How DNS Works

When you request a URL like, the first thing your browser does is send out a DNS query on “”. Specifically, it asks for A records or CNAMEs. A records contain the name → IP mapping, and CNAMEs are like aliases. CNAMEs are a little out of vogue these days, so I’ll focus on A records.

Your browser sends the query to your recursive DNS resolver (the nameserver in /etc/resolv.conf). The resolver then pulls out the last part of the hostname (the .org), and looks for the server that can answer for the .org Top Level Domain (TLD). It does this by asking some big central nameservers that are listed by IP in its configuration. One of those big central nameservers will come back and say something like, “.org is served by”. Then your recursive resolver goes off to and asks it about “”. will come back with another IP, in this case Finally, the resolver connects to and asks it about “”. will come back with an answer of (since is what’s listed as’s IP address).

The reason the .org domain said to go to is because that’s what I listed as the primary authoritative name server for the “” domain with my host registrar ( A lot of people use as their host registrar. So on, I have an authoritative name server that knows about the domain. Some examples of authoritative name server software are nsd, tinydns, and BIND.

Your recursive resolver has now obtained the mapping from “” to, so it returns that IP address to your web browser. If you’re running a caching resolver, then the next time it’s asked it won’t bother querying the Internet again, it will just tell you the same thing it told you last time. That can make things a whole lot faster.

Then your browser makes a TCP connection to, on port 80 (the HTTP port). When it connects, it sends something like this:

  GET /~neale/foo.html

That’s helpful, because I have a whole lot of hostnames all going to The web server looks at the host header and pulls up the appropriate page for that domain. My web server, thttpd, has an easy go of this: it just goes into a directory called “”. Apache and other servers take a little more configuration, but in practice aren’t much more difficult to run. This concept of many names pointing to the same IP address is called “virtual hosting”.