DEV Community

Gabriel Guzman
Gabriel Guzman

Posted on • Updated on

What's DNS?

DNS is basically the address book of the internet. When you type into your browser, the computer needs to figure out how to get your request to the right server. Routing over the internet works via IP addresses, so to get to, you first need to figure out what its IP address is.

This is where DNS, the Domain Name System comes in. At a high level, when you hit enter in your browsers location bar, the browser does a DNS lookup to try and find the IP address of the server name you entered. A DNS lookup consists of calling an Operating System function (a syscall) called gethostbyname(). This function takes a string such as "" and returns a structure that includes the IP address of the host, among other information. On my system, that struct looks like this1:

struct  hostent { 
    char    *h_name;    /* official name of host */ 
    char    **h_aliases;    /* alias list */ 
    int h_addrtype; /* host address type */ 
    int h_length;   /* length of address */ 
    char    **h_addr_list;  /* list of returned addresses */ 
Enter fullscreen mode Exit fullscreen mode

How does gethostbyname() know what the IP address of is? Unix like computers (including Macs) have a file called /etc/resolv.conf that tells the Operating System where it should look for name to address lookups, you can check yours by typing cat /etc/resolv.conf in your terminal program.

Mine looks like this:

$ cat /etc/resolv.conf
# Generated by iwm0 dhclient
lookup file bind
Enter fullscreen mode Exit fullscreen mode

That tells me a few things:

  1. #Generated by iwm0 dhclient This tells me the file itself was generated by the dhclient program. dhclient is the program that hands out IP addresses to computers that request them via DHCP (Dynamic Host Configuration Protocol)
  2. nameserver This tells me the IP address of a server I can use to lookup names I don't already know about. This will be important soon.
  3. lookup file bind This tells the computer what database it should use to 'lookup' IP addresses, 'file' tells the computer to first check the /etc/hosts file, and 'bind' tells the computer to ask DNS for the IP address.

If you're a web developer, you've likely used the /etc/hosts file to have a web address point to your computer temporarily for testing. If not, that's ok we'll talk about it now.

If you look in /etc/hosts you'll see something that looks a bit like this:

$ cat /etc/hosts       localhost
::1             localhost
Enter fullscreen mode Exit fullscreen mode

This is a mapping of IP address, hostname, and aliases. In the above example, there are no aliases defined. If I wanted to prank myself, I could do something like this:

$ cat /etc/hosts       localhost
::1             localhost
Enter fullscreen mode Exit fullscreen mode

Now, when I try to browse to I get an error, because gethostbyname("") is returning, which is the IP address of my local computer, and not the address of If I knew the IP address of, I could put it here and everything would work, at least until the IP of changed.

A long, long, time ago, there was no DNS, just a bunch of computers and a bunch of people adding entries to /etc/hosts files by hand, or maybe copy pasting from a file that was distributed by Stanford2. Eventually this became too cumbersome and someone decided to write some code, thus DNS was born.

Now we come to the second option in our resolv.conf example, bind. If gethostbyname() can't find an entry in /etc/hosts it then queries the DNS server specified in the nameserver section of /etc/resolv.conf this is your DNS server.

So, the Operating System sends a query to asking for the IP address for the "" server. If knows the IP address, it will return it to you, if not... it will then ask its DNS server (also defined in the /etc/resolv.conf file but now on your DNS server) what the address is for "" If that server knows the IP address, it will return it, and if not, it will again ask its DNS server if that server knows the IP address to "" and so on... until one of two things happens:

  1. No one knows the IP address of - In this case you will get an error and someone will have to go fix the DNS records for that website.
  2. Eventually someone will say "Oh, yeah... I know that guy, here's his address" - In this case you will then open a TCP request to the IP address that you just found (there's at least one other full blog post there) and ask the server for a web page.

That's basically how DNS works, in a nutshell. But, but but, I hear you ask... how does the DNS server that finally responds know what the IP address is for "" Excellent question. Basically, the administrator or the devops team, or the developer (now that things are all orchestrated and defined in code) will tell the "authoritative" name server for the domain "Hey, I just setup this server, it's going to host web pages, its name is '' and its IP address is ''."

You do this in what's called a Zone file.

You can play with DNS queries yourself using the dig command:

$ dig

; <<>> DiG 9.4.2-P2 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57389
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;            IN      A

;; ANSWER SECTION:     123     IN      CNAME         59      IN      A         59      IN      A         59      IN      A

;; Query time: 51 msec
;; WHEN: Wed Apr 25 17:41:15 2018
;; MSG SIZE  rcvd: 98
Enter fullscreen mode Exit fullscreen mode

Most of that stuff you can ignore for now, the interesting thing is the QUESTION SECTION which basically just repeats your query back for you, and the ANSWER SECTION which in this case tells us that "" is a CNAME(Canonical Name)
which is kind of like an alias, to "" which has 3 IP addresses:,, and You should be able to confirm that any of those go to the website, by copy-pasting them into your browser (this won't always work because you can have multiple websites running on the same server at the same IP address).

That's all I've got to say about that.
Questions, feedback? Leave a comment!



Discussion (7)

ggenya132 profile image
Eugene Vedensky

Hey this is kind of awesome thanks for writing this. Question about CNAME: is the CNAME yet another shortcut to the ip? In other words, if I type in the CNAME into the browser, what's the process of resolving to one of those IPs look like. Does is resemble something like this data structure?

      '': {
        '': [
gabeguz profile image
Gabriel Guzman Author

Hi Eugene, exactly. A CNAME is basically a shortcut or an alias to an A record. A CNAME can't point directly to an IP address, it always points to another name.

CNAME: -> A:
CNAME: -> A: 
A: -> IP:', '', '

So, you can have any number of CNAMEs that point to any of your A records (or names) but not directly to an IP. A records point a name to an IP.

sanwal_chaudhry profile image
Sanwal Chaudhry

Thanks a lot. Could you please explain the last line of the article "this won't always work because you can have multiple websites running on the same server at the same IP address". If you can please explain this I would be very grateful to you.

gabeguz profile image
Gabriel Guzman Author

Sure, I can have multiple CNAMES pointing to the same IP address, for example: -> -> ->

When I type into my browser, the server won't know which website I'm asking for, so it will return either the default website for that server, or an error.

juliavii profile image

Awesome explanation! This is the kind of article we need to read while learning network or dev. Thank you!

gabeguz profile image
Gabriel Guzman Author

Glad you liked it!

msosto profile image

great explanation. Short, concise and very clear. Thanks !