DNS: The Internet's Phone Book

What Is DNS?

DNS (Domain Name System) is the hierarchical, decentralized naming system that translates human-readable domain names like example.com into machine-readable IP addresses like 93.184.216.34. Without DNS, you would need to memorize the IP address of every website you want to visit — DNS makes the internet usable for humans.

DNS was created in 1983 by Paul Mockapetris, replacing the earlier HOSTS.TXT file that maintained a single flat list of all hostnames on the ARPANET. As the internet grew from hundreds to billions of devices, DNS evolved into the distributed, scalable system it is today, handling over 1 trillion queries per day globally.

Every time you type a URL into your browser, send an email, or connect to any internet service, a DNS lookup happens behind the scenes. Your device asks a DNS resolver "What is the IP address for example.com?" and the resolver finds and returns the answer. This entire process typically takes less than 100 milliseconds.

How DNS Resolution Works

DNS resolution is the process of converting a domain name into an IP address. It involves multiple servers working together in a chain. The key participants are:

  • DNS Resolver (Recursive Resolver): The first stop for your query. Usually operated by your ISP or a public DNS provider (Google 8.8.8.8, Cloudflare 1.1.1.1). It does the heavy lifting of chasing down the answer across multiple servers.
  • Root Name Servers: The top of the DNS hierarchy. There are 13 root server clusters (A through M) operated by organizations like ICANN, Verisign, NASA, and the US Army. They direct queries to the appropriate TLD server.
  • TLD Name Servers: Manage top-level domains (.com, .org, .net, .uk, .de, etc.). They know which authoritative server handles each domain within their TLD.
  • Authoritative Name Server: The final authority for a specific domain. It holds the actual DNS records (A, AAAA, MX, CNAME, etc.) and returns the definitive answer.

The resolver acts as an intermediary — your device only talks to the resolver, and the resolver talks to all the other servers on your behalf. This is called a recursive lookup because the resolver recursively follows referrals until it finds the answer.

The DNS Hierarchy

DNS is organized as a tree structure, similar to a file system. Understanding this hierarchy is essential to grasping how domain names are resolved:

                    . (root)
                   / | \
                .com .org .net .uk .de ...  (TLDs)
                /    |    \
          google  wikipedia  example  ...  (domains)
          /   \
        www   mail                    (subdomains)

The hierarchy levels from top to bottom are:

  1. Root Zone (.): The invisible dot at the end of every domain (e.g., example.com.). The root zone contains pointers to all TLD servers.
  2. Top-Level Domains (TLDs): Managed by IANA (part of ICANN). There are two types:
    • gTLDs (Generic): .com, .org, .net, .info, .dev, .app (over 1,500 new gTLDs)
    • ccTLDs (Country Code): .uk, .de, .fr, .jp, .au (over 240)
  3. Second-Level Domains: The registered domain name (e.g., google in google.com).
  4. Subdomains: Any prefix added to a domain (e.g., www, mail, api). You can create unlimited subdomains.

Each level is separated by a dot, and the hierarchy is read right to left. In mail.google.com, .com is the TLD, google is the second-level domain, and mail is a subdomain.

Common DNS Record Types

DNS records are stored on authoritative name servers and define different types of information about a domain. Here are the most commonly used record types:

Record Purpose Example TTL Example
A Maps domain to IPv4 address example.com. IN A 93.184.216.34 3600 (1 hour)
AAAA Maps domain to IPv6 address example.com. IN AAAA 2606:2800:220:1:... 3600
CNAME Alias pointing to another domain www.example.com. IN CNAME example.com. 86400 (24 hours)
MX Mail server for the domain example.com. IN MX 10 mail.example.com. 3600
TXT Arbitrary text (SPF, DKIM, verification) example.com. IN TXT "v=spf1 include:..." 3600
NS Authoritative name servers for the domain example.com. IN NS ns1.example.com. 86400
SOA Start of Authority — zone metadata Contains serial number, refresh/retry timers, admin email 86400
PTR Reverse DNS — IP to domain name 34.216.184.93.in-addr.arpa. IN PTR example.com. 86400
SRV Service location (host + port) _sip._tcp.example.com. IN SRV 10 60 5060 sip.example.com. 3600
CAA Certificate Authority Authorization example.com. IN CAA 0 issue "letsencrypt.org" 86400

A CNAME record creates an alias — when a resolver encounters a CNAME, it must restart the lookup with the target domain. A CNAME cannot coexist with other records at the same name. An ALIAS or ANAME record (non-standard, provider-specific) works around this limitation by resolving to an A record at the zone level.

Caching and TTL

DNS caching is a critical performance optimization. Without caching, every DNS query would require traversing the full hierarchy from root to authoritative server. Caching stores answers at multiple levels so repeat lookups are nearly instant.

