The Internet's Phone Book
Every device on the internet communicates using numerical IP addresses — strings like 142.250.80.46. Humans, however, remember names like google.com. The Domain Name System (DNS) is the infrastructure that translates one into the other, automatically, thousands of times per day on your behalf.
Understanding DNS gives you a clearer picture of how the open web is actually structured — and why it is, by design, a distributed system with no single point of control.
The Hierarchy of Domain Names
Domain names are read right to left in terms of authority. Take www.example.com:
- .com is the Top-Level Domain (TLD), managed by a registry (Verisign, in this case).
- example is the Second-Level Domain, registered by an individual or organisation.
- www is a subdomain, configured by whoever controls
example.com.
This hierarchy maps directly to how DNS queries are resolved.
The DNS Lookup Process
When you type www.example.com into a browser, here is what happens:
- Cache check: Your browser and operating system check their local cache. If a recent answer exists, the process stops here.
- Recursive resolver: Your device asks a recursive resolver — usually provided by your ISP or a public service like Cloudflare (1.1.1.1) or Google (8.8.8.8).
- Root nameserver: If the resolver doesn't know the answer, it asks one of 13 sets of root nameservers. These know which nameservers are authoritative for each TLD.
- TLD nameserver: The resolver queries the
.comTLD nameserver, which responds with the address ofexample.com's authoritative nameserver. - Authoritative nameserver: The resolver queries this final server, which holds the actual DNS records for
example.comand returns the IP address. - Response returned: The resolver sends the IP address to your browser, which opens a connection to the web server at that address.
All of this typically happens in under 100 milliseconds.
Common DNS Record Types
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps a domain to an IPv4 address | example.com → 93.184.216.34 |
| AAAA | Maps a domain to an IPv6 address | example.com → 2606:2800:... |
| CNAME | Alias from one name to another | www → example.com |
| MX | Specifies mail servers for the domain | mail.example.com |
| TXT | Arbitrary text, used for verification and security (SPF, DKIM) | "v=spf1 ..." |
| NS | Lists authoritative nameservers for the domain | ns1.example.com |
Why DNS Matters for the Open Web
DNS is decentralized by design — there are hundreds of registrars, thousands of resolvers, and no single entity controls it all. However, in practice, a small number of large providers handle a significant share of DNS resolution, which raises questions about resilience and censorship resistance.
Technologies like DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt DNS queries, preventing eavesdropping by ISPs and network observers. DNSSEC adds cryptographic signatures to DNS responses to prevent tampering.
DNS is foundational to the internet. Understanding it demystifies how the web finds its way from a name you type to the page you read.