Search code examples
dnsnameservers

The process of DNS lookup

I am a lot confused in this process of how DNS works. Every link is saying different things, which probably will be the same, but I cannot understand. I'll try to put forward all what I know and have read. Please add on to this and correct wherever things are wrong.

  1. Type www.example.com in your browser's address bar.
  2. The browser sends a request to the system's OS to check in the hosts file.
  3. The OS checks the hosts file if there exists a record having IP of example.com domain.
  4. If the record exists, the IP address is returned to the browser. The browser then sends the request for the webpage directly to the IP address.
  5. If the record in Step 3 doesn't exists, the browser gets a response from OS that the record is not found. The browser then asks the IP from DNS servers. (Is this correct? Browser gets a negative response and it sends requests to DNS servers or is it OS which directly requests DNS servers for IP once it knows hosts file doesnot contain the required record).
  6. Now, my main doubt. What exactly are DNS servers? Are they what we call name-servers? Where do they reside? Who provides us with these name-servers? Browser sends them request or OS?

This post says DNS servers are configured on our systems and OS sends a request to these servers. Now, where do DNS resolvers come then. What are they doing. This post says DNS resolvers are computers owned by ISPs which does the translation. Then is the sequence of request like Browser -> Hosts File-> DNS resolvers -> DNS servers ? But who sends request to whom?

Please correct the above. Any help will be appreciated.

Solution

  • One through five in your list are correct. The browser asks your DNS resolver (your ISP's or whatever you put in your network settings). If the resolver doesn't know the answer it starts asking around.

    I'll use stackoverflow.com as an example

    1. The resolver asks the root servers and they answer with the TLD servers authoritative for com.

    2. The resolver asks the TLD servers and they answer with the name servers configured for stackoverflow.com at the domain registrar.

    3. The resolver asks the name servers and they respond with the A record(s)

    4. The resolver caches the A record for a given time (either the TTL of the record or it has its own time overwriting the TTL given by the name servers) and when the resolver is asked again it returns what it has in the cache (unless the TTL has expired, then it starts asking again)

    To summarize it looks like this:

    Browser -> Hosts File -> DNS resolver ->(rq*) Root servers -> TLD servers -> Name servers -> NS records

    • rq - recursive query

    The NS records are asked if you want to open www.stackoverflow.com, they are like name servers (NS actually stands for name server), but for sub domains.