DNS stands for Domain Name System and essentially it is a phone book or contacts app for our computer. Understanding how name resolution happens at least at a high level is important to troubleshoot issues. It also helps in building larger systems which interacts with each other.

What is DNS and Why we need?

Humans are good with names than numbers and computers are the opposite. For calling Joe, we will use contacts app to look for Joe’s number and make a call. In web browsers we use human readable forms like www.google.com instead of 142.251.41.46 the IP address where google is hosted. When we enter web URL’s in browsers or when apps like Microsoft Teams needs service (SRV) records to lookup for a service it does a name to IP address lookup. This is name resolution.

DNS helps to resolve or convert the human readable names to its IP addresses. In windows you can go to command prompt (cmd.exe) and type nslookup as below to see this resolution happening against your current DNS server.

DNS Server does name resolution

DNS server on your currently connected network interface card (NIC) determines the results on DNS query. When a user at home connected to your home router, then your DNS server will be from your internet provider. While user is on a VPN connection or on a public internet the DNS server will change based on the internet provider to which computer (NIC) is connected with. On a Windows machine, DNS server can be seen using the command ipconfig /all. DNS servers are the actual phone book for our computers.

DNS Servers in an Enterprise vs home internet

Generally while you are at an office network, or at home connected via a VPN your NIC card is configured to the enterprise’s internal DNS server. These could be a DNS server roles installed on a Windows server (on-premises or IaaS), third party SaaS or some cloud based DNS solutions.

At home, generally over WIFI connection the DNS server is set by the router from the Internet provider provider.

Different kind of DNS records

There are many types of DNS records like A record, SRV record , MX record etc. Each has a purpose and certain service will use a particular record type. For example web browsers usually query A record to resolve the IP address.

Who updates these records in DNS servers

If you have purchased a domain like jacksonvarghese.com from a public domain registrar like GoDaddy, then you will update DNS records for the public domain in GoDaddy’s like below.

If you have a private domain (using Active Directory or other cloud based identity providers) like in the case of an enterprise, then chances are that you have a private DNS server tied to your enterprise. In this case you can add records against your private DNS Servers. When users are in office or connected on VPN, the resolution will happen against this private DNS server.

Thus if an enterprise has publicly accessible website, when a user on VPN/office network will get resolved to the private IP address records of that website. User will get redirected internally to its internal private IP address of the web server/load balancer. Alternatively same user using a home WIFI will resolve the website to the public IP address record present in the ISP’s DNS server (public DNS record).

Forward vs reverse lookup

Forward DNS lookup is the process of resolving a domain name to its IP address. Regular name resolution uses forward lookup and is most common. Reverse lookup is IP address to name and mainly used for security purposes.

DNS in action

Below image shows an MX record for my domain registered in public DNS with GoDaddy. With this record anyone can send an mail to notauser@jacksonvarghese.com mail address. For example when someone sends an email from their Gmail account to notauser@jacksonvarghese.com, the Gmail mail server will look for the MX record for jacksonvarghese.com domain. The mail will be send to that IP address referenced in the MX record.

How name resolution works

DNS resolution happens in multiple levels. It starts from looking up against the local cache. Local cache has records for which previous lookup has happened.

If local cache don’t have that information, then query goes to the currently configured DNS server. Based on how the server is configured and whether it has the information, the DNS server will either return a result or move up its chain to look for an answer on your behalf.