The IP address of the domain name is obtained by DNS lookup in order to access the website.

So, how exactly does a DNS lookup work? This article describes the steps behind it in detail with examples.

Dns Query

1. DNS Servers

The IP addresses corresponding to domain names are stored in DNS servers.

When we enter a domain name, the browser will automatically send a request to the DNS server in the background to get the corresponding IP address. This is a DNS query.

DNS query

For example, I entered domain name, the browser should query the DNS server, what is its IP address, and then send a request to that IP access.

There are many common DNS servers on the Internet, this article selects the Cloudflare company to provide for demonstration.

2. dig command

The command line tool dig can interact with DNS servers, so we will use it to demonstrate DNS queries. If you haven’t installed it yet, you can search for the installation method, which is very easy on Linux systems.

Its query syntax is as follows (the dollar sign $ is the command line prompt).

$ dig @[DNS server] [domain name]

To query the domain name to, execute the following command.

$ dig @

Normally, it would output a bunch of content.


Find the section ANSWER SECTION, which gives the answer to the query, and the IP address corresponding to the domain name is

3. Tree structure of domain names

You may ask, does a DNS server (e.g. hold the IP addresses of all domain names in the world (including second-level and third-level domain names)?

Of course not, DNS is a distributed system, is just a user query portal, it also needs to query other DNS servers to get the final IP address.

To understand the complete DNS query process, it is important to understand that domains are a tree structure.

The top-level domain is the root domain, then the top-level domain (TLD), then the first-level domain, the second-level domain, and the third-level domain.

domains are a tree structure

3.1. Root Domain Name

The starting point of all domain names is the root domain name, which is written with a dot ., which is placed at the end of the domain name. Because this part is the same for all domains, it is omitted from the list, for example is equivalent to (one more dot at the end).

You can try it, any domain name with a dot at the end will be interpreted normally by browsers.

3.2. Top Level Domains

The next level down from the root domain is the top-level domain. It is divided into two types: generic top-level domains (gTLDs, such as .com and .net) and country-specific top-level domains (ccTLDs, such as .cn and .us).

The top-level domains are controlled by ICANN, the international domain name authority, which delegates the administration of gTLDs to commercial companies and to countries for their own country-specific domains.

3.3. First-level domain name

A first-level domain name is a domain name that you register yourself under a top-level domain. For example, is what I registered under the top-level domain .com.

3.3. Second level domain name

A second-level domain name is a sub-domain of a first-level domain name, which is set by the domain owner without permission. For example, es6 is a second-level domain name of

4. Level-by-level query for domain names

The significance of this tree structure is that only the upper-level domain name, which knows the IP address of the next-level domain name, needs to be queried level by level.

Each first-level domain name has its own DNS server that stores the IP address of the next-level domain name.

So, if you want to look up the IP address of the second level domain, you need three steps.

  • The first step is to query the root name server to get the IP address of the top-level name server .com (also known as TLD server).
  • Step 2, query the TLD server .com to get the IP address of the first-level domain name server
  • Step 3: Query the first-level name server to get the IP address of the second-level domain name es6.

These three steps are demonstrated in turn below.

5. Root Domain Name Servers

There are 13 root name servers in the world (all are clusters of servers). Their domain names and IP addresses are listed below.

Root Domain Name Servers

The IP address of the root DNS server is constant and is integrated inside the operating system.

The operating system will select one of them and query the IP address of the TLD server.

$ dig @

In the above example, we select and send a query to it asking for the IP address of the TLD server of

The output of the dig command is as follows.

output of the dig command

Because it does not give the IP address of, there is no ANSWER SECTION in the output, only an AUTHORITY SECTION, which gives the domain names of the 13 TLD servers of com..

There is also an ADDITIONAL SECTION which gives the IP addresses of the 13 TLD servers (both IPv4 and IPv6).

6. TLD Server

Once we have the IP address of the TLD server, let’s select one and then query it.

$ dig @

In the above example, is a randomly selected .com TLD server, we ask it IP address.

The result is as follows.


It still does not have the ANSWER SECTION section, only the AUTHORITY SECTION, which gives the two DNS servers for the first-level domain

The ADDITIONAL SECTION below is the IP addresses corresponding to these two DNS servers.

7. DNS server of the first-level domain name

Step 3: Check the IP address of the second level domain with the DNS server of the first level domain.

$ dig @

The returned results are as follows.

dig results

This time, we finally have ANSWER SECTION and get the IP address of the final second-level domain.

At this point, all three steps of DNS lookup are complete.

8. Types of DNS Servers

To summarize, there are four types of servers mentioned above.

  • Root Domain Name Servers
  • TLD servers
  • First-level domain name servers

They all belong to DNS servers and are used to accept DNS queries. But the roles are different and belong to different categories.

8.1. Recursive DNS server

The last three servers are only used to query the IP address of the next level domain, while automates the step-by-step query process to facilitate users to get the result at once, so it is called recursive DNS server (recursive DNS server), that is, it can automatically query recursively.

When we talk about DNS server, we usually refer to recursive DNS server. It automates DNS queries, so you can just query it.

It has an internal cache to save the results of previous queries, and the next time someone queries it, it returns the results inside the cache directly. So it can speed up the query and reduce the burden of the source DNS server.

8.2. Authoritative DNS Servers

The official name of the first-level DNS server is Authoritative Name Server.

“Authoritative” means that the IP address of the domain name is given by it, unlike recursive servers that cannot make decisions on their own. When we purchase a domain name, setting up the DNS server is setting up the authoritative server for that domain name.

8.3. Four Types of DNS Servers

In summary, DNS servers can be divided into four types.

  • Root name servers
  • TLD servers
  • Authoritative name servers
  • Recursive Domain Name Servers

They are related as shown below.

Four Types of DNS Servers

Knowing the principle of DNS query, you can write a DNS recursive server by yourself, it is not difficult. There are many references on the Internet, so if you are interested, you can try it.

Google Write dns server

9. Reference website