Skip to main content
HashnodeDNS Resolution Deep Dive: Recursive Queries, Resolvers, and Root ServersDNS Resolution Deep Dive: Recursive Queries, Resolvers, and Root Servers

Command Palette

Search for a command to run...

Digging Up DNS: Understanding Resolution Step by Step

Updated
•17 min read
Digging Up DNS: Understanding Resolution Step by Step
A
Anshul Tripathi

Table of Contents

  1. Introduction : The Internet’s Phonebook What is DNS in simple terms Why humans need names instead of IP addresses

  2. Why Name Resolution Exists : The problem DNS solves How domain names map to IP addresses

  3. What is the dig Command? : Introduction to dig as a diagnostic tool When and why developers use it

  4. How DNS Resolution Works (Big Picture) Step-by-step flow : Root → TLD → Authoritative Role of recursive resolvers behind the scenes

  5. Understanding dig . NS - What are Root Name Servers and how root servers are Interpreting the output Why they are the starting point of DNS

  6. Understanding dig com NS - What TLD servers do How they guide queries further

  7. Understanding dig google.com NS - What authoritative servers are? and What NS records represent and why they matter.

  8. Understanding dig google.com - Full DNS Resolution Flow Breaking down the output How recursive resolvers fetch the final IP Connecting this to what happens in a browser

  9. Behind the Scenes : Recursive Resolvers Explained How caching works Why DNS lookups are fast

  10. Conclusion : Key takeaways Why understanding DNS matters for developers

1 . Introduction

The DNS ( domain name system ) is just like the Phonebook which hold the address of every single website on the internet . The DNS helps to translate the human - readable text ( domain name ) into IP address , helping us to by not letting us to memorise the IPs like 111.23.141.2.1 and we have to only remember the domain name like google.com , apple.com etc .

The DNS translates the domain name into IP address through a multiple step with the help of TLD , authoritative server and it goes through different record types to get the IP address of that website . The DNS is recursive in nature i.e queries other DNS servers ( root , TLD , authoritative ) until it gets the IP of that specific website , The process of DNS resolution revolves around converting the hostname ( example.com , google.com ) into computer friendly IP address .

In this blog we are going to understand why the resolution of DNS exists and we are also going to explore different types of dig command and there use cases , this blog is going to be all about how the resolution works under the hood and how we as a developer have to understand the DNS resolution , So without any further a do lets have a deep dive into DNS resolution .

2 . Why does the name resolution exist ??

The name resolution exist because it bridges the gap between the human - readable domain name and computer understandable IP address which is required for routing the internet traffic , it exists because it is difficult to remember the IP addresses and the IP addresses keeps on changing and the DNS resolution consistent access via a domain name .

The problem which the DNS solves is by making it easy for human to remember the address of the website via domain name . Whenever we type the address of the website like "https://example.com" in our browser the DNS resolver helps to convert the domain into IP address and providing the address of that website . The DNS first checks the cache of the browser to get the IP of that website and if does not have the IP address then it check the cache memory of the OS if it finds the address there then the query will be resolve other wise the DNS resolver will go through the series of multiple steps :-

  • Root server : The DNS resolver will ask the root server for the IP address and as we know that the root server does not holds the IP address so it will provide the Top level Domain ( TLD ) .

  • TLD : The Top level domain ( .com , .in , .us ) also does not hold the IP address instead they will provide the address of the authoritative server .

  • Authoritative Server : This is the last step of the name server query , the authoritative servers holds the records ( "AAAA " , " A " , " CNAME " , "NS") which then provides the IP address of that specific website , every record type does not provide the IP address some records points to other hostname as well .

If you want to know more about DNS and its record types please free to check out my blog on DNS and its record types

After going through all this query the name server provides the IP address of the website .

The complete DNS query looks something like this :

3 . What the hell is the dig command

The dig command ( Domain information Groper ) is a powerful , flexible and command - line network utility which is used to query the domain name servers. It acts as a diagnostic tool to retrieve detailed information about DNS records, Network administrator uses dig to verify and troubleshoot the DNS problem and to perform the DNS lookUPs . Its is pre installed in Mac and Linux systems .

Why we use it

The dig command is a Swiss - army knife used mostly for the DNS issues, Some important and common use case of dig are as followed :-

  1. DNS Troubleshooting : The dig helps to identify why the website is down , why the emails are not arriving or why the domain isn't resolved yet .

  2. Verifying the DNS changes : It helps us to known that is there any change in the DNS records or IP address .

  3. Lookup to a specific record : The Dig helps to query any specific record like for IPv6 it query the ' AAAA ' record and if we have some work related to the mail then it will query the ' MX ' records .

  4. Reverse DNS lookup : It find the domain name for the specific IP address with the help of -x flag .

  5. Trace Delegation : It helps to trace the hierarchy of the domain server from the root server to the authoritative name server with the help of -trace flag .

