Back to Learn

DNS, in plain English

What is DNS?

DNS is the internet's address lookup system. It turns names like maketheinternetgo.com into IP addresses computers can connect to.

Run DNS Lookup Check This First
01

Start here

The Short Version

  • DNS turns human-friendly names into machine-friendly addresses.
  • Your browser usually asks a resolver, and the resolver does the digging.
  • DNS answers can be cached, so changes may not appear everywhere at the same time.
  • Different regions, networks, and resolvers can legitimately return different answers.
02

Fastest useful move

Check This First

If a domain is failing, start with the exact hostname and record type you care about. For a normal website, check A for IPv4 and AAAA for IPv6.

Try it here

Run the same name from multiple regions

The DNS lookup tool shows whether every configured region gets the same answer, a different answer, or an error.

Open DNS Lookup
All regions match The public DNS view is probably consistent. If the site still fails, check the address, web server, TLS, or route.
Some regions differ You may be seeing cache timing, provider routing, split DNS, or a recent change still moving through resolvers.
Everything says missing Check the exact hostname and record type before assuming the whole domain is broken.
03

Follow the signal

What's Actually Happening

When you visit a site, your device needs an IP address before it can connect. DNS is the chain of lookups that turns the name you typed into that address.

1 Browser

Needs an address for the name.

2 Resolver

Checks cache or asks around.

3 Authoritative DNS

Returns the domain owner's answer.

4 Connection

The browser tries the returned address.

Most of the time this feels instant. When it does not, the answer may be missing, stale, different by region, blocked by a resolver, or technically valid but pointing at the wrong place.

04

Easy to deeper

The Troubleshooting Ladder

  1. Check the exact name. example.com and www.example.com can have different records.
  2. Check the right record type. Websites usually need A, AAAA, or a CNAME chain.
  3. Compare more than one resolver. Your ISP resolver, a public resolver, and a regional lookup may not agree yet.
  4. Look for regional splits. Different answers can be normal for CDNs, but surprising for simple sites.
  5. Check TTL and recent changes. A long TTL can keep older answers alive until caches expire.
  6. Then inspect the authoritative side. If every resolver gets the wrong answer, the domain's DNS records may need fixing.
05

For the curious

Under the Hood

DNS is a distributed database, not one central phone book. The database is split into zones, and each zone has authoritative name servers that can answer for the names in that zone.

DNS request from start to finish

A lookup stops early when a fresh cache already has the answer. When it does not, the recursive resolver walks the DNS hierarchy, follows any needed aliases, and returns the result with cache timing attached.

  1. 1 Client asks for a name The browser needs an address for www.example.com.
  2. 2 Recursive resolver checks cache If no fresh answer exists, it starts walking the DNS hierarchy.
  3. 3 Root nameserver gives a referral It points the resolver toward the right top-level domain.
  4. 4 TLD nameserver gives the authority The .com servers point to the domain's authoritative nameserver.
  5. 5 Authoritative DNS returns the answer The resolver gets the record, no data, or a missing-name result.
  6. 6 The answer returns to the browser The resolver caches the result, then the browser connects to the returned IP.
  1. Fresh caches make DNS look instant. The browser, operating system, and recursive resolver may answer before any hierarchy lookup happens.
  2. The resolver does the digging. Your device usually asks one recursive resolver, and that resolver asks root, TLD, and authoritative servers when needed.
  3. The authoritative server is the source for the zone. It can return records such as A, AAAA, CNAME, MX, or TXT, or return an error state.
  4. The returned TTL shapes what happens next. Resolvers can cache the answer, no-data response, or missing-name result until the relevant cache time expires.
  5. DNS only finds the address. After DNS returns an address, the browser still has to connect to the web server, CDN, or service at that address.

How to read a DNS answer

A DNS answer is made of resource records. When you troubleshoot, these fields matter more than the raw packet format.

