[Concept] And I thought I knew DNS

Published: 5 days ago (January 3, 2026 at 12:39 PM EST)

7 min read

Source: Dev.to

Introduction

We all know how DNS works – there are countless articles and blogs that explain it.
While digging deeper I discovered several pieces of information that were new to me, so I decided to write them down.

Note: There are many excellent resources on DNS, but I hope you’ll find something new here.

Why Was DNS Created?

Before DNS, name‑based communication relied on a HOSTS.TXT file that was copied from computer to computer.
Each site maintained its own file, mapping host names to network addresses in a simple, human‑readable format.

Keeping multiple copies of the hosts file proved inefficient and error‑prone.
RFC 623 and RFC 625 designated the Stanford Research Institute Network Information Center (NIC) as the official source of the master hosts file.

The Birth of DNS

Paul Mockapetris and his team were tasked with creating a more user‑friendly network, so users wouldn’t have to remember IP addresses.
They proposed that host names consist of:

Component	Example
Name	`IBM`
Category / Purpose	`.com` (commercial)

A year later, the first generic Top‑Level Domains (gTLDs) were introduced:

.com, .edu, .net, .org, .int, .gov, .mil

By the end of 1985, six new .com domains existed. The very first one ever registered – Symbolics.com – is still active today.

Trivia

DNS Interceptors

Used for optimisation, censorship, captive portals, etc.
Since DNS is the gateway to the Internet, controlling it allows control over queries and requests.

Privacy

RFC 7816 – QNAME Minimisation improves privacy.
Instead of sending the full query to the authoritative name server, a resolver can send only the minimal required information.

DNS in a Nutshell

DNS is a global, distributed identifier database that replaced the static /etc/hosts file.
To understand its distributed model, let’s trace a typical lookup.

The DNS Resolution Process

1. Browser Cache

When you request https://google.com, the browser first checks its local cache. If the answer is present, it’s returned immediately.

2. Stub Resolver

If the cache misses, the stub resolver (e.g., gethostbyname(), getaddrinfo()) in the operating system takes over and sends the query to a recursive resolver.

The stub resolver is a thin client that forwards queries to a recursive resolver on behalf of applications.

3. Recursive Resolver

The recursive resolver does the heavy lifting:

Cache Check – If it has a cached answer (still valid per TTL), it returns it.
Root Hint File – If not cached, it starts from the root hint file (a list of the 13 root server IPs).
Priming Query – It sends a priming query to a root server to obtain the list of root name servers.
Iterative Queries – It follows the DNS hierarchy: Root → TLD → Authoritative name server for the domain.
Caching – The answer is cached with its TTL (Time‑to‑Live) value.

TTL Details

TTL is a suggestion for how long a record may be cached.
Some resolvers enforce a maximum TTL; values above that are ignored.
To honour TTL, a resolver subtracts the time already spent resolving before caching the result for downstream clients.

4. Forwarders & Proxies (Optional)

Between the stub and recursive resolver, you might encounter forwarders or proxy servers that forward queries to a recursive resolver. This is often done for:

Security (hiding internal network details)
Centralised caching

5. Types of Resolvers

Type	Description
Stub	Thin client used by applications.
Recursive	Performs full resolution on behalf of the stub.
Forwarder	Forwards queries to another resolver, often for security or policy reasons.
Validating	Performs DNSSEC validation.
Pay‑wall	Restricts access to certain domains.

Most ISPs operate their own recursive resolvers, each maintaining its own cache.

The Root Zone

ICANN, Verisign, and the Root Server Operators manage the root zone.
A query to the root domain (.) returns the 13 root name servers.

Glue Records

Glue records are hard‑coded A (or AAAA) records that eliminate circular dependencies.
A circular reference occurs when an authoritative name server’s name lives inside the zone it serves (e.g., ns.example.com inside example.com). Without glue, the resolver could never reach the server because it doesn’t yet know its IP.
Glue records are added at the domain registrar when delegating a zone, and each name server on the Internet has its own glue record created by the domain’s owner.

