The Internet was done so well that most people think of it as a natural resource like the Pacific Ocean, rather than something that was man-made. When was the last time a technology with a scale like that was so error-free? - Alan Kay

Every time you type a web address into your browser, you're using one of the internet's most fundamental systems: the Domain Name System (DNS). While most users never think about DNS, it's the crucial infrastructure that makes the internet human-friendly. And without it, the internet as we know it today wouldn’t exist.

Let's dive right in.

DNS is a phonebook

As its core, the DNS is simply a phonebook that maps human-readable domain names (like `company.com`) to machine-readable IP addresses (like `93.184.216.34`). While humans are good at remembering names, computers need numbers to communicate. However, unlike a traditional phonebook that lives in a single location, DNS is a distributed phonebook that is spread across millions of servers worldwide.

Beyond being a distributed database of domain names mapped to IP addresses, it also contains records for email, routing, verification of domain ownership, service location and much more which we will talk about more another time.

Wait, but what is an IP address?

Before we go deeper into DNS, let's understand what we're actually looking up. An IP address is a unique numerical label assigned to every device connected to the internet. Think of it like a postal address for computers. There are two versions in use today:

1. IPv4: The classic format, using 32 bits shown as four numbers separated by dots:

   93.184.216.34

   Each number can range from 0 to 255. Due to the internet's growth, we're running out of public IPv4 addresses.

2. IPv6: The newer format, using 128 bits shown as eight groups of hexadecimal digits:

   2606:2800:220:1:248:1893:25c8:1946

   IPv6 was created to solve the address shortage, providing an astronomical number of unique addresses.

When you visit a website, your computer needs to know its IP address to establish a connection.

If you’d like to learn more about what the numbers mean in IPv4 and IPv6 addresses, read this.

Now that we’re up to speed on why we need IP addresses, let’s get back to DNS.

The structure of DNS

The DNS namespace is structured as an inverted tree, with the root (represented as a single dot “.”) at the top. This hierarchical (top-to-bottom) structure is crucial for several reasons:

1. Scalability: No single server needs to know about all domain names.

2. Administrative Control: Different parts of the tree can be managed independently.

3. Fault Tolerance: Problems in one branch don't affect others.

4. Efficient Queries: The tree structure enables efficient name resolution.

Each node in the tree represents a domain, and each branch represents a subdivision of that domain. This hierarchy flows from right to left when reading domain names - in mail.google.com, "com" is closest to the root, followed by "google", then "mail".

Zone Delegation: The Property Management Analogy

For a second, let’s forget about the phone book analogy. Think of DNS like a massive global property management system, and zone delegation like managing a large apartment complex:

The Property Management Hierarchy

• The City (Root Zone): At the top, you have city planners who oversee all properties.

• Districts (.com, .org, etc.): The city is divided into districts, each managed by district offices.

• Properties (example.com): Within each district, there are individual properties.

• Buildings (subdomains): Each property might have multiple buildings.

How Zone Delegation Works

When you register a domain (like example.com), it's like buying a property. Just as you become responsible for everything within your property lines, you get control over your domain and all its subdomains.

Let's break this down:

1. Property Deed (NS Records)

   • Just like a property deed proves ownership, NS (Name Server) records show who's responsible for a domain.

   • These records are like telling the city, "For anything regarding this property, talk to these managers".

2. Building Management (Subdomains)

   • Want to add a new building on your property? That's like adding a subdomain.

   • Need to reorganize your buildings? You can do that without asking the city planners.

Here's what those property management records (NS records) look like for Google:

# Google's property managers (Name Servers)
google.com.     IN  NS  ns1.google.com.  # Manager 1
google.com.     IN  NS  ns2.google.com.  # Manager 2
google.com.     IN  NS  ns3.google.com.  # Manager 3
google.com.     IN  NS  ns4.google.com.  # Manager 4

Why This Matters

Just as you wouldn't want city hall managing the day-to-day operations of your apartment building, DNS delegation lets each domain owner manage their own space efficiently. It's a "mind your own property" approach that makes the entire system scalable and manageable.

When someone needs to find something on your domain (like mail.google.com), they:

1. Ask the city (root servers) for the district (.com).

2. Ask the district for the property manager (Google's name servers).

3. Ask the property manager for the specific building (mail.google.com).

This way, Google only needs to worry about Google stuff, Amazon about Amazon stuff, and so on - just like real property management.

DNS Zones

Now that we have a better understanding of what all the levels in DNS are responsible for, let’s look at each level in detail.

City Hall - The Root Zone

The root zone is the top of the DNS hierarchy, represented by a single dot (.). It's managed by 13 root server clusters, named A through M, distributed worldwide. These root servers are crucial - they're the starting point for resolving any DNS query (which we’ll get into more later).

The root zone contains NS records for all top-level domains (TLDs) like .com, .org, .net, etc. This information is carefully managed by IANA (Internet Assigned Numbers Authority) under ICANN's oversight.

