Raghav On Security

We Make You Informed!

Network Trending Tutorials Web

DNS (Domain Name System) – Explained

ByRaghav Bansal

Sep 17, 2023 , , , ,
DNS

What is DNS (Domain Name System)?

Humans cannot remember the IP addresses. That is where DNS (Domain Name System) comes in handy. DNS resolves domain names into IP addresses. DNS holds all the addresses of every device or website that is connected to the internet. It offers a distributed database of website addresses and similar corresponding IP addresses.

DNS is a hierarchical distributed system with authority. It is widespread globally across different servers on the internet. DNS falls under the application layer in the OSI model. DNS supports and identifies devices that are connected to the internet.

The Domain Name System (DNS) uses a hierarchy of servers to store and manage DNS records. Root servers sit at the top of this hierarchy and direct queries to the appropriate Top-Level Domain (TLD) servers. TLDs identify domain extensions such as .com, .net, and .org. Furthermore, a Fully Qualified Domain Name (FQDN) combines a hostname, a domain name, and a top-level domain to create a complete domain address. For example, when you access www.raghavonsecurity.com, the hostname is “www,” the domain name is “raghavonsecurity,” and “.com” serves as the TLD. Together, these components help DNS locate and deliver the correct website to users.

How does DNS resolve?

DNS Resolves:

Whenever any webpage is loaded, DNS resolves. DNS must be resolved so the browser can initiate a TCP connection to an HTTP request. The actual DNS resolution starts when the user types a URL in another web browser. At this moment, the browser asks the operating system for a specific web page.

Ns-Lookup

OS Recursive Query to DNS Resolver

  • Since the operating system running on your computer doesn’t know where “www.raghavonsecurity.com” is, it queries a DNS resolver. OS sends the query to the DNS resolver with a special flag that informs it is a “recursive query”.
  • It means that the resolver must complete recursion and come up with a response either with an IP address or with an error. Here, the resolver goes through a process called recursion to convert the domain name into the IP address.

Iterative Query to the Root Server

  • It starts by querying the root DNS server’s IP address of “www.raghavonsecurity.com”. This query does not have a recursive flag, so it is an “iterative query, ” meaning the response must be a location of an authoritative name server, error, or address.
  • Here, the root is represented in the hidden trailing “.” at the end of the domain name. There are a total of 13 root server clusters from A to M.
  • They are operated by 12 different organizations that report to the Internet Assigned Numbers Authority. All the servers are copies of one master server run by IANA.

Root Server Response

  • These root servers store the locations of all the top-level domains such as .io, .in, .org, .com, and many newer generic top-level domains.
  • The root does not know the IP info for “www.raghavonsecurity.com,” but it knows that .com holds. .com will return with the location of the .com servers. Here, the root will respond with 13 locations of .com gTLD servers.

DNS Resolver iterative Query to the TLD(Top-Level Domain) Server

  • Each of the root servers has 4-13 clustered name servers. There are mainly two types of TLDs: ccTLDs (country codes) handled by government organizations and gTLDs (generic) handled by a commercial entity.
  • Both entities are responsible for handling and running these servers. Generally, gTLD servers such as .com, .net, and .edu are controlled by Verisign .gov by gTLDs.

TLD (Top-Level Domain) Server Response

  • Each TLD server stores a list of all authoritative name servers for each domain in the TLD. For example, each of the 13 .com gTLD servers holds the list of all the name servers for every other .com domain.
  • The gTLD server does not have the IP addresses for google.com, but knows the locations of google.com’s name servers. The .com gTLD servers will respond with the list of all target domain NS records.

DNS Resolver Iterative Query to the target domain NS

  • Here, the DNS resolver queries one of the target name servers for the IP address of “www.raghavonsecurity.com”.

Target Domain NS Response

  • The queried name server knows the IPs and responds with an A or AAAA address record for IPv4 and IPv6.

DNS Resolver Response to OS

  • At this point, the resolver has now completed the recursion process and can respond to the end user’s OS with an IP address.

Browser Initiates the TCP Handshake

  • Lastly, the OS holds the target domain’s IP address and provides the IP to the application browser. It initiates the TCP connection to start loading the page.

DNS(Domain Name System) Records

Authoritative DNS servers store DNS records and provide essential information about a domain, including its associated IP address and instructions for handling requests. To better understand DNS records, think of them as entries in a business directory. For example, a business directory lists important details such as locations, services, contact numbers, and email addresses. Similarly, DNS records store critical internet-related information that helps users and systems locate and access online resources. However, every domain must maintain a set of essential DNS records to ensure users can access the website through its domain name. In addition, administrators can configure optional DNS records to support extra services and functionality.

DNS Records

  • A Record – It holds the IPv4 address of a domain.
  • AAAA Record – It holds the IPv6 address of a domain
  • CNAME Record – It holds one domain to a subdomain
  • MX Record – It leads the mail to the email server.
  • TXT Record – It enables the administrator to enter text in DNS.
  • NS Record – It stores the name server for a DNS entry.
  • SOA Record – It holds the admin information of a domain.
  • SRV Record – It specifies a port for specific services.
  • PTR Record – It offers a domain name in reverse lookups.

Note – For demonstration, we have used NSLOOKUP, typically preferred, “NSLOOKUP”, a command line utility used in querying the domain name system of the target domain or IP address. This tool comes installed in Windows. Apart from NSLOOKUP, “DIG” is another command utility usually used in querying the DNS of the domain name or the IP address. For better insights, NSLOOKUP is preferred.

NS Lookup

Decrypting DNS Records

A Record

The A indicates “Address,” and this is the primary type of DNS record. It indicates the IP address of a given domain. The most common use of an A record is IP address lookups. Mainly for matching a domain name, for instance, raghavonsecurity.com, to an IPv4 address. This helps the user to remember the website instead of memorizing the IPv4 address. As explained above, the DNS resolver automatically carries out by sending a query.

Note – Whenever NSLOOKUP queries the domain name, it returns a non-authoritative answer. Non-authoritative DNS servers are recursive or caching DNS servers. It does not store the primary DNS records for domains. Rather, it stores the cached DNS responses.

Copyright reasons hide some domains. You can easily find different domains or your target domain to get the domain name records.

Breaking Down A Record

  • To query an A record, open CMD. Type below commands
nslookup
set type=a
hackthissite.org

A Record

  • The above queried DNS record responded with 5 IPv4 addresses137.74.187.102. Instead of using a domain name, users can also use an IPv4 address. A record is defined to map an IP address to a domain name.

AAAA Record

An IPv6 address is associated with an AAAA record, which is very similar to an A record. Specifically, it stores the IPv6 address, the latest version of the Internet Protocol (IP). Compared to an IPv4 address, an IPv6 address is significantly longer. As a result, IPv6 provides a much larger address space with more possible IP address combinations.

Furthermore, this expanded capacity helps accommodate the growing number of internet-connected devices worldwide. Similar to an A record, an AAAA record maps a domain name to its corresponding IP address. Therefore, it enables users to access websites using easy-to-remember domain names instead of complex numerical addresses.

Breaking Down AAAA Record

  • Type below commands
set type=aaaa
hackthissite.org

AAAA Record

  • The above screen responded with the IPv6 address 2001:41d0:8:ccd8:137:74:187:100. Nowadays, IPv6 has become an alternative to IPv4 addresses. Multiple IPv4 addresses are diminishing; that’s why users are opting for IPv6 addresses. Another option for mapping the domain name to the IPv6 address.

CNAME RecordA AA

CNAME (Canonical) record is used to alias the same name to a single domain name. All CNAME records must point to the domain name and not to the IP address. Instead of creating multiple DNS records for the same destination, you can create an A record for your domain name (example.com) that points to the server’s IP address. Then, you can create a CNAME record for your subdomain (www.example.com) that points to example.com. As a result, both records will direct users to the same destination. Furthermore, if the server’s IP address changes in the future, you only need to update the A record for example.com. Consequently, the CNAME record for www.example.com will automatically inherit the updated IP address, making DNS management simpler and more efficient.

Breaking Down a CNAME Record

  • Type below commands
set type=cname
www.raghavonsecurity.com
cname-record

CNAME Record

  • As we queried www.raghavonsecuriy.com for the CNAME record. Raghavonsecurity.com DNS records responded with its canonical domain name.

MX Record

An MX (Mail Exchange) record routes email traffic to the appropriate mail server. Specifically, the MX record defines how emails are delivered using SMTP (Simple Mail Transfer Protocol). For example, whenever someone sends an email to admin@example.com, the MX record directs the message to a designated mail server.

Furthermore, MX records often support multiple mail servers, which helps with load balancing and improves email service availability. As a result, organizations can reduce the risk of email outages and ensure reliable message delivery. In addition, MX records play a crucial role in diagnosing and troubleshooting email delivery issues.

Breaking Down an MX Record

  • Type below commands
set type=mx
hackthissite.org
mx-record

MX Record

  • MX record returned with 7 different mail exchangers. 
hackthissite.org MX preference = 10, mail exchanger = aspmx.1.google.com
  • hackthissite.org – domain name
  • MX Preference = 10 – Priority numbers indicate the preference. A lower priority value is always preferred.
  • Mail exchanger = aspmx.1.google.com – It’s a specified mail server where the email will be redirected.