The dig command looks something like this :

4 . How does the DNS resolution works

We all know that DNS resolution converts the human readable domain name into machine understandable IP address through multiple step cached process. It involves the browser checking its local cache to running a recursive resolver often from the ISP which gets the root server , TLD and then the authoritative server to get the IP of that specific website .

There are total seven - steps in which the resolution works :

  1. User request : The user types the domain name into the browser .

  2. Local Cache checking : The browser first checks the local cache to get the IP and if address of the website lives there then ta!da ! problem is solved and no further steps are required and if the cache is empty then the browser will move on to another step and gives the control to the recursive DNS server to perform further actions .

  3. Recursive resolver Query : This performs a multiple step cycle to get the IP of the given domain name .

  4. Root server : This is the first stop of the resolver it ask the root server for address of the domain name , the root address does not holds the IP instead it holds the address of the top level domain .

  5. TLD server query : The TLD server such as .com or .net response with the IP address of the domain's authoritative server .

  6. Authoritative name server : The authoritative name server does not directly returns the IP address but instead it returns the record type which provides the IP address .

  7. Browser connection : The resolver cache the IP address and then sends it to the browser and then the browser can load the webpage easily .

By the way there are total 2 types of DNS resolution :-

  • Recursive Resolution and

  • Iterative Resolution .

Let's have a comparison of the recursive Resolution and Iterative resolution :

5 . Understanding the dig . NS

To understand the dig .NS command first we should have a glimpse about the root name server , The root name server is the first step of translating the domain name into IP address it does not directly translate the domain into IP but it provides the IP of the Top level domain . There are total 13 root servers all around the world and there are over 2000 instances of these servers scattered globally using anycast routing to provide fast, reliable responses, allowing for local answers even if global traffic is high. Root servers are the starting point because DNS is designed as a hierarchical tree structure. Without them, the internet would have no "top" to start searching from .

Now if we run dig. NS command in our terminal than we'll be able to see the output like this :-

~$ dig . NS
; <<>> DiG 9.10.6 <<>> . NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12487
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;.                     IN  NS
;; ANSWER SECTION:
.       518400  IN  NS  a.root-servers.net.
.       518400  IN  NS  b.root-servers.net.
.       518400  IN  NS  c.root-servers.net.
.       518400  IN  NS  d.root-servers.net.
.       518400  IN  NS  e.root-servers.net.
.       518400  IN  NS  f.root-servers.net.
.       518400  IN  NS  g.root-servers.net.
.       518400  IN  NS  h.root-servers.net.
.       518400  IN  NS  i.root-servers.net.
.       518400  IN  NS  j.root-servers.net.
.       518400  IN  NS  k.root-servers.net.
.       518400  IN  NS  l.root-servers.net.
.       518400  IN  NS  m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net.  518400  IN  A  198.41.0.4
;; Query time:
;; Query time: 42 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 28 10:32:17 IST 2026
;; MSG SIZE rcvd: 239

This command queries for the NS ( Name Server ) records of the DNS root server represented by the dot " . "

What actually happens when we run the command dig . NS :-

dig : It is the DNS query tool .

. : It is the root server of the DNS hierarchy .

NS : It is the record type - Name Server .

It returns the 13 root name server hostname which is labelled from A to M which is under the "answer section " and every column represents something important .

Feild Meaning
. Root server
518400 TTL ( Time to live )
IN Internet Class
NS Record Type - Name server
a.root-servers.net. The actual root server hostname

The dig . NS commands helps to verify that the DNS resolver is working correctly and it can reach the root server .

6. Understanding the dig com NS command

Before understanding the dig com NS command first we have to understand the TLD server , The TLD server stands for Top Level Domain i.e .com , .us , .in and .gov all this are the TLD . Their purpose is to organise the internet hierarchy helping user understand if the site is government , commercial or regional .

Now the dig com NS command is used to query the DNS to find the authoritative name server for the .com domain .

dig com NS

If we run this command this means that we are asking that which name server is responsible for the .com domain .

com.    172800  IN  NS  a.gtld-servers.net.
com.    172800  IN  NS  b.gtld-servers.net.

what this output actually means

  • .com : it is the top level domain .

  • It is managed by multiple authoritative name server .

  • These server ( a.gtld-servers.net. ) help direct quires to correct the domain .

7 . Understanding the dig google .com NS

The authoritative name server is the last step of the DNS resolution and it provides the record type ( 'A' , 'AAAA' , 'NS' ) which holds the IP address of the website . It provides the definite answer to queries about the domain which it manages rather than reply with the cached data from another server , In most cases the authoritative server provides the A record which holds the IPv4 address an in some case it hold the NS ( Name Sever ) records .

The NS record is the fundamental DNS record which holds the final , official server records (like A records, MX records, etc.) for that domain . Just think of them as a directory reference telling the internet where to go to find the IP address of your website and where to route the emails .

The NS records matter the most because :

  • Website Reachability : Without properly configured NS records, your website will not load, and your domain will become inaccessible to users.

