// article 03

What is DNS?

Computers route packets using numbers (IP addresses), but humans remember names. DNS is the system that bridges the two — the phone book of the internet.

The problem DNS solves

You type youtube.com, not 142.250.72.78. Names are easy to remember; IP addresses are not. On top of that, a service's IP can change at any time as servers move around. DNS (the Domain Name System) lets names stay stable while the underlying addresses change freely behind the scenes.

DNS is like asking directory assistance for a phone number. You know the name of who you want to reach; DNS gives you the number to actually dial.

How a lookup actually works

When your device needs the IP for a name, it doesn't ask one all-knowing server. The query walks a hierarchy, usually with lots of caching to make it fast:

  1. Your device asks a resolver (often run by your ISP, or a public one like 1.1.1.1 or 8.8.8.8).
  2. If the resolver hasn't cached the answer, it asks a root server, which points it toward the right TLD server (the one responsible for .com, .org, etc.).
  3. The TLD server points to the domain's authoritative name server — the source of truth for that specific domain.
  4. The authoritative server returns the IP address.
  5. The resolver caches the answer (for a duration called the TTL) and hands it back to your device.

The next time anyone using that resolver asks for the same name, the cached answer is returned instantly — no need to repeat the whole journey.

Common record types

DNS stores more than just addresses. A few records you'll meet often:

  • A — maps a name to an IPv4 address.
  • AAAA — maps a name to an IPv6 address.
  • CNAME — an alias pointing one name at another name.
  • MX — where email for the domain should be delivered.
  • TXT — free-form text, often used to prove domain ownership and for email anti-spoofing (SPF, DKIM).

Try it yourself

You can perform a lookup from your own terminal:

# Linux / macOS
dig example.com +short

# Windows
nslookup example.com

The IP address it prints is exactly what your browser uses behind the scenes.

Why DNS matters for security

Because DNS is the very first step of almost every connection, it's a high-value target:

  • Spoofing / cache poisoning — tricking a resolver into caching a wrong answer, sending users to a malicious server.
  • Privacy — classic DNS queries are unencrypted, so anyone on the path can see which sites you look up. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt them.
  • IntegrityDNSSEC adds cryptographic signatures so resolvers can verify an answer really came from the authoritative source.
  • Defense & visibility — DNS logs are gold for spotting malware, which often "phones home" by resolving suspicious domains.

Put the last three articles together and you have the whole picture: the internet moves packets between IP addresses, and DNS is what turns the names we remember into those addresses.

← What is an IP Address?  ·  Back to Cybersecurity