BestHub
Sign in
Operations 13 min read

How DNS Works: From Browser Query to IP Resolution and Server Configuration

This article explains the DNS protocol, covering forward and reverse lookups, the step‑by‑step query process involving caches, root, TLD and authoritative servers, and provides practical BIND configuration examples for forward, reverse, slave, and forwarding DNS setups.

Raymond Ops
Raymond Ops
Raymond Ops
How DNS Works: From Browser Query to IP Resolution and Server Configuration

DNS Protocol

1. DNS: Domain Name System

Host resolution includes forward resolution (hostname to IP) and reverse resolution (IP to hostname). Fully Qualified Domain Name (FQDN) is the complete domain name.

How DNS queries work

1. User enters a URL

When you type www.example.com in a browser, it needs the corresponding IP address because computers communicate via IP.

2. Local cache lookup

The browser first checks its local DNS cache. If a record exists, it uses the cached IP address directly.

3. Operating system queries DNS server

If the cache misses, the OS queries the configured DNS server, usually provided by the ISP or a third‑party such as Google (8.8.8.8) or Cloudflare (1.1.1.1).

4. Recursive query process

If the local DNS server lacks the record, it performs a recursive lookup, contacting multiple DNS servers in order.

Root DNS server : receives the request and directs it to the appropriate top‑level domain (e.g., .com, .org, .net).

TLD server : based on the domain (e.g., example.com) returns the address of the authoritative DNS server.

Authoritative DNS server : holds the definitive records and returns the final IP address.

5. Retrieve IP address

The authoritative server returns an IPv4 address such as 192.0.2.1 or an IPv6 address such as 2001:db8::1. The OS passes this IP to the browser, which then connects to the target server.

6. Local caching

Both DNS servers and the OS cache the result to speed up subsequent queries.

DNS query flow diagram

Browser request → OS cache lookup → (cache hit) use cached IP
               → (miss) query DNS server → DNS server queries root → root returns TLD → TLD returns authoritative → authoritative returns IP → Browser loads page
Record types: A, AAAA, CNAME, MX, NS, TXT

Configuring a DNS server (BIND)

1. Install bind package
   yum install -y bind
2. Enable and start named service
   systemctl enable named.service --now
3. Reload (not restart) to keep cache
4. Verify port 53 is listening (e.g., netstat -tunpl | grep -w 53)
5. Edit /etc/named.conf, e.g.:

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file "/var/named/data/named.secroots";
    recursing-file "/var/named/data/named.recursing";
    allow-query { localhost; };
    recursion yes;
};

zone "8.168.192.in-addr.arpa" IN {
    type master;
    file "named.yutianedu";
    allow-update { none; };
};

zone "." IN {
    type hint;
    file "named.ca";
};

Setting up forward (authoritative) DNS

# Add zone to /etc/named.rfc1912.zones
zone "myopenai.com" IN {
    type master;
    file "named.myopenai";
    allow-update { none; };
}

# Example zone file (named.myopenai)
TTL 1D
@   IN  SOA ns.myopenai.com. root.myopenai.com. (
        0   ; serial
        1D  ; refresh
        1H  ; retry
        1W  ; expire
        3H ) ; minimum
    NS  ns.myopenai.com.
ns  A   192.168.5.11
www A   192.168.5.11
ftp A   192.168.5.12
web CNAME www.baidu.com.

Configuring reverse DNS

# /etc/named.rfc1912.zones
zone "5.168.192.in-addr.arpa" IN {
    type master;
    file "named.my";
    allow-update { none; };
}

# named.my
TTL 1D
@   IN  SOA ns.myopenai.com. root.myopenai.com. (
        0   ; serial
        1D  ; refresh
        1H  ; retry
        1W  ; expire
        3H ) ; minimum
    NS  ns.myopenai.com.
ns  A   192.168.5.11
11  PTR www.myopenai.com.

Setting up a slave DNS for high availability

# Slave /etc/named.conf
options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file "/var/named/data/named.secroots";
    recursing-file "/var/named/data/named.recursing";
    allow-query { any; };
}

# /etc/named.rfc1912.zones
zone "myopenai.com" IN {
    type slave;
    file "slaves/named.myopai";
    masters { 192.168.5.101; };
}
zone "5.168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/myopai.zone";
    masters { 192.168.5.101; };
}

Configuring DNS forwarding

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    forwarders { 192.168.8.254; };
    forward first;   # try local resolution first, then forward
}
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DNSServer ConfigurationBINDRecursive Lookup
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment