What is DNS?
Understand how the Domain Name System maps names to IPs and why it matters.
What is DNS?
Definition
The Domain Name System (DNS) is the naming system of the internet. It translates human‑readable domain names like example.com into numerical IP addresses that computers and routers use to connect.
DNS exists so people don’t have to memorize IP addresses. It also lets website owners move services, add CDNs, or balance traffic without breaking links—only the DNS answers change.
How DNS Works (the short version)
When you enter a domain, your device asks a DNS resolver for the answer. If the resolver doesn’t have it cached, it walks the hierarchy to find the authoritative source.
Step-by-step:
Your device queries a recursive resolver (often your ISP, company, or a public resolver like 1.1.1.1)
If not cached, the resolver asks the root servers where to find the .com servers
It then asks the .com servers which nameservers know about example.com
Finally, it asks the authoritative nameserver for example.com and gets an A/AAAA record
The answer is cached for its TTL and returned to your browser
Curious about the records themselves? See common DNS record types.
Core Components
Recursive Resolvers
They do the heavy lifting: chasing referrals and caching answers so the next user gets a faster response.
Authoritative Servers
The source of truth for a zone. They hold the records for your domain and sign them if DNSSEC is enabled.
Root & TLD Servers
They don’t know your site’s IP, but they know who to ask next—guiding resolvers down the tree (. → .com → your domain).
Caches & TTL
Every answer comes with a time to live. Short TTLs allow quick changes; longer TTLs improve speed and resiliency.
Common DNS Records
- A / AAAA: Point names to IPv4 / IPv6 addresses. Pair with IPv4 vs IPv6.
- CNAME: Make one name an alias for another.
- MX: Specify mail servers for the domain.
- TXT: Free‑form text used for SPF/DKIM and verification.
- NS: Delegate which servers are authoritative for the zone.
- SOA: Zone metadata: serial, refresh, and more.
Want the full rundown? Read our DNS record types guide →
Security & Privacy
- DNSSEC signs records so resolvers can detect tampering.
- DoH/DoT encrypt queries between you and the resolver to prevent snooping.
- Resolver policies differ—choose providers that match your privacy needs.
Learn more in DNS Security & Privacy.
Well‑known DNS Resolvers
These public resolvers are popular choices. Click to analyze the IP.
Key Takeaways
Remember:
- DNS turns easy names into routable IP addresses
- Resolvers cache answers; TTL controls how long
- Authoritative servers are the source of truth for a zone
- DNSSEC protects integrity; DoH/DoT protect confidentiality
- Short TTLs speed up changes; long TTLs improve performance