What is DNS?
DNS (Domain Name System) is a hierarchical, distributed database that maps human-readable domain names (like github.com) to machine-readable IP addresses (like 140.82.121.4). It is often called the "phone book of the internet".
Without DNS, you would need to memorise the IP address of every website you visit. DNS lets you use names while computers use numbers — and it does this globally, at scale, handling trillions of queries every day.
How DNS Resolution Works (Step by Step)
When you type www.example.com in your browser, here is what happens:
- Browser cache: The browser checks its own DNS cache. If it recently resolved this domain, it uses the cached IP and stops here.
- OS cache / hosts file: If not cached, the OS checks
/etc/hosts(Linux/Mac) orC:\Windows\System32\drivers\etc\hosts(Windows), then its own DNS cache. - Recursive resolver: If still unresolved, the OS contacts the configured DNS resolver (e.g. 8.8.8.8 for Google, 1.1.1.1 for Cloudflare). This resolver does the hard work on your behalf.
- Root nameserver: The resolver asks a root nameserver "who handles .com domains?" — root servers return the address of the TLD nameserver.
- TLD nameserver: The resolver asks the .com TLD nameserver "who handles example.com?" — it returns the authoritative nameserver for that domain.
- Authoritative nameserver: The resolver asks example.com's authoritative nameserver for the IP address of www.example.com — this is the final, definitive answer.
- Response cached & returned: The resolver caches the answer (for the duration of the TTL) and returns the IP address to your browser. The browser connects to that IP.
DNS Record Types Explained
DNS records store different types of information about a domain. Each record type serves a specific purpose:
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com → 93.184.216.34 |
| AAAA | Maps domain to IPv6 address | example.com → 2606:2800:220:1:248:1893:25c8:1946 |
| CNAME | Alias — points domain to another domain | www.example.com → example.com |
| MX | Mail exchange — where to deliver email | example.com → mail.example.com (priority 10) |
| TXT | Free-form text — used for SPF, DKIM, verification | "v=spf1 include:_spf.google.com ~all" |
| NS | Nameserver — which servers are authoritative for this domain | example.com → ns1.dnsprovider.com |
| SOA | Start of Authority — metadata about the zone | Serial number, refresh interval, admin email |
| PTR | Reverse DNS — maps IP to domain name | 93.184.216.34 → example.com |
| SRV | Service record — port + protocol for a service | _sip._tcp.example.com → priority weight port target |
What is DNS TTL?
Every DNS record has a TTL (Time to Live) — a number of seconds that resolvers should cache the record before re-querying. Common TTL values:
- 300 seconds (5 min): Used before migrations — changes propagate quickly
- 3600 seconds (1 hour): Good balance for most records
- 86400 seconds (24 hours): Very stable records like MX that rarely change
💡 Pre-Migration TTL Tip
Before changing a DNS record, lower the TTL to 300 seconds at least 24 hours before the change. After the change is live and verified, restore the TTL to its normal value. This minimises downtime during the transition.
Public DNS Resolvers
Your ISP provides a default DNS resolver, but you can configure any public resolver. Popular options:
| Provider | Primary | Secondary | Known For |
|---|---|---|---|
| 8.8.8.8 | 8.8.4.4 | Reliability, global coverage | |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | Fastest avg response time, privacy |
| Quad9 | 9.9.9.9 | 149.112.112.112 | Blocks malicious domains |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | Content filtering options |
DNS vs HTTPS — What's the Difference?
DNS and HTTPS solve different problems:
- DNS translates domain names to IP addresses — it's a lookup service
- HTTPS encrypts the data exchanged between your browser and the server
DNS by default is unencrypted — your ISP can see every domain you look up. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt DNS queries for privacy.
Common DNS Issues and How to Debug
Check DNS resolution from command line
Common problems
- DNS propagation delay: Record changed but old IP still resolving — wait for TTL to expire or use a different resolver to test
- NXDOMAIN error: Domain does not exist — typo in domain name, or nameservers not configured
- Wrong MX record: Email not delivering — check MX records and ensure they point to the correct mail server
- CNAME at root: Cannot use CNAME for apex domain (e.g. example.com) — use A record or ALIAS/ANAME if your provider supports it
⚠️ DNS is Not Instant
When you buy a new domain or change nameservers, it can take 24–48 hours for all resolvers worldwide to pick up the change. This is normal. Use a DNS propagation checker to see which resolvers have updated.
Check DNS Propagation in Real Time
See how your DNS records look across 10 global resolvers — Google, Cloudflare, Quad9 and more.
Use DNS Propagation Checker →How We Research and Update This Guide
We test the underlying formula or workflow, compare outputs with reliable references, and revise examples whenever the page content changes.
- The workflow or formula is tested directly in the tool and compared against independent reference examples.
- Examples are kept practical so readers can verify the result without hidden assumptions.
- Pages are revised whenever the interface, calculation flow, or surrounding guidance materially changes.
Frequently Asked Questions — DNS
DNS (Domain Name System) is like the phone book of the internet. When you type "google.com" into your browser, DNS looks up which IP address (e.g. 142.250.80.46) that name belongs to. Computers communicate using IP addresses, but humans remember names — DNS bridges that gap automatically, invisibly, every time you visit a website.
DNS propagation typically takes 24–48 hours globally, though many resolvers pick up changes within minutes. The delay depends on the TTL (Time to Live) set on your DNS record — if your old record had a TTL of 3600 seconds (1 hour), resolvers cached it for up to 1 hour before re-checking. Setting a low TTL (300 seconds) before a migration speeds up propagation.
An A record maps a domain directly to an IPv4 address (e.g. example.com → 93.184.216.34). A CNAME record maps a domain to another domain name (e.g. www.example.com → example.com). CNAMEs cannot be used at the root/apex domain (e.g. you cannot have a CNAME for example.com itself) — only A/AAAA records are allowed there.
A DNS resolver (also called recursive resolver) is the server your device contacts first — typically provided by your ISP or a public service like Google (8.8.8.8) or Cloudflare (1.1.1.1). It does the legwork of querying multiple DNS servers to find the answer. An authoritative DNS server is the final authority for a specific domain — it holds the actual DNS records and returns the definitive answer.
TTL (Time to Live) is the number of seconds a DNS resolver should cache a record before re-querying. A TTL of 3600 means resolvers cache the record for 1 hour. Lower TTL = faster changes propagate but more DNS queries (slightly slower). Higher TTL = changes take longer to propagate but fewer queries. Best practice: lower TTL to 300 before any planned DNS changes, then restore it after.
DNS primarily uses UDP on port 53 because most DNS responses fit in a single packet (under 512 bytes for traditional DNS). UDP is faster — no connection setup overhead. TCP is used as a fallback when responses exceed 512 bytes (e.g. large TXT records, zone transfers) or when DNSSEC is involved, since security extensions can make responses much larger.