DNS Resolver: The Unsung Hero of the Internet
We use the internet every day without even thinking about the gears turning behind the scenes. One of those crucial gears is the DNS resolver—the behind-the-curtain magician that converts those easy-to-remember domain names (like example.com) into IP addresses that computers need to communicate.
But what is a DNS resolver, how does it work, and why should you care? Let's break this down, layer by layer, into a comprehensive yet digestible explanation. Buckle up, because we're about to get into the workings of the internet!
What Exactly is a DNS Resolver?
At its core, a DNS resolver is a specialized server that processes DNS queries from clients (like your web browser or an application).
When you type in a domain name like example.com, your computer doesn’t magically know how to find it on the web. It relies on the DNS resolver to figure out what IP address corresponds to that domain, much like how a phone book helps you find someone’s number based on their name.
The resolver is often provided by your ISP (Internet Service Provider), but there are many third-party services, such as Google DNS (8.8.8.8), Cloudflare DNS (1.1.1.1), and OpenDNS (208.67.222.222), which offer enhanced speed, privacy, and security features.
Two Types of DNS Resolvers
Before diving into the nuts and bolts, let’s clarify the two primary types of DNS resolvers:
Stub Resolver: This lives on your local machine (or within an application). It sends DNS queries to the recursive resolver and waits for a response. Its job is simple—start the process and display the result.
Recursive Resolver: This is where the magic happens. It takes the query from the stub resolver and performs the heavy lifting, often making multiple requests to various DNS servers to resolve the domain name to an IP address.
The Full DNS Resolution Journey
Let's walk through what happens behind the scenes when you type www.example.com into your browser and hit enter.
Step 1: Local Cache Check
The first stop for the DNS resolution journey is your own machine's cache. Modern operating systems cache DNS records for a while to avoid unnecessary network trips. If you’ve recently visited example.com, there’s a chance the IP address is already sitting in your local DNS cache, and the process ends right here. No need to bother the DNS resolver.
But let’s assume the IP address isn’t cached. Your machine now sends the query to a recursive resolver.
Step 2: Recursive Resolver: The Mastermind
Now, the recursive resolver steps in. This resolver acts as a middleman, tasked with finding the right IP address for the domain name. To do that, it might have to talk to several other servers, which we’ll go over next. It could have cached the response from previous queries, but if it doesn't, the resolver begins its journey through the DNS hierarchy.
Step 3: Query to the Root Servers
If the resolver has never encountered example.com, it first asks one of the root DNS servers. These root servers are a vital part of the internet’s infrastructure, operating globally at 13 key locations. There are 13 root servers (named from A to M). While there are 13 named root servers, each of these actually exists as hundreds of physical instances distributed globally using Anycast technology.
Their job isn’t to know the IP address for example.com directly, but they can point the resolver in the right direction, typically by directing it to the appropriate Top-Level Domain (TLD) DNS servers.
In the case of example.com, the root server will go to the .com TLD servers.
Step 4: Query to the TLD DNS Servers
Next, the recursive resolver queries the TLD DNS servers. For example.com, the resolver heads over to the .com DNS servers. This server doesn’t return the final IP address, but it provides a referral to the authoritative domain name servers for example.com.”
Step 5: Query to Authoritative DNS Servers
Finally, the recursive resolver reaches out to the authoritative DNS servers for the example.com domain. These servers hold the DNS records (such as A, AAAA, CNAME, etc.) for the domain and can give the exact IP address. The authoritative server looks up its records and responds with the requested IP address for the domain.
Step 6: Caching and Returning the Answer
The recursive resolver now knows the answer, but it’s smart about things. Instead of repeating this process for every query, it caches the IP address and stores it for a set period (determined by the Time-To-Live (TTL) of the DNS record). This caching helps reduce the load on DNS infrastructure and speeds up subsequent lookups.
Finally, the resolver sends the answer back to the stub resolver on the client machine, and browser can now load the website by connecting to 93.184.215.14.
Try running below command on Terminal
dig @1.1.1.1 www.example.com A
you will get ip address of example.com
DNS Query Types
Throughout the resolution process, different
A (Address) Record: Returns the IPv4 address of the domain.
AAAA Record: Returns the IPv6 address of the domain.
CNAME (Canonical Name) Record: Returns an alias for another domain.
MX (Mail Exchange) Record: Returns the mail server responsible for receiving emails for the domain.
TXT Record: Provides additional text information, often used for verification or security purposes (e.g., SPF records).
Example: CNAME Resolution
Let’s take an example of a CNAME resolution. If blog.example.com is an alias for www.example.com, a query for blog.example.com will first return the CNAME record, which points to www.example.com. The resolver will then make another query for www.example.com to get the actual IP address.
DNS Resolver Caching: The Speed Booster
Caching is crucial for DNS resolvers, especially for performance. Imagine if every single DNS query had to go through all these steps—we’d all be waiting a lot longer for our websites to load.
Local Machine Cache: Your device’s operating system caches DNS responses.
Recursive Resolver Cache: The DNS resolver caches results to reduce the need for repeated queries to authoritative DNS servers.
Browser Cache: Some modern browsers even perform DNS caching internally to make browsing faster.
Cache Expiry: TTL (Time-To-Live)
The duration for which a DNS record is cached is governed by the
Real-Life Example of TTL Impact
Let’s say you run a website and recently migrated to a new server with a different IP address. If you’ve set a long TTL (e.g., 24 hours), some users might still be routed to the old server until the TTL expires and the new IP address propagates through the DNS system. On the other hand, a short TTL (e.g., 5 minutes) allows changes to propagate more quickly but at the cost of increased DNS query volume
DNS Security and Extensions
DNSSEC (DNS Security Extensions): DNSSEC is a suite of security protocols that provide authenticity and integrity to DNS data, ensuring that the information returned during DNS resolution has not been tampered with. DNSSEC uses digital signatures to verify the authenticity of the DNS records.
DoH (DNS over HTTPS) and DoT (DNS over TLS): To enhance user privacy and security, DNS queries can be encrypted using DoH or DoT. These protocols prevent eavesdropping and man-in-the-middle attacks by encrypting DNS queries between the client and the recursive resolver.
Conclusion: Why You Should Care
The DNS resolver may seem like an obscure part of the internet’s plumbing, but without it, the web as we know it wouldn’t function. From converting domain names to IP addresses, handling various DNS record types, caching responses for faster browsing, to securing the resolution process with DNSSEC, the resolver does a lot more than meets the eye.
As a software engineer, understanding how DNS resolution works gives an edge in diagnosing network issues, optimizing performance, and ensuring that your systems and applications run efficiently.
So, the next time you browse the web, remember: DNS resolvers are the silent heroes that make it all possible.