Copied!
Sign In
Access your IPWhois.net account
No account? Create one
Home / FAQ / What Is DNS? How the Domain Name System Works

What Is DNS? How the Domain Name System Works

Complete guide to DNS. Learn how the Domain Name System resolves domain names to IP addresses, what DNS records are, how DNS propagation works, and how to troubleshoot DNS issues.

DNS Explained in Plain Terms

DNS stands for Domain Name System. It is the technology that converts domain names like google.com into IP addresses like 142.250.185.206. Every time you type a website address into your browser, open an app that connects to the internet, or send an email, a DNS query runs in the background to figure out which server to contact.

Without DNS you would need to memorize the numeric IP address of every website you want to visit. DNS removes that burden by maintaining a distributed database of name-to-address mappings that any device on the internet can query.

DNS was created in 1983 by Paul Mockapetris and described in RFC 882 and RFC 883. Before that, every computer on the network shared a single text file called HOSTS.TXT that listed all known hostnames and their addresses. As the internet grew from a few hundred machines to millions, that approach became impossible to maintain. DNS replaced it with a decentralized system that scales to billions of names.

How DNS Resolution Works Step by Step

When you type example.com into your browser, the following happens in roughly 20 to 120 milliseconds:

  1. Browser cache - your browser checks if it already looked up this domain recently. If the answer is still within its TTL (time to live), no network request is needed.
  2. Operating system cache - if the browser does not have it cached, the OS-level stub resolver checks its own cache. On Windows this is the DNS Client service; on macOS it is mDNSResponder.
  3. Recursive resolver - if neither cache has the answer, the query goes to your configured DNS resolver. This is usually your ISP's resolver or a public one like Google (8.8.8.8) or Cloudflare (1.1.1.1). The recursive resolver does the heavy lifting.
  4. Root nameserver - the resolver asks one of the 13 root server groups (a.root-servers.net through m.root-servers.net) "who is responsible for .com?" The root server responds with a referral to the .com TLD servers.
  5. TLD nameserver - the resolver asks the .com TLD server "who is authoritative for example.com?" The TLD server responds with the nameservers registered for that domain.
  6. Authoritative nameserver - the resolver asks the authoritative server for the actual record. This server holds the zone file with all DNS records for the domain and returns the IP address.
  7. Response - the resolver caches the answer for the duration specified by the TTL and sends it back to your device. Your browser opens a TCP connection to that IP and loads the page.

This chain of queries is called recursion. The recursive resolver handles the entire process so your device only needs to make a single request.

Types of DNS Servers

There are four types of DNS servers involved in resolving a domain name, each with a distinct role:

Root nameservers sit at the top of the hierarchy. There are 13 logical root servers identified by the letters A through M. In practice, each one is a cluster of hundreds of physical servers distributed worldwide using anycast routing. Their job is to direct queries to the correct TLD server.

TLD (Top-Level Domain) nameservers manage zones for each top-level domain: .com, .org, .net, .io, country codes like .de and .br, and newer TLDs like .app and .dev. They respond with the authoritative nameservers for specific domains within their zone.

Authoritative nameservers hold the actual DNS records for a domain. When you set up DNS records for your website (A records, MX records, etc.), those records live on the authoritative nameserver. Common authoritative DNS providers include Cloudflare, AWS Route 53 and your domain registrar's built-in nameservers.

Recursive resolvers are the servers your device talks to directly. They accept your query, chase down the answer by talking to root, TLD and authoritative servers, cache the result, and return it to you. Your ISP runs recursive resolvers, and public options like Google Public DNS (8.8.8.8), Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) are available to anyone.

DNS Record Types

DNS stores different types of records depending on what information needs to be associated with a domain name. Here are the most common ones:

RecordWhat It DoesExample
AMaps a domain to an IPv4 addressexample.com → 93.184.216.34
AAAAMaps a domain to an IPv6 addressexample.com → 2606:2800:220:1::248
CNAMECreates an alias that points one domain to anotherwww.example.com → example.com
MXSpecifies the mail server for the domain (with priority number)10 mail.example.com
TXTHolds text data. Used for SPF, DKIM, domain verificationv=spf1 include:_spf.google.com ~all
NSDelegates the domain to specific authoritative nameserversns1.cloudflare.com
SOAStart of Authority. Contains zone metadata: primary NS, admin email, serial number, timersZone administration record
PTRReverse DNS. Maps an IP address back to a hostname34.216.184.93.in-addr.arpa → example.com
SRVSpecifies the host and port for a service (VoIP, messaging, etc.)_sip._tcp.example.com 5060
CAAControls which certificate authorities can issue SSL certificates for the domain0 issue "letsencrypt.org"

You can inspect the DNS records for any domain using our DNS Lookup tool, which queries authoritative servers and returns all record types.