TXT Record

TXT (Text) record is used to let a domain administrator enter text in DNS records. It offers the ability to connect text within a zone. These records are used for numerous purposes. One of the common examples is ownership validation. To prove the ownership, a provider needs to add a TXT record. However, the main intention of the TXT record is to place human-readable notes. A user can have different TXT records.

Breaking Down a TXT Record

  • Type the commands below.
set type=txt
hackthissite.org
txt-record

TXT Record

  • The above record responded with the 3 txt records:
  1. “v=spf1 a mx ip4:137.74.187.96 ip4:137.74.187.97 ip4:137.74.187.98 a:hackthissite.org a:mail.hackthissite.org include:aspmx.googlemail.com include:spf.tutanota.de -all” hackthissite.org textSPF (Sender Policy Framework) records contain a list of IP addresses and the SMTP servers for each IP address. The main motive of SPF is to check the authenticity of incoming emails from the domain owner before they are delivered to recipients. It contains IPv4 addresses, A, and MX records.
  2. HARICA-aaaDeHpueWSi2N4aEvO” – It also contains the HARICA info, which means that the domain has also opted for HARICA validation. A trusted third-party entity that engages with all major Root CA programs.
  3. “t-verify=e3f12c9c23e2e475563590326df31a12” – It’s a Domain Owner Verification txt record. It provides you with a verification code. It contains an ASCII string that contains the text of your DNS TXT record.

NS Record

An NS (Name Server) record specifies which DNS server is authoritative for that domain, meaning which server holds the actual DNS records. It tells the internet where to proceed and locate the domain’s IP address. A domain always has numerous NS records. However, these NS records always indicate the primary and secondary nameservers.

Breaking Down an NS Record

  • Type the commands below.
set type=ns
hackthissite.org
ns-record

NS Record

  • hackthissite.org DNS NS records responded with 5 different NS records.
hackthissite.org nameserver = f.ns.buddyns.com
  • hackthissite.org = domain name
  • f.ns.buddyns.com = Hackthissite.org Name server
  • These nameservers locate the domain IP address.

SOA Record

SOA (Start of Authority) records store essential information about a domain, including the administrator’s email address, the domain’s last update, and the time interval between refreshes. First, it identifies the primary name server for the domain. Second, it specifies the responsible party for managing the domain. Additionally, it includes a serial number that changes whenever the domain records are updated. Furthermore, it defines the number of seconds before the zone refreshes. It also specifies the waiting period before a failed refresh attempt is retried. Moreover, the SOA record determines the maximum amount of time a zone can remain valid before it is considered no longer authoritative. Finally, it includes the negative TTL value, which defines how long a DNS resolver should cache a negative response for a subdomain before performing another lookup.

Breaking Down the SOA Record

  • Type the commands below.
set type=soa
hackthissite.org
soa-record

SOA Record

  • After querying the SOA record for the hackthissite.org.
    • Primary Name Server = c.ns.buddyns.com – is the first point of contact for the web browser.
    • Responsible mail address = admin.hackthissite.org – is the admin email address.
    • Serial = 2023040305 – The zone serial number increases when you change the zone file. This helps secondary name servers know when to reload the zone because it’s been updated.
    • Refresh = 3600 (1 hour) – This is the time gap, measured in seconds, between update requests sent by secondary and slave name servers.
    • Retry = 900 (15 mins) – This is the waiting time, in seconds, that the secondary or slave will pause before trying again if the previous attempt has failed.
    • Expire = 604800 (7 days) – This is the waiting time, measured in seconds, that a master or slave server will pause before regarding the data as outdated if it can’t connect to the primary name server.
    • Default TTL (Time to Live) = 86400 (1 day) – This is the amount of time, in seconds, that a domain name is already saved on a local device before it expires and the device goes back to the authoritative nameservers to get updated information.

SRV Record

SRV (Service) record defines a host and port for specific services such as VOIP (Voice Over IP), instant messaging, and so on. This record typically shows a symbolic name and the transport protocol used in part of the domain name.

