DNS Resolution Explained: How Your Computer Finds Websites

When you type a website address into your browser and press Enter, a complex process unfolds behind the scenes to translate that human-readable domain name into an IP address your computer can use. This process is called DNS resolution, and understanding how it works is fundamental to web development, networking, and troubleshooting.

What is DNS resolution?

DNS (Domain Name System) resolution is the process of converting domain names like example.com into IP addresses like 93.184.216.34. Without DNS, you would need to remember numeric IP addresses for every website you visit—an impossible task given the billions of websites on the internet.

Think of DNS as the internet's phone book: just as you look up a person's name to find their phone number, your computer looks up a domain name to find its IP address.

The DNS resolution chain

DNS resolution follows a specific order, checking multiple sources before finally querying external DNS servers. Understanding this chain is crucial for troubleshooting and optimization.

Step 1: Browser cache

Your web browser maintains its own DNS cache. When you visit a website, the browser stores the domain-to-IP mapping for a period of time (typically determined by the DNS record's TTL). Before making any network requests, the browser checks its cache first.

Cache duration: Usually follows the DNS record's TTL, but browsers may implement their own minimum/maximum cache times.

Step 2: Operating system cache

If the browser cache doesn't have the answer, your operating system checks its DNS cache. This cache is shared across all applications on your computer.

macOS: Uses mDNSResponder for DNS caching Windows: Uses DNS Client service Linux: Varies by distribution (systemd-resolved, dnsmasq, etc.)

Step 3: Hosts file check

Before querying any external DNS servers, your operating system checks the hosts file (/etc/hosts on macOS/Linux, C:\Windows\System32\drivers\etc\hosts on Windows).

Critical point: The hosts file has absolute priority over all DNS queries. If a domain is found in the hosts file, that IP address is used immediately, and no external DNS servers are contacted.

This is why the hosts file is so powerful for:

• Local development (pointing domains to localhost)
• Testing before DNS changes go live
• Blocking unwanted sites
• Bypassing DNS for specific domains

Step 4: DNS resolver (recursive DNS server)

If the hosts file doesn't contain the domain, your computer contacts a DNS resolver (also called a recursive DNS server). This is typically:

• Your ISP's DNS server (automatic)
• A public DNS service like:

- Google DNS: 8.8.8.8 and 8.8.4.4 - Cloudflare DNS: 1.1.1.1 and 1.0.0.1 - OpenDNS: 208.67.222.222 and 208.67.220.220

The resolver performs the complete DNS lookup process on your behalf.

Step 5: Root DNS servers

If the resolver doesn't have the answer cached, it starts the DNS hierarchy lookup by querying one of 13 root DNS servers. These servers don't know the IP address for example.com, but they know which servers are responsible for .com domains.

Step 6: Top-Level Domain (TLD) servers

The root server directs the resolver to the TLD nameservers for .com. These servers know which authoritative nameservers are responsible for example.com.

Step 7: Authoritative nameservers

Finally, the resolver queries the authoritative nameservers for example.com. These servers hold the official DNS records for the domain and return the IP address.

Step 8: Response and caching

The IP address travels back through the chain: 1. Authoritative nameserver → TLD server 2. TLD server → Root server 3. Root server → Recursive DNS resolver 4. Recursive DNS resolver → Your computer 5. Your computer → Browser

At each step, the result may be cached for future use, speeding up subsequent requests.

Understanding DNS record types

DNS resolution involves different types of records, each serving a specific purpose:

A record

Maps a domain name to an IPv4 address.

example.com.    IN    A    93.184.216.34

AAAA record

Maps a domain name to an IPv6 address.

example.com.    IN    AAAA    2606:2800:220:1:248:1893:25c8:1946

CNAME record

Creates an alias, pointing one domain to another. The target domain must have an A or AAAA record.

www.example.com.    IN    CNAME    example.com.

MX record

Specifies mail servers for the domain.

example.com.    IN    MX    10    mail.example.com.

