How DNS Works
Every time you visit a website, your browser performs a DNS lookup to translate the domain name into an IP address. Understanding how DNS works helps you troubleshoot connectivity issues, configure email authentication, and protect your online privacy.
What Is DNS?
DNS — the Domain Name System — is the internet's distributed naming system. It maintains a global database of domain names and their corresponding IP addresses, allowing humans to use memorable names like ipdetecto.com instead of numeric addresses like 104.21.18.93.
DNS is hierarchical and distributed: no single server holds all domain records. Instead, the system uses a tree of servers — from root name servers at the top, down through top-level domain (TLD) servers, to authoritative name servers operated by individual domain owners. This distributed architecture makes DNS highly resilient and scalable for billions of daily queries.
The DNS Resolution Process
When you type a URL into your browser, the following sequence of events resolves it to an IP address:
DNS Record Types
DNS supports many record types, each serving a specific purpose in directing internet traffic:
AMaps a domain to an IPv4 address. The fundamental record for web hosting.AAAAMaps a domain to an IPv6 address. Required for IPv6 reachability.MXSpecifies mail servers for receiving email. Multiple records provide redundancy.TXTStores text data — SPF, DKIM, DMARC email authentication, and domain verification.CNAMEAlias — points one domain to another. Cannot coexist with other records at the same name.NSNames the authoritative name servers for the domain. Delegated from the TLD.SOAStart of Authority — zone metadata including primary nameserver and cache parameters.PTRReverse DNS — maps an IP address back to a domain name. Used for email server verification.DNS Caching and TTL
DNS responses include a TTL (Time to Live) value that tells resolvers how long to cache the result. This dramatically reduces DNS query volume and speeds up resolution for popular domains.
- ✓ Fast DNS change propagation
- ✓ Good before planned migrations
- ✗ More DNS queries = higher load
- ✗ Slightly slower resolution
- ✓ Fewer DNS queries, lower latency
- ✓ Better for stable configurations
- ✗ Slow propagation of DNS changes
- ✗ Outages persist during TTL period
DNS Privacy: DoH and DoT
Traditional DNS queries are sent in plain text over UDP port 53, meaning your ISP and any network observer can see every domain you look up. Two modern protocols address this:
DNS-over-HTTPS (DoH)
Encrypts DNS queries inside HTTPS requests (port 443). Prevents ISP monitoring and network snooping. Supported natively in Firefox and Chrome. Can be configured at the OS level on Windows 11 and macOS 13+.
DNS-over-TLS (DoT)
Encrypts DNS queries using TLS on a dedicated port (853). Easier for network administrators to monitor and allow/block compared to DoH. Many modern routers and enterprise DNS solutions support DoT.
DNS Propagation in Practice
One of the most misunderstood aspects of DNS is propagation. When you update a DNS record — say, you point your domain to a new server — the change does not appear instantly for everyone. Here is what actually happens:
Your new record is written to your authoritative name server immediately. But every resolver in the world that has cached the old record will continue serving it until the old TTL expires. If your A record had a TTL of 86400 (24 hours), some users could see the old server for up to 24 hours after you made the change.
This is why the professional practice before a major migration is to lower your TTL to 300 seconds (5 minutes) at least 48 hours before the change, perform the switch, then raise the TTL again after confirming everything works. The 48-hour wait is necessary because old cached records with the original high TTL need to expire first.
DNS Leaks: When Your VPN Fails at the DNS Level
A DNS leak is one of the most common VPN failures. It happens when your device sends DNS queries outside the VPN tunnel — typically back to your ISP’s resolver — even though all your other traffic is encrypted and tunnelled. The result: your ISP can see every domain you look up, even though they cannot see the actual content of the pages you visit.
DNS leaks happen because the operating system may continue using its configured DNS server (from DHCP, before the VPN connected) in parallel with the VPN’s DNS. On Windows, the "Smart Multi-Homed Name Resolution" feature can cause this — it sends DNS queries to all configured resolvers simultaneously and uses whichever responds fastest, which is often the ISP’s local resolver.
You can verify whether your VPN has a DNS leak using our privacy leak test. The tool makes a DNS request from your browser and checks which resolver handled it. If the resolver’s location does not match your VPN server’s location, you likely have a leak.
Troubleshooting DNS with Lookup Tools
When email stops working, a website goes down after a migration, or a subdomain resolves incorrectly, DNS is usually the first place to investigate. Here is how to use DNS lookup tools effectively:
A / AAAACheck which IP a domain resolves to. Compare to your expected server IP to confirm the record propagated correctly.MXCheck mail server routing. If email is bouncing, an MX record misconfiguration or missing record is often the cause.TXTVerify SPF, DKIM, and DMARC records for email authentication. These must be exact — even a trailing space can break delivery.NSConfirm which name servers are authoritative for the domain. Useful after a registrar transfer.PTRReverse DNS lookup. Email servers commonly require that the sending IP has a PTR record matching the domain. Missing PTR records cause spam filter failures.Use our DNS lookup tool to query A, AAAA, MX, TXT, CNAME, NS, and PTR records for any domain — and our leak test to verify your VPN is not leaking DNS queries to your ISP.
Frequently Asked Questions
What is DNS?
DNS (Domain Name System) is the internet's distributed directory service that translates human-readable domain names (like google.com) into machine-readable IP addresses (like 142.250.80.46). Without DNS, you would need to memorize IP addresses to visit websites. DNS is often called the 'phonebook of the internet'.
How does DNS resolution work step by step?
DNS resolution follows these steps: 1) Browser checks local cache. 2) OS checks hosts file and local DNS cache. 3) Query goes to your recursive resolver (usually your ISP's DNS). 4) Recursive resolver checks its cache, then queries a root name server. 5) Root server directs to a TLD server (.com, .net). 6) TLD server directs to the authoritative name server. 7) Authoritative server returns the IP address. 8) Resolver caches the result and returns it to your browser.
What is a DNS resolver?
A DNS resolver (also called a recursive resolver) is a server that handles DNS queries on behalf of clients. When you type a domain, your device sends a query to the configured resolver (typically your ISP's DNS, or a public resolver like 8.8.8.8). The resolver performs the recursive lookup through root → TLD → authoritative servers and returns the final IP address, caching results to speed up future queries.
What is DNS caching and TTL?
DNS caching stores recently resolved domain-to-IP mappings for a specified duration. The TTL (Time to Live) is set by the domain owner and tells resolvers how long to cache a record before re-querying. Low TTL (300 seconds) means faster propagation of DNS changes but more queries. High TTL (86400 seconds = 24 hours) reduces query load but slows change propagation.
What is the difference between DNS and DHCP?
DNS translates domain names to IP addresses. DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices on a network. Your router runs DHCP to assign local IPs (192.168.x.x) to your devices. It also provides your devices with the DNS server address to use. They solve different problems: DHCP assigns addresses, DNS resolves names.
What is DNS-over-HTTPS (DoH)?
DNS-over-HTTPS (DoH) encrypts DNS queries using HTTPS, preventing ISPs and network eavesdroppers from seeing which domains you're looking up. Traditional DNS is unencrypted and sent in plaintext. DoH is supported by major browsers (Firefox, Chrome, Edge) and public resolvers like Cloudflare (1.1.1.1) and Google (8.8.8.8). It significantly improves DNS privacy.
Related Tools & Resources
Query A, MX, TXT, CNAME, and NS records for any domain.
Learn how IP addresses work and how they're assigned.
Find domain registration, ownership, and name server info.
Check for DNS leaks that expose your browsing activity.
Compare tools for encrypting and routing your DNS traffic.
Understand the protocols that DNS uses to transport queries.