DNS
Also known as: Domain Name System
The Domain Name System — the internet's phone book, translating human-readable domain names like example.com into numeric IP addresses.
Last updated:
What is DNS?
DNS (Domain Name System) is the hierarchical, distributed naming system that turns human-readable names like www.example.com into the numeric IP addresses that computers use to route traffic. Every time a browser, app, or server connects to a host by name, it first performs a DNS lookup to resolve that name. DNS was defined in RFC 1034 and RFC 1035 in 1987.
How a DNS lookup works
A typical recursive lookup for www.example.com involves four parties and multiple steps:
- Stub resolver on your device asks its configured recursive resolver (your ISP, 1.1.1.1, 8.8.8.8, etc.)
- The recursive resolver queries a root name server for the
.comTLD - It then queries the
.comauthoritative server forexample.com - Finally it queries
example.com's authoritative server for thewwwrecord - The resolver caches the answer (respecting TTL) and returns it to the stub
The whole round-trip usually takes 20-80 ms when nothing is cached, and sub-millisecond for cache hits.
Common record types
| Record | Purpose |
|--------|---------|
| A | IPv4 address for a name |
| AAAA | IPv6 address for a name |
| CNAME | Alias pointing one name at another |
| MX | Mail server responsible for a domain |
| TXT | Arbitrary text (SPF, DKIM, DMARC, verification tokens) |
| NS | Authoritative name servers for the zone |
| PTR | Reverse lookup — IP → hostname (see reverse DNS) |
| SRV | Service discovery (hostname + port for a named service) |
| CAA | Which CAs are allowed to issue TLS certificates for the domain |
Transport and encryption
Classic DNS runs over UDP port 53 (or TCP 53 for large responses). Modern privacy-focused variants encrypt queries:
- DNS-over-TLS (DoT) on TCP 853
- DNS-over-HTTPS (DoH) on HTTPS 443
- DNS-over-QUIC (DoQ) on UDP 853
Use our DNS lookup tool to inspect A, AAAA, MX, TXT, NS, and other records for any domain.