from Shweta Nigam directly inside your inbox. Subscribe to the newsletter, and don't miss out.

dns server

Written by

Shweta Nigam
Shweta Nigam