I’ve always been fascinated by the systems that keep the internet humming along behind the scenes. One of those unsung heroes is the DNS resolver. If you’ve ever wondered how your browser magically finds a website when you type in a URL, this blog post is for you. We’ll start with the basics. what DNS is and why resolvers matter and then dive into the low-level details  Let’s get started.

What’s DNS, Anyway?

Every device on the internet has a unique address, kind of like a phone number, called an IP address a string of numbers like 192.168.1.1. But let’s be honest, humans are bad at remembering numbers. Instead, we use friendly names like google.com or github.com. The Domain Name System (DNS) is the internet’s phonebook, it translates those human-readable domain names into the IP addresses that computers need to connect.

Without DNS, you’d be typing raw IP addresses into your browser all day. Imagine trying to memorize 142.250.190.14 instead of just google.com. No thanks! DNS saves us from that nightmare, and at the heart of this process is a DNS resolver.

Enter the DNS Resolver

So, what’s a DNS resolver? It’s a server that acts like your personal internet librarian. When you type a URL into your browser, your device doesn’t know the IP address offhand, it needs help. That’s where the resolver steps in. Your device sends it a query saying, “Hey, what’s the IP for example.com?” The resolver then goes off to find the answer and sends it back to you.

Think of it as the middleman between your device and the vast network of DNS servers out there holding the actual records. It’s the one doing the heavy lifting so you don’t have to.

How Does a DNS Resolver Work? The High-Level View

At a basic level, here’s what happens

  • You Make a Request: You type example.com into your browser.
  • Query Goes to the Resolver: Your device (or operating system) sends that request to a DNS resolver it’s configured to use like one provided by your ISP or a public option like Google’s 8.8.8.8.
  • Caching Check: The resolver first checks its memory (cache). If it’s seen example.com recently and the answer hasn’t expired, it hands over the IP address right away. Fast and easy!
  • The Hunt Begins: If it doesn’t have the answer cached, the resolver starts a process called recursion. It goes out into the DNS world to track down the IP address

The DNS Server Hierarchy

When a resolver needs to find an IP address from scratch, it follows a structured path through the DNS ecosystem. Here’s how it breaks down:

  • Root Servers: These are the starting point. There are 13 root server groups worldwide (don’t worry, they’re replicated a ton for reliability). They don’t know the IP for example.com, but they can point the resolver to the right place like saying, “Ask the .com folks.”
  •  Top-Level Domain (TLD) Servers: These handle specific domain endings like .com, .org, or .io. The root server tells the resolver where to find the .com TLD server, and off it goes.
  • Authoritative Servers: These are the final stop. They’re the servers that actually know the IP address for example.com because they’re managed by the domain’s owner or hosting provider.

So, the resolver works its way down this chain:

  1. Asks a root server, “Who handles .com?”
  2. Asks the .com TLD server, “Who’s got example.com?”
  3. Asks the authoritative server, “What’s the IP for example.com?”
  4. Gets the answer (say, 93.184.216.34), caches it, and sends it back to your device.
  5. Pretty cool, right? It’s like a treasure hunt, and the resolver’s the one with the map.

Going Deeper: The Low-Level Stuff

Now, let’s put on our engineer hats and dig into the technical details. How does this happen under the hood?

Protocols: UDP and TCP

DNS queries are small, so they usually travel over UDP. It’s fast and lightweight perfect for a quick “What’s the IP?” question. But if the response is too big (like over 512 bytes in older systems), DNS switches to TCP (Transmission Control Protocol) for reliability. Modern systems support bigger UDP packets with EDNS, but TCP’s still there as a fallback.

DNS Messages: What’s Inside?

A DNS query and response are structured packets of data. Here’s what they look like:

  • Header: Contains metadata like an ID (to match queries to responses), flags (e.g., “please recurse for me”), and counts of how many questions and answers are in the packet.
  • Question Section: The query itself e.g., “example.com, type A, class IN” (A means IPv4 address, IN means internet).
  • Answer Section: The response—e.g., “example.com is 93.184.216.34.”
  • Authority and Additional Sections: Extra info, like who’s authoritative or bonus records (e.g., IPv6 addresses via AAAA records).

These messages are binary, not text, which keeps them compact. One fun flag to note is “Recursion Desired” (RD) it’s the resolver saying, “Hey, don’t just point me somewhere else, go find the answer yourself!”

Record Types

DNS isn’t just about IP addresses. The “type” in a query can ask for different things:

  • A: IPv4 address (e.g., 192.168.1.1).
  • AAAA: IPv6 address (e.g., 2001:0db8::1).
  • MX: Mail server for the domain.
  • CNAME: An alias pointing to another domain.

The resolver handles all these, depending on what your app needs.

Caching and TTL

Caching is a big deal for performance. When a resolver gets an answer, it stores it for a duration specified by the Time to Live (TTL), a value in seconds set by the domain’s admins. A TTL of 3600 means “keep this for an hour.” This cuts down on repeat queries and speeds things up. Ever fixed a site by “flushing the DNS cache”? That’s clearing out stale entries.

Types of DNS Resolvers

Not all resolvers are the same. Here are the main flavors:

ISP Resolvers: Your internet provider runs these. They’re default but might log your activity.

Public Resolvers: Options like Google Public DNS (8.8.8.8) or Cloudflare (1.1.1.1). Fast, free, and often more private.

Local Resolvers: You can run your own with software like Unbound or Pi-hole. I set one up at home once and took some tinkering, but it was satisfying to control my own DNS traffic and block ads network-wide.

Security and Modern DNS

DNS isn’t just about convenience—it’s a security linchpin. If a resolver gets hacked, it could send you to a fake site. That’s why we have DNSSEC (DNS Security Extensions), which signs responses to prove they’re legit. And lately, privacy’s gotten a boost with DNS over HTTPS (DoH) and DNS over TLS (DoT)—they encrypt your queries so no one’s snooping.

You might also like

BlurHash: An Alternative to Generic Image Placeholders

What is an image placeholder? Having too many images in your app or images that are very large and load slowly can negatively impact page…

Jassim
Junior Engineer I
Jun 13, 2023

Dynamically Inject OpenGraph Meta Tags with AWS Lambda@Edge and CloudFront: A Step-by-Step Guide

Introduction Recently, I faced a challenge with serving my ReactJS application using an S3 bucket and CloudFront distribution. While this setup simplifies deployment and maintenance,…

Arvind Nair
Nov 04, 2024

Making the Switch: The Shifting Landscape of IT Infrastructure

In today’s tech landscape, the cloud has become synonymous with flexibility, scalability, and ease of use. It’s no wonder that so many businesses have flocked…

Rohith V
Feb 20, 2025