How DNS Works: The Internet's Phone Book

## How DNS Works: The Internet's Phone Book Every time you type a website address into your browser, something remarkable happens invisibly in milliseconds. A system called the DNS (Domain Name System) — the Domain Name System — translates that human-friendly name into a numeric address that computers can actually use to find each other. Understanding how DNS works demystifies a lot of the internet's behaviour and helps you troubleshoot problems when things go wrong. ## Why DNS Exists Computers on the internet communicate using IP addresses — strings of numbers like `93.184.216.34` for IPv4 or `2606:2800:220:1:248:1893:25c8:1946` for IPv6. These addresses are precise and machine-efficient, but they are nearly impossible for humans to remember, especially when there are billions of them. The Domain Name System was created to solve this problem. It maps memorable domain names like `example.com` to their underlying IP addresses, automatically and in real time. The "phone book" analogy is apt: you look up a name (domain), get a number (IP address), and dial it (connect). But unlike a paper phone book, DNS is: - **Distributed** — No single server holds all the answers. Responsibility is split across millions of servers worldwide. - **Hierarchical** — Queries flow down a tree of authority, from the root to TLD to domain. - **Cached** — Answers are stored temporarily to reduce load and speed things up. - **Automatic** — The entire lookup process happens without any input from you. ## The DNS Hierarchy The DNS system is organised as a tree, branching from the "root" at the top: ``` . (root) ├── .com │ ├── google.com │ │ └── www.google.com │ └── example.com ├── .org │ └── wikipedia.org └── .uk └── bbc.co.uk ``` At each level, a set of **authoritative name servers** holds the definitive records for that branch of the tree. - **Root servers** (13 logical clusters, operated by organizations like ICANN, Verisign, and NASA) know where to find the name servers for every TLD (Top-Level Domain). - **TLD name servers** know where to find the authoritative name servers for every domain under their TLD. - **Authoritative name servers** (set up by domain owners or their hosting providers) hold the actual DNS records for a specific domain. ## Step-by-Step: What Happens When You Type a Domain Name Let's follow exactly what happens when you type `www.example.com` into your browser and press Enter. ### Step 1: Browser Cache Check Your browser first checks its own cache. If you visited `example.com` recently, it may already know the IP address. If so, the lookup is instant and steps 2-8 are skipped. ### Step 2: Operating System Cache If the browser does not have the answer, it asks your operating system. The OS has its own DNS cache and also checks a local file called `hosts` (which predates DNS). If found there, the process stops. ### Step 3: Recursive Resolver If neither cache has the answer, your OS sends a query to a **recursive resolver** — a DNS server configured in your network settings. Your internet service provider (ISP) typically provides this automatically. You can also use public resolvers like Cloudflare's `1.1.1.1` or Google's `8.8.8.8`. The recursive resolver is the workhorse. It does not know the answer either, but it knows how to find it. It begins a series of queries on your behalf. ### Step 4: Root Server Query The recursive resolver contacts one of the 13 root server clusters. It asks: "Who is responsible for `.com`?" The root server does not answer the final question. It responds: "I don't know the answer, but here are the name servers for `.com`." It returns the IP addresses of the TLD name servers for `.com`. ### Step 5: TLD Name Server Query The resolver contacts the `.com` TLD name servers (operated by Verisign). It asks: "Who is responsible for `example.com`?" The TLD name server responds: "I don't know the final answer, but here are the authoritative name servers for `example.com`." This information was set when the domain was registered. ### Step 6: Authoritative Name Server Query The resolver contacts the authoritative Nameserver for `example.com`. This server actually holds the DNS records for the domain. The resolver asks: "What is the IP address for `www.example.com`?" The authoritative server looks up its records and responds with the A Record (or AAAA Record for IPv6) — the actual IP address. ### Step 7: Response Chain The IP address travels back through the chain to your browser, cached at each level along the way. ### Step 8: Browser Connects Your browser now has the IP address. It opens a connection to that IP on port 443 (for HTTPS), performs a TLS handshake, and requests the webpage. The entire steps 1-8 typically complete in 20-120 milliseconds. ## DNS Caching and TTL To avoid running this entire process for every single request, DNS responses are cached at multiple levels. Each DNS record has a **TTL (Time To Live)** (Time to Live) value — a number in seconds that tells resolvers how long to keep the cached answer before asking again. For example, a TTL of `3600` means the record is cached for one hour. A TTL of `86400` means 24 hours. - **High TTL** (hours to days): Fewer DNS queries, faster responses, but changes take longer to propagate. - **Low TTL** (seconds to minutes): Changes propagate quickly, but more DNS queries are made. When you change a DNS record — say, you move your website to a new server — the old IP address may be cached in resolvers worldwide for as long as the TTL specifies. This is why DNS changes can take time to propagate. This delay is called DNS Propagation. ## Types of DNS Records The authoritative name server stores a variety of record types, each serving a different purpose: | Record Type | Purpose | |------------|---------| | A Record | Maps a domain to an IPv4 address | | AAAA Record | Maps a domain to an IPv6 address | | CNAME Record | Creates an alias pointing to another domain name | | MX Record | Specifies mail servers for the domain | | NS Record | Lists the authoritative name servers | | TXT | Stores text data (used for verification, SPF, DKIM) | You can explore all these record types in detail in intro-dns-records. ## What Are Name Servers? Name servers are the DNS servers that hold the authoritative records for your domain. When you register a domain, you specify which name servers are authoritative for it. If you use a DNS provider like Cloudflare, they will give you name server addresses to configure at your Domain Registrar: ``` ns1.cloudflare.com ns2.cloudflare.com ``` Once set, the TLD registry publishes these name servers so the resolver chain can find them during lookups. ## Common DNS Problems **"This site can't be reached" / "DNS_PROBE_FINISHED_NXDOMAIN"** The domain could not be resolved. Possible causes: the domain does not exist, has expired, or DNS records are misconfigured. **Changes not appearing after updating DNS** Likely a caching issue — DNS Propagation means the old answer is still cached. Wait for the TTL (Time To Live) to expire. ## Key Takeaways - DNS (Domain Name System) translates domain names into IP addresses automatically and in milliseconds. - The lookup process goes: browser cache → OS cache → recursive resolver → root server → TLD server → authoritative server. - Name servers hold the authoritative DNS records for a domain. - DNS records have a TTL (Time To Live) that controls how long they are cached. - DNS Propagation means changes take time to reach all users worldwide. To learn about the specific record types stored in DNS, read intro-dns-records. To understand how domains and DNS fit into the bigger picture, read What Is a Domain Name? Complete Beginner's Guide.