TXT record

Stores text data, commonly used for SPF, DKIM, and other verification purposes.

example.com.    IN    TXT    "v=spf1 include:_spf.example.com ~all"

DNS caching and TTL

Caching is fundamental to DNS performance. Without caching, every website visit would require multiple DNS queries, significantly slowing down internet browsing.

What is TTL?

TTL (Time To Live) is a value in seconds that specifies how long a DNS record can be cached. When a DNS record is returned, it includes a TTL value.

Example:

example.com.    3600    IN    A    93.184.216.34

This means the record can be cached for 3600 seconds (1 hour).

TTL values explained

• Low TTL (300-3600 seconds): Faster DNS change propagation, more DNS queries
• Medium TTL (3600-86400 seconds): Balance between propagation speed and query load
• High TTL (86400+ seconds): Slower propagation, fewer queries, better performance

Where DNS is cached

1. Browser cache: Fastest, application-specific 2. OS cache: Shared across applications, faster than network queries 3. Router cache: Benefits all devices on the network 4. ISP DNS cache: Benefits all ISP customers 5. Recursive DNS cache: Benefits all users of that DNS service

Cache invalidation

Caches are invalidated when:

• TTL expires
• DNS cache is manually flushed
• System reboot (for some caches)

The hosts file's role in DNS resolution

The hosts file is checked before any DNS queries, giving it absolute priority. This makes it incredibly powerful for developers and system administrators.

How hosts file fits into the resolution chain

Browser Request
    ↓
Browser Cache Check
    ↓
OS Cache Check
    ↓
Hosts File Check ← **Checked here, before DNS**
    ↓
DNS Resolver Query (only if hosts file doesn't have entry)
    ↓
DNS Hierarchy Lookup
    ↓
Return IP Address

Practical implications

Local development:

# In /etc/hosts
127.0.0.1       myapp.local

When you visit myapp.local, your system finds it in the hosts file and immediately uses 127.0.0.1 without querying any DNS servers.

Testing before DNS changes:

# Test new server before updating DNS
203.0.113.50    www.example.com

Only your computer sees the new server; everyone else still uses the old DNS records.

Blocking sites:

# Block distracting sites
0.0.0.0         distracting-site.com

The domain resolves to a non-routable address, effectively blocking it.

Recursive vs. authoritative DNS servers

Understanding the difference between these two types of DNS servers is crucial:

Recursive DNS servers

Also called DNS resolvers, these servers:

• Query authoritative servers on your behalf
• Cache results for performance
• Handle the complete DNS lookup process
• Examples: Google DNS (8.8.8.8), Cloudflare DNS (1.1.1.1), your ISP's DNS

When to use different recursive DNS:

• ISP DNS: Default, usually fine
• Google DNS: Fast, reliable, good for troubleshooting
• Cloudflare DNS: Fast, privacy-focused (1.1.1.1)
• OpenDNS: Additional security features

Authoritative DNS servers

These servers:

• Hold the official DNS records for specific domains
• Are configured by domain registrars
• Don't cache (they're the source of truth)
• Examples: Your domain's nameservers (often provided by your hosting company)

Common authoritative DNS providers:

• Cloudflare
• Amazon Route 53
• Google Cloud DNS
• Namecheap
• GoDaddy

Content Delivery Networks (CDNs) and DNS

CDNs use DNS to route users to geographically distributed servers, improving website performance.

How CDNs work with DNS

1. User requests cdn.example.com 2. DNS resolver queries CDN's DNS servers 3. CDN DNS analyzes user's location (via IP geolocation) 4. Returns IP address of nearest edge server 5. User connects to closest server for faster content delivery

DNS-based load balancing

CDNs and large websites use DNS to distribute traffic:

example.com.    IN    A    192.0.2.1
example.com.    IN    A    192.0.2.2
example.com.    IN    A    192.0.2.3

Multiple A records allow DNS round-robin, distributing requests across servers.

