How DNS Resolves Domain Names: From Browser to IP Address

DNS Protocol

1. DNS: Domain Name System

Host resolution

Forward resolution: convert computer name to IP address

Reverse resolution: convert IP address to computer name

FQDN (Fully Qualified Domain Name)

How DNS query works

1. User enters URL

When you type www.example.com, the browser first needs to know the IP address corresponding to the domain name because computers communicate via IP addresses.

2. Local cache lookup

The browser checks its local DNS cache. Each visit caches the DNS result, so subsequent visits can use the cached IP address without a new query.

If a matching record exists in the cache, the browser uses that IP address directly.

3. OS queries DNS server

If the cache lacks the record, the operating system queries the configured DNS server (often provided by the ISP or a third‑party such as Google 8.8.8.8 or Cloudflare 1.1.1.1).

4. Recursive query process

If the local DNS server also lacks the record, it starts a recursive query that traverses multiple DNS servers.

Root DNS servers : The request first goes to root servers, which manage top‑level domains such as .com, .org, .net.

Top‑level domain (TLD) servers : The root server directs the query to the appropriate TLD server for the domain (e.g., the .com TLD server for example.com).

Authoritative DNS servers : The TLD server returns the address of the authoritative DNS server, which holds the definitive records for the domain and returns the final IP address.

5. Get IP address

The authoritative server returns the IP address, which may be IPv4 (e.g., 192.0.2.1) or IPv6 (e.g., 2001:db8::1).

After the result is returned, the operating system passes the IP address to the browser, which can then connect to the target server.

6. Local caching

Both DNS servers and the operating system cache results to improve efficiency, so subsequent accesses to the same domain can use the cached IP address without repeating the full lookup.

DNS query diagram

Browser requests domain resolution →
OS checks local cache →
Cache hit: use cached IP address.
Cache miss: query DNS server →
DNS server queries root DNS server →
Root returns TLD server address →
TLD returns authoritative DNS server address →
Authoritative server returns final IP address →
Browser accesses IP address and loads page.

DNS record types:
A record: maps domain to IPv4 address.
AAAA record: maps domain to IPv6 address.
CNAME record: alias to another domain.
MX record: mail exchange server.
NS record: authoritative name server.
TXT record: stores arbitrary text (e.g., domain verification).

Configuring DNS server

1. Install bind package
[root@web01 network-scripts]# yum install -y bind
2. Start named service
[root@web01 network-scripts]# systemctl enable named.service --now
3. Note: reload DNS service instead of restart to preserve cache.
4. Check listening ports
[root@web01 network-scripts]# netstat -tunpl | grep -w 53
# Example output showing named and dnsmasq listening on port 53
5. Edit configuration file
[root@web01 network-scripts]# vim /etc/named.conf
options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file "/var/named/data/named.secroots";
    recursing-file "/var/named/data/named.recursing";
    allow-query { localhost; };
    recursion yes;
};
zone "8.168.192.in-addr.arpa" IN {
    type master;
    file "named.yutianedu";
    allow-update { none; };
};
# Root zone
zone "." IN {
    type hint;
    file "named.ca";
};

Configure forward DNS (permissions note)

zone "myopenai.com" IN {
    type master;
    file "named.myopenai";
    allow-update { none; };
};
# Example zone file
$TTL 1D
@   IN  SOA ns.myopenai.com. root.myopenai.com. (
        0 ; serial
        1D ; refresh
        1H ; retry
        1W ; expire
        3H ) ; minimum
    NS  ns.myopenai.com.
ns  A   192.168.5.11
www A   192.168.5.11
ftp A   192.168.5.12
web CNAME www.baidu.com.
# Test
nslookup www.myopenai.com

Configure reverse DNS

zone "5.168.192.in-addr.arpa" IN {
    type master;
    file "named.my";
    allow-update { none; };
};
# Reverse zone file
$TTL 1D
@   IN  SOA ns.myopenai.com. root.myopenai.com. (
        0 ; serial
        1D ; refresh
        1H ; retry
        1W ; expire
        3H ) ; minimum
    NS  ns.myopenai.com.
ns  A   192.168.5.11
11  PTR www.myopenai.com.
# Test
nslookup 192.168.5.11

Auxiliary DNS setup (high‑availability cluster)

# Master DNS: 192.168.5.101
# Slave DNS: 192.168.5.102
# Slave configuration (named.conf)
options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file "/var/named/data/named.secroots";
    recursing-file "/var/named/data/named.recursing";
    allow-query { any; };
};
# Slave zones
zone "myopenai.com" IN {
    type slave;
    file "slaves/named.myopai";
    masters { 192.168.5.101; };
};
zone "5.168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/myopai.zone";
    masters { 192.168.5.101; };
};
# Test: stop master and query via slave
systemctl stop named.service
nslookup www.myopenai.com

Forwarding DNS

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    allow-query { any; };
    forwarders { 114.114.114.114; };
    forward first;   # Try local resolution first, then forwarder
}
# forward only; would send all queries directly to the forwarder.