What is the DNS protocol?
Explore our DNS solutions Subscribe for AI updates
Illustration representing DNS protocol

Published: 12 March 2024
Contributors: Camilo Quiroz Vazquez

What is the DNS protocol?

The Domain Name System (DNS) protocol is a process that allows internet users to navigate the internet using hostnames instead of numeric IP addresses. DNS is like the phonebook of the internet; it simplifies the process of searching for specific websites through web browsers.

When a DNS client makes a DNS request using a hostname, such as www.example.com, a series of functions connect that request with the corresponding IP address. These functions provide the authentication of IP addresses (both IPv4 and IPv6) and make internet usage more accessible by translating customizable domain names into complex numerical addresses.

To complete these functions, DNS protocol relies on four types of DNS servers that, when functioning properly, make the process fast and secure. DNS servers use DNS records—records such as A records and CNAME records that contain information that guides the resolution process—to properly route DNS requests. These records are text-based files known as “zone files,” written in DNS syntax.                                      

DNS resource records are stored on authoritative DNS servers also known as authoritative name servers. They contain information related to the domain, including how long a server will keep DNS records cached, a period known as time-to-live (TTL). These records enable the linking of domain and subdomains and the proper routing of emails, assist with DNS security and more.

Guide to AI and IT Automation

The Enterprise Guide to AI and IT Automation offers an in-depth look at AI-powered IT automation, including why and how to use it, the issues blocking your efforts and how to get started.

Related content

Subscribe to the IBM newsletter

A step-by-step guide to DNS protocol

Through the following process, DNS queries are resolved, and users are connected with the IP address of the web server hosting the site:

  • When you use a DNS client such as your computer, smart device, any web browser, or application to connect to a domain name, you set off what’s known as a recursive query, DNS request, DNS lookup or DNS query.

  • When a request for a DNS record is made from a device like a smartphone, computer or tablet, a browser (such as Google Chrome) will first check its cache for the record. If no record exists, an operating system level resolver is queried. This operating system component, called a stub resolver, checks for the record.

  • If the requested record is not cached at the local level, DNS queries are then directed through a series of external DNS servers that help resolve the request.

  • The first server at work is the recursive DNS server, also known as the DNS recursor or recursive DNS resolver, which is often operated by an internet service provider (ISP). If possible, the recursive resolver uses DNS cache data to reach the desired site; if this data is not available it moves the request forward to the root name server.

  • Root name servers, or root DNS server, take the request and are able to route it to a server known as the top level domain or TLD name server, based on the site’s extension: .com, .org or .net, for instance.

  • TLD name servers take requests for specific extensions and sends them to the authoritative name server, also known as the authoritative DNS server or  or authoritative domain name server.

  • The authoritative name server contains information for the DNS zone it manages, including information related to specific domain names stored in DNS resource records, and connects domain names with corresponding IP addresses.

  • The information is returned to the DNS client, completing a DNS resolution.

When a DNS server is unable to retrieve a complete answer, it sets off an iterative DNS query. Servers will continue to bounce the request through different servers until an IP address is found or a time out or error is reached.

DNS protocol specification
Domain namespace

The DNS namespace governs public DNS hostnames on the internet. The namespace creates a hierarchy that is structured like a tree, and each node in the tree has a textual label and DNS resource records that describe the domain. The domain name is made up of the label along with the label of its parent notes (these sections are separated by a dot, as in “example.com”), and is separated into zones. Each zone is delegated to a specific legal entity for administration and management. This structure allows for websites to be given unique names.

Domain name syntax

The domain name creates a hierarchical structure with different levels. Domain names consist of one or more parts called labels and each part is separated by a dot. A label can contain up to 63 characters.

Example: forum.support.example.com

In the example above, “.com” represent the top-level domain, “example” represents the domain name, “support” is a subdomain under “example” and “forum” is a subdomain under “support.”

Resolving a DNS request

A recursive DNS server, also known as a DNS recursor or recursive DNS resolver, communicates with other DNS servers to locate and return an IP address. This server receives a DNS query and can connect a user to the desired site using cached data. If site data is not cached, it sends a follow-up request to the authoritative name servers.

