Donate
Donate
10 min read|November 9, 2025

Understanding DNS: The Internet's Phone Book

This guide covers: Understanding DNS: The Internet's Phone Book.

Every time you visit a website, your computer performs a DNS lookup behind the scenes. The Domain Name System is one of the internet's most critical yet least understood components. Let's explore how it works and why it matters.

What is DNS?

DNS (Domain Name System) is like the internet's phone book. While humans prefer to use memorable website names like "google.com" or "youtube.com," computers communicate using IP addresses like 172.217.14.206. DNS translates human-friendly domain names into the IP addresses that computers need to locate and connect to websites.

Quick links: DNS (glossary), what an IP address is.

Without DNS, you would have to memorize long strings of numbers to visit your favorite websites. Imagine having to type 142.250.185.78 every time you wanted to search on Google!

How DNS Works: The Lookup Process

When you type a website address into your browser, a complex process happens in milliseconds:

Step 1: Browser Cache Check

Your browser first checks its own cache to see if it recently looked up this domain name. If found, it uses the cached IP address immediately, saving time.

Step 2: Operating System Cache

If not in the browser cache, your operating system checks its own DNS cache. This is a local storage of recently resolved domain names.

Step 3: Recursive DNS Resolver

If the address isn't cached locally, your computer contacts a recursive DNS resolver (usually provided by your ISP or a service like Google DNS or Cloudflare DNS). This resolver acts as a middleman that will do the heavy lifting of finding the IP address.

Step 4: Root Name Server

The recursive resolver starts by asking a root name server. There are 13 sets of root servers distributed worldwide (though they're actually hundreds of servers using anycast routing). The root server doesn't know the IP address but can direct the resolver to the appropriate Top-Level Domain (TLD) server (.com, .org, .net, etc.).

Step 5: TLD Name Server

The TLD server (for example, the .com server) doesn't have the final answer either, but it knows which authoritative name server is responsible for the specific domain (like google.com).

Step 6: Authoritative Name Server

Finally, the authoritative name server for the domain provides the actual IP address. This is the definitive answer for where the website is located.

Step 7: Return and Cache

The recursive resolver receives the IP address, caches it for future requests, and returns it to your computer. Your browser can now connect to the website using the IP address.

DNS Record Types

DNS servers store different types of records for various purposes:

  • A Record: Maps a domain name to an IPv4 address (e.g., example.com ? 93.184.216.34)
  • AAAA Record: Maps a domain name to an IPv6 address
  • CNAME Record: Creates an alias from one domain to another (e.g., www.example.com ? example.com)
  • MX Record: Specifies mail servers for receiving email
  • TXT Record: Holds text information for various purposes like email verification and security
  • NS Record: Specifies authoritative name servers for a domain
  • SOA Record: Contains administrative information about a domain
  • PTR Record: Used for reverse DNS lookups (IP address to domain name)

Want to try reverse DNS in practice? Use our Reverse DNS (PTR) lookup tool and see the glossary entries for PTR and Reverse DNS.

DNS Caching and TTL

To improve performance, DNS responses are cached at multiple levels:

  • Browser cache
  • Operating system cache
  • Router cache
  • ISP's recursive resolver cache

Each DNS record has a TTL (Time To Live) value that specifies how long the record can be cached before it must be refreshed. TTL values typically range from a few minutes to several days:

  • Short TTL (60-300 seconds): Used when changes are expected soon
  • Medium TTL (1-4 hours): Common for most websites
  • Long TTL (24-48 hours): For very stable, rarely changing records

Popular DNS Providers

While most people use their ISP's default DNS servers, alternative DNS providers offer various benefits:

Google Public DNS (8.8.8.8 / 8.8.4.4)

  • Fast and reliable
  • Free to use
  • Strong infrastructure
  • Some privacy concerns due to Google's data collection

Cloudflare DNS (1.1.1.1 / 1.0.0.1)

  • Emphasis on privacy (claims not to log queries)
  • Very fast performance
  • Free to use
  • Privacy-focused policies

Quad9 (9.9.9.9)

  • Blocks malicious domains
  • Privacy-focused (no personal data logging)
  • Free to use
  • Security-first approach

OpenDNS (208.67.222.222 / 208.67.220.220)

  • Customizable content filtering
  • Phishing protection
  • Free and paid tiers
  • Parental controls available

DNS Security Concerns

DNS Hijacking

Attackers can redirect your DNS queries to malicious servers, sending you to fake websites designed to steal your information. This can happen through:

  • Router compromise
  • Malware on your device
  • ISP-level attacks

DNS Spoofing/Cache Poisoning

Attackers inject false DNS records into a resolver's cache, causing it to return incorrect IP addresses. This can redirect users to malicious sites while they think they're visiting legitimate ones.

DNS Amplification Attacks

Attackers exploit DNS servers to launch DDoS (Distributed Denial of Service) attacks by sending small queries that generate large responses, overwhelming target systems.

Privacy Concerns

Traditional DNS queries are unencrypted, meaning:

  • Your ISP can see every website you visit
  • DNS queries can be intercepted and monitored
  • Your browsing history can be tracked and sold
  • Government surveillance can capture DNS traffic

DNS Security Solutions

DNSSEC (DNS Security Extensions)

DNSSEC adds digital signatures to DNS records, ensuring that responses haven't been tampered with. It helps prevent DNS spoofing and cache poisoning but doesn't encrypt queries.

DNS over HTTPS (DoH)

DoH encrypts DNS queries by sending them over HTTPS connections, preventing ISPs and others from seeing which websites you're visiting. Supported by modern browsers like Firefox and Chrome.

DNS over TLS (DoT)

Similar to DoH, DoT encrypts DNS queries but uses a dedicated port (853) and the TLS protocol. Provides privacy but is easier for networks to block than DoH.

How to Change Your DNS Settings

On Windows

  1. Open Network Settings
  2. Click "Change adapter options"
  3. Right-click your connection and select "Properties"
  4. Select "Internet Protocol Version 4 (TCP/IPv4)"
  5. Click "Properties"
  6. Select "Use the following DNS server addresses"
  7. Enter your preferred DNS servers

On macOS

  1. Open System Preferences ? Network
  2. Select your connection and click "Advanced"
  3. Go to the DNS tab
  4. Click + to add DNS servers
  5. Enter your preferred DNS addresses

On Router (Affects All Devices)

  1. Access your router's admin panel (usually 192.168.1.1)
  2. Log in with admin credentials
  3. Find DNS settings (often under WAN or Internet settings)
  4. Enter your preferred DNS servers
  5. Save and restart router

How email relies on DNS: MX, SPF, DKIM, DMARC

DNS is not just for finding websites. Email infrastructure depends heavily on DNS records that go beyond the basic A and MX types:

  • MX records: tell other mail servers where to deliver mail for your domain. A domain can have multiple MX records with different priorities for failover.
  • SPF (TXT record): lists which servers are authorised to send mail from your domain. Looks like v=spf1 include:_spf.google.com ~all for a Google Workspace domain.
  • DKIM (TXT record): publishes a public key that receiving servers use to verify the cryptographic signature on outgoing email. Stored at a selector subdomain like selector1._domainkey.example.com.
  • DMARC (TXT record): tells receiving servers what to do when SPF or DKIM fail. Stored at _dmarc.example.com. Policy levels are none (monitor only), quarantine (mark as spam), or reject (bounce).

Without these records configured correctly, your domain's email lands in spam folders or gets rejected outright by Gmail, Outlook, and corporate filters. This is why DNS management is critical for any organisation that sends email, not just for hosting websites.

The full DNS resolution chain: root, TLD, authoritative

When you type a domain into your browser, the lookup actually traverses four layers before returning an IP. Each layer answers a different part of the question:

  1. Recursive resolver (your ISP or 1.1.1.1): your device asks this resolver for the IP. The resolver does all the heavy lifting on your behalf and caches the answer for next time. This is the only DNS server most users ever configure directly.
  2. Root name servers (13 logical servers, a.root-servers.net through m.root-servers.net): the recursive resolver asks the root which TLD server handles.com. The root replies with the address of the .com TLD servers. Root servers are run by 12 organisations and use anycast to distribute load across hundreds of physical instances worldwide.
  3. TLD name servers (gTLD/ccTLD): the recursive resolver asks the .com servers which authoritative server holds example.com. The .com servers reply with the authoritative name servers for example.com (as listed in the NS records of the domain registration).
  4. Authoritative name servers (the domain owner's DNS): the recursive resolver finally asks the authoritative servers for the actual A or AAAA record for example.com. The authoritative server replies with the IP, and the recursive resolver returns it to your device while caching the answer for the TTL.

For a fully uncached lookup, all four hops happen. For a cached lookup (which is most lookups), the resolver returns the answer instantly from memory without contacting root, TLD, or authoritative servers. This is why a hot cache makes DNS lookups nearly invisible at 1-5ms, while a cold lookup of a rarely-visited domain can take 100-300ms.

Encrypted DNS in 2026: who uses DoH and DoT by default

Encrypted DNS (DoH and DoT) has moved from experimental to default in most modern environments. Current adoption status:

  • Firefox: DoH enabled by default in the US since 2020, pointing at Cloudflare or NextDNS. Other regions opt in by default depending on country.
  • Chrome, Edge, Brave:use the OS resolver by default but upgrade to DoH if the configured resolver supports it. Setting: "Use secure DNS" in privacy settings.
  • iOS 14+ and macOS 11+: support DoH and DoT at the OS level via configuration profiles. Apple does not enable encrypted DNS by default — users must install a profile or configure it manually.
  • Android 9+: Private DNS (DoT) is built in and can be configured to use Cloudflare 1.1.1.1, Google 8.8.8.8, or Quad9 with one setting. Many users have it enabled without realising.
  • Windows 11: native DoH support, configurable per network adapter. Not on by default for most ISP-assigned resolvers.
  • Linux: systemd-resolved supports DoT; dnscrypt-proxy is the standard third-party tool for DoH.

DNS and VPNs: why a leaking resolver undermines the tunnel

When you connect a VPN, the goal is for every byte to travel through the encrypted tunnel — including DNS queries. If the OS keeps resolving names through the ISP's resolver, the ISP sees every domain you visit even though the HTTP traffic itself is hidden inside the VPN. This is called a DNS leak.

Most reputable VPN clients (NordVPN, ProtonVPN, Surfshark, ExpressVPN, Mullvad) force DNS through the tunnel by default. The leak path is usually one of three things: a browser configured for DoH that bypasses the OS resolver, an IPv6 stack that the VPN does not tunnel, or split tunnelling rules that exempt specific apps. The fix is to verify with a DNS leak test after connecting and adjust the browser/OS settings if a leak appears.

DNS Performance and Troubleshooting

Testing DNS Speed

You can test DNS resolver speed using tools like:

  • DNSPerf.com for global DNS performance statistics
  • nslookup command-line tool for manual testing
  • DNS Benchmark tools for comparing multiple providers

Common DNS Issues

  • "DNS server not responding": Try changing DNS servers or restarting router
  • Slow website loading: Could be slow DNS resolution; test alternative DNS providers
  • Can't access certain websites: DNS cache might be corrupted; flush DNS cache
  • Wrong website loading: Possible DNS hijacking; scan for malware

Flushing DNS Cache

To clear your local DNS cache:

  • Windows: ipconfig /flushdns
  • macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  • Linux: sudo systemd-resolve --flush-caches

Conclusion

DNS is a fundamental part of how the internet works, translating human-friendly domain names into computer-readable IP addresses. While it operates invisibly in the background, understanding DNS helps you:

  • Improve your internet speed by choosing faster DNS servers
  • Enhance security by using DNS providers with threat protection
  • Protect privacy through encrypted DNS protocols like DoH and DoT
  • Troubleshoot connection issues more effectively
  • Make informed decisions about your internet configuration

As cyber threats evolve and privacy becomes increasingly important, understanding and properly configuring your DNS settings is a simple yet powerful step toward a faster, safer, and more private internet experience.

Theodore Uzun
By
Founder and Senior Software Engineer, IP Trackers
Published Editorially reviewed

Keep exploring

DNS Lookup ToolReverse DNS (PTR) LookupIP & DNS Glossary
PreviousWhat is a VPN and How Does it Work?NextVPN vs Proxy: Privacy, Speed, and Which to Use

Related reading

What Is a Metropolitan Area Network (MAN)?9 min read - April 4, 2026What Is a Computer Network? Types, Components, and How They Work12 min read - April 4, 2026What Is a Local Area Network (LAN)? How LANs Work10 min read - April 4, 2026What Is WiFi? How Wireless Networks Work Explained11 min read - April 4, 2026What Is a WAN? Wide Area Networks Explained10 min read - April 4, 2026Reverse Phone Lookup: Identify Unknown Callers and Avoid Scams7 min read - April 4, 2026

Editorial standards: Editorial Policy and Methodology.