Master DNS: From Basics to Advanced Queries Explained

DNS (Domain Name System) is one of the core Internet protocols; understanding it is essential for both browsing and development.

1. What is DNS?

DNS translates domain names into IP addresses, acting like a massive phone book. For example, the domain math.stackexchange.com resolves to the IP 151.101.129.69.

2. Query Process

Although the result is a single IP address, the DNS lookup involves multiple steps. The dig tool can display the entire process. $ dig math.stackexchange.com The output consists of six sections:

Query parameters and statistics.

Query content.

DNS server response.

NS records of the top‑level domain.

IP addresses of the authoritative name servers.

Transmission details such as server IP, port (53), and response length.

Using the +short option simplifies the output to just the A records: $ dig +short math.stackexchange.com Result:

151.101.129.69
151.101.65.69
151.101.193.69
151.101.1.69

3. DNS Servers

The local machine must know the IP address of a DNS server to resolve domain names. DNS server addresses may be assigned dynamically via DHCP or configured statically (e.g., in /etc/resolv.conf). Common public DNS servers include Google’s 8.8.8.8 and Level 3’s 4.2.2.2. The @ flag in dig specifies a different server:

$ dig @4.2.2.2 math.stackexchange.com

4. Domain Hierarchy

Domain names are hierarchical: host.sld.tld.root. The root zone is implicit and usually omitted (e.g., www.example.com. ends with a trailing dot). The hierarchy consists of root, top‑level domain (TLD), second‑level domain (SLD), and host.

host.sld.tld.root

5. Root Name Servers

Root servers store NS records for all TLDs. There are thirteen root server groups (A‑M) with stable IP addresses such as 198.41.0.4 (A.ROOT‑SERVERS.NET). Their TTL values are very long (e.g., 1 000 hours), so they are cached for extended periods.

6. Hierarchical Query Example

Using dig +trace shows the full resolution path from the root to the final A records. $ dig +trace math.stackexchange.com The process queries root servers for TLD NS records, then the TLD servers for SLD NS records, and finally the authoritative server for the host’s A records.

7. Querying NS Records

Specific NS records can be retrieved with:

$ dig ns com
$ dig ns stackexchange.com

Adding +short yields a concise list of name servers.

8. DNS Record Types

Common record types include:

A : address record, returns an IP address.

NS : name server record, points to the server managing the next zone.

MX : mail exchange record, specifies mail servers.

CNAME : canonical name, an alias to another domain.

PTR : pointer record, used for reverse lookups (IP → domain).

At least two NS records are recommended for redundancy; multiple A or MX records improve reliability.

9. Other DNS Tools

Besides dig, useful utilities include:

host : a simplified query tool.

nslookup : interactive lookup utility.

whois : displays domain registration information.

$ host github.com
$ nslookup facebook.github.io
$ whois github.com

10. References

DNS: The Good Parts, by Pete Keen

DNS 101, by Mark McDonnell

DNS (Domain Name System) is a distributed database that maps domain names to IP addresses, allowing users to access resources without memorizing numeric addresses. It operates over UDP on port 53. RFC 2181 defines DNS specifications, RFC 2136 covers dynamic updates, and RFC 2308 discusses negative caching. Each IP can have a hostname composed of labels separated by dots. Hostname‑to‑IP mapping can be static (configured locally) or dynamic (managed by DNS servers). DNS servers may run on Linux or Windows and use zone files to store records such as primary name server , serial , refresh , retry , expire , and default TTL . Security concerns include DDoS attacks on DNS infrastructure, domain hijacking, nation‑state incidents, software vulnerabilities, and misconfigurations that may leak sensitive information.