How DNS Resolution Works

DNS is the Internet’s phonebook

The internet runs on IP addresses.
Humans run on names.

DNS exists to bridge that gap.

DNS is the phonebook of the internet.

When you type google.com in a browser, the browser does not magically know where Google lives.
It needs to resolve the name into an IP address.

That process is called DNS resolution.

This article explains how that resolution actually works, layer by layer, using a real diagnostic tool called dig.

Why name resolution exists at all

Imagine if you had to remember this every time:

142.250.195.46

Instead of:

google.com

Name resolution exists because:

• IPs change

• names are stable

• Humans are bad at numbers

DNS gives us human-friendly naming with machine-level precision.

Introducing dig

dig stands for Domain Information Groper.

Think of it as:

a tool that lets you inspect how DNS resolution works, step by step.

Browsers hide DNS from you.
dig exposes it.

You use dig when you want to:

• debug DNS issues

• understand where a domain is resolved from

• Inspect name servers

• learn how resolution actually happens

DNS resolution happens in layers

DNS is hierarchical.
No single server knows everything.

Resolution happens in this order:

1. Root name servers

2. TLD (Top Level Domain) name servers (.com, .org, .in)

3. Authoritative name servers (domain owner)

Let us walk through this using dig.

Step 1: Root name servers

dig . NS

This asks:

“Who are the name servers for the root of DNS?”

The dot . represents the DNS root.

What root servers do

• They do not know the IPs for Google.com

• They only know where TLDs live

Think of root servers as:

a receptionist who only tells you which department to visit

Root servers point you to TLD servers.

Step 2: TLD name servers

dig com NS

This asks:

“Who manages domains ending with .com?”

TLD servers:

• do not know IPs either

• know which authoritative servers handle each domain

Analogy:

You reached the correct building, now you are told which office owns which file.

Step 3: Authoritative name servers

dig google.com NS

This asks:

“Which name servers are responsible for google.com?”

These servers are authoritative.
They own the DNS records for the domain.

They know:

• A records

• AAAA records

• MX records

• TXT records

This is the final authority.

Why NS records matter so much

NS records define delegation of responsibility.

They answer:

“Who is allowed to speak the truth for this domain?”

Without correct NS records:

• DNS breaks

• Websites go offline

• Email stops working

This is why DNS changes can be dangerous if done blindly.

Step 4: Full resolution

dig google.com

This performs the complete DNS resolution.

Behind the scenes, a recursive resolver:

1. asks root servers

2. asks TLD servers

3. asks authoritative servers

4. Returns the final IP

Your browser usually talks to a recursive resolver provided by:

• your ISP

• Google DNS

• Cloudflare DNS

You do not see these steps, but they happen every time.

How this connects to real browser requests

When you open a website:

1. The browser asks the OS for the IP

2. OS asks the recursive resolver

3. Resolver performs DNS resolution

4. IP is returned

5. The browser connects to the server

DNS resolution always happens before HTTP.

No DNS, no website.

System design perspective: why DNS scales

DNS works at a global scale because:

• Responsibility is distributed

• Caching reduces load

• No single point knows everything

• Hierarchy limits blast radius

Key takeaways

• DNS is hierarchical, not flat

• Name resolution happens in layers

• Root servers guide, not answer

• Authoritative servers own the truth

• Recursive resolvers do the hard work for clients

• dig lets you see what browsers hide

If you understand this flow, DNS stops being mysterious.