DNS Explained: How the Internet Knows Where to Find Everything

Type google.com into your browser and within milliseconds you’re connected to Google’s servers — somewhere in the world, on hardware you’ve never seen, at an IP address you didn’t know. How does that happen?

The answer is DNS: the Domain Name System. It’s one of the internet’s most critical and least understood infrastructure components.

The Problem DNS Solves

Every device on the internet has an IP address — a numerical identifier like 142.250.80.46. Computers communicate using these numbers. But humans are terrible at remembering IP addresses, especially since they change, and a service like Google has millions of servers with different addresses.

DNS is the internet’s phonebook: a distributed system that translates human-readable domain names (google.com) into the IP addresses computers actually use.

How a DNS Lookup Works

When you type google.com in your browser, a multi-step process happens in milliseconds:

1. Check the cache Your computer first checks its local DNS cache — a record of domains it has recently looked up. If you visited Google yesterday, the IP address might still be cached and the lookup skips straight to connecting.

2. Ask the recursive resolver If not cached, your computer asks a DNS resolver — usually operated by your ISP or a public service like Google (8.8.8.8) or Cloudflare (1.1.1.1). The resolver is the one who does the actual hunting.

3. Ask the root nameservers The resolver asks one of the 13 root nameserver clusters (spread globally): “Where can I find information about .com domains?” The root server responds with the address of the .com TLD (top-level domain) nameservers.

4. Ask the TLD nameservers The resolver asks the .com nameservers: “Where can I find google.com?” They respond with Google’s authoritative nameservers.

5. Ask the authoritative nameserver The resolver asks Google’s own nameservers: “What’s the IP address for google.com?” They respond with an IP address like 142.250.80.46.

6. Return the answer The resolver gives your browser the IP address. Your browser connects. The resolver caches the answer for future requests.

This entire process typically takes 20–120 milliseconds the first time, and virtually zero time when cached.

DNS Record Types

Nameservers store different types of DNS records for each domain:

A record: Maps a domain to an IPv4 address. example.com → 93.184.216.34

AAAA record: Maps a domain to an IPv6 address (the newer, longer format).

CNAME record: An alias — points one domain to another. www.example.com → example.com

MX record: Mail exchanger — tells email servers where to deliver email for a domain. This is how your email for you@company.com reaches the right mail server.

TXT record: Free-form text data. Used for domain verification (Google Search Console), email authentication (SPF, DKIM), and other purposes.

NS record: Specifies which nameservers are authoritative for a domain.

DNS TTL: How Long Records Are Cached

Every DNS record has a TTL (Time to Live) — the number of seconds other servers should cache it before checking again.

A TTL of 3600 means DNS resolvers cache the record for one hour before re-querying. This is why when you update a DNS record (changing hosting, for example), it can take up to 48 hours to fully propagate — every resolver on the internet has to expire its cached copy.

If you’re planning a major DNS change (like migrating to a new host), lower your TTL to 300 (5 minutes) a day or two before the change so propagation happens faster.

Why DNS Matters for Security

DNS was designed in the early internet era without security in mind. Several attack types target it:

DNS spoofing / cache poisoning: Attackers inject false DNS records into resolvers, redirecting users from the real yourbank.com to a fake site. DNSSEC (DNS Security Extensions) addresses this with cryptographic signatures — but adoption is still incomplete.

DNS hijacking: A compromised router or ISP DNS server redirects your queries to malicious servers. Using a trusted DNS resolver (Cloudflare 1.1.1.1, Google 8.8.8.8) reduces this risk.

DNS over HTTPS (DoH) / DNS over TLS (DoT): Traditional DNS queries are sent in plaintext — your ISP can see every domain you look up. DoH and DoT encrypt DNS queries. Firefox enables DoH by default; you can enable it in Chrome and configure it at the OS level.

Typosquatting: Attackers register goggle.com or paypa1.com hoping users mistype. These can host convincing phishing pages.

Choosing a DNS Resolver

You’re not stuck with your ISP’s DNS. Changing to a faster, more privacy-respecting resolver takes two minutes.

Cloudflare 1.1.1.1: Fastest average global response times, strong privacy policy (no logging of query data sold to advertisers). Primary: 1.1.1.1, Secondary: 1.0.0.1.

Google 8.8.8.8: Fast, reliable, widely used. Google does use query data for analytics. Primary: 8.8.8.8, Secondary: 8.8.4.4.

Quad9 9.9.9.9: Privacy-focused, automatically blocks known malicious domains. Good option if you want built-in malware protection. Primary: 9.9.9.9.

Configure your preferred DNS in your router settings to apply it to all devices on your network.

---

DNS is invisible infrastructure that makes the internet usable. Every website visit, every email, every API call starts with a DNS lookup. Understanding how it works helps you make better decisions about privacy, troubleshoot connectivity problems, and appreciate why the internet is as fast and reliable as it is.