What Is DNS? How Your Browser Finds Websites
DNS (Domain Name System) is the global lookup service that converts domain names like utilko.com into IP addresses your computer can connect to. Clear explanation of records, recursion, and caching.
Short answer
DNS (Domain Name System) is the internet's phone book. It translates human-readable names (utilko.com) into machine addresses (172.67.133.42) that your computer can actually connect to. Every web request, every email, every API call starts with a DNS lookup — usually in less than 30 milliseconds.
The resolution journey
- You type
utilko.com. Browser asks OS. - OS checks its local cache — miss.
- OS asks your configured DNS resolver (often your ISP, or
8.8.8.8, or1.1.1.1). - Resolver checks its cache — miss.
- Resolver asks a root server: "where's
.com?" → gets the.comTLD server address. - Asks
.comserver: "where's utilko.com?" → gets the authoritative nameserver forutilko.com(e.g., Cloudflare's). - Asks the authoritative nameserver for the A record → gets
172.67.133.42. - Returns IP to OS → OS returns to browser → browser connects.
Every step caches the result, so the next lookup for utilko.com is a single hop and returns immediately.
Record types you'll encounter
| Type | Stores | Example |
|---|---|---|
A | IPv4 address | utilko.com → 172.67.133.42 |
AAAA | IPv6 address | utilko.com → 2606:4700::... |
CNAME | Alias for another domain | www.utilko.com → utilko.com |
MX | Mail server | Priority + hostname for email |
TXT | Arbitrary text | SPF, DKIM, domain verification |
NS | Authoritative nameservers | Who holds this zone's records |
SOA | Start of authority | Zone metadata (serial, TTLs) |
CAA | Cert authority authorization | Which CAs may issue TLS certs |
TTL — how long records are cached
Every DNS record has a TTL (time-to-live, in seconds). A common value is 300 (5 minutes) for rapidly-changing records, 86400 (24 hours) for stable ones. When you change a record, the TTL is how long you wait for the change to propagate worldwide. Reduce TTLs BEFORE a planned change, not after.
Common DNS-related failures
- NXDOMAIN — the name doesn't exist. Typo in URL, or domain expired.
- SERVFAIL — authoritative server is unreachable or misconfigured. Check zone health.
- Timeout — resolver couldn't reach a nameserver in time. Usually network issue.
- Wrong IP after migration — old record still cached somewhere. Wait for TTL.
Public DNS resolvers worth knowing
- 1.1.1.1 (Cloudflare) — fast, privacy-focused, DoH/DoT support
- 8.8.8.8 (Google) — fast, widely used
- 9.9.9.9 (Quad9) — blocks known malicious domains
- Your ISP — usually slowest and most logged; change if you care about DNS privacy
DoH and DoT — encrypted DNS
Traditional DNS is unencrypted plaintext — any observer on the network can see which domains you look up. DoH (DNS over HTTPS) tunnels DNS through HTTPS; DoT (DNS over TLS) uses its own TLS connection. Both hide your lookups from network snoopers. Modern browsers (Firefox, Chrome) support DoH natively.
Related tools
Look up DNS records directly with DNS lookup. Resolve a domain to its IP + ISP/hosting info with IP address lookup. Convert IPv4 to binary/hex for subnetting math with IP to binary.
Featured Tools
Try these free tools directly in your browser — no sign-up required.
IP Address Lookup
Look up any IP address to find its geolocation, ISP, country, city, and timezone. Instantly check your own IP or investigate any public IP address.
DNS Lookup
Perform a live DNS lookup for any domain. Query A, AAAA, MX, CNAME, TXT, NS, and SOA records to troubleshoot DNS propagation and email issues.
IP to Binary Converter
Convert IPv4 addresses to binary and back. Enter an IP address to see each octet in binary format, or enter binary to get the decimal IP.