user@s3-3:~/s3-3/tools/understanding-dns-and-what-it-does $ cat index.md
S3-3 Tech Guides & Tools
~/tools/understanding-dns-and-what-it-does
Reference · Jan 2026

Understanding DNS: What It Does and Why It Matters

9 min read · S3-3 Tech

Every time you type a website address and press Enter, your computer performs a DNS lookup before anything else happens. DNS — Domain Name System — is what translates the human-readable name "example.com" into the numeric IP address (like 93.184.216.34) that computers actually use to route network traffic. It's one of the most fundamental and least understood pieces of internet infrastructure, and knowing how it works makes troubleshooting internet problems significantly easier.

Why Addresses Need Translation

Computers and routers communicate using IP addresses — numbers that identify specific machines on a network. IPv4 addresses look like 192.168.1.1 (four numbers separated by dots); IPv6 addresses are longer and hexadecimal. Humans are poor at remembering these. Domain names like google.com or github.com are human-readable aliases that map to those IP addresses.

The DNS system maintains this mapping globally. It's not a single database — it's a distributed hierarchy of servers that collectively know where every registered domain points. When you ask for a domain, your device queries this hierarchy, gets the IP address, and connects to it. The entire process typically takes 20–150 milliseconds and is invisible.

How a DNS Lookup Works, Step by Step

When you type "example.com" and hit Enter:

  1. Local cache check: Your operating system first checks its own DNS cache — a temporary record of recently looked-up addresses. If example.com was visited recently, the answer is already stored locally and no query goes out. You can view your system's DNS cache on Windows with ipconfig /displaydns.
  2. Recursive resolver query: If not cached, your device sends a query to a recursive DNS resolver — typically provided by your ISP or configured manually in your network settings. This resolver does the work of finding the answer.
  3. Root server query: If the recursive resolver doesn't have the answer cached, it queries one of the 13 sets of root DNS servers. Root servers don't know the IP address of example.com, but they know which servers are authoritative for .com domains.
  4. TLD server query: The recursive resolver then queries the .com TLD (Top-Level Domain) nameserver, which responds with the address of the nameservers responsible for example.com specifically.
  5. Authoritative nameserver query: Finally, the recursive resolver queries example.com's authoritative nameserver, which returns the actual IP address. This server is operated by whoever manages the domain.
  6. Response cached and delivered: The recursive resolver caches the answer for the duration specified by the TTL (Time To Live) field in the DNS record, then sends the IP address back to your device. Your device caches it as well, and the browser connects to the IP.

This multi-step process happens for every new domain you visit, but the caching at each layer means most lookups are answered from local or resolver cache within a few milliseconds.

DNS Record Types You'll Encounter

DNS isn't just about translating domain names to IP addresses. Different record types serve different purposes:

  • A record: Maps a domain or subdomain to an IPv4 address. The most common record type. example.com → 93.184.216.34.
  • AAAA record: Same as A record but for IPv6 addresses.
  • CNAME record: Alias — points one domain to another domain rather than directly to an IP. www.example.com → example.com. The final IP is determined by following the chain.
  • MX record: Mail Exchange — specifies which servers handle email for a domain. When someone sends email to [email protected], the MX record tells the sending server where to deliver it.
  • TXT record: Free-form text, used for domain verification (for Google Search Console, email authentication with SPF/DKIM, etc.).
  • NS record: Lists which nameservers are authoritative for the domain — effectively, who is in charge of that domain's DNS records.

Changing Your DNS Resolver: Why and How

By default, your DNS queries go to your ISP's resolvers. There are reasons to switch to a third-party resolver:

  • Speed: Some resolvers respond faster. Cloudflare's 1.1.1.1 and Google's 8.8.8.8 have extensive global infrastructure and consistently measure among the fastest in third-party latency tests.
  • Privacy: Your ISP's DNS resolver can see every domain you look up — this is unencrypted by default. Cloudflare's 1.1.1.1 offers DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), which encrypt queries so your ISP can only see that you're communicating with Cloudflare, not which sites you're looking up.
  • Ad/malware blocking: Resolvers like NextDNS (nextdns.io) and AdGuard DNS (adguard-dns.io) block queries to known ad networks and malware domains before they're ever resolved, providing network-wide protection without client software.

To change your DNS resolver on Windows: Settings → Network & Internet → Wi-Fi or Ethernet → click your connection → Edit DNS server assignment. Set to Manual, enable IPv4, and enter the primary and secondary DNS addresses. For Cloudflare: 1.1.1.1 and 1.0.0.1. For Google: 8.8.8.8 and 8.8.4.4.

On macOS: System Settings → Network → select connection → Details → DNS tab → click + to add resolver addresses.

DNS-over-HTTPS in browsers: Both Chrome and Firefox support DNS-over-HTTPS independently of your system DNS settings. In Chrome: Settings → Privacy and security → Security → "Use secure DNS." In Firefox: Settings → Privacy & Security → scroll to "DNS over HTTPS." This encrypts DNS queries from your browser even if your system DNS is unencrypted.

Flushing the DNS Cache

When a website moves to a new server, DNS records are updated — but cached answers on your machine or your ISP's resolver may still point to the old address for the duration of the TTL (which can be minutes or hours). If a site stops working after a recent change, flushing your local DNS cache is worth trying:

  • Windows: Open Command Prompt as Administrator and run ipconfig /flushdns
  • macOS: Open Terminal and run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  • Linux: Varies by distribution. For systemd-resolved: sudo systemd-resolve --flush-caches

Using dig to Diagnose DNS Problems

The dig command (available on macOS and Linux, installable on Windows via BIND tools) lets you query DNS directly and see the full response. To check what IP a domain resolves to:

dig example.com A

To query a specific resolver instead of your system default:

dig @8.8.8.8 example.com A

If dig @8.8.8.8 example.com returns an answer but your browser can't reach the site, the problem is likely your local cache or a network-level block. If dig returns no answer from any resolver, the domain's DNS is misconfigured at the source.

DNS is largely invisible infrastructure, but understanding it turns vague "internet not working" problems into diagnosable, solvable issues — and gives you control over a piece of your online privacy that most people hand over by default.