Exploring DNS: How DNS Resolution Works and Essential Lookup Tools

In this article we will discuss what happen when we search for our favorite website with name in browser and how browser find the website in the billions of websites on the internet.

This is all due to DNS and DNS Resolution.

What is DNS ?

Domain Name System is fundamental part of Internet’s infrastructure which job is similar as phonebook . like you do not have to remember your ’s friend number to call your friend when you saved the number in phonebook . DNS ensures that you do not have to recall the complicated long numeric IP Address to visit your favorite website.

DNS will quickly translates the user-friendly domain name (chaicode.com) into numerical IP Address (104.21.16.156) that computer use to identify each other on network. DNS handles the lifting of translating the domain name into IP Address which makes internet more accessible and easier to use.

without DNS , you have to memorize and type the long numerical IP address when you want to visit website which would not only result the terrible user experience but also make the Internet far less practical than it is today.

What is DNS Resolution ?

DNS resolution or DNS lookup is process of converting the user friendly domain name into the machine readable IP address. This process involves querying the series of DNS server to find and return correct IP address. This process ensure that when you type the web address , your browser connect to the intended websites, email server or online resource.

This process start from root server , continue to TLD server and reach to Authoritative Name server and return the correct IP address. Despite these many steps , it is fast process the average DNS lookup is taking between 20 and 120 ms. However network issues, overloaded DNS server and other issues may lengthen the time of DNS resolution.

How DNS Server resolves the Queries ?

Think DNS as the GPS of Internet. when you type the website address in your browser, you start the series of conversation to find the destination . The conversation involves the different type of DNS queries. first you computer acts as DNS client and asks the local DNS resolver (provided by ISP or company like cloudflare) to find the IP address of website. this is recursive query . it requests for complete answer. The resolver begins its works and The recursive resolution begins.

First the resolver check the DNS cache for the recently stored resources records. Each record includes time to leave (TTL) which determine how long the resolver need to store into cache. when the TTL is expired . the resolver does not have answer then it moves to Iterative query .The resolver requests for referral . First it request to Root Server for hint . Root Server directs the resolver to TLD (.com, .co, .org) . The resolver send iterative query to TLD server and TLD server point it to the Authoritative DNS Server . The resolver again send the iterative query to Authoritative Name server and finally get back the IP Address. The resolver then cache the information and return back to the browser and browser load the website.

A non-recursive query is simply client, the resolver already has IP address in cache and it need to confirm with Authoritative Name server to ensure it is still valid.

It is important part of how DNS system effectively find the what are you exactly looking for .

DNS Resolution Problems and Fixes

The DNS resolution encounter some issue which impact the efficiency and security of internet navigation and disrupt user’s ability to access website or slow down their browsing experience.

Here are some problems and Fixes

• latency issues : slow DNS resolution prolong the website loading times, which could negatively impact the end-user experience and drive visitors away , potentially permanently. To fix this, you can implement DNS caching to store frequently accessed DNS records, reducing the need for repeated lookups and speeding up the resolution process

• DNS spoofing and cache poisoning : Attackers attacks DNS record to redirect user to malicious sites .where they may exposed to phishing attack, malware or other security threats. Using DNS security extensions (DNSSEC) add a layer of authentication to DNS response, helping to combat these risks by ensuring data integrity and authenticity.

• DNS server downtime : If a DNS server goes down, domain resolution fails, causing website inaccessibility and disrupting users. By employing redundant DNS servers and failover mechanisms, you can help ensure continuous service availability, as this setup will automatically redirect DNS queries to another server if the primary server becomes unavailable. Using multiple DNS providers can also enhance reliability. By distributing the DNS load across different networks and infrastructures, you can minimize the chance of outages caused by localized issues.

• Configuration Errors: Misconfigured DNS settings can lead to resolution failures, which could prevent users from accessing websites or cause them to be directed to the wrong site. These errors can occur due to incorrect IP addresses, out-of-date records, or typos in DNS entries. Regularly auditing and monitoring DNS configuration can help you quickly identify and correct errors; automated tools can simplify the process.

• DNS amplification attacks: Attackers exploit DNS servers to conduct large scale Distributed Daniel of Service (DDoS) attacks overwhelming the target with small queries that result in large responses from the server. These attacks can lead to significant disruptions and poor performance, which is why it’s important to configure DNS servers to prevent amplification by rate limiting (controlling how many requests a server will handle from a single source within a specific period) and restricting recursive queries to trusted users.

What DNS TOOLS DO ?

dig (Domain Information Groper) is a strong tool that gives you lots of details fast. nslookup has been for many years. it is easier than dig and works well when you need simple answer.

Both tools ask DNS servers questions about websites and show you what they find. You can use either one, but they work a bit differently.

Installing These Tools:

Ubuntu and Debian Systems:

• sudo apt update

• sudo apt install -y dnsutils

How to use dig

1. Simple query

dig google.com

you will see a lot of info back . The most important is IP Address in Answer section.

output of dig google.com

The output includes:

• How long the query took

• Which DNS server answered [above case is public Google DNS(8.8.8.8)]

• The IP Address you asked for

• Other technical details

2. Getting short results: sometimes you only want IP Address.

dig +short chaicode.com

3. Different types of Records

DNS has many types of records . Here are the ones you use most:

• Mail Servers (MX) : dig chaicode.com MX

• Name Servers (NS): dig chaicode.com NS

• IPV6 Address (AAAA) :dig chaicode.com AAAA

• Text Record (TXT) :dig chaicode.com TXT

The Structure of this results are :

• Domain : chaicode.com

• TTL (time to leave): 21600 s

• class : Internet

• Type : NS

• Name server : cloudflare

3. using different DNS server : Your internet provider’s DNS might be slow or broken. Testing with public DNS servers often helps:

dig @1.1.1.1 chaicode.com

4. Advanced DIG Options:

dig +trace chaicode.com

This shows the whole path from root servers down to your target domain. It’s like watching DNS do its job in slow motion.

from root server → TLD server(.com) → NS → return A record

5. Reverse lookup (finding domain from IP) : dig -x 8.8.8.8

6. to get all records for that domain : dig chaicode.com ANY

How To Use nslookup

1. Simple Lookup : nslookup google.com You get the IP address and some basic server info. The output is cleaner than dig but has less detail.

2. using specific DNS server : nslookup google.com 8.8.8.8 This asks Google’s DNS server instead of your default one.

3. Interactive mode : This is where nslookup really shines. Type nslookup and press enter:

nslookup
> google.com
> set type=NS
> server 8.8.8.8
> exit

4. Reverse Lookup : nslookup 8.8.8.8 just type the IP address. This find the domain name goes with that IP.

Picking Right Tools

• Use dig when :

  • you need a lot of technical details.

  • you are writing scripts

  • you want fast results

  • you are doing serious troubleshooting

Use nslookup when :

• you want simple , easy to-read results

• you are new to DNS tools

• you need quick IP lookup

• you like clean output

Real World Uses

• Website migration : checking if DNS change worked:

  dig +short mywebsite.com

• Email problems: checking mail server settings :

  dig mywebsite.com MX

• Speed Testing : comparing different DNS servers

  dig @8.8.8.8 mywebsite.com

  dig @1.1.1.1 mywebsite.com

• Domain verification : making sure DNS points to right place

  nslookup mywebsite.com

• Troubleshooting : finding why website does not load

  dig +trace mysite.com

Summary

We can visit our favorite website just by searching with name and we do not need t worry about the complex numeric IP Address just because of DNS .DNS Resolution operates at the hierarchy of different server.

There are some tools which is used to lookup the DNS , its records which are dig nslookup.