How DNS works

Internal query

For the example, I run dig command and see in the wireshark what happens:

The client do standard query connection at default DNS server (my server). In the header I say that I want to translate adress (of type A)

The server respond me with same useful information:

  • In Answer section, server response my query and say 'Hey, the register A of the domain is
  • In AA nameserver section indicate what server responde the query. In this case, my primary ( and secondary ( server.
  • In Additional Record section indicate additional information like the IP of the nameservers.

. In the answer entry of the header you can see the IP of my request name, and the adress of the DNS server that serve the information:

External query

This process is similar to internal query, but now depend of external DNS.

In this case, I do a ping and in this process I need first translate name into a IP name:

The DNS server respond me with a list of availables IPs for domain:

Now, I can continue with my ping!