DNS (Domain Name System) is the protocol and infrastructure that translates domain names like example.com into IP addresses like 93.184.216.34. Computers communicate using IP addresses; humans prefer names. DNS is the directory service that maps between the two.

Why DNS exists

Web browsers, email clients, and other internet applications need IP addresses to connect to a server. People remember names, not numbers. DNS removes the need for users to know IP addresses by providing a global, distributed lookup system.

When a browser visits example.com, it triggers a DNS lookup that returns the IP address of the server hosting that site. The browser then connects to that IP address to retrieve the page.

How a DNS lookup works

A typical DNS lookup involves several steps:

The browser checks its local cache. If the domain has been looked up recently, the cached IP is used.
The operating system checks its cache. Same purpose, broader scope.
The recursive resolver is queried. This is usually the user’s ISP, or a public resolver like Google (8.8.8.8) or Cloudflare (1.1.1.1).
The resolver queries the root nameservers. These point to the appropriate top-level domain (TLD) servers (e.g., .com, .org, .uk).
The TLD nameservers point to the domain’s authoritative nameservers. These hold the actual DNS records for the domain.
The authoritative nameservers return the requested record. The resolver caches the result and returns it to the operating system, which returns it to the browser.

This sequence usually takes tens to hundreds of milliseconds. Caching at multiple layers means most lookups are much faster than the full sequence.

Common DNS record types

A record. Maps a domain to an IPv4 address
AAAA record. Maps a domain to an IPv6 address
CNAME record. Aliases one domain to another (e.g., www.example.com → example.com)
MX record. Specifies mail servers for the domain
TXT record. Stores arbitrary text, commonly used for email verification (SPF, DKIM, DMARC) and domain ownership verification
NS record. Identifies the authoritative nameservers for the domain
SOA record. Contains administrative information about the DNS zone
SRV record. Specifies the location of services (e.g., for SIP or XMPP)

Where DNS records are managed

DNS records are typically managed in one of two places:

At the registrar. The company that registered the domain provides a DNS management interface
At a third-party DNS provider. Cloudflare, AWS Route 53, Google Cloud DNS, DNSimple, and others can be set as the domain’s nameservers, taking over DNS management

Changing the nameservers at the registrar moves DNS management to the new provider. The change can take 24–48 hours to propagate globally, though it is often faster.

DNS propagation

When a DNS record changes (for example, pointing a domain at a new server), the change does not take effect everywhere immediately. Cached values at resolvers around the world expire based on the record’s TTL (time to live). Once the cache expires, the resolver fetches the new value.

A typical TTL is between 300 seconds (5 minutes) and 86400 seconds (24 hours). Lowering the TTL before a planned change reduces the propagation window.

DNS and HTTPS

DNS is necessary for HTTPS to work (the browser needs to know which server to connect to), but DNS itself is generally unencrypted. Newer protocols address this:

DNS over HTTPS (DoH). Encrypts DNS lookups inside HTTPS connections
DNS over TLS (DoT). Encrypts DNS lookups using a dedicated TLS connection
DNSSEC. Adds cryptographic signatures to DNS records, allowing resolvers to verify that responses have not been tampered with

Common misconceptions

“Changing DNS takes 48 hours.” The maximum is roughly 48 hours; many changes propagate within minutes if TTLs are low.
“DNS is just for websites.” DNS is used for email, software updates, APIs, and any service identified by a domain name.
“You can only have one nameserver.” Domains typically use two or more authoritative nameservers for redundancy.