DNS resolution process
DNS Terminology
When we talk about DNS there are a lot of concepts that are always mentioned: TLD, FQDN, HOST, DOMAIN, SUBDOMAIN but what does that even mean? or how can this be easily understood?
So, before starting with this deep dive, we will check the basic concepts of the DNS terminology, and hopefully, this explanation is easy and clear enough to understand.
Let’s take as an example the following address dev.google.com. here we have a lot to check! We have a TLD, a subdomain, and a root domain, are you able to spot it? If not, let me show you a small trick to identify them.
When working with those addresses we need to follow a similar logic as a binary tree in which we have a root parent and different depth levels, this is really helpful to have a visual way to represent each concept!
Returning back to our previous example dev.google.com. this address is always read from right to left! In which just the initial dot “.” will be considered (any other “dots” will be skipped). This initial dot represents the root of our tree. And then each of the content of dev google com will be added in each node, following the same order from right to left
You may be wondering why I’m showing you this? Well, Following this structure, if we put that in that way we can easily break down each of the concepts that that specific address has. The “dot” is the root of our address, the com represents the TLD (top-level domain), google the domain name, and dev the subdomain. With that strategy, we were able to break down which part of the address was associated with which concept!
Now that we understood how to break down those, let’s check in detail what are those concepts.
- Root Name Server: The root of the Domain Name System (DNS) hierarch
- TLD (Top Level Domain): The first stop after the Root name server, this contains: com, org, net, UK, edu, etc. There are also different types, the generics (gTLD), country code (ccTLD), Sponsored (sTLD), and reserved TLD like .localhost or .example which are not permanently available.
- domain name: Like in the yellow-pages in the old times, associate a human-readable name to an IP via DNS A records to IPv4 or AAAA records to IPv6
- Subdomain: A domain that is a part of another domain, in this case, the domain name.
DNS resolution process
When you type google.com there is a lot of “magic” going behind scenes, but how does that magic work? The DNS runs on port 53 and helps us to resolve a HOST to IP address, based on some DNS Records, the A, and AAAA respectively, there are other DNS record types such as the image below, but the important thing here to know is that DNS works like the old yellow pages where you were able to find phone numbers (IP’s) based on someone’s name (domain name)
When we type google.com., our computer will first check its local cache to find any association, if nothing is found there:
1- It will call the Recursive DNS which will help us to communicate with the other DNS servers, this recursive DNS has its own local cache
2- If nothing is found, it will go to the root name server (remember, the . in the google.com.)
3- And will answer with the IP of the TLD server, in our example the .com server.
4- Then the recursive DNS will call the TLD based on the IP retrieved from the Root nameserver (step #3)
5- Here the TLD will replay with the IP of the SLD (Second Level Domain)
6- We call asking for the IP of that DNS to the TLD
7- And finally here it will replay to us with the address
8- The recursive DNS Resolver will save in its own cache the domain-IP record to avoid that big call the next time is requested and will send the info to the user.
Remember that the DNS is not secure and runs on port 53, in order to achieve security you should adopt DNSSEC approach which add an extra layer to provide integrity and authenticity of the data in transit. I hope this helps you to understand better the resolution process the next time you type google.com in your browser!
