How DNS Works: A Primer

The Domain Name System is critical to fundamental IP networking. Learn DNS basics in this primer.

Network Computing logo

DNS has been in the news a great deal as of late. First, there was the controversy over the United States government essentially handing over control of the Internet's root domain naming system. Then DNS made headlines when cybercriminals performed three separate distributed denial of service (DDoS) attacks on a major DNS service provider by leveraging a botnet army of millions of compromised IoT devices. Yet with all the hoopla surrounding DNS, it surprises me how many IT pros don't fully understand DNS and how it actually works.

DNS stands for Domain Name System. Its purpose is to resolve and translate human-readable website names to IPv4 or IPv6 addresses. Technically speaking, it's not a necessary part of the networking processes. Rather, DNS simply makes it easier for human beings to know and remember what server they are trying to reach. For example, it's much easier to remember that if you want to perform an internet web search, you type in as opposed to the IPv4 address of

Most people in IT understand that DNS is used to translate domain names to IP addresses. Where things get sketchy is the actual operation of how DNS functions each time you use it. To illustrate how DNS works, let's pretend we're sitting at an internet-connected laptop with a web browser opened. We type into the search bar. Because this is a domain name as opposed to an IP address, our browser must find information on what IP address is associated with Depending on several factors, this can be a single- or multi-step process.

The first place the browser checks is your web browser DNS cache. This cache is local to the browser application and the expiration timer for the cache is typically set low. For example, Firefox uses a 60-second cache timeout value. If the entry is not listed here, the browser then asks the local operating system DNS cache table. Like the web browser cache, operating systems maintain their own DNS table listing recently translated domain name to IP address lookups. That way, you're not wasting network resources continuously performing DNS lookups for commonly accessed domains. Typical OS DNS caching times, including modern Windows desktop operating systems, are usually set to 24 hours by default.




Let's assume in our example that we haven't visited for a few days. Therefore, our lookup in both our local application and OS DNS cache turn up no results. The next step is for the OS to query the DNS server that has either been statically assigned,  or provided through the DHCP process on the network interface currently in use. Within enterprise networks, this is typically an internally controlled server or set of servers. If you don’t maintain an internal recursive DNS servers, client devices may be pointed to a local DNS forwarder, a DNS service provider such as Cloudflare, Dyn or OpenDNS, or a public server like those operated by Google.




Now, if by chance, the recursive DNS server you reach out to doesn't have an entry for the domain name you're looking for, it can perform a DNS forward query to move up to yet another level in the DNS chain. In our example, if there is no match for in the recursive DNS server, the recursive server will first look to see if it knows of any servers in the domain. If not, it will then just look at .com.

As a last resort, it queries the Internet root servers. These servers control all the top-level domain (TLD) information, .org and .us. The root server will then point the recursive server to the proper name server for the specific TLD, which in our example is .com. A trickle-down approach is then used to either find the domain-name-to-IP mapping, or give up at which time the recursive server would return a non-existent domain message back to the laptop that originated the query.

Knowing what DNS is and how it operates helps you understand you the ICANN controversy and how the recent rash of DDoS attacks on DNS servers crippled access to parts of the Internet where domain names are largely used. In last month's DDoS attack on Dyn, a botnet flooded it with millions of requests per second. These bogus requests bogged down the network and prevented real users from properly resolving their legitimate DNS requests.

DNS is a critical part of how we use IP networks today, and its management and security will continue to be hot topics of conversation.

About the Author(s)

Andrew Froehlich, President, West Gate Networks

President, West Gate Networks

As a highly experienced network architect and trusted IT consultant with worldwide contacts, particularly in the United States and Southeast Asia, Andrew Froehlich has nearly two decades of experience and possesses multiple industry certifications in the field of enterprise networking. Froehlich has participated in the design and maintenance of networks for State Farm Insurance, United Airlines, Chicago-area schools and the University of Chicago Medical Center. He is the founder and president of Loveland, Colo.-based West Gate Networks, which specializes in enterprise network architectures and data center build outs. The author of two Cisco certification study guides published by Sybex, he is a regular contributor to multiple enterprise IT related websites and trade journals with insights into rapidly changing developments in the IT industry.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights