Chapter 3

The DNS Lookup Journey

Resolver → root → TLD → authoritative — step by step.

Learning objectives

  • Trace a DNS query from your device to the authoritative answer
  • Understand recursive vs authoritative nameservers
  • Predict where caching happens along the path

The question every browser asks

When you visit www.workshopco.ca, your browser needs an IP address. It asks DNS:

“What is the IPv4 address for www.workshopco.ca?”

The answer comes back as an A record (covered fully in Chapter 4). First, understand the journey to get that answer.

The lookup chain

1
Your browser

Checks its own short-lived cache, then asks the OS.

2
Recursive resolver

Usually your ISP or 8.8.8.8 / 1.1.1.1. It does the legwork for you.

3
Root nameservers

“For .ca, ask the .ca TLD servers.”

4
TLD nameservers

“For workshopco.ca, ask ns1.example-dns.ca.”

5
Authoritative nameserver

www.workshopco.ca is 203.0.113.10” — the final answer.

Key idea

Your laptop almost never talks to Workshop Co.’s nameserver directly. The recursive resolver chases the chain and caches the result for the TTL (Chapter 6).

Worked example — follow a real lookup

On macOS or Linux, run:

dig +trace www.workshopco.ca

On a machine without dig, use Google Admin Toolbox Dig and query type A for www.workshopco.ca.

You will see delegations from root → .ca → the domain’s nameservers → the final A record. For a domain you do not control, nameserver hostnames will differ; the shape of the trace is always the same.

Try it yourself

Pick two domains: swifthost.ca and any large site (e.g. www.google.com).

  1. Look up the A record for each. Write down the IP(s).
  2. Look up the NS records for each domain’s apex (swifthost.ca, not www).
  3. Are the nameserver hostnames under the same domain, or a provider domain (e.g. *.swiftmedia.ca, *.cloudflare.com)?
What to notice

Large sites often use many A records (load balancing) and nameservers at a DNS provider. Smaller sites may have one IP and NS records pointing at their host. The NS record location tells you who you log into to change DNS.

Check your understanding

  1. Who caches the answer after the first lookup — the authoritative server or the recursive resolver?
  2. If the TLD servers are down, can new visitors still reach a site they never looked up before?
Answers
  1. The recursive resolver (and downstream caches) — for the duration of the TTL.
  2. Probably not — the resolver cannot complete the chain without TLD delegation. Cached users may still reach the site until TTL expires.