What Is DNS? A Practical Guide to the Domain Name System

Every time you open a website, send an email, or connect to an API, something happens behind the scenes that most people never think about. Your computer needs to find the exact IP address of the server you're trying to reach. That process is DNS.

DNS stands for Domain Name System. Think of it as a phonebook for the internet. When you type digtrace.net into your browser, DNS looks up that name and returns something like 172.67.150.29. Your browser then connects to that IP address directly. Without DNS, you'd have to memorize IP addresses for every site you visit.

How a DNS lookup actually works

Let's say you want to visit digtrace.net. Here's what happens, step by step.

Your computer first checks its own local cache. If you visited the site recently, the IP address might still be saved, and the lookup stops right there. This takes basically zero time.

If the cache is empty, your computer asks a DNS resolver. This is usually a server run by your ISP, or a public resolver like Cloudflare's 1.1.1.1 or Google's 8.8.8.8. The resolver acts as a middleman. It does the running around so your computer doesn't have to.

The resolver checks its own cache next. Resolvers cache results for hours or days depending on the TTL (time to live) setting, so if someone else on the same resolver visited the same site recently, you get the answer immediately. If the resolver doesn't have it either, the real work begins.

The resolver contacts a root nameserver. There are 13 logical root servers (operated by hundreds of physical instances around the world). The root server doesn't know the IP address for digtrace.net, but it knows who handles .net domains. It hands the resolver a referral to the TLD (top-level domain) nameservers for .net.

The resolver then asks the .net TLD server. Again, the TLD server doesn't know the exact IP address, but it knows which nameserver is authoritative for digtrace.net. It hands back that referral.

Finally, the resolver asks the authoritative nameserver for digtrace.net. This server actually has the answer. It returns the A record (for IPv4) or AAAA record (for IPv6) with the IP address. The resolver caches this answer, sends it back to your computer, and your browser can now make the actual connection.

The whole thing typically takes between 20 and 120 milliseconds for a cold lookup. Cached lookups are nearly instant.

The DNS record types you'll actually see

DNS isn't just about converting names to IP addresses. There are dozens of record types, but most of the time you'll work with a handful.

A records map a domain name to an IPv4 address. This is the most common record. digtrace.net has an A record pointing to 172.67.150.29. Simple and direct.

AAAA records do the same thing but for IPv6 addresses. As IPv6 adoption grows, these are becoming more common. The name is four A's because IPv6 addresses are four times longer than IPv4 addresses (128 bits vs 32 bits).

CNAME records point one domain name to another instead of to an IP address. If you set up blog.digtrace.net as a CNAME pointing to digtrace.net, the resolver follows the chain and eventually gets the A record for digtrace.net. CNAMEs are useful when you want to alias one name to another without managing IP addresses in two places.

MX records tell other servers where to deliver email for your domain. The MX record for digtrace.net might point to mail.digtrace.net with a priority of 10. If you use a service like Google Workspace or Microsoft 365, your MX records point to their mail servers instead.

TXT records hold arbitrary text. They've become a catch-all for verification and policy information. SPF records (which list which servers are allowed to send email from your domain), DKIM keys, and domain ownership verification tokens all live in TXT records.

NS records list the authoritative nameservers for a domain. When you register a domain, you point its NS records at whichever DNS provider you use (Cloudflare, Route53, your registrar, etc).

SOA records contain administrative information about the zone: the primary nameserver, the email of the administrator, serial numbers, and timing settings for refresh and retry intervals.

TTL and caching

Every DNS record comes with a TTL value. This tells resolvers how long (in seconds) they should cache the record before checking again. A TTL of 3600 means the resolver will hold onto that answer for an hour.

Short TTLs (60 to 300 seconds) are useful when you're about to change an IP address and want the switch to propagate quickly. Long TTLs (86400 seconds or more) reduce lookup latency and load on your nameservers, but they make changes slower to take effect.

The catch is that not all resolvers respect TTLs. Some ignore short TTLs and cache for longer. This is why DNS changes can sometimes take 24 to 48 hours to fully propagate, even when your TTL is set to 60 seconds.

DNS caching at every level

Caching happens at multiple layers. Your browser caches DNS. Your operating system caches DNS. Your router might cache DNS. Your ISP's resolver definitely caches DNS. This layered caching is what makes the system fast for repeated lookups, but it's also why bad DNS records can linger after you fix them.

If you're troubleshooting a DNS issue where you've changed a record but the old value keeps showing up, the problem is almost always caching somewhere in the chain. Flushing your local cache (with ipconfig /flushdns on Windows or sudo systemd-resolve --flush-caches on Linux) only fixes the first layer. You might need to wait for upstream caches to expire.

Why DNS matters for performance

DNS resolution happens before any actual content can load. If your DNS is slow, everything feels slow. A lookup that takes 200ms instead of 20ms adds a visible delay to every new domain your browser needs to reach.

Using a fast public resolver like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) can cut DNS latency significantly compared to a slow ISP resolver. Some browsers even do DNS-over-HTTPS to bypass the system resolver entirely and talk directly to a fast, encrypted resolver.

Common DNS problems

Most DNS issues fall into a few categories. Wrong records: someone typed the wrong IP address or forgot to update a record after a server move. Propagation delays: you changed a record but caches haven't expired yet. NXDOMAIN errors: the domain doesn't exist or the nameservers are misconfigured. Timeout errors: a nameserver is down or unreachable, usually because of a firewall or network issue.

You can check your DNS records using the DNS Checker tool. It queries DNS servers around the world so you can see if your records have propagated globally or if some regions are still seeing old values.