D. J. Bernstein
Internet publication
djbdns

How does DNS work?

Suppose your computer wants to find the IP address of network-surveys.cr.yp.to. It contacts a series of DNS servers around the Internet.

There are several DNS servers with information about network-surveys.cr.yp.to. A central root server (located at Internet HQ in Virginia) has the following data in a file on disk:

     .:198.41.0.4
     &to:198.6.1.82
The root server's IP address is 198.41.0.4; your computer also has this address in a file on disk. Your computer sends its question to the root server, and receives a response from the root server's data:
     +--------+  network-surveys.cr.yp.to?  +-----------+
     |  Your  | --------------------------> |198.41.0.4 |
     |computer|      <---------------       |root server|
     +--------+       &to:198.6.1.82        +-----------+
The response &to:198.6.1.82 is a delegation. It says ``For information about .to, ask the DNS server at IP address 198.6.1.82.''

The DNS server at 198.6.1.82 (also located somewhere in Virginia) has the following data in a file on disk:

     .to:198.6.1.82
     &yp.to:131.193.178.160
Your computer sends its question to that DNS server, and receives a response:
     +--------+  network-surveys.cr.yp.to?  +----------+
     |  Your  | --------------------------> |198.6.1.82|
     |computer|  <------------------------  |.to server|
     +--------+    &yp.to:131.193.178.160   +----------+
The response &yp.to:131.193.178.160 is another delegation. It says ``For information about .yp.to, ask the DNS server at IP address 131.193.178.160.''

The DNS server at 131.193.178.160 (located in my office in Chicago) has the following data in a file on disk:

     .yp.to:131.193.178.160
     =network-surveys.cr.yp.to:131.193.178.100
Your computer sends its question to that DNS server, and receives a response:
     +--------+           network-surveys.cr.yp.to?         +---------------+
     |  Your  | ------------------------------------------> |131.193.178.160|
     |computer| <------------------------------------------ | .yp.to server |
     +--------+  =network-surveys.cr.yp.to:131.193.178.100  +---------------+
The response =network-surveys.cr.yp.to:131.193.178.100 finally answers the original question: the IP address of network-surveys.cr.yp.to is 131.193.178.100.

All of this work is handled by a DNS cache running on your computer. Your computer remembers everything that it learned (for a limited amount of time; information changes!) to save time later. As an alternative, your computer can contact an external DNS cache operated by your Internet service provider; the external DNS cache will do all the work and report the answer.

Multiple servers

To protect against computer failure, there are actually several root servers, several .to servers, and two yp.to servers. Each of the root servers has the following information:
     .:198.41.0.4:a
     .:128.9.0.107:b
     .:192.33.4.12:c
     .:128.8.10.90:d
     .:192.203.230.10:e
     .:192.5.5.241:f
     .:192.112.36.4:g
     .:128.63.2.53:h
     .:192.36.148.17:i
     .:192.58.128.30:j
     .:193.0.14.129:k
     .:198.32.64.12:l
     .:202.12.27.33:m
     &to:128.250.1.21:a
     &to:193.0.0.193:b
     &to:196.7.0.139:c
     &to:206.184.59.10:d
     &to:198.6.1.82:e
     &to:206.86.247.253:f
     &to:148.59.19.11:g
Each of the .to servers has the following information:
     .to:128.250.1.21:a
     .to:193.0.0.193:b
     .to:196.7.0.139:c
     .to:206.184.59.10:d
     .to:198.6.1.82:e
     .to:206.86.247.253:f
     .to:148.59.19.11:g
     &yp.to:131.193.178.181:a
     &yp.to:131.193.178.160:b
     # or, in BIND master zone-file format:
     # yp.to IN NS a.ns.yp.to
     # yp.to IN NS b.ns.yp.to
     # a.ns.yp.to IN A 131.193.178.181
     # b.ns.yp.to IN A 131.193.178.160
Your computer tries the root servers in a random order. When it receives a response from some root server, it moves to the .to servers, and tries them in a random order. It eventually receives the answer from one of the two yp.to servers.

Reverse lookups

Suppose your computer sees the IP address 208.33.217.122 and wants to know the corresponding computer name.

Your computer asks a series of DNS servers about the name 122.217.33.208.in-addr.arpa. The root servers have the following information:

     &33.208.in-addr.arpa:206.228.179.10:c
     &33.208.in-addr.arpa:144.228.254.10:b
     &33.208.in-addr.arpa:144.228.255.10:a
The DNS server at IP address 144.228.254.10 has the following information:
     .33.208.in-addr.arpa:144.228.255.10:a
     .33.208.in-addr.arpa:206.228.179.10:c
     .33.208.in-addr.arpa:144.228.254.10:b
     &217.33.208.in-addr.arpa:209.191.164.20:a
     &217.33.208.in-addr.arpa:206.253.194.65:b
The DNS server at IP address 209.191.164.20 has the following information:
     .217.33.208.in-addr.arpa:209.191.164.20:a
     .217.33.208.in-addr.arpa:206.253.194.65:b
     =mm-outgoing.amazon.com:208.33.217.122
The answer is mm-outgoing.amazon.com.

Looking up the address for a name, and then the computer name for that address, doesn't necessarily produce the original name. Looking up the computer name for an address, and then the address for that name, doesn't necessarily produce the original address.