DNS - structure, organization and how it works (Part 1)

DNS - structure, organization and how it works (Part 1)
Photo by Alina Grubnyak / Unsplash

DNS - Domain Name System, is maybe the easiest protocol to grasp. At least, to grasp what its fundamental purpose is, and that is to translate or map human readable - symbolic names (such as bojana.dev) to IP addresses (such as

It is also possible to map IP address to some symbolic name, although not as often used, but it is possible, and can come in  handy (for instance in when issuing traceroute command).

While DNS's fundamental purpose is pretty easy to grasp for everyone, it's internal workings are maybe not interesting for everyone, but since you are here reading about it, let's dive in. :)

A bit of history

Once upon time, in a dawn of Internet, there was a file called hosts.txt which contained list of all computer names and their IP addresses. To be "up-to-date",  all computers had to download this file during the night, from a location where it was hosted. For a network of couple hundred computers, this wasn’t a big deal.

But, as network grow, and thousands of computers were added to the network, it was clear that this way of organization is not sustainable. First of all, the file would get too big. And second of all, and more important, if the names weren’t managed in one central place, name collisions would be often, which would be unimaginable for the big international network, due to potential load and delay.

For purpose of solving above mentioned problems, DNS was created. In the core od DNS system is hierarchy of domain names and the system of distributed databases that implements that structure.

As a relict of the past, hosts.txt still exist on all operating systems, not just as a backup for when we don’t have DNS available, but it enables to override contents of DNS. This can come in handy for local development purposes, for instance. localhost develop.mydomain.com

DNS Structure

DNS is a hierarchy structure, that is global (whole Internet).

It begins with root domain, with a label of an empty string (“ “). Every node in this tree is a symbolic name.

The path from the root over individual nodes generates a full name of domain, so called - Fully Qualified Domain Name (FQDN). Usually the dot at the end is omitted.

Fully qualified domain name consist of multiple segments:

  • each segment consist of max. 63 characters
  • maximum length of FQDN is 255 characters
  • ASCII characters: letters, numbers, “_”, “-”
  • Case-insensitive


  • org - is Top Level Domain (TLD)
  • unibl - labels, subdomains
  • etf - label, can be the name of a device and a subdomain


TLD - subdomains of root domain

The root domain contains all top-level domains of the Internet. The core group of generic top-level domains consists of the com, net, org, biz and info domains. The number of generic Top Level Domains (gTLD) as of March 2018 exceeds 1200 domains.

ccTLD - Country Code TLD

These top level domains belong to individual countries. They were assigned by IANA  by two-letter ISO 3166 code of the country.

Some examples:

  • rs - Republic of Serbia
  • sr - Surinam
  • eu - European Union
  • ba - Bosnia and Herzegovina

While gTLDs have to obey international regulations, regulations related to ccTLD are regulated by each country domain regulation body. For example, for .rs domain it's "Serbian National Internet Domain Registry"  (RNIDS) , for .ba it's "Univerzitetski tele-informatički centar - UTIC", for .hr it's CARNet - Croatian Academic and Research Network, for .me it's Government of Montenegro :) and so on.

As you can see some TLD are more "desirable" than others. In general, anyone can buy or better say "lease" a domain for a period of at least one year (that's a period for renewal - meaning you will have to pay a fee for "owning" a domain each year).

Fun fact: .tv is ccTLD for Tuvalu, an island state in Polynesia. For it's abbreviation for "television" the .tv is quite popular, so much that 8.4% of the revenue of the Government of Tuvalu came from .tv royalties.
Similair story goes for .fm a ccTLD for Federated States Of Micronesia, also an island state, in Oceania. I think you can guess why this domain is popular.

How DNS is organized

Logical structure is physically organized in a distributed way. Whole tree is divided into ZONES.

DNS zone

Part of the tree (one or more nodes). It contains information of included domains, usually one zone is one node (domain). Administratively speaking, one zone belongs to one organization (one company, or university, or state, etc.). In a nutshell it is one text file defined on one server - DNS or NS server (name server).

Topology of domains is technically completely independent of physical network topology.

Computers/servers from one domain can belong to different, physically disjointed and separated networks. And on the other hand, computers/servers from one physical network can belong to different domains.

How it works

Primary DNS is defined for some node in the tree above (some domain), and the administrator on that primary DNS Server can modify data, add domains, change names, records, etc.

As it is not good for single server to be responsible for domains, we have a redundant copies on one or more Secondary DNS Servers. It is also good that they are separated (distant) from the primary DNS servers, so that they can take over if primary DNS fails for whatever reason.

Secondary DNS server(s), periodically retrieves copy of DNS zone form Primary DNS server.

Both primary and secondary DNS servers are called authoritative DNS servers, because they have whole DNS zones for particular domains. Both primary and secondary DNS servers have equal role in name resolving.

Name resolving

DNS servers are resolving the queries from the clients.

Name resolving is a process of finding IP addresses for the requested domain (name).
DNS resolver is a piece of software that resides both on a client and a server side.
On the client side, DNS resolver is sending a query to locally configured DNS server (over UDP port 53), if there is no data in the local cache.

On the server side, DNS resolver will check the local cache or zones database, and if there is no data for a particular name, it will send the query  to other DNS servers (primary and secondary), authoritative servers, for corresponding domain.

DNS server, that local one for the client, when resolving the name, it’s doing that in a recursive manner. What that means? It means it will either return or resolve the name completely or it will report an error. How the server will resolve the name, client has no interest in, client just wants the name to be resolved.

DNS server will iteratively ask other servers when trying to resolve the name. Other DNS servers will return partially resolved name or “the best possible answer”, and it will refer to other DNS servers in the hierarchy that can resolve the name.

For ex. let’s say the client is requesting following domain : el.etf.unibl.org

As we said, client doesn’t have this in it’s local cache so it will ask locally configured DNS server. That locally configured DNS server also doesn’t have the name neither in cache or zones database.

What happens next?

Well, we said that all domains start from one root domain (the empty string “ ” is a root of tree structure from above).

These servers are 13 well known root DNS servers, on well known IPs, and web browser and operating systems already know which addresses are those.

  1. Let’s say it will ask this root DNS server  - where is el.etf.unibl.org ?
  2. will then “say” - “Ok, I have no idea what el.etf.unibl.org is, but I know what .org. Because .org is a TLD which is defined on root server. I know authoritative servers for .org domain. Here are the addresses for them.
  3. Then on of those authoritative servers will know where is unibl.org and will again provide the list where etf.unibl.org is
  4. And eventually fully qualified domain name will be resolved. (el.etf.unibl.org)

In the next article we will see how are DNS zones defined, and examine each Resource Record (RR) that zone is comprised of.

[1] Andrew S. Tanenbaum - "Computer Networks"
[2] IANA.org
[3] Top level domain, Wikipedia.org
[4] Country code top level domain, Wikipedia.org
Special thanks to Zlatko Dejanović for peer reviewing the article.