What Is DNS? (And Why It Can Break the Entire Internet)
DNS is the internet's address book \u2014 translating domain names into IP addresses in milliseconds. Here's exactly how it works, why it matters for your privacy, and what happens when it breaks.
At a Glance
- →DNS translates domain names into IP addresses \u2014 computers route traffic using numbers (like
142.250.80.46), not names (likegoogle.com). - →Every DNS lookup touches 4 types of servers: recursive resolver, root nameserver, TLD nameserver, and authoritative nameserver.
- →The average DNS lookup completes in 20\u2013120ms, though your device caches results to skip repeat lookups.
- →There are only 13 root nameserver addresses in the world \u2014 backed by hundreds of physical machines via anycast routing.
- →Your ISP sees every DNS query you make unless you use encrypted DNS (DoH or DoT) or a VPN.
- →DNS was built in 1983 on a trust-based model \u2014 causing billions in security incidents since.
Type google.com into your browser and press Enter. Within 200 milliseconds, your screen lights up with search results. In that time, your device had a conversation with at least four different servers across the internet \u2014 and you noticed none of it.
That invisible infrastructure is DNS: the Domain Name System. It's the reason you can type words instead of memorizing strings of numbers to visit websites, and it's one of the most elegant \u2014 and surprisingly fragile \u2014 systems holding the internet together.
Why Computers Need Numbers, Not Names
Every device connected to the internet has an IP address \u2014 a numerical label like 172.217.14.206. Routers use these numbers to direct traffic. The problem is that humans are terrible at memorizing arbitrary strings of digits. We remember names.
DNS bridges that gap. When you type github.com, DNS translates it into whatever IP address GitHub's servers are currently using \u2014 and your browser connects to that IP directly.
Think of it as a phone book for the internet. You know you want to call \u201cMom,\u201d not \u201c555-0134.\u201d DNS handles the lookup so you never have to. The critical difference: DNS is distributed across millions of servers worldwide, updated in near-real-time, and completes lookups faster than a human blink.
The Four Servers Behind Every Lookup
A DNS lookup isn't a single question to a single server. It's a chain of four distinct conversations \u2014 each one getting you closer to the answer.
The Recursive Resolver
This is the first stop. When you type a URL, your device asks its configured DNS resolver — usually operated by your ISP, Google (8.8.8.8), or Cloudflare (1.1.1.1) — to find the answer. The recursive resolver does the legwork of asking other servers on your behalf.
The Root Nameserver
If the resolver doesn’t have the answer cached, it asks a root nameserver. There are 13 root nameserver addresses (labeled A through M), operated by organizations like ICANN, NASA, and Verisign. They don’t know where github.com lives — but they know who’s responsible for .com domains.
The TLD Nameserver
The root server hands off the query to the Top-Level Domain (TLD) nameserver for .com. TLD servers are maintained by domain registries: Verisign runs .com, PIR runs .org, and so on. The TLD server knows which nameservers are authoritative for github.com specifically.
The Authoritative Nameserver
This is the final authority. GitHub’s authoritative nameserver holds the actual DNS records — including the A record that maps github.com to its IP address. The resolver gets this answer, returns it to your device, and caches it for future requests.
Total time for this entire chain: typically 20\u2013120 milliseconds. (Cloudflare DNS documentation)
DNS Record Types You Should Know
DNS doesn't just store IP addresses. It's a flexible database with several record types, each serving a different function:
| Record Type | What It Does |
|---|---|
A | Maps domain → IPv4 address |
AAAA | Maps domain → IPv6 address |
CNAME | Alias: maps one domain to another |
MX | Directs email to the right mail server |
TXT | Stores text data (SPF, DKIM, verification) |
NS | Specifies authoritative nameservers |
When a website migrates servers, they update these records. Changes propagate globally within 24\u201348 hours \u2014 the window known as \u201cDNS propagation.\u201d
The Privacy Problem with DNS
Here's what most people don't realize: every website you visit generates a DNS query \u2014 and by default, those queries travel in plain text.
Your ISP's resolver sees every domain you look up. So does any network operator between you and the resolver. This means:
- •Your home router logs show every site your household visits
- •Public Wi-Fi operators can see your browsing habits
- •ISPs in many countries are legally required to log this data
DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) encrypt DNS queries, preventing third-party interception. Cloudflare's 1.1.1.1 resolver supports both. Firefox enables DoH by default. A VPN routes your DNS queries through an encrypted tunnel \u2014 removing your ISP from the equation, though you're now trusting the VPN provider instead.
What Happens When DNS Fails
DNS is so fundamental that when it breaks, most of the internet appears to stop working \u2014 even though the underlying servers are fine.
The 2021 Fastly Outage
A configuration error at CDN provider Fastly took down The New York Times, Reddit, Amazon, and thousands of other sites simultaneously \u2014 for about an hour. The underlying servers were running perfectly. DNS just couldn't route users to them. (Fastly incident report, 2021)
BGP-Based DNS Hijacking (2018)
Attackers hijacked the BGP routes of Amazon's Route 53 DNS service, redirecting traffic from MyEtherWallet to a phishing server and stealing approximately $150,000 in cryptocurrency. (Oracle Internet Intelligence, 2018)
The core vulnerability: DNS was designed in 1983 for a small network of trusted institutions. DNSSEC adds cryptographic signatures to prevent spoofing \u2014 but as of 2024, only ~31% of domains had it enabled. (APNIC, 2024)
Frequently Asked Questions
What’s the difference between DNS and DHCP?
DNS translates domain names to IP addresses. DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices on a local network. They work together — DHCP gives your laptop an IP when you join Wi-Fi, then your laptop uses DNS to look up sites by name.
Can I change my DNS server?
Yes, and it’s free. You can use Cloudflare’s 1.1.1.1, Google’s 8.8.8.8, or any public resolver. Changing your DNS server doesn’t affect what sites you can visit, but it can improve speed and privacy. On most routers, you set this in the WAN DNS settings.
Does a VPN change my DNS server?
A VPN routes your DNS queries through the VPN provider’s resolver, bypassing your ISP’s. This prevents your ISP from seeing your browsing activity, though you now trust the VPN provider’s logging practices instead.
Why does DNS propagation take 24–48 hours?
DNS records are cached by resolvers worldwide. Each record has a TTL (Time to Live) value that controls how long caches hold it. When you change a DNS record, resolvers keep serving the old answer until their cache expires. Lowering your TTL before making changes speeds up propagation.
What is a DNS leak?
A DNS leak happens when your DNS queries bypass your VPN’s encrypted tunnel and go through your ISP’s resolver instead — defeating the privacy purpose of using a VPN. Most reputable VPN providers have built-in DNS leak protection.
The Bottom Line
DNS is infrastructure you interact with thousands of times per day without noticing \u2014 one of the oldest pieces of the internet still running in its original form, held together partly by trust and increasingly by encryption layers bolted on top.
Understanding DNS isn't just academic. Knowing how it works helps you choose the right resolver, protect your browsing history, and understand why \u201cthe internet is down\u201d often means something much more specific.
Prefer video? Watch the full DNS breakdown on YouTube.
Watch on YouTube \u2014 What Is DNS?Sources
- ↗Cloudflare Learning: What is DNS? \u2014 Cloudflare, 2025
- ↗Fastly Incident Summary: June 8, 2021 \u2014 Fastly, 2021
- ↗BGP Hijacks Target Cryptocurrency Services \u2014 Oracle Internet Intelligence, 2018
- ↗DNSSEC Deployment Statistics \u2014 APNIC, 2024
- ↗Root Server Technical Operations Association \u2014 RSSAC, 2025