  • Domain delegation : They allow you to delegate control of your domain's DNS to a specific provider. For example, if you register a domain at GoDaddy but want to use Cloudflare for hosting, you update the NS records to point to Cloudflare’s name servers, giving them authority to manage your domain's traffic.

  • Redundancy and Reliability: It is best practice to have multiple NS records (primary and secondary), which enhances stability. If one nameserver goes down, the second one can handle the traffic, keeping your site online.

Now it would be easier for us to understand the command dig google .com NS

The command is used to find the Name server record for the domain google.com It identifies which server are responsible for the managing and providing DNS information for that specific domain . If we run the command in the terminal this is the output which we get :-

   % dig google.com NS 

; <<>> DiG 9.10.6 <<>> google.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56955
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	NS

;; ANSWER SECTION:
google.com.		163587	IN	NS	ns2.google.com.
google.com.		163587	IN	NS	ns4.google.com.
google.com.		163587	IN	NS	ns1.google.com.
google.com.		163587	IN	NS	ns3.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.		307392	IN	A	216.239.34.10
ns2.google.com.		208724	IN	AAAA	2001:4860:4802:34::a
ns4.google.com.		228306	IN	A	216.239.38.10
ns4.google.com.		228306	IN	AAAA	2001:4860:4802:38::a
ns1.google.com.		307392	IN	A	216.239.32.10
ns1.google.com.		208724	IN	AAAA	2001:4860:4802:32::a
ns3.google.com.		255111	IN	A	216.239.36.10
ns3.google.com.		255111	IN	AAAA	2001:4860:4802:36::a

;; Query time: 29 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
MSG SIZE  rcvd: 287

First lets understand the command breakdown :-

  • dig : We all know that this is the command - line - tool for queuing the DNS server .

  • google.com : This is the targeted domain name which we are going to investigate.

  • NS : This is the specific record which is been requested by the DNS list the authoritative name server for that zone .

Now lets understand the output :-

  1. Header section : - This contains the metadata related to the query .

  • Status : NOERROR , this means that query was successful .

  • Flags : qr (query response), rd (recursion desired), ra (recursion available ) .

  1. Question Section : This section confirms what we have asked to the DNS server .

  2. Answer Section : This is the most important part which list the actual name servers for Google .

  3. Stats Section : This shows the basic performance details like the time spam , IP of the server which provided every single detail , query time .

This command - line - tool helps in verifying , troubleshooting and stabilising the security for the name server .

8 . Understanding the dig google .com

The command dig google .com is used to query the whole DNS ( Domain Name System ) not any specific record or server , it is the replacement for the older nslookup command .

We can modify the command to get specific data or cleaner result :-

  • Standard Lookup: The standard command looks something like this - dig google.com .

  • Concise Result: If we run this specific command dig google.com +short

    • It will hide the technical metadata and will only show the IP address.
Basis dig google.com dig google.com NS
Purpose Fetch default DNS record Fetch name server records
Query Type Implicit (A record by default) Explicit (NS record)
Output IP address of the domain List of authoritative name servers
Focus End result (website location) DNS infrastructure (who manages domain)
Use Case Accessing a website Understanding DNS delegation
Example Result 142.250.xxx.xxx ns1.google.com, ns2.google.com
Level in DNS Flow Final step (resolution) Intermediate step (delegation info)

So this is the common Difference between the dig google.com and dig google.com NS

9 . Behind the Scenes

A recursive resolver is a DNS server that does the full work of finding an IP address for us

When we type a domain (like google.com), in our system , the our system sends the request to a recursive resolver (usually from your ISP or public DNS like Google DNS).

Working of the Resolution :-

  1. We as User makes the requests - google.com

  2. The Recursive resolver checks its cache.

  3. If not found:

    • Queries Root Server

    • Then TLD server (.com)

    • Then Authoritative Name Server

  4. Gets the IP address

  5. Returns the result to the user

So the Resolution dose all the heavy work on behalf of us.

This is what happens under the hood

Concept Explanation
Recursive Resolver DNS server that finds the final IP for the user
Caching Storing DNS results temporarily to speed up future requests
TTL Time limit for how long a record stays cached
Speed Reason Cache + distributed servers + efficient design

Conclusion

In this blog we have got to know about the DNS resolution and how it works under the hood from the root servers to the TLDs and then finally to the authoritative name server and this entire process follows a well structured path and hierarchy .

We have also explored the command - line - tools like the dig which make it easier to understand how query move across the DNS hierarchy and behind the seen ecursive resolvers and caching ensure that this process stays fast, efficient, and scalable.

IF you stayed till thank you for your time and patience for reading the blog till last and please try to share the blog with your friends and family and pls do like and feel free to give the feedback .

Thank You 😀

#chaicode#chaiaurcode#chaicohort#dns-resolution#dns#dns-resolver#technology#tech
4 views

Comments

Join the discussion

No comments yet. Be the first to comment.