How does a DNS query works when you type a URL on your browser?

Ever Wondered How does a DNS query works? I mean what happens exactly when you type on your browser. Honestly most of us are not bothered unless the web page doesnot opens.

Anyways let me tell you what happens back end when you type a website name on a browser. We will go step by step and I will try to explain all the terminology coming on our way.

What is DNS?

It is a short abbreviation for Domain Name Server. DNS is a very vast topic and not possible to cover completely by me but to be brief it is nothing but can be considered a Telephone directory of all the web Address all over the Internet. The same way you can't remember the telephone numbers of all your friends, so you use a telephone directory using names for each number. Similarly DNS uses a hostname mapping to different IP Address saving your time to memorise those digits with simple names.

What is FQDN?

It is a short abbreviation for Fully Qualified Domain Name. Let me explain this one to you with an example

For Eg is a FQDN where www is the hostname, example is the domain name and .com is TLD(Top Level Domain)

Now What is Top Level Domain (TLD) ?

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a fully qualified domain name.The top-level domain names are installed in the root zone of the name space.

What happens when we type on the browser?


Here is an architectural representation to help you understand the flow of a DNS query

How DNS query works
Step 1 (Local hosts file and DNS cache)
When the DNS server receives a query, it first checks to see if it can answer the query authoritatively based on resource record information contained in a locally configured zone on the server. If the queried name matches a corresponding resource record in local zone information, the server answers authoritatively, using this information to resolve the queried name.

If no zone information exists for the queried name, the server then checks to see if it can resolve the name using locally cached information from previous queries. If a match is found here, the server answers with this information. Again, if the preferred server can answer with a positive matched response from its cache to the requesting client, the query is completed.

Step 2 (ISP Recursive DNS servers)
Suppose there is no DNS cache for in your browser. Next thing it will query your ISP Recursive nameservers. The ISP's contain Recursice DNS servers which does the DNS query on your behalf. Basically they don't keep any information about the DNS and their names records, instead they store a cache for the page from any earlier requests made.

Step 3 (root servers)
Next the query is sent to root nameservers.They will respond to our query with a lookup from right to left in a domain name i.e.

What is a root server?

These are the servers which keep details of all the nameservers all around the world which are updated automatically every millisecond. Basically there are 13 root servers acting almost around the globe from through each associated with an IP Address.

Now the query doesn't ends here as root servers may contain the list of all nameservs but they don't have the record of authoritative detail for any nameserver. So these root servers will redirect you to the TLD nameservers responsible for .com domains.

You can view the list of 13 root servers in named.root or inside /var/named
# less /var/named/named.root
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.

A.ROOT-SERVERS.NET.     3600000 IN      A
B.ROOT-SERVERS.NET.     3600000 IN      A
C.ROOT-SERVERS.NET.     3600000 IN      A
D.ROOT-SERVERS.NET.     3600000 IN      A
E.ROOT-SERVERS.NET.     3600000 IN      A
F.ROOT-SERVERS.NET.     3600000 IN      A
G.ROOT-SERVERS.NET.     3600000 IN      A
H.ROOT-SERVERS.NET.     3600000 IN      A
I.ROOT-SERVERS.NET.     3600000 IN      A
J.ROOT-SERVERS.NET.     3600000 IN      A
K.ROOT-SERVERS.NET.     3600000 IN      A
L.ROOT-SERVERS.NET.     3600000 IN      A
M.ROOT-SERVERS.NET.     3600000 IN      A

;; Query time: 110 msec
;; WHEN: Tue Feb 26 15:05:57 2008
;; MSG SIZE  rcvd: 615
For more information on root servers you can follow this blog

Step 4 (TLD servers)
The TLD nameservers will now look up for the query provided by the root servers. At this stage they will ask the .com server regarding the details for Here the .com server will reply that they do not have the address of but they do know where you can find it i.e authoritative nameservers.

Step 5 (Authoritative nameservers)
Now the authoritative nameservs are the one which contains all the information about any domain name which are stored in DNS records i.e A, CNAME, PTR, MX records etc.

Here since we want an authoritative answer for domain, that means we are basically asking for Address (A) record for that nameserver. The A record would contain the list of IP Addresses on which the webpage is configured.

Step 6 (ISP Recursive DNS cache)
This A record is retrieved using the DNS recursive nameservers, so they will keep a copy of the record in it's cache to resolve it their itself without making any further queries for any request made to the same webpage.

How long these cache will be stored with ISP?

Every record is defined with a TTL value i.e. Total Time to Live according to which the cache will be stored up till a defined period of TTL after which the ISP DNS will again have to resend the query to get a new copy of the record and follow the above procedure to open the same webpage.

Step 7 (Browser Cache)
The browser now since got the look up IP for it will open up the webpage for you. Now your computer will also store a record of the cache for this page locally. So that the information can be collected instantly without making any further requests when same webpage is tried to access in future.

These 7 steps process takes only a few seconds or also milliseconds depending upon your internet speed to finish.

I hope I made my self clear. Keep surfing.

Related Articles
What is the difference between DNS A record and CNAME record?
DNS server related errors
Configure your BIND DNS server on different port no.
How to configure BIND-9.2 DNS server in Red Hat Linux
How to configure BIND-9.8 DNS server in Red Hat Linux 6
How to configure a caching only bind DNS server in Red Hat Linux