TTL and DNS Caching

TTL (Time to Live) is a number attached to every DNS record that tells resolvers how many seconds they can cache the answer before asking again. When a resolver gets a response with a TTL of 3600, it stores that record for one hour. After that it expires and the next query triggers a fresh lookup.

TTL matters because it controls how fast DNS changes propagate. If you are about to change your website's IP address or switch hosting providers, lowering the TTL to 300 seconds (5 minutes) a day before the change means resolvers worldwide will pick up the new address within minutes. If the TTL was 86400 (24 hours), some users might still be directed to the old server for up to a day.

DNS caching happens at multiple levels: your browser, your operating system, your home router, and the recursive resolver. Each level stores records independently based on the TTL.

To flush your local DNS cache and force fresh lookups:

  • Windows: ipconfig /flushdns
  • macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  • Linux (systemd): sudo systemd-resolve --flush-caches
  • Chrome browser: navigate to chrome://net-internals/#dns and click "Clear host cache"

What Is DNS Propagation?

DNS propagation is the process by which updated DNS records spread across all resolvers worldwide. When you change a DNS record (for example, pointing your domain to a new server), that change does not take effect everywhere at once. Resolvers that cached the old record will keep serving it until the TTL expires.

Full propagation typically takes anywhere from a few minutes to 48 hours depending on the TTL of the old record and how aggressively different resolvers cache. You can monitor propagation in real time using our DNS Propagation Checker, which queries 23 resolvers across 6 continents simultaneously and shows results on a live map.

DNS Security

Standard DNS queries are sent as unencrypted plain text over UDP port 53. This means anyone on your network path (your ISP, a public Wi-Fi operator, or an attacker) can see which domains you are looking up. Several technologies address this:

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS responses so resolvers can verify that the data has not been tampered with in transit. It prevents cache poisoning and spoofing attacks but does not encrypt the queries themselves.

DNS over HTTPS (DoH) wraps DNS queries inside regular HTTPS traffic on port 443. This encrypts your queries and makes them indistinguishable from normal web traffic. Firefox and Chrome support DoH natively.

DNS over TLS (DoT) encrypts DNS queries using TLS on a dedicated port (853). It provides the same privacy benefit as DoH but is easier for network administrators to identify and manage.

If you use a VPN, your DNS queries should be routed through the VPN tunnel. If they leak out to your ISP's resolver instead, your browsing activity is exposed. Our DNS Leak Test checks whether your queries are properly contained within the VPN.

Public DNS Resolvers

Most people use whatever DNS resolver their ISP assigns by default. Switching to a public resolver can improve speed, privacy and security. Here are the most widely used options:

ProviderPrimarySecondaryStrengths
Google Public DNS8.8.8.88.8.4.4Fast, globally distributed, extensive anycast network
Cloudflare1.1.1.11.0.0.1Fastest response times in independent benchmarks, strong privacy policy
Quad99.9.9.9149.112.112.112Blocks known malicious domains by default, nonprofit operated
OpenDNS (Cisco)208.67.222.222208.67.220.220Configurable content filtering, parental controls
AdGuard DNS94.140.14.1494.140.15.15Blocks ads and trackers at the DNS level

To change your DNS resolver, update the DNS settings in your router's admin panel (affects all devices on your network) or in your device's network settings (affects only that device).

Common DNS Problems and How to Fix Them

DNS server not responding

This usually means your configured resolver is unreachable. Try switching to a public resolver (8.8.8.8 or 1.1.1.1) in your network settings. If that works, the problem is with your original DNS provider, not your internet connection.

Slow DNS lookups

If websites take several seconds to start loading but then load quickly, DNS resolution is the bottleneck. Switch to a faster resolver. Cloudflare (1.1.1.1) consistently scores the lowest response times in global benchmarks.

DNS changes not showing up

Old records are still cached somewhere in the chain. Flush your local cache, try a different browser, or test from a different network. Use our DNS Propagation Checker to see which resolvers have picked up the new record and which still serve the old one.

NXDOMAIN errors

The domain does not exist in DNS. This could mean the domain expired, the nameservers are misconfigured, or the record was deleted. Check the domain's NS records first to confirm the nameservers are set correctly.

Frequently Asked Questions

What is DNS in simple terms?

DNS is the system that converts website names (like google.com) into the numeric IP addresses that computers use to find each other on the internet. It works like a phone book: you look up a name and get the number to call.

What is a DNS server and what does it do?

A DNS server is a computer that stores the database of domain-to-IP mappings and answers queries from other devices. Recursive resolvers (like 8.8.8.8 or 1.1.1.1) handle queries from your device by chasing down the answer through the DNS hierarchy. Authoritative servers hold the actual records for specific domains. Root servers sit at the top and direct traffic to the right place.

What is a DNS error?

A DNS error means your device could not resolve a domain name to an IP address. The most common cause is an unreachable DNS server. On gaming consoles like PS4 and PS5, DNS errors often appear when the default ISP resolver is slow or overloaded. The fix is usually simple: go to network settings and manually set DNS to 8.8.8.8 (primary) and 8.8.4.4 (secondary), or use Cloudflare's 1.1.1.1. This works on PlayStation, Xbox and most routers.

What is a DNS record?

A DNS record is a single entry in the DNS database that maps a domain name to a specific piece of information. An A record maps to an IPv4 address, an MX record maps to a mail server, a TXT record holds text data like SPF policies, and so on. Each record has a type, a value and a TTL.

What is a DNS zone?

A DNS zone is a portion of the DNS namespace managed by a specific administrator or organization. For example, example.com and all its subdomains (www.example.com, mail.example.com) form a zone. The zone file contains all the DNS records for that domain and is hosted on the authoritative nameserver.

What is a DNS provider?

A DNS provider (or DNS hosting provider) is a service that hosts your domain's authoritative nameservers. When someone looks up your domain, the query eventually reaches your DNS provider's servers which return the answer. Popular DNS providers include Cloudflare, AWS Route 53, Google Cloud DNS and most domain registrars. They differ in speed, reliability, pricing and features like DNSSEC support and geo-routing.

What is private DNS?

Private DNS is a setting on Android (9+) and some other devices that enables DNS over TLS (DoT) by default. When you set a private DNS provider (like dns.google or 1dot1dot1dot1.cloudflare-dns.com), all your DNS queries are encrypted automatically. This prevents your ISP or network operator from seeing which domains you visit.

What is a DNS leak?

A DNS leak happens when your DNS queries go to your ISP's resolver instead of through your VPN tunnel, even though the VPN is connected. This exposes which websites you visit to your ISP despite the VPN. You can check for this with our DNS Leak Test.

How long does DNS propagation take?

Between a few minutes and 48 hours, depending on the TTL of the old record. If the old TTL was 300 seconds, most resolvers will pick up the change within 5 minutes. If it was 86400 seconds (24 hours), it can take a full day. Lowering the TTL before making changes speeds up propagation.

What is DNS cache and should I clear it?

DNS cache is a local store of recent DNS lookups on your device. It speeds up browsing by avoiding repeated queries. You should clear it if DNS records have changed but your device is still using old cached values, or if you are experiencing connectivity issues that might be caused by stale DNS data.

What port does DNS use?

Standard DNS uses UDP port 53. Large responses fall back to TCP port 53. DNS over HTTPS uses port 443 (same as regular HTTPS). DNS over TLS uses port 853.

Can my ISP see my DNS queries?

Yes, if you use their resolver or unencrypted DNS. Your ISP can log every domain you look up. To prevent this, use DNS over HTTPS (DoH) or DNS over TLS (DoT) with a resolver that supports them, or use a VPN that tunnels all DNS queries through its encrypted connection.

What is the difference between DNS and DHCP?

DNS translates domain names to IP addresses. DHCP (Dynamic Host Configuration Protocol) assigns IP addresses to devices on a local network. They work together but serve completely different functions. DHCP gives your device an IP; DNS tells your device which IP belongs to the website you want to visit.

Is DNS the same as a URL?

No. A URL (like https://www.example.com/page) is the full web address including the protocol, domain and path. DNS only handles the domain name part (example.com) by converting it to an IP address. The browser handles the rest.

DNS Lookup Tool
Use our free online tool - no signup required
Related Articles
What Is DNS Propagation? What Is WHOIS? What Is a DNS Leak? DNS Propagation Checker DNS Lookup Tool