Skip to main content

The DNS Protocol - Part 2: DNS Queries & Resolution Process

This section will help you understand how the DNS queries work on the Internet and your home network. There are two ways to use the domain name system in order to resolve a host or domain name to an IP Address and we're going to look at them here. There is also a detailed example later on this page to help you understand it better.

Queries and Resolution

As mentioned in the introduction section, there are two ways for a client to use the domain name system to obtain an answer.

One of these involves the client contacting the name servers (this is also called a non Recursive query) one at a time until it finds the authority server that contains the information it requires, while the other way is to ask the name server system to perform the complete translation (this is also called a Recursive query), in which case the client will send the query and get a response that contains the IP Address of the domain it's looking for.

It's really exciting to see how DNS queries work. While analysing with you the packets that are sent and received from the DNS server, I'm going to show you how the client chooses the method by which it wants its query to be resolved, so you will truly understand how these cool features work ! The DNS Query/Response Message Format pages contain all this packet analysis information, so let's continue and prepare for it !

DNS Resolution Example

We will now look at what happens when your workstation requests a domain to be resolved. The example that follows will show you the whole procedure step by step, so make sure you take your time to read it and understand it !

When someone wants to visit the Cisco website (www.cisco.com), they go to their web browser and type "http://www.cisco.com" or just "www.cisco.com" and, after a few seconds, the website is displayed. But what happens in the background after they type the address and hit enter is pretty much unknown to most users. That's what we are going to find out now !

The picture below shows us what would happen in the above example: (for simplicity we are not illustrating both Primary and Secondary DNS servers, only the Primary)

dns-resolution-1

Explanation:

1. You open your web browser and enter www.cisco.com in the address field. At that point, the computer doesn't know the IP address for www.cisco.com, so it sends a DNS query to your ISP's DNS server (It's querying the ISP's DNS because this has been set through the dial-up properties; if you're on a permanent connection then it's set through your network card's TCP/IP properties).

2. Your ISP's DNS server doesn't know the IP address for www.cisco.com, so it will ask one of the ROOT DNS servers.

3. The ROOT DNS server checks its database and finds that the Primary DNS for Cisco.com is 198.133.219.25. It replies to your ISP's server with this answer.

4. Your ISP's DNS server now knows the IP address of Cisco's DNS server, so it then sends a recursive query to Cisco.com's DNS server and asking to resolve the fully qualified domain name www.cisco.com.

5. Cisco's DNS server checks its database and finds an entry for www.cisco.com. This entry has an IP address of 198.133.219.25. Since the IP address of the DNS server and webserver (www) are identical, this means they are likely to be both on the same physical server. Load-balancing mechanisim can also have the same effect, making multiple services and physical machines have the same IP address.

6. Your ISP's DNS server now knows the IP address for www.cisco.com and sends the result to your computer.

7. Your computer now knows the IP address of Cisco's website and is able to directly contact it. Naturally, the next step is to send an http request directly to Cisco's webserver and download the webpage.

We hope you didn't find it too hard to follow. Remember that this query is the most common type. The other type of query (non recursive) follows the same procedure, the difference is that the client does all the running around trying to find the authoritative DNS server for the desired domain, we like to think of it as "self service" :)

Next - The DNS Protocol - Part 3: DNS Query Message Format

Your IP address:

18.117.75.218

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer