The Domain Name System is the internet's phone book — turning human-readable names into machine-routable addresses.
Every device connected to the internet is identified by a numeric IP address — something like 142.250.80.46 (IPv4) or 2607:f8b0:4004:800::200e (IPv6). These numbers work perfectly for computers, but they're nearly impossible for people to remember. That's where DNS comes in.
DNS (Domain Name System) is a hierarchical, distributed database that translates domain names like google.com into their corresponding IP addresses. It operates as the internet's directory service, enabling your browser to find and connect to the right server without you ever needing to know a single IP address.
Without DNS, you'd have to type numeric addresses for every website you visit, every email you send, and every API you call. DNS makes the internet usable for humans.
When you type a domain name into your browser, a process called DNS resolution kicks off. It involves multiple servers working together, each responsible for a different piece of the puzzle:
1.1.1.1 or Google's 8.8.8.8). This resolver does the heavy lifting of tracking down the answer..com TLD server). The TLD server knows which authoritative name server is responsible for the full domain and returns that address.example.com). This server holds the actual DNS records and returns the IP address. The resolver sends the answer back to your browser, which then connects to the web server.This entire process typically completes in under 100 milliseconds, though it involves multiple round trips across the globe.
DNS stores different types of records, each serving a specific purpose. The most important ones are:
| Record | Purpose | Example |
|---|---|---|
| A | Maps a name to an IPv4 address | example.com → 93.184.216.34 |
| AAAA | Maps a name to an IPv6 address | example.com → 2606:2800:220:1:… |
| CNAME | Alias — points one domain to another | blog.example.com → example.com |
| MX | Mail exchange — directs email traffic | example.com → mail.example.com |
| TXT | Arbitrary text (SPF, DKIM, verification) | v=spf1 include:… -all |
| NS | Name server — identifies authoritative servers | ns1.example.com |
| SOA | Start of Authority — zone admin contact, serial | Primary NS, admin email, refresh interval |
| SRV | Service location — port and host for a service | _sip._tcp.example.com |
Most domains use a combination of these records. A/AAAA records are mandatory for web traffic, MX records are required for email delivery, and TXT records are increasingly important for email authentication (SPF, DKIM, DMARC) and domain ownership verification.
DNS resolution is expensive if every lookup had to travel all the way to the authoritative server. To avoid this, DNS results are cached at multiple layers:
ipconfig /flushdns on Windows, sudo systemd-resolve --flush-caches on Linux).Every DNS record has a TTL (Time to Live) value, measured in seconds, that tells resolvers how long to cache the answer before requesting a fresh one. A TTL of 3600 means the record is cached for one hour. Short TTLs are useful during migrations; long TTLs reduce resolver load and improve speed.
DNS was designed in the 1980s with little thought for security. Over the decades, several threats and countermeasures have emerged:
When things break, DNS is often the culprit. Here are the most common issues and how to diagnose them:
dig or nslookup against multiple resolvers to check.whois and dig NS.dnsviz.net.Ready to look up DNS records for any domain? Use our free tool to query A, AAAA, MX, TXT, NS, and more in seconds.
Try the DNS Lookup Tool →