Here's what a snippet of the root zone file might look like:

.           IN  NS  a.root-servers.net.
.           IN  NS  b.root-servers.net.
.           IN  NS  c.root-servers.net.
...
com.        IN  NS  a.gtld-servers.net.
com.        IN  NS  b.gtld-servers.net.
org.        IN  NS  a.gtld-servers.org.
org.        IN  NS  b.gtld-servers.org.
uk.         IN  NS  ns1.nic.uk.
uk.         IN  NS  ns2.nic.uk.

Districts - Top-Level Domains

One layer below the root zone is the top level domain zone. Ever wondered why some websites end in .com while others end in .org or .edu? These are called Top-Level Domains (TLDs), and they’re like the major districts of the internet. Each has its own nameservers responsible for answering DNS queries specifically for their respective TLD. Each also has its own purpose:

• `.com` was supposed to be for businesses (commercial), but became the Times Square of the internet - everyone wanted to be there

• `.org` was meant for non-profits, like a quiet residential district

• `.edu` is the university campus - strictly for educational institutions

• Country codes like `.uk` or `.de` are like embassy districts, each with their own rules

And just like how cities create new districts as they grow, the internet recently added neighborhoods like `.app`, `.dev`, and `.blog`.

Properties - Domain Names

The next level down is where domains exist. When you register a domain name (like `example.com`), you're essentially buying digital real estate. It's your piece of the internet, and you get to:

• Build whatever you want on it (website, email, etc.)

• Divide it into smaller sections (subdomains)

• Decide who gets to manage it (nameservers)

It's like getting the deed to a plot of land, except instead of physical buildings, you're putting up digital services. Domains are managed by authoritative nameservers (discussed below).

Buildings - Subdomains

Subdomains are like buildings on your property. Just as a university campus might have different buildings for different purposes, your domain can have:

• `www.example.com` - Your main building (website)

• `mail.example.com` - The post office (email server)

• `blog.example.com` - The publishing house

• `shop.example.com` - The retail store

But unlike real buildings, you can create as many subdomains as you need and whenever you want.

The Information Desks - Authoritative Nameservers

Authoritative nameservers are like your property's information desks or property managers. When someone asks "Where can I find the email server for example.com?", these are the servers that provide the official answer. They give the final answer in the DNS query chain, containing the definitive records for a domain. Authoritative nameservers are responsible for holding and serving the DNS records (like A, MX, CNAME, TXT records) that define the settings for a particular domain. We’ll get more into specific DNS records another time. For now, think of it this way:

• Primary nameserver: The head office with the master directory. They hold the original zone file with all DNS records, and direct changes to DNS records can only be made here.

• Secondary nameservers: Branch offices with synchronized copies of the directory. They maintain read only copies of the zone file, and regularly check the primary server for updates (zone transfers).

• Having multiple nameservers is like having backup information desks - if one is busy or down, visitors can still find what they're looking for.

Anatomy of a DNS Query

Finally, let’s put all that we’ve look at into practice and go through a full example of what happens from the moment you enter a URL into your browser to when the website page loads. We’ll keep to the property management analogy.

1. You ask your local guide (DNS resolver)

2. They check with city hall (root servers)

3. City hall points them to the right district (.com servers)

4. The district office points them to your property's information desk/property managers

5. Your information desk provides the exact location

All of this happens in milliseconds, millions of times per second, across the entire internet.

Wrapping Up: DNS Makes the Internet Human-Friendly

What we've covered here is just the tip of the iceberg - a high-level overview of how DNS transforms the internet from a maze of numbers into something humans can easily navigate. We've explored:

• How DNS acts as a distributed phonebook for the internet

• The structure of IP addresses (IPv4 and IPv6)

• The hierarchical organization of DNS (root, TLDs, domains, subdomains)

• How authoritative nameservers manage domains

• The step-by-step process of DNS resolution

But there's so much more to explore:

• DNS record types (A, AAAA, MX, CNAME, TXT, etc.)

• DNSSEC and security considerations

• DNS caching and TTL optimization

Understanding DNS is crucial for anyone working with internet infrastructure - it's the foundation that makes the modern internet usable. As Alan Kay noted at the beginning of this article, it's so well-designed that we rarely think about it. But now you know what's happening behind the scenes every time you type a web address into your browser.

If you found this article interesting, then I encourage you to read more about these topics yourself. Think about what you want to build and then research how to build it. The resources you need are a simple web search away. If you want to build a portfolio website, you’ll need to know about address records and probably how to secure your site so it’s trusted. If you want to send emails using a custom domain, then you’ll need to learn about MX and TXT records so that your emails are routed to the correct server and to prevent your domain from being used for spoofing and to improve your email deliverability. Take what you need and keep building.

Thanks for reading. And if you do decide to create something with this newfound knowledge, send me a DM on here or at @paulzer01 on X. Happy building :)