What is DNS Hierarchy Architecture with Examples (Explained)

What is DNS Hierarchy and DNS Architecture?, Most of us take surfing the Internet for granted. We barely think about the technology that is behind our simple ability to type a domain universal resource locator, aka URL, in our browsers and arrive at the landing page we want in a matter of seconds. In fact, most of us don’t even consider the DNS hierarchy that makes it possible for us to arrive on the right page.

In this post, we will have a look at this integral part of the Internet’s infrastructure since it was invented in 1983 by Paul Mockapetris.

dns hierarchy

What is DNS?

The Domain Name System (DNS) can be thought of as the directory of the Internet. We find an online page or website by typing in the URL – like acme.com or some-site.com. Our web browsers, on the other hand, need to translate the URL to Internet Protocol (IP) addresses to find the correct site. It is a DNS that translates domain names to IP addresses so our browsers can resolve, or connect to, requested Internet resources.

Every single device on the Internet has a unique IP address by which it can be uniquely identified by the other online devices. A DNS server eliminates the need for us to memorize these IP addresses every time we want to visit a site or connect to a device. It is much easier for us to type in a URL than IPv4 IP addresses (E.g. or, worse, the more complex IPv6 addresses (E.g. 2400:cb00:2048:1::c629:d7a2).

The DNS architecture consists of a hierarchical and decentralized name resolution system for computers, services or any other resources connected to the Internet or a private network. It stores the various associated information of the domain names assigned to each of the resources.

Queries for a resource pass through the DNS – with the URLs as parameters. The DNS then takes the URLs, translates them into the target IP addresses, and sends the queries towards the correct resource.

How does DNS work?

Let’s delve deeper and see more details on how DNS works. The first thing we need to know is that there isn’t a single DNS, but a selection of them, that can help resolve a single IP address.

A computer has its own cache of DNS data – a local IP-address-to-URL matching – that it uses for quick references. But, it can’t store all the information for every website or device out there; hence, the need for root, recursive, Top Level, Second Level, and authoritative DNS servers.

When a user asks to go to a website, the browser first checks the local DNS cache for the correct resolution (from URL to IP address) and, if not found, goes:

  • Out to the recursive DNS server – which is normally operated by the local ISP provider – to check which root DNS server it needs to go to find an answer. Once the address is found, it is escalated to…
  • One of the root DNS servers out there – which are run by about 13 independent organizations – to find the address of the correct Top Level DNS (TLD) server to query for the address depending on whether it is a “.com”, “.org” or “.net” site, for example. Root DNS sit at the top of the DNS hierarchy. It should be noted here that every website address or URL has an implied “.” at the end, even if we don’t type it in. This “.” designates (or points to) the DNS root nameservers at the top of the DNS hierarchy where it can find information about the correct TLD server to head on to.
  • At the TLD server – of which there are about 1000 spread across the globe – the query is pointed towards the correct authoritative DNS where the required information (IP address) is actually stored.
  • And, at the authoritative DNS server – which holds a broad range of IP address information – the corresponding IP is sent back to the recursive DNS, which forwards it to the client machine and the user (you) can go on to the website.

Every time a query is made, the IP address to URL mapping is cached in every DNS for the next user instead of having to go back and search for the information every single time. This helps in keeping the servers synchronized and updated and results in faster response times.

We will be looking at each DNS type soon, so don’t worry if things are still not clear about the hierarchy.

What is a Fully Qualified Domain Name or FQDN?

Before we can proceed we need to touch on the definition of a Fully Qualified Domain Name or FQDN. It is:

  • The most complete domain name that identifies a page, host, server or any other online resource.
  • A domain name that specifies its exact location in the DNS hierarchy tree; it specifies all domain levels, including the Top-Level Domain and the Root Level.

What is DNS hierarchy?

The DNS hierarchy, also called the domain name space, is an inverted tree structure. The DNS hierarchy tree has a single domain at the top of the structure called the root domain – indicated by the “.” as we have mentioned above. Below the root domain are the top-level domains that divide the DNS hierarchy into segments containing second-level domains, sub-domains, and hosts.