Troubleshooting DNS resolution

Understanding DNS resolution helps diagnose network issues:

Common DNS problems

1. DNS server unreachable

• Symptom: "Server not found" errors
• Solution: Check internet connection, try different DNS server

2. Stale DNS cache

• Symptom: Website shows old content or wrong IP
• Solution: Flush DNS cache

3. Hosts file override

• Symptom: Domain resolves differently than expected
• Solution: Check hosts file for entries

4. DNS propagation delay

• Symptom: DNS changes not visible everywhere
• Solution: Wait for TTL expiration, or lower TTL before changes

Diagnostic commands

Check hosts file:

cat /etc/hosts    # macOS/Linux
type C:\Windows\System32\drivers\etc\hosts    # Windows

Query DNS directly:

nslookup example.com
dig example.com
host example.com

Flush DNS cache:

# macOS
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

# Windows
ipconfig /flushdns

# Linux (systemd)
sudo systemd-resolve --flush-caches

Test specific DNS server:

nslookup example.com 8.8.8.8    # Query Google DNS directly
dig @8.8.8.8 example.com

DNS security considerations

DNS over HTTPS (DoH) and DNS over TLS (DoT)

Traditional DNS queries are unencrypted, allowing ISPs and others to see which websites you visit. DoH and DoT encrypt DNS queries for privacy.

DoH: DNS queries over HTTPS (port 443) DoT: DNS queries over TLS (port 853)

DNS spoofing and cache poisoning

Attackers may attempt to inject false DNS records into caches. Modern DNS includes security measures like DNSSEC to prevent this.

Using hosts file for security

The hosts file can block malicious domains:

# Block known malicious domains
0.0.0.0         malware.example.com
0.0.0.0         phishing.example.com

Performance optimization

DNS prefetching

Browsers can prefetch DNS for links on a page, reducing latency when users click:

<link rel="dns-prefetch" href="//cdn.example.com">

Reducing DNS lookups

Fewer domains mean fewer DNS queries:

• Combine resources on same domain
• Use fewer external domains
• Leverage HTTP/2 server push

Choosing fast DNS servers

Test DNS server response times:

# macOS/Linux
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com

# Compare response times

Real-world example: Complete DNS resolution flow

Let's trace a complete DNS resolution for www.example.com:

1. Browser: Checks cache → Not found 2. OS: Checks cache → Not found 3. Hosts file: Checks /etc/hosts → Not found 4. DNS resolver: Queries 8.8.8.8 (Google DNS) 5. Root server: Returns .com TLD server addresses 6. TLD server: Returns authoritative nameservers for example.com 7. Authoritative server: Returns www.example.com → 93.184.216.34 8. Response chain: IP address travels back through all caches 9. Browser: Receives IP, makes HTTP request 10. Caching: Result cached at multiple levels with TTL

Total time: Usually 20-200ms, depending on cache hits.

Tools for managing DNS resolution

While understanding DNS is important, managing hosts file entries manually can be tedious. Locahl simplifies hosts file management on macOS with:

• Visual interface for hosts file entries
• Automatic syntax validation
• One-click DNS cache flushing
• Easy enable/disable of entries
• Backup and restore functionality

For just €9.99, Locahl streamlines your local development workflow and makes DNS management effortless. Perfect for developers managing multiple projects and testing environments.

Conclusion

DNS resolution is a fundamental process that makes the internet usable. By understanding how your computer resolves domain names—from browser cache to authoritative DNS servers—you can:

• Troubleshoot network issues more effectively
• Optimize website performance
• Understand how the hosts file fits into the resolution chain
• Make informed decisions about DNS configuration
• Debug local development environments

The hosts file plays a crucial role in this process, providing a way to override DNS resolution locally. Whether you're developing locally, testing before DNS changes, or blocking unwanted sites, understanding DNS resolution empowers you to work more effectively with network technologies.

Remember: The hosts file is checked first, before any DNS queries. This priority makes it an invaluable tool for developers and system administrators working with local development environments and network configuration.