The DNS is an essential concept in the online world, and its operations empower users all around the world to access billions of websites every day. But what is DNS? And, perhaps more importantly, how does DNS work?

In this article, you will learn the definition of the DNS and how the servers involved in the process work in a step-by-step scenario. So, if you want to learn all these things and more, then keep on reading.

What Is DNS?

The acronym DNS stands for Domain Name System, a system that translates domain names into IP addresses. Domain names are the human-readable queries users type into their browser’s search bar, such as What the DNS does is translate this into a numerical IP address that the servers involve in the lookup process understand.

By doing so, the system eliminates the need for Internet users to memorize the complicated numerical sequences that makeup IP addresses, such as (IPv4) or 2001:0000:3238:DFE1:0063:0000:0000:FEFB (IPv6). For this reason, the DNS is known as the phonebook of the Internet.

The DNS is hierarchical and decentralized, which means that it is made of multiple layers and not managed by one single organization. However, the system hasn’t always been this complex. In the following section, I will run you through the history of the Domain Name System and how it came to be.

The History of DNS

The origins of the Domain Name System can be traced back to 1966 when U.S. Internet pioneer Bob Taylor created the ARPANET. The acronym stood for Advanced Research Projects Agency Network, and it was the precursor of the Internet as we know it today. Three years later, in 1969, the first computers went online, which resulted in the implementation of the Network Control Program in 1970.

Originally, the ARPANET stored names to address translations in a very simplistic manner – a single table in a document named HOSTS.TXT, created in 1974 by American information scientist Elizabeth J. Feinler. While this worked just fine at first, it become apparent quite quickly that it won’t be feasible for long due to the rapid expansion of the online world.

With more computers than ever going online in 1980, the scientist in charge of manually documenting the addresses and their numerical counterparts contacted Paul Mockapetris to find a solution. You might recognize his name as the man credited with the invention of the DNS.

And so, the Domain Name System was born in 1983, and the first set of Internet standards was published shortly thereafter. After this brief history lesson, it’s time to dive into how the DNS works.

How Does DNS Work?

The DNS functions through a process called DNS resolution, which consists of the aforementioned operation of converting domain names into IP addresses. This involves four types of servers:

  • DNS recursor
  • Root nameserver
  • TLD nameserver
  • Authoritative nameserver

The four servers listed above communicate with each other during every stage along the way to achieve one result – sending the Internet user to the webpage they query. In the sections below, I will go over the role of each server in more detail, as well as provide you with a 10-step overview of the DNS resolution process.

Types of DNS Servers

#1 DNS Recursor

The DNS recursor is the first server engaged in the DNS lookup process that ensues when you type an address in your browser’s search bar. Its purpose is to receive queries from client machines and connect them further with the desired DNS record. For this reason, this particular server is also known as the librarian of the Internet, who searches for a particular book that someone has asked for.

The recursor usually achieves this by making multiple requests at a time, but this is a process that we as users don’t get to see, as it happens very fast and in the background. The reason why the process doesn’t take a long time despite the multitude of possible destinations one could reach on the World Wide Web is data caching. This nifty feature helps the recursor reach the client’s queried destination a lot faster than it would on its own.

#2 Root Nameserver

The DNS lookup process continues at the root nameserver, which is the first to translate human-readable domain names into numerical IP addresses that machines recognize. It doesn’t reference a specific location in the hierarchy, but rather a cluster of them where the desired query destination is to be found.

Keeping in tune with the same librarian and library analogy from the previous section, the root nameserver would be the index pointing to a series of book racks. The customer’s requested book is located on one of them, but the index doesn’t get any more specific than that.

#3 TLD Nameserver

The next step in identifying the IP address associated with a particular domain name is the TLD nameserver. TLD stands for top-level domain, and common examples include .com, .org, .net, .edu, or .gov. In the library that is the Internet, it can be associated with the particular bookrack where the volume requested by the customer lies.

