Skip to main content
HashnodeCommit & Push

Command Palette

Search for a command to run...

How DNS Resolution Works

Published
4 min read
How DNS Resolution Works
J
Jadhav Jivesh

What is DNS and Why Name Resolution Exists

DNS, or Domain Name System, is like the internet's friendly guide. While the internet uses IP addresses, which are just strings of numbers like 142.250.190.14, we humans prefer to remember names like google.com. DNS helps by turning those easy-to-remember names into IP addresses, a process called name resolution. So, every time you type a website into your browser, DNS is the first step in finding where that website lives. Think of DNS as the internet’s phonebook!

What is the dig Command and When is it Used

The dig command, short for Domain Information Groper, is a handy tool for anyone who needs to peek into the world of DNS. It's a command-line tool that helps programmers, system administrators, and cybersecurity engineers to:

  • Debug DNS issues

  • Verify DNS records

  • Understand how name resolution works

  • Check authoritative name servers

  • Trace the resolution path of a domain

What makes dig so useful is that it shows exactly what DNS servers say, without hiding any details.

Getting the Hang of dig . NS and Root Name Servers

DNS works in layers, and right at the top is the root zone. This zone is symbolized by a simple dot:

.

When you run:

dig . NS

You're basically asking:

"Hey, which name servers handle the root of DNS?"

The answer will list root name servers like:

a.root-servers.net
b.root-servers.net
c.root-servers.net

These servers don't directly know the IP address of google.com. Their job is to guide queries to the next level, which are the TLD servers. Root name servers are where global DNS resolution kicks off.

Getting to Know dig com NS and TLD Name Servers

After the root zone, we have the Top-Level Domain (TLD) layer.

Some TLD examples are:

.com
.org
.in
.net

When you run:

dig com NS

You're asking:

"Which name servers are in charge of the .com domain?"

The result will show TLD name servers like:

a.gtld-servers.net
b.gtld-servers.net

These servers handle info about domains under .com. They still don't give you the IP address of google.com. Instead, they direct you to the authoritative name servers for that specific domain.

Getting the Hang of dig google.com NS and Authoritative Name Servers

Now, let's dive into the domain itself.

If you run:

dig google.com NS

You're basically asking:

"Hey, which name servers are the real deal for google.com?"

You'll get a list of Google's authoritative servers, like:

ns1.google.com
ns2.google.com
ns3.google.com
ns4.google.com

These servers are the go-to sources for the domain.

They hold the actual DNS records, such as:

  • A records (IPv4 addresses)

  • AAAA records (IPv6 addresses)

  • MX records (email routing)

  • TXT records (verification)

Authoritative servers are the last stop in DNS resolution.

Getting to Know dig google.com and the Full DNS Resolution Flow

Finally, if you run:

dig google.com

You're asking:

"What's the IP address for google.com?"

The output will show an A record response like:

google.com → 142.250.x.x

This is the final piece that browsers need.

When you type google.com in your browser:

  1. Your computer asks a recursive resolver (usually your ISP or Google DNS)

  2. The resolver checks with the root servers

  3. Root servers point to .com TLD servers

  4. TLD servers point to google.com authoritative servers

  5. Authoritative servers give back the IP address

  6. The browser connects to that IP and loads the website

This whole process usually takes just milliseconds, and caching speeds it up even more.

Why NS Records Matter in DNS Resolution

NS records tell us which servers handle a specific zone. They're important because DNS is all about delegation:

  • The root points to the TLD

  • The TLD points to the domain

  • The domain points to the authoritative servers

Without NS records, DNS wouldn't know where to go next. They really are the backbone of the internet’s naming system.

What Recursive Resolvers Do Behind the Scenes

Most people never directly query root or TLD servers. Instead, recursive resolvers do all the heavy lifting:

  • They start at the root

  • Follow NS delegations step by step

  • Cache results to make things faster

  • Return the final IP address to your device

So, even when you just type google.com, the resolver is busy doing a multi-layer lookup behind the scenes. The dig command helps you see this process clearly.

Connecting dig to Real Browser Requests

When a browser loads a website, it needs to know the server IP first. DNS resolution is the first step in every web request. The command:

dig [google.com](http://google.com)

shows exactly what happens before any HTTP or HTTPS traffic starts. Understanding dig gives you a deeper insight into how browsers, servers, and DNS work together.

Conclusion

DNS resolution works in layers:

Root → TLD → Authoritative

dig is a fantastic tool to check out this process.

By running these commands in order:

You get a clear picture of how DNS delegation and name resolution really work.

This know-how is super important for web development, networking, and cybersecurity.

#dns#networking#linux#cybersecurity#dig#system-design

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

Commit & Push

14 posts