·8 min read

How DNS Works: A Plain-English Guide

Every time you type a domain name into your browser, a behind-the-scenes process translates that name into an IP address. This process is called DNS resolution, and it happens billions of times a day across the internet. Here is exactly how it works.

What DNS actually does

DNS stands for Domain Name System. It is essentially the internet's phone book. Computers communicate using IP addresses — numbers like 93.184.216.34 (IPv4) or 2606:2800:220:1:248:1893:25c8:1946 (IPv6). Humans prefer names like example.com. DNS bridges this gap.

Without DNS, you would need to memorize the IP address of every website you visit. DNS lets you type a human-readable name and have it automatically translated to the correct server address.

The four steps of a DNS lookup

When you enter a URL in your browser, four types of DNS servers work together to deliver the IP address. The entire process typically takes under 100 milliseconds.

Step 1: The DNS Recursive Resolver

Your device first contacts a recursive resolver — usually operated by your internet provider, or a public resolver like Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1). Think of the resolver as a librarian: you ask for a book, and the librarian goes searching through the shelves on your behalf.

The resolver checks its cache first. If it recently looked up the same domain, it returns the cached answer immediately. This is why repeat visits to popular sites feel instant.

Step 2: The Root Name Servers

If the resolver does not have a cached answer, it starts at the top of the DNS hierarchy: the root name servers. There are 13 root server clusters (labeled A through M), operated by organizations like ICANN, Verisign, and NASA. These servers do not know the IP address of your domain. What they do know is where to find the servers responsible for top-level domains like .com, .org, or .nl.

The root server responds with a referral: “For .com domains, ask the .com TLD servers at these addresses.”

Step 3: The TLD (Top-Level Domain) Servers

The resolver now contacts the TLD name server for .com. This server also does not have the final IP address. Instead, it knows which authoritative name servers are responsible for the specific domain you are looking up. It responds with another referral: “For example.com, ask ns1.example.com at this address.”

Step 4: The Authoritative Name Server

The resolver finally reaches the authoritative name server — the server that actually holds the DNS records for example.com. This server looks up the requested record (for instance, the A record) and returns the IP address. The resolver caches this answer for the duration specified by the record's TTL (Time to Live), then sends it back to your browser.

Your browser now has the IP address and can establish a connection to the web server.

The role of caching

DNS would be painfully slow if every lookup required all four steps. In practice, caching happens at multiple levels:

  • Browser cache — your browser remembers recent DNS lookups for a few minutes
  • Operating system cache — your OS maintains its own DNS cache
  • Resolver cache — the recursive resolver caches answers based on TTL values

The TTL value on each DNS record controls how long caches keep the answer. A TTL of 3600 means caches will hold that record for one hour before checking for updates. This is why DNS changes do not take effect instantly — existing caches must expire first.

Common DNS record types

DNS does not just store IP addresses. Different record types serve different purposes:

  • A record — maps a domain to an IPv4 address
  • AAAA record — maps a domain to an IPv6 address
  • CNAME record — creates an alias pointing one domain to another
  • MX record — specifies mail servers for the domain
  • TXT record — stores text data, often used for email authentication (SPF, DKIM)
  • NS record — identifies the authoritative name servers
  • SOA record — contains zone administration information
  • CAA record — specifies which certificate authorities can issue SSL certificates

You can look up all of these record types for any domain using ZonePeek's DNS lookup tool. It queries all 10 supported record types in a single request.

Why different resolvers can return different results

If you check DNS records on Google DNS and Cloudflare DNS at the same time, you might see different results. This is normal. Each resolver maintains its own cache, and cache entries expire independently. After a DNS change, one resolver might still serve the old cached record while another has already fetched the new one.

This is why checking multiple resolvers is useful when verifying DNS changes — it gives you confidence that your update has propagated. ZonePeek lets you switch between Google and Cloudflare DNS with a single click for exactly this purpose.

Key takeaways

  • DNS translates domain names to IP addresses using a hierarchical lookup process
  • Four server types are involved: recursive resolver, root, TLD, and authoritative
  • Caching at multiple levels makes DNS fast but can delay the effect of changes
  • TTL values control how long records are cached — lower TTL means faster propagation
  • Different resolvers can show different results due to independent cache timing
← All postsNext: DNS Propagation →