#4 Authoritative Nameserver

Finally, the authoritative nameserver is the last server engaged in the DNS lookup process. It is the location where DNS records are held and where the translation between the domain name and the IP address occurs. Acting as a dictionary of the online world, it then returns the IP address of the desired webpage to the DNS recursor server that made the request.

What is DNS query process

DNS Resolution in 10 Steps

Now that we’ve established where each server stands in the DNS resolution process, let’s take a look at a practical example. Here is what goes on behind the scenes when you are requesting your browser to go on a particular website.

  1. A user types into their browser.
  2. The query is received by a DNS recursor.
  3. The DNS recursor further queries the root nameserver.
  4. The root server sends the address of a top-level domain (.com here) back to the recursor.
  5. The DNS recursor queries the .com TLD nameserver.
  6. The TLD nameserver responds with the IP address of the authoritative nameserver.
  7. The DNS recursor then queries the domain’s authoritative nameserver.
  8. The authoritative nameserver returns the IP address of the desired domain.
  9. The DNS recursor feeds the IP address into the browser.
  10. The user accesses the webpage they queried for.

While it is true that a lot of server work goes on in the background of a DNS lookup, the process is almost instantaneous on the user side. Due to the hierarchical and decentralized nature of the DNS, as well as the wonders of data cache, this 10-step process only takes a couple of seconds on average.

Is DNS Secure?

While the Domain Name System was not built with security in mind, multiple sets of standards have been released since its creation to ensure that accessing a website is as safe of a process as it can be. However, DNS Security Extensions and other standard practices can only go so far. According to the Global Cyber Alliance’s report on The Economic Value of DNS Security, over one-third of all cyberattacks are carried out over DNS.

What is more, a recent study by the Neustar International Security Council published in September 2021 revealed that 72% of organizations were targeted by at least one DNS attack last year. 61% fell victim to at least two such incidents, while 11% saw regular attempts on their infrastructure.

For more information on DNS security, you can also check out the DNS Security for Dummies eBook, Heimdal’s tell-all guide to how the Domain Name System works and how you can secure it for the complete protection of your enterprise.

Heimdal Official Logo

DNS Security for Dummies

Learn More

An eBook that gives a comprehensive role-based security approach and addresses the numerous dangers to the Domain Name Systems (DNS) as cyberattacks increase globally.

How Heimdal™ Helps with DNS Security

Securing the DNS has been at the forefront of our priority list here at Heimdal™ ever since we launched our first product in 2014. Our core offering of Heimdal Threat Prevention – Endpoint is the upgraded version of the initial product, using state-of-the-art machine learning technology combined with a highly effective DNS filtering module that helps you predict tomorrow’s threats today with 96% accuracy.

Heimdal Threat Prevention – Endpoint expertly identifies cyberattacks that would otherwise remain undetected by traditional antivirus, all with no interruptions and minimal impact on your resources. Our code-autonomous endpoint solution helps you detect malicious URLs and processes before cybercriminals have the chance to penetrate your infrastructure.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention - Endpoint

Is our next gen proactive shield that stops unknown threats before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Final Thoughts

The DNS is part and parcel of the structure of the World Wide Web and thus a crucial tool in any work environment. Therefore, knowing how it works and how to properly secure should be at the top of your company’s priority list. Heimdal™ can help you with that. Book a demo with us today or reach out to us at for more information.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

What Is DNS Filtering and Why Does Your Business Need It?

On the Anatomy of a DNS Attack – Types, Technical Capabilities, and Mitigation

How to Clear Your DNS Cache on Windows, macOS, Linux, and Chrome

Best Free and Public DNS Servers

DNS Security 101: The Essentials You Need to Know to Keep Your Organization Safe

DNS over HTTPS (DoH): Definition, Implementation, Benefits, and More

DNS over HTTPS (DoH) – A Possible Replacement for VPN?

Leave a Reply

Your email address will not be published. Required fields are marked *