How DNS Resolution Works

You type google.com. Your browser has no idea where that is.

So it asks DNS. And DNS doesn't just know the answer — it finds it, layer by layer, in milliseconds.

Let's trace that journey using dig.

What is dig?

dig (Domain Information Groper) is a DNS diagnostic tool. It lets you query DNS servers directly and see exactly what's happening under the hood.

Layer 1: Root Name Servers

Everything starts at the root. There are 13 root server clusters worldwide.

dig . NS

Output:

.                       518400  IN  NS  a.root-servers.net.
.                       518400  IN  NS  b.root-servers.net.
.                       518400  IN  NS  m.root-servers.net.

These servers don't know where google.com is. But they know who manages .com.

Layer 2: TLD Name Servers

Next, we ask: "Who handles .com domains?"

dig com NS

Output:

com.                    172800  IN  NS  a.gtld-servers.net.
com.                    172800  IN  NS  b.gtld-servers.net.
com.                    172800  IN  NS  m.gtld-servers.net.

These are the TLD (Top-Level Domain) servers. They manage every .com domain — but still don't know Google's IP.

Layer 3: Authoritative Name Servers

Now we ask: "Who's authoritative for google.com?"

dig google.com NS

Output:

google.com.             21600   IN  NS  ns1.google.com.
google.com.             21600   IN  NS  ns2.google.com.
google.com.             21600   IN  NS  ns3.google.com.
google.com.             21600   IN  NS  ns4.google.com.

These are Google's own nameservers. They have the final answer.

The Full Resolution

Finally, get the IP address:

dig google.com

Output:

google.com.             300     IN  A   142.250.193.206

That's it. Your browser now knows where to go.

The Complete Flow

Browser → Recursive Resolver → Root NS → TLD NS → Authoritative NS → IP

Every single web request follows this path. Caching makes it faster, but the hierarchy never changes.

Quick Reference

Command	What It Shows
`dig . NS`	Root name servers
`dig com NS`	TLD servers for .com
`dig google.com NS`	Google's authoritative servers
`dig google.com`	Final IP address
`dig google.com +trace`	Full resolution path in one command

DNS isn't magic. It's a layered lookup — root to TLD to authoritative. Now you can trace it yourself.

How DNS Resolution Works

How DNS Resolution Works

What is dig?

Layer 1: Root Name Servers

Layer 2: TLD Name Servers

Layer 3: Authoritative Name Servers

The Full Resolution

The Complete Flow

Quick Reference

DNS Record Types Explained

TCP Working: 3-Way Handshake & Reliable Communication

TCP vs UDP: When to Use What, and How TCP Relates to HTTP

How DNS Resolution Works

What is dig?

Layer 1: Root Name Servers

Layer 2: TLD Name Servers

Layer 3: Authoritative Name Servers

The Full Resolution

The Complete Flow

Quick Reference

Related Posts

DNS Record Types Explained

TCP Working: 3-Way Handshake & Reliable Communication

TCP vs UDP: When to Use What, and How TCP Relates to HTTP