Articles

DNS Resolution: How Domains Resolve to IP Addresses (2026)

April 18, 2026 4 min read

The DNS system is actually a vast, distributed database, not a single, monolithic lookup service.

Imagine you type www.example.com into your browser. Your computer doesn’t know where to find that. It needs an IP address. The journey to get that IP address is a fascinating dance involving several key players.

First, your computer checks its local DNS cache. This is like a personal notepad of recently visited websites and their IP addresses. If it’s there and hasn’t expired, great! You’re done. If not, it asks your configured DNS resolver.

This resolver is usually provided by your Internet Service Provider (ISP) or a public service like Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1). This resolver also has its own cache, so it might already know the answer.

If the resolver doesn’t have it, it starts a recursive query. It asks a root nameserver. There are only 13 logical root servers globally, but they are distributed across hundreds of physical locations. The root server doesn’t know the IP for www.example.com, but it knows who’s in charge of the .com domain. It tells your resolver to ask a Top-Level Domain (TLD) nameserver for .com.

The .com TLD nameserver also doesn’t know the IP for www.example.com, but it knows which authoritative nameserver is responsible for the example.com domain. It directs your resolver to ask that authoritative nameserver.

Finally, the example.com authoritative nameserver does know. It looks up the record for www.example.com (likely an A record for IPv4 or AAAA record for IPv6) and returns the IP address to your resolver. Your resolver then caches this information for a specified time (its Time-To-Live, or TTL) and returns it to your computer. Your browser can now connect to www.example.com.

Here’s a look at a typical DNS query flow from your machine:

# On your Linux/macOS machine, you can use dig to trace the query
dig www.example.com +trace

; <<>> DiG 9.16.1-Ubuntu <<>> www.example.com +trace
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.               IN  A

;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Oct 26 10:00:00 UTC 2023
;; MSG SIZE  rcvd: 55

;;; Trying to find www.example.com.
;;. (root servers)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 67890
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
;; QUESTION SECTION:
;www.example.com.               IN  NS

;; AUTHORITY SECTION:
.           172800  IN  NS  a.root-servers.net.
.           172800  IN  NS  b.root-servers.net.
# ... (output continues listing all 13 root servers)

;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Oct 26 10:00:00 UTC 2023
;; MSG SIZE  rcvd: 255

;;; Trying to find www.example.com.
;;com. (TLD servers)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11223
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;www.example.com.               IN  NS

;; AUTHORITY SECTION:
com.            172800  IN  NS  a.gtld-servers.net.
com.            172800  IN  NS  b.gtld-servers.net.
# ... (output continues listing other .com TLD servers)

;; SERVER: 192.26.156.10#53(192.26.156.10)
;; WHEN: Mon Oct 26 10:00:00 UTC 2023
;; MSG SIZE  rcvd: 255

;;; Trying to find www.example.com.
;;example.com. (authoritative servers)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44556
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.example.com.               IN  A

;; ANSWER SECTION:
www.example.com.    300 IN  A   93.184.216.34

;; SERVER: 203.0.113.53#53(203.0.113.53)
;; WHEN: Mon Oct 26 10:00:00 UTC 2023
;; MSG SIZE  rcvd: 100

This output shows the dig +trace command asking successively for the root, then the .com TLD server, and finally the authoritative server for example.com, which returns the IP address 93.184.216.34.

The entire system is designed for resilience and scalability. Instead of one giant database, it’s a hierarchical, distributed network of servers. Each level of the hierarchy (root, TLD, domain) delegates authority to the next level down. When you register a domain, you’re essentially telling the TLD registry which nameserver is authoritative for your domain.

One of the most surprising aspects of DNS is how much of the "internet’s address book" is actually managed by a very small number of organizations. While there are many root servers, they are operated by entities like Verisign, ICANN, and NASA. Similarly, TLDs like .com and .org are managed by a handful of registries. This centralized control at the top layers is a critical point of potential failure and security concern, though the distributed nature of the servers themselves mitigates many risks.

The next level of complexity you’ll encounter is understanding different DNS record types beyond A and AAAA, such as MX for mail servers or CNAME for aliases.

Want structured learning?

Take the full Computer Networking course →