How DNS Resolver Works?
Every Operating System (Windows, Linux, Mac, Android etc.) is equipped with a utility called DNS Client which takes care of resolving Domain Names to respective IP addresses. Did you ever wonder how this DNS Client works? I mean how it resolves domain names to IP addresses within milli/micro seconds searching thoughout the globally distributed DNS database. So here I am with a simple explanation of how this DNS Client works using Windows external command utility called nslookup. I want to resolve various DNS resource records for the domain gopalthorve.com.
- Open Command Prompt by typing cmd in Run window.
- DNS resolutions works from right to left. Here my left most domain extension is biz. So type nslookup -norecurse biz command and Press Enter. This command returns the list of name servers with their FQDN and IP Addresses serving the biz TLD as show in Command output pasted below.
D:\>nslookup -norecurse biz Server: dir-600 Address: 192.168.0.1 Name: biz. Served by: - e.gtld.biz 126.96.36.199 biz - a.gtld.biz 188.8.131.52 2001:503:7bbb:ffff:ffff:ffff:ffff:ff7e biz - c.gtld.biz 184.108.40.206 biz - b.gtld.biz 220.127.116.11 biz - k.gtld.biz 18.104.22.168 2001:503:e239::3:2 biz - f.gtld.biz 22.214.171.124 2001:500:3682::12 biz
- Resolver takes any one name server from the list returned by previous command lets assume it’s e.gtld.biz. Enter this command nslookup -norecurse gopalthorve.com e.gtld.biz. This command returns list of name servers for domain gopalthorve.com. Now, we can query any (preferably top in result) name server for resource record of gopalthorve.com.
D:\>nslookup -norecurse gopalthorve.com e.gtld.biz Server: UnKnown Address: 126.96.36.199 Name: gopalthorve.com Served by: - NS3697.HOSTGATOR.COM gopalthorve.com - NS3698.HOSTGATOR.COM gopalthorve.com
We got the name servers (ns3697.hostgator.com and ns3698.hostgator.com) serving gopalthorve.com, we can query these name servers to resolve various kind of resource records.
Resolving “A” record nslookup
Type nslookup www.gopalthorve.com ns3697.hostgator.com in Command Prompt, which return IP address 188.8.131.52.
D:\>nslookup gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 184.108.40.206 Name: gopalthorve.com Address: 220.127.116.11
Resolving “A” record using nslookup
Type nslookup www.gopalthorve.com ns3697.hostgator.com in Command Prompt.
D:\>nslookup www.gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 18.104.22.168 Name: gopalthorve.com Address: 22.214.171.124 Aliases: www.gopalthorve.com
The last line of above command output Aliases: www.gopalthorve.com, indicates that www.gopalthorve.com is CNAME (canonical) record pointing to gopalthorve.com which ultimately points to IP address 126.96.36.199.
Resolving MX record using nslookup
Type nslookup -querytype=mx gopalthorve.com ns3697.hostgator.com in Command Prompt.
D:\>nslookup -querytype=mx gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 188.8.131.52 gopalthorve.com MX preference = 0, mail exchanger = gopalthorve.com gopalthorve.com nameserver = ns3698.hostgator.com gopalthorve.com nameserver = ns3697.hostgator.com gopalthorve.com internet address = 184.108.40.206 ns3697.hostgator.com internet address = 220.127.116.11 ns3698.hostgator.com internet address = 18.104.22.168
As per above result MX record for domain gopalthorve.com points to gopalthorve.com.
Resolving TXT record using nslookup
Type nslookup -querytype=txt gopalthorve.com ns3697.hostgator.com in Command Prompt. This command returns all TXT records for gopalthorve.com.
D:\>nslookup -querytype=txt gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 22.214.171.124
gopalthorve.com text =
"v=spf1 ip4:126.96.36.199 a mx include:websitewelcome.com ~all" gopalthorve.com nameserver = ns3697.hostgator.com gopalthorve.com nameserver = ns3698.hostgator.com ns3697.hostgator.com internet address = 188.8.131.52 ns3698.hostgator.com internet address = 184.108.40.206
The TXT record returned by above command is actually an SPF record for gopalthorve.com.
In this article we used nslookup in non-interactive mode. In interactive mode it displays nslookup shell from where we can execute various commands.