Every DNS record includes a TTL (Time To Live) value in seconds. This tells resolvers how long they can cache the answer before they must query the authoritative server again. Common TTL values:

TTL Duration Use Case
60 1 minute Active DNS changes, failover setups, dynamic IPs
300 5 minutes Frequently changing records, load balancing
3600 1 hour Standard websites (good balance of freshness and performance)
14400 4 hours Stable records that rarely change
86400 24 hours NS records, CNAME records, very stable infrastructure

Caching happens at multiple layers: your operating system's DNS cache, your router's cache, your ISP's recursive resolver cache, and sometimes application-level caches. When you lower a TTL before making a DNS change, you must wait for the old TTL to expire from all caches before the change fully propagates.

Full Lookup Process Walkthrough

Here is exactly what happens when you type www.example.com into your browser for the first time, step by step:

User types: www.example.com
         |
         v
[1] Browser cache -----------> Cache hit? Return IP. No? Continue.
         |
         v
[2] OS cache (hosts file) ---> Cache hit? Return IP. No? Continue.
         |
         v
[3] Router/ISP cache -------> Cache hit? Return IP. No? Continue.
         |
         v
[4] Recursive Resolver ------> (e.g., 8.8.8.8)
         |
         |--> [5] Ask Root Server: "Where is www.example.com?"
         |         Root responds: "Ask the .com TLD server"
         |         (provides .com NS IP addresses)
         |
         |--> [6] Ask .com TLD Server: "Where is www.example.com?"
         |         TLD responds: "Ask example.com's authoritative server"
         |         (provides example.com NS IP addresses)
         |
         |--> [7] Ask example.com Authoritative Server:
         |         "What is the IP for www.example.com?"
         |         Authoritative responds: "CNAME example.com"
         |         (restart lookup for example.com)
         |
         |--> [8] Ask example.com Authoritative Server:
         |         "What is the IP for example.com?"
         |         Authoritative responds: "A 93.184.216.34"
         |
         v
[9] Resolver caches the answer (TTL: 3600s)
         |
         v
[10] OS caches the answer
         |
         v
[11] Browser connects to 93.184.216.34
         |
         v
[12] Web page loads

This entire chain typically completes in 20-80 milliseconds. Subsequent visits to the same domain are nearly instant because the answer is cached at the OS and resolver level for the duration of the TTL.

DNS over HTTPS (DoH) and DNS over TLS (DoT)

Traditional DNS queries are sent in plaintext over UDP port 53. This means anyone on the network path (ISP, Wi-Fi operator, attacker) can see which domains you are visiting. Two protocols address this privacy concern:

Feature DNS over HTTPS (DoH) DNS over TLS (DoT)
RFC RFC 8484 RFC 7858
Port 443 (same as HTTPS web traffic) 853 (dedicated)
Protocol HTTPS (HTTP/2 or HTTP/3) TLS directly
Encryption TLS 1.2/1.3 TLS 1.2/1.3
Stealth Hard to block (blends with HTTPS) Easy to block (dedicated port)
Browser Support Firefox, Chrome, Edge, Safari Android 9+, limited browser support
OS Support Windows 11, macOS, Linux (systemd-resolved) Android 9+, Linux (systemd-resolved)

Both protocols encrypt DNS queries so that eavesdroppers cannot see which domains you are resolving. DoH has gained wider adoption because it uses the same port as regular HTTPS traffic, making it harder for network operators to block without disrupting all web traffic. Major providers like Cloudflare (1.1.1.1), Google (8.8.8.8), and Quad9 (9.9.9.9) all support both DoH and DoT.

DNS Troubleshooting

DNS issues can manifest as websites not loading, email delivery failures, or services appearing unreachable. Here are the essential tools and techniques for diagnosing DNS problems:

  • nslookup — Available on Windows, macOS, and Linux. Quick lookups: nslookup example.com
  • dig — More detailed output (Linux/macOS): dig example.com A +short or dig @8.8.8.8 example.com ANY
  • host — Simple lookup tool: host example.com
  • DNS propagation checkers — Online tools that query DNS from multiple global locations to verify propagation status.
  • Flush DNS cache — On Windows: ipconfig /flushdns. On macOS: sudo dscacheutil -flushcache.

Common DNS problems and their causes:

  • "Server not found" — Domain has no A/AAAA record, or the authoritative server is unreachable.
  • Wrong IP returned — Stale cache (TTL not yet expired), or records were not updated correctly.
  • Intermittent failures — Multiple authoritative servers returning different answers (split-brain DNS).
  • Slow resolution — High TTL values, distant resolver, or authoritative server performance issues.

DNS is one of the most critical services on the internet. A DNS outage can make your entire domain unreachable, even if your servers are running perfectly. Understanding how DNS works helps you troubleshoot issues faster and make informed decisions about TTL values, record configuration, and provider selection. Use our DNS Lookup tool to inspect DNS records for any domain.