We all know DNS is important to web browsing, Active Directory and so much more. However, I am often receive emails asking questions about DNS issues and the answers almost always lead back to how DNS lookups work. Understanding how DNS resolves names to IP addresses is crucial to troubleshooting DNS related issues.
The first and most obvious step in the DNS resolution task is entering the DNS name. Let's walk through an example of DNS resolution. You can follow along the steps below with this example.
It all starts when you enter a DNS name such as www.thelazyadmin.com into your browser. The browser passes the DNS name to the DNS client and waits for the response (either an IP address, or an error code). The DNS client takes the DNS name and makes a request to the computers DNS server. The DNS client does not perform the name resolution, it only passes the request from the browser to the DNS server and then relays the response from the DNS server back to the application.
(Step 1) Once the DNS server receives the request, the resolution process begins. One common error is that the server has recursion disabled. If recursion is disabled, the DNS server can only process requests for domains that it is authoratative for. The recursive DNS server looks at the DNS name backwards which in our example, www.thelazyadmin.com., is the trailing period. The trailing period indicates the root of the DNS namespace. Windows DNS servers contain records for the root DNS servers and will choose a root server from this list of root hints and request the address for the next part of the DNS namespace, in our example it is .com.
(Step 2) The root server returns a list of DNS servers (Step 3) that are authoritative for .com to the recursive DNS server. The recursive DNS server chooses a name server that is authoritative for .com and sends a request (step 4) for the DNS servers that are authoritative for the next component of the DNS namespace, in this example that it Thelazyadmin.com. The recursive DNS server also caches the servers listed as authoritative for .com so that it won't need to re-request them again until the TTL expires. The authoritative name servers for .com responds with a a list of authoritative servers, for Thelazyadmin.com(Step 5) The recursive DNS server has now resolved .Thelazyadmin.com. and all that is left is to resolve the IP address of the host, www in our example.
Again, the recursive DNS server chooses an authoritative server from the list for .Thelazyadmin.com and sends a request for the host (A) record associated with www.Thelazyadmin.com.com.(Step 6) The authoritative server for .Thelazyadmin.com returns all the A records for www.(Step 7) If there are more than one IP addresses, round robin DNS occurs with the authoritative server returning the A records with the lowest metric first, or, in the case of equal metrics, it rotates the order. Once again the recursive server caches the list of A records for www.Thelazyadmin.com.
The recursive DNS server now returns the list of A records to the DNS client (Step 8) which chooses an IP address to use. The DNS RFC specifies that the client is supposed to use the first IP address in the list. In Windows 2000 and up, this behaviour is modified so that IP address on the LAN are given priority. This shouldn't be an issue with external domains. Finally the DNS client returns the IP address to the browser which can now begin communicating with the remote server. (Step 9)