The authoritative name server is usually the final stop in the process of resolving a DNS query. This server contains the resource records for all domains in that zone. On occasion, authoritative name servers must send a request to another name server to find information about specific subdomains. 

DNS message format

DNS messages consist of queries and replies and contain the following fields:

  • A header containing identification, flags, the number of questions and answers, the number of authority resource records (RRs), and the number of additional resource records.

  •  A flag field indicating message type and if a name server is authoritative, the status of a query, and whether it was recursive or truncated.

  • A question section with the domain name and record type being resolved.

  • The answer section with the resource records of the queried name.
DNS transport protocol

DNS uses the User Datagram Protocol to answer DNS queries due to its speed and low overhead. For DNS responses that are larger than 512 bytes, or if a server is managing zone transfers (the transferring of DNS records from primary to secondary DNS servers) or similar tasks, it uses the Transmission Control Protocol (TCP). TCP enables data integrity checks and breaks a message down into smaller packets to help ensure it reaches its destination as quickly as possible.

DNS master files (zone files)

DNS master files are stored on DNS name servers. They are text files that define DNS information for a single DNS zone such as:

  • Global time to live (TTL): This defines the amount of time records should be stored in local DNS caches.

  • Start of authority (SOA) record: This establishes the primary authoritative name server for a given zone.

  • Resource records: These records are used to store hostnames, IP addresses and other information in DNS name servers.
Enterprise scale DNS

On a small scale, a user should not even notice this process is happening. On an enterprise scale, understanding how DNS works is important for maintaining both internal and external web services and selecting a managed DNS solution.

Use cases for managed DNS solutions include:

Multi CDN

A content delivery network (CDN) is global network of servers that helps improve delivery performance and reduce latency. A multi CDN system allows for dynamic use of several CDNs to provide the best service.

Global server load balancing (GSLB)

When servers are overloaded, they can fail or slow down performance. Load balancing is the process of distributing network traffic across various servers, and GSLB distributes workloads efficiently across data centers around the world. 

Geographic routing

Managed DNS solutions facilitate automated routing based on the geographic location of end users, speeding network and application performance. 

DNS traffic steering

Traffic steering gives organizations the power to optimize connections to applications, services and content based on real-user monitoring (RUM) data, load and network conditions.

Related solutions
IBM NS1 Connect Managed DNS 

IBM® NS1 Connect Managed DNS service delivers resilient, fast, authoritative DNS connections to prevent network outages, and keep your business online, all the time.

Explore IBM NS1 Connect Managed DNS

IBM NS1 Connect global server load balancing

Optimize end-user experience and improve network resilience at a lower cost with IBM NS1 Connect GSLB, a new approach powered by DNS and real-time device performance data.

Explore IBM NS1 Connect GSLB

IBM Cloud DNS services

IBM Cloud® DNS Services offers public and private authoritative DNS services with fast response time, unparalleled redundancy and advanced security—managed through the IBM Cloud web interface or by API.

Explore IBM Cloud DNS services
Resources  What is DNS?

The Domain Name System, or DNS, is what makes it possible for users to connect to websites using internet domain names and searchable URLs rather than numerical Internet protocol addresses.

What are DNS records?

A Domain Name System (DNS) record is a set of instructions used to connect domain names with internet protocol (IP) addresses within DNS servers.

What is a DNS server?

DNS servers translate the website domain names users search in web browsers into corresponding numerical IP addresses. This process is known as DNS resolution.

What is primary DNS?

A primary DNS server is the first point of contact in query resolution and serves as the definitive source for information about a domain, storing original copies of all the domain's DNS records.

What is a DNS zone?

A DNS zone is a distinct logical entity within the domain namespace of the Domain Name System (DNS), delegated to an administrator, organization, or other legal entity responsible for managing it.

What is a CNAME record?

A CNAME record, or canonical name record, serves as an alias within the Domain Name System (DNS), redirecting one domain name to another.

Take the next step

IBM NS1 Connect provides fast, secure connections to users anywhere in the world with premium DNS and advanced, customizable traffic steering. NS1 Connect’s always-on, API-first architecture enables your IT teams to more efficiently monitor networks, deploy changes and conduct routine maintenance.

Explore NS1 Connect Book a live demo