The IP address of the domain name is obtained by DNS lookup in order to access the website.
So, how exactly does a DNS lookup work? This article describes the steps behind it in detail with examples.
1. DNS Servers
The IP addresses corresponding to domain names are stored in DNS servers.
When we enter a domain name, the browser will automatically send a request to the DNS server in the background to get the corresponding IP address. This is a DNS query.
For example, I entered
es6.ruanyifeng.com domain name, the browser should query the DNS server, what is its IP address, and then send a request to that IP access.
There are many common DNS servers on the Internet, this article selects the Cloudflare company to provide
18.104.22.168 for demonstration.
2. dig command
The command line tool dig can interact with DNS servers, so we will use it to demonstrate DNS queries. If you haven’t installed it yet, you can search for the installation method, which is very easy on Linux systems.
Its query syntax is as follows (the dollar sign
$ is the command line prompt).
To query the domain name to 22.214.171.124, execute the following command.
Normally, it would output a bunch of content.
Find the section ANSWER SECTION, which gives the answer to the query, and the IP address corresponding to the domain name is 126.96.36.199.
3. Tree structure of domain names
You may ask, does a DNS server (e.g. 188.8.131.52) hold the IP addresses of all domain names in the world (including second-level and third-level domain names)?
Of course not, DNS is a distributed system, 184.108.40.206 is just a user query portal, it also needs to query other DNS servers to get the final IP address.
To understand the complete DNS query process, it is important to understand that domains are a tree structure.
The top-level domain is the root domain, then the top-level domain (TLD), then the first-level domain, the second-level domain, and the third-level domain.
3.1. Root Domain Name
The starting point of all domain names is the root domain name, which is written with a dot
., which is placed at the end of the domain name. Because this part is the same for all domains, it is omitted from the list, for example
example.com is equivalent to
example.com. (one more dot at the end).
You can try it, any domain name with a dot at the end will be interpreted normally by browsers.
3.2. Top Level Domains
The next level down from the root domain is the top-level domain. It is divided into two types: generic top-level domains (gTLDs, such as .com and .net) and country-specific top-level domains (ccTLDs, such as .cn and .us).
The top-level domains are controlled by ICANN, the international domain name authority, which delegates the administration of gTLDs to commercial companies and to countries for their own country-specific domains.
3.3. First-level domain name
A first-level domain name is a domain name that you register yourself under a top-level domain. For example,
ruanyifeng.com is what I registered under the top-level domain
3.3. Second level domain name
A second-level domain name is a sub-domain of a first-level domain name, which is set by the domain owner without permission. For example,
es6 is a second-level domain name of
4. Level-by-level query for domain names
The significance of this tree structure is that only the upper-level domain name, which knows the IP address of the next-level domain name, needs to be queried level by level.
Each first-level domain name has its own DNS server that stores the IP address of the next-level domain name.
So, if you want to look up the IP address of the second level domain
es6.ruanyifeng.com, you need three steps.
- The first step is to query the root name server to get the IP address of the top-level name server
.com(also known as TLD server).
- Step 2, query the TLD server
.comto get the IP address of the first-level domain name server
- Step 3: Query the first-level name server
ruanyifeng.comto get the IP address of the second-level domain name
These three steps are demonstrated in turn below.
5. Root Domain Name Servers
There are 13 root name servers in the world (all are clusters of servers). Their domain names and IP addresses are listed below.
The IP address of the root DNS server is constant and is integrated inside the operating system.
The operating system will select one of them and query the IP address of the TLD server.
In the above example, we select
220.127.116.11 and send a query to it asking for the IP address of the TLD server of
The output of the dig command is as follows.
Because it does not give the IP address of
es6.ruanyifeng.com, there is no ANSWER SECTION in the output, only an AUTHORITY SECTION, which gives the domain names of the 13 TLD servers of
There is also an ADDITIONAL SECTION which gives the IP addresses of the 13 TLD servers (both IPv4 and IPv6).
6. TLD Server
Once we have the IP address of the TLD server, let’s select one and then query it.
In the above example, 18.104.22.168 is a randomly selected .com TLD server, we ask it
es6.ruanyifeng.com IP address.
The result is as follows.
It still does not have the ANSWER SECTION section, only the AUTHORITY SECTION, which gives the two DNS servers for the first-level domain
The ADDITIONAL SECTION below is the IP addresses corresponding to these two DNS servers.
7. DNS server of the first-level domain name
Step 3: Check the IP address of the second level domain with the DNS server of the first level domain.
The returned results are as follows.
This time, we finally have ANSWER SECTION and get the IP address of the final second-level domain.
At this point, all three steps of DNS lookup are complete.
8. Types of DNS Servers
To summarize, there are four types of servers mentioned above.
- Root Domain Name Servers
- TLD servers
- First-level domain name servers
They all belong to DNS servers and are used to accept DNS queries. But the roles are different and belong to different categories.
8.1. Recursive DNS server
The last three servers are only used to query the IP address of the next level domain, while 22.214.171.124 automates the step-by-step query process to facilitate users to get the result at once, so it is called recursive DNS server (recursive DNS server), that is, it can automatically query recursively.
When we talk about DNS server, we usually refer to recursive DNS server. It automates DNS queries, so you can just query it.
It has an internal cache to save the results of previous queries, and the next time someone queries it, it returns the results inside the cache directly. So it can speed up the query and reduce the burden of the source DNS server.
8.2. Authoritative DNS Servers
The official name of the first-level DNS server is Authoritative Name Server.
“Authoritative” means that the IP address of the domain name is given by it, unlike recursive servers that cannot make decisions on their own. When we purchase a domain name, setting up the DNS server is setting up the authoritative server for that domain name.
8.3. Four Types of DNS Servers
In summary, DNS servers can be divided into four types.
- Root name servers
- TLD servers
- Authoritative name servers
- Recursive Domain Name Servers
They are related as shown below.
Knowing the principle of DNS query, you can write a DNS recursive server by yourself, it is not difficult. There are many references on the Internet, so if you are interested, you can try it.
9. Reference website
- Building a Recursive DNS Resolver, Timothy Andrew
- Authoritative Vs Recursive DNS: What You Need To Know, Serena Raymond
- DNS Server Type，Cloudflare