Summary

DNS replaced the static hosts file with a distributed, hierarchical database.
The resolution flow moves from browser cache → stub resolver → recursive resolver → root → TLD → authoritative server.
Caching and TTL control how long records are stored at each level.
Root servers, glue records, and forwarders keep the system efficient and reliable.
Modern concerns such as privacy (QNAME minimisation) and interception (censorship, optimisation) are addressed through extensions and best practices.

Feel free to explore each component further – DNS is a deep and fascinating topic!

The Name Servers

Now the Recursive Resolver, which is responsible for most of the work, finds the Authoritative Name Server, gets the answer for the query (including the remaining TTL), hands it over to the Stub Resolver, and that’s how we resolve a domain name to an IP address.

A Quick Pseudo‑code Summary

var cache = map[string]string{}

func stubResolver(domain string) string {
    var (
        ipAddress string
        cacheHit  bool
    )
    ipAddress, cacheHit = cache[domain]
    if !cacheHit {
        ipAddress = recursiveResolver(domain)
    }
    return ipAddress
}

func recursiveResolver(domain string) string {
    // … recursively keep trying to identify the
    // **Authoritative Name Server** by getting the
    // **Name Servers** of each element.
    // It may even go all the way to the root zone (".").
    return ipAddress
}

Note: The real process is far more involved; the code above is only a high‑level illustration.

What Is a DNS Query?

A DNS query is a tuple (called a Query Tuple) consisting of:

Field	Description
Query Name	The domain name being looked up
TTL	Time‑to‑live for the answer
Class	Usually `IN` (Internet)
Query Type	`A`, `AAAA`, `MX`, etc.
RDATA	Resource‑record data (present in responses)

The requester asks for the entire tuple—it can’t request just a single piece in isolation. On the wire (RFC 1035) the query is a mix of ASCII‑like labels and binary data, using the historic label‑compression scheme.

Trivia Details

Topic	Details
Transport	DNS prefers UDP. If the response is larger than 512 bytes, or if the server is doing zone transfers, it falls back to TCP.
In‑billiwick vs. Out‑of‑billiwick	In‑billiwick servers are inside the delegated zone and rely on glue records. Out‑of‑billiwick servers are external to the zone.
Packet Evolution	Early packets had only 4 bits for the RCODE field. With EDNS0 (RFC 6891) the OPT pseudo‑RR was added, expanding the RCODE to 12 bits and introducing new flags and extensions (e.g., extended errors – RFC 8914, client subnet – RFC 7871).
Truncation	When a UDP response exceeds the client’s buffer, the TC (truncated) bit is set. The client may retry over TCP or the server may drop non‑essential sections to fit.
Response Rate Limiting (RRL)	A DDoS‑mitigation technique that throttles responses based on query frequency.
Reverse DNS (PTR)	To find a name from an IP address, reverse the octets, append `.in‑addr.arpa`, and query a PTR record. Example: `142.250.72.196 → 196.72.250.142.in‑addr.arpa`.
Apex, Terminal & Lame Delegations	Apex – the root of a zone (e.g., `example.com`). Terminal – the last node in a zone. Lame delegation – a parent NS record points to a child that no longer serves the zone.
Happy Eyeballs	Modern clients send parallel A and AAAA queries (RFC 8305). The first response wins, improving user experience.
Non‑existence Types	NXDOMAIN – the domain name does not exist. NOERROR with an empty answer – the queried record type does not exist for an existing name.
.com ↔ .net Dependency	Many `.com` name servers are themselves delegated to `.net` name servers.
CNAME vs. DNAME	CNAME – an alias for a single name (can point to any zone). DNAME – an alias for an entire subtree (zone).
Wildcard Records	Wildcards are defined in RFC 4592. A query like `foo.some-domain.com` is not* valid; the asterisk can only appear as the left‑most label (`*.example.com`).

Closing Thoughts

Hope this “blog‑style” note gave you a clearer picture of DNS internals and some interesting trivia.

Happy Learning!