DNS Mechanics

DNS is the phone book for the internet, If I want to know the phone number of my friend I would just ask her. She is the authoritative source, if she does not know, nobody knows. If I go to my computer’s browser and write “www.google.com” and press enter, what happens?….well keep reading…

Well there is an invisible “dot (.)” at the end, i.e. its “www.google.com.”. The first thing my computer is going to is perform forward lookup. A forward lookup is the name of the DNS operation that resolves the domain name into an IP Address. So it issues this forward lookup to something called DNS Resolver that is usually run my the ISP (Internet Service Provider) e.g. Comcast or Verizon etc. The DNS resolver is the agent who is going to help us answer this question..What is the IP Address of www.google.com.?

DNS resolver does not know the IP Address, so its going to ask the Root Server. The root server contains the records for the dot (.) at the end of the URL, because the URL is going to be resolved backwards. The Root Server might not know, BUT, it will know “Who has the records for the URLs ending .com top level domain?” So it sends the list of IP Addresses to connect the com. top level domain servers.

Now, the DNS resolver connects to one of those servers and the com. server may not know either i.e. it does not have the records for the google.com. So the com. server is going to redirect the resolver one last time i.e. the address of the server that contains the google.com i.e. ns1.google.com.

This is usually our domain register. For example if my web site is hosted on GoDaddy its going to be that of AWS etc. Verisign is the company who owns all the top level .com domains. So who owns the dot(.)? There are a few e.g. ICANN, University of Maryland etc.

Now, DNS resolver has the final IP Address. It caches and passes through. Same is done at our computer as well. Each of these cache items have a TTL (time-to-live). TTL tells the DNS resolver that “Do not cache this address beyond XXX amount of seconds.”

Voila!!! Now I got the IP Address. But is it secure? That is for next time….