How does the isp's dns work?

That's the basis of it.

DNS stands for Domain Name System and is used to provide a relationship between domain names and IP addresses. Domain names are easy to remember but are useless to the underlying operations of the various internet protocols. IP addresses are much harder to remember, but are necessary for virtual network devices to talk to each other across the globe.

The DNS system is hierarchical. Most ISPs run DNS servers for their customers, but customers can use other ones such as those provided by google (8.8.8.8 and 8.8.4.4 if I recall correctly) or any number of providers.

DNS servers have two distinct but related roles. First, they can act as a resolver cache or non-authoritative name server. DNS servers acting in this capacity simply return what they've cached from before if it's still valid. If an entry has expired or has not been cached, the resolver forwards the request up the chain.

Second, DNS servers can act as authoritative name servers. Authoritative name servers "know" where something is. They contain an actual record of a name -> number mapping rather than a cached value. Every domain typically has at least two name servers for redundancy (sometimes superimposed).

The software for authoritative and non-authoritative responses is identical, it's purely a matter of per-zone configuration.

Lets say that you wanted to obtain the local IP address for google.com. First, your PC will send a request to your ISPs DNS server. That server does not have an authoritative response and does not have a cached value, so it passes it up the chain. Your ISPs name server will then resolve the name server for 'com.'* which is managed by Verisign. Verisign operates the authoritative registries for .com and .net. Verisign's DNS servers will either have an authoritative response for the domain in question (google.com) or the IP address of the authoritative name servers for that domain (in the event that the host runs their own name servers).

If Verisign returns an authoritative response for google.com, then the process is finished. If Verisign returns an authoritative response for google.com's name servers, then the host will then query those name servers for the authoritative response.

*Contrary to popular belief, TLDs such as .com and .net are not the top level of the DNS hierarchy. There's a domain above that called the "root domain" which is simply an empty string. The root domain has 13 name servers with fixed IP addresses that are included with every operating system. The name servers for the root domain contain the authoritative addresses of the name servers for the TLDs. In the event of a complete and catastrophic crash of the global DNS caching infrastructure, one of the 13 root name servers contains all of the information needed to bootstrap the DNS service world wide.