Hence, the DNS hierarchy is comprised of the following five levels:

  • Root Level Domain
  • Top Level Domains (TLD)
  • Second Level Domains (SLD)
  • Subdomains
  • Hosts

Within the hierarchy, the resolution process starts at the Root Level DNS, the Top Level DNS, working its way down to the Second Level DNS, then through any number of sub-domains until we get to the actual hostname we want to resolve into an IP address.

Let’s have a look at each component individually to see where they fit in the overall architecture.

DNS Architecture

Root Level Domains

The DNS root level is the highest in the DNS hierarchy tree because it is the first step in resolving a domain name. The root DNS server is the DNS for the root zone. It handles requests for records in the root zone and answers other requests by providing lists of authoritative name servers for the appropriate TLD (top-level domain). These are the authoritative nameservers that serve the DNS root zone. These servers contain the global list of the top-level domains. The root zone contains the following:

  • Organizational hierarchy – such as .com, .net, .org, .edu.
  • Geographic hierarchy – such as .ca, .uk, .fr, .pe.

Currently, there are 13 root name servers specified, with logical names in the form “letter.root-servers.net”, where letter ranges from “A” to “M” and represent companies like Verisign, University of Maryland, NASA, and The Internet Corporation for Assigned Names and Numbers (ICANN).

Previously, there were only single servers for each of the 13 IP addresses. Today, there are server clusters for each of them meaning there are hundreds of servers all around the world. They use Anycast DNS routing for load-balancing and better-decentralized performance.

Top-Level Domains

The next level in the DNS hierarchy is Top-Level Domains or TLDs, for short. There are over 1000 TLDs covering everything from “.abb” to “.zw” and still growing. As we have seen, the TLDs are classified into two subcategories: organizational hierarchy and geographic hierarchy.

The organizational hierarchy is divided into domains for the likes of commercial enterprises (“.com”), government entities (“.gov”), educational institutions (“.edu”), and nonprofit organizations (“.org”).

The geographic hierarchy, meanwhile, represents the country where the domain is hosted. Examples include “.ca” for Canada, “.uk” for the United Kingdom, “.au” for Australia, and even “.aq” for Antarctica.

Organizations that want to cater to their local customers can opt for TLDs that use both organizational and geographical hierarchies. Examples would be: “.com.et” for an Ethiopian business, “.org.al” for an organization in Albania, and “.gov.it” for the Italian government.

Second-Level Domains

A domain is a second-level domain if it is contained within a top-level domain. A second-level domain is a label – usually, a name related to the website or the business that owns it – immediately to the left of the top-level domain, and separated by a dot.

In the Domain Name System (DNS) hierarchy, a second-level domain (SLD or 2LD) is a domain that is directly below a top-level domain (TLD). For example, in “myexample.com”, “myexample” is the second-level domain of the “.com” TLD.


A subdomain – sometimes referred to as “third-level domains.” – is related to the root domain and is denoted on the left as a second-level domain. In the URL “blog.myexample.com” the subdomain address would be “blog.”

Trivia: the “WWW” in www.example.com is also a sub-domain, although it isn’t always necessary to type it in a domain name.


The host part of an FQDN is used to identify an individual device – usually a server. In the FQDN “myserver.example.com” the hostname would be “myserver.”

DNS hierarchy in a business

In a business network, there are production servers that are for internal use as well as external servers that are meant to be accessed by users from the outside. Communication with, and between, these servers can be made easier with the help of Enterprise DNS to resolve queries and connection requests – it is, in fact, highly recommended.

Finally, let’s close with a reminder: DNS server setup and configurations should always be done by professionals. It is worth investing in professionals; lest servers soon start returning error messages every time someone tries to access other connected resources over the network.

Avatar for Liku Zelleke
Liku Zelleke

Liku Zelleke is a technology blogger who has over two decades experience in the IT industry. He hasn’t looked back since the day, years ago, when he discovered he could combine that experience with his other passion: writing. Today, he writes on topics related to network configuration, optimization, and security for Cloud Infrastructure Services.

4.5 6 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x