Breaking Down an SRV Record

  • Type the commands below.
set type=srv
example.com
srv-record

SRV Record

  • SRV record returned with: –
    • Primary name server = ns-546.awsdns-04.net = It shows the transport protocol with the domain name.
    • Responsible mail addr = awsdns-hostmaster.amamzon.com = Another domain name
    • Serial = 1 – The zone serial number increases when you change the zone file.
    • This tells secondary name servers to reload the zone when it has been updated.
    • Refresh = 7200 (2 hours) – This is the time gap, measured in seconds, between update requests sent by secondary and slave name servers.
    • Retry = 900 (15 Min) – This is the waiting time, in seconds, that the secondary or slave will pause before trying again if the previous attempt has failed.
    • Expire = 1209600 (14 Days) – This is the waiting time, measured in seconds, that a master or slave server will pause before regarding the data as outdated if it can’t connect to the primary name server.
    • Default TTL = 86400 (1 day) – This specifies the amount of time, in seconds, that a domain name is saved on a local device before expiring, prompting the device to return to the authoritative nameservers for updated information.

PTR Record

PTR record associates the domain name with IP addresses. The PTR record is exactly the opposite of the A record. This type of DNS record is generally used in reverse DNS lookups. When a user tries to reach a particular IP address. The query initiates with an IP address and looks up the domain name.

Breaking Down PTR Record

  • Type below commands
set type=ptr
137.74.187.101
ptr-record

PTR Record

  • PTR record responded with:
101.187.74.137. in-addr-arpa name = hackthissite.org
  • 101.187.74.137. in-addr-arpa = Reverse DNS, rDNS is used to determine the domain name associated with an IP address. 137.74.187.101 is the host IP address.
  • In in-addr-arpa zone files, it is stored in reverse form as 137.74.187.101 with the dot at the end showing the in-addr-arpa domain.

For a more detailed understanding, click on the link:

We have demonstrated how to use nslookup for DNS querying and troubleshooting. We have tested out basic and advanced records.

Conclusion

In conclusion, the Domain Name System (DNS) is the unsung hero of the internet, quietly working behind the scenes to make our online experiences seamless. Specifically, it plays a fundamental role in translating user-friendly domain names into machine-readable IP addresses. Furthermore, the speed and reliability of DNS services are crucial for delivering a smooth and efficient online experience. In addition, security measures such as DNSSEC help protect users and organizations against evolving cyber threats.

As technology continues to advance and we explore new digital frontiers, DNS will continue to adapt and evolve. Consequently, it will ensure that users can easily navigate the vast web of information available at their fingertips. Therefore, the next time you type a web address into your browser, take a moment to appreciate the silent enabler – the Domain Name System—that makes modern internet communication possible.

FAQs

What is DNS, and why is it important?

DNS (Domain Name System) converts domain names into IP addresses. It helps users access websites without remembering complex IP numbers. As a result, DNS enables fast, reliable, and seamless internet browsing.

How does DNS resolution work?

DNS resolution starts when a user enters a website URL into a browser. The DNS resolver then contacts root, TLD, and authoritative name servers to find the correct IP address. Finally, the browser connects to the website and loads the page.

What are the most common DNS records?

The most common DNS records include:

  • A Record – Maps a domain to an IPv4 address.
  • AAAA Record – Maps a domain to an IPv6 address.
  • CNAME Record – Creates a domain alias.
  • MX Record – Routes email traffic.
  • TXT Record – Stores verification and security data.
  • NS Record – Identifies authoritative name servers.

What is the difference between an A Record and a PTR Record?

An A Record maps a domain name to an IP address. In contrast, a PTR Record maps an IP address back to a domain name. Therefore, PTR records support reverse DNS lookups and email server verification.

How does NSLOOKUP help with DNS troubleshooting?

NSLOOKUP is a command-line tool that queries DNS records. It helps administrators verify DNS settings, troubleshoot email issues, and identify DNS configuration problems quickly.

How does DNS security protect users?

DNS security protects users from threats such as DNS spoofing, cache poisoning, and domain hijacking. Additionally, DNSSEC verifies DNS responses and prevents attackers from redirecting users to malicious websites.

By Raghav Bansal

Raghav Bansal has been working as a cybersecurity researcher for the past 8 years. He possesses strong research skills and specializes in crafting information related to cybersecurity and information security, covering almost all topics in the field. With a keen eye for detail and a dedication to staying updated with the latest trends and threats,

Related Post

Incidents News Trending

Threat Actor is Selling France National Health Insurance Records on the Dark Web

Jun 12, 2026 Raghav Bansal
News Trending

Threat Actor Claims Major European CEOs’ Data – Millions of Records Allegedly Exposed

Jun 7, 2026 Raghav Bansal
News Trending Web

Ransomware Surge Targets Schools & Creative Firms Across India, US, UK & Gulf Nations

Jun 1, 2026 Raghav Bansal

Table of Contents

Index