Networking

How DNS Works

Every time you visit a website, your browser performs a DNS lookup to translate the domain name into an IP address. Understanding how DNS works helps you troubleshoot connectivity issues, configure email authentication, and protect your online privacy.

What Is DNS?

DNS — the Domain Name System — is the internet's distributed naming system. It maintains a global database of domain names and their corresponding IP addresses, allowing humans to use memorable names like ipdetecto.com instead of numeric addresses like 104.21.18.93.

DNS is hierarchical and distributed: no single server holds all domain records. Instead, the system uses a tree of servers — from root name servers at the top, down through top-level domain (TLD) servers, to authoritative name servers operated by individual domain owners. This distributed architecture makes DNS highly resilient and scalable for billions of daily queries.

The DNS Resolution Process

When you type a URL into your browser, the following sequence of events resolves it to an IP address:

1
Browser Cache Check: The browser checks its own DNS cache. If the domain was recently resolved and the TTL hasn't expired, the cached IP is used immediately.
2
OS Cache & Hosts File: If not in browser cache, the OS checks its DNS cache and the local hosts file (/etc/hosts on Linux/Mac, C:\Windows\System32\drivers\etc\hosts on Windows).
3
Recursive Resolver Query: The OS sends a DNS query to the configured recursive resolver — typically your ISP's DNS server or a public resolver like Cloudflare (1.1.1.1) or Google (8.8.8.8).
4
Root Name Server: If the resolver's cache misses, it queries one of the 13 logical root name server clusters. The root server returns the address of the TLD name server (.com, .net, .org, etc.).
5
TLD Name Server: The resolver queries the TLD server (e.g., Verisign for .com). It returns the address of the authoritative name server for the specific domain.
6
Authoritative Name Server: The resolver queries the domain's authoritative name server (configured at your registrar via NS records). This server has the definitive DNS records and returns the IP address.
7
Response & Caching: The resolver returns the IP to your browser and caches the result for the duration specified by the TTL. Your browser can now connect to the web server at that IP.

DNS Record Types

DNS supports many record types, each serving a specific purpose in directing internet traffic:

AMaps a domain to an IPv4 address. The fundamental record for web hosting.
AAAAMaps a domain to an IPv6 address. Required for IPv6 reachability.
MXSpecifies mail servers for receiving email. Multiple records provide redundancy.
TXTStores text data — SPF, DKIM, DMARC email authentication, and domain verification.
CNAMEAlias — points one domain to another. Cannot coexist with other records at the same name.
NSNames the authoritative name servers for the domain. Delegated from the TLD.
SOAStart of Authority — zone metadata including primary nameserver and cache parameters.
PTRReverse DNS — maps an IP address back to a domain name. Used for email server verification.

DNS Caching and TTL

DNS responses include a TTL (Time to Live) value that tells resolvers how long to cache the result. This dramatically reduces DNS query volume and speeds up resolution for popular domains.

Low TTL (300 seconds)
  • ✓ Fast DNS change propagation
  • ✓ Good before planned migrations
  • ✗ More DNS queries = higher load
  • ✗ Slightly slower resolution
High TTL (86400 seconds)
  • ✓ Fewer DNS queries, lower latency
  • ✓ Better for stable configurations
  • ✗ Slow propagation of DNS changes
  • ✗ Outages persist during TTL period

DNS Privacy: DoH and DoT

Traditional DNS queries are sent in plain text over UDP port 53, meaning your ISP and any network observer can see every domain you look up. Two modern protocols address this:

DNS-over-HTTPS (DoH)

Encrypts DNS queries inside HTTPS requests (port 443). Prevents ISP monitoring and network snooping. Supported natively in Firefox and Chrome. Can be configured at the OS level on Windows 11 and macOS 13+.

DNS-over-TLS (DoT)

Encrypts DNS queries using TLS on a dedicated port (853). Easier for network administrators to monitor and allow/block compared to DoH. Many modern routers and enterprise DNS solutions support DoT.

Frequently Asked Questions

What is DNS?

DNS (Domain Name System) is the internet's distributed directory service that translates human-readable domain names (like google.com) into machine-readable IP addresses (like 142.250.80.46). Without DNS, you would need to memorize IP addresses to visit websites. DNS is often called the 'phonebook of the internet'.

How does DNS resolution work step by step?

DNS resolution follows these steps: 1) Browser checks local cache. 2) OS checks hosts file and local DNS cache. 3) Query goes to your recursive resolver (usually your ISP's DNS). 4) Recursive resolver checks its cache, then queries a root name server. 5) Root server directs to a TLD server (.com, .net). 6) TLD server directs to the authoritative name server. 7) Authoritative server returns the IP address. 8) Resolver caches the result and returns it to your browser.

What is a DNS resolver?

A DNS resolver (also called a recursive resolver) is a server that handles DNS queries on behalf of clients. When you type a domain, your device sends a query to the configured resolver (typically your ISP's DNS, or a public resolver like 8.8.8.8). The resolver performs the recursive lookup through root → TLD → authoritative servers and returns the final IP address, caching results to speed up future queries.

What is DNS caching and TTL?

DNS caching stores recently resolved domain-to-IP mappings for a specified duration. The TTL (Time to Live) is set by the domain owner and tells resolvers how long to cache a record before re-querying. Low TTL (300 seconds) means faster propagation of DNS changes but more queries. High TTL (86400 seconds = 24 hours) reduces query load but slows change propagation.

What is the difference between DNS and DHCP?

DNS translates domain names to IP addresses. DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices on a network. Your router runs DHCP to assign local IPs (192.168.x.x) to your devices. It also provides your devices with the DNS server address to use. They solve different problems: DHCP assigns addresses, DNS resolves names.

What is DNS-over-HTTPS (DoH)?

DNS-over-HTTPS (DoH) encrypts DNS queries using HTTPS, preventing ISPs and network eavesdroppers from seeing which domains you're looking up. Traditional DNS is unencrypted and sent in plaintext. DoH is supported by major browsers (Firefox, Chrome, Edge) and public resolvers like Cloudflare (1.1.1.1) and Google (8.8.8.8). It significantly improves DNS privacy.

Related Tools & Resources

DNS Lookup Tool

Query A, MX, TXT, CNAME, and NS records for any domain.

What is an IP Address?

Learn how IP addresses work and how they're assigned.

WHOIS Lookup

Find domain registration, ownership, and name server info.

Privacy Leaks Test

Check for DNS leaks that expose your browsing activity.

VPN vs Proxy

Compare tools for encrypting and routing your DNS traffic.

TCP vs UDP

Understand the protocols that DNS uses to transport queries.