DNS - End to End Understanding

In this blog post, I will discuss how to set up the connection between your domain and server. I will also try to explain what happens behind the scenes when you visit example.com, and how exactly your web browser finds the correct server to display the website.

Suppose you have purchased the domain "example.com" from a domain provider. How can you configure it so that when someone visits example.com, it will reach your server?

You need to configure the DNS records.

DNS Records

What are DNS Records? - https://www.cloudflare.com/en-in/learning/dns/dns-records/ - DNS records are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain.

A Record / AAAA record

A Record - it's a mapping of the domain to the server's IPV4 address

AAAA Record - it's a mapping of the domain to the server's IPV6 address

1) Can I have multiple A-record for the same domain?

Yes, you can. It is called round-robin DNS, and the browser just chooses one of them randomly. It is a well-used method of getting cheap load balancing, but it has cons as well - i.e. one host goes down, users will still try to access it.

2) Can we point different IP Addresses to subdomains (example.com, blogs.example.com, labs.example.com) as well?

Yes, You can point the subdomain like www, labs etc. to a different IP address.


A DNS CNAME record provides an alias for another domain. Here are the examples where it can help you

1) if Each subdomain points to the same server then you have two choices either write A record for each subdomain or set CNAME which points to the main domain

The second approach is better to approach - let's say the server IP changes you don’t need to change anything other than A record i.e. example.com →

2) CNAME record also helps you in redirecting your page to some other website status.example.comexample.pageduty.com

NS Record

Nameserver is the server that stores A, AAAA, and CNAME records for your domain. NS Record helps you set up the right nameserver - Let’s say you are purchasing a domain from google and want to use Cloudflare then you can provide Cloudflare nameserver detail in the google domain. So you are trying to say that for looking for example.com detail please ask from Cloudflare nameserver.

Now let's understand what happens behind the scene when you hit example.com

When a user types example.com in a web browser, the browser checks its DNS cache to see if there is already an IP address mapping for the domain name. If there's no cache available, the browser calls the gethostbyname syscall to ask the operating system to find the IP address.

The operating system first looks at the /etc/nsswitch.conf (nameserver switch) file. It contains the following information:
hosts: files dns - This means that the OS will first look up the /etc/hosts file and then use the DNS protocol if it doesn't find an entry there.
If the /etc/hosts file has an entry example.com then browser will call the IP address if there is no entry then, it will first request the DNS server specified in the /etc/resolv.conf file. (If there's no response from that server, the OS will try the next IP address.)

So how does the DNS resolver find the IP address?
The DNS resolver first looks up its cache, which can be on various network devices. If there's no cache, it goes through the following steps:

The DNS server breaks down "example.com" into its parts.

  • “.” → Root Server

    IP address of root server is known to DNS resolver and now it queries to root server to find the right IP of .com

  • “.com” → TLD NameServer (top-level domain server)

    • DNS resolver now queries to .com server to return IP address of the authoritative nameserver of example.com


  • now DNS resolver calls the authoritative nameserver of example.com to fetch the IP address of google.com

In summary, the DNS resolver uses a hierarchical system of servers to find the IP address associated with a domain name.

Shell Commands to experiments

#Run this command in one shell to capture all DNS requests
> sudo tcpdump -s 0 -A -i any port 53
# Make a dig request from another shell
> dig google.com

# tcpdump result
17:55:51.672393 IP > 64183+ [1au] A? google.com. (39)
D.;G*....,.C..E..C....@.4c...........5./W.... .........google.com.......)........
17:55:51.685685 IP > 64183 1/0/1 A (55)

# Request made to for google.com. is the resolver mentioned in /etc/resolv.conf. Response received IP Address of google.com

> dig +trace google.com
google.com.   300      IN      A
request       ttl   class   type   response

> dig A facebook.com +short

> dig AAAA facebook.com +short

> dig NS facebook.com +short

> dig www.facebook.com CNAME +short