Name www.example.com
TTL 300
Class IN
Type A
Data 192.0.2.10
Field What it tells you Why you care
Name The exact owner name, such as www.example.com. example.com and www.example.com can be different.
Type The kind of record requested, such as A or MX. Looking up the wrong type can make a healthy name look empty.
TTL How long a resolver may keep the answer in cache. Long TTLs can make old answers remain visible after a change.
Data The returned value, such as an IP address, mail server, or text string. This is the thing your browser, mail server, or app will use next.

Records you will check most

A Maps a name to an IPv4 address.
AAAA Maps a name to an IPv6 address.
CNAME Makes one name an alias for another name.
MX Points mail for a domain at mail exchangers, with lower preference values tried first.
NS Lists the name servers expected to answer for a zone.
SOA Describes zone authority data, including timing values used by DNS servers.
TXT Stores text used by other systems and verification checks.
CAA Controls which certificate authorities may issue certificates for a domain.

Result states worth recognizing

Answer found The resolver returned one or more records for the name and type you asked for.
No data The name exists, but not for that record type. Example: AAAA is empty while A exists.
NXDOMAIN The name itself does not exist from that resolver's view.
Timeout or SERVFAIL The resolver could not finish the lookup. This can be a server, network, DNSSEC, or delegation problem.

Caching is part of the answer

DNS caching is normal. A resolver can reuse a cached positive answer until its TTL counts down. Negative answers can be cached too: if a name does not exist, or if the requested type has no data, the authoritative server includes SOA data so resolvers know how long that negative result can be reused.

This is why a recent fix can look uneven. One resolver may have the new answer, while another resolver is still allowed to reuse an older positive or negative result.

Positive answer Record exists

Resolver can reuse the record until its TTL counts down.

Negative answer NXDOMAIN or no data

Resolver can reuse the miss until the negative cache TTL expires.

CNAME chains need a little care

A CNAME says that one name is an alias for another name. Resolvers usually keep following the chain until they find the requested record type at the canonical name.

A name with a CNAME should not also have ordinary data such as A, AAAA, or MX. Also, the target of an MX or NS record should be a real name with address records, not another alias.

Alias www.example.com
Canonical name service.example.net
Address 192.0.2.10

Follow the chain, then check the final address records.

06

Common gotchas

When Things Get Weird

A CNAME points somewhere unexpected

A name can point to another name, which points to another answer. The whole chain matters.

IPv4 works but IPv6 fails

An incorrect AAAA record can break visitors whose networks prefer IPv6.

One office sees a private answer

Internal DNS, VPNs, and split-horizon setups can return private records from some networks.

Everything is correct, but still old

Caches may keep an older answer until the TTL runs out, especially after recent changes.

ANY does not mean everything

Many DNS servers intentionally return a minimal response for ANY, so it is not a reliable inventory of records.

MX or NS points at an alias

Mail exchangers and name servers should point at names with address records, not CNAME aliases.

The apex cannot act like any other name

The root of a zone needs authority records, so putting a plain CNAME there usually conflicts with required zone data.

A typo gets cached

A missing-name response can be cached. After fixing the name, some resolvers may still remember the earlier negative result.

07

Keep going

Try It on This Site

DNS Lookup

Check records across regions and compare returned answers.

 Speed Test

Measure whether the browser-to-edge path is slow.

 My IP

Confirm the public address your traffic is using.
08

Receipts

Source Notes

This page keeps the wording plain, but the technical claims are grounded in the DNS specifications and registries below.

  • RFC 1034 for DNS concepts, zones, authoritative servers, recursion, resolver results, and CNAME behavior.
  • RFC 1035 for DNS message fields, resource records, and core record types such as A, CNAME, MX, NS, SOA, and TXT.
  • RFC 2181 for clarifications about zones, TTLs, CNAME records, and why MX and NS targets should not be aliases.
  • RFC 2308 for negative caching behavior such as NXDOMAIN and no-data responses.
  • RFC 3596 for AAAA records and IPv6 address storage in DNS.
  • RFC 8482 for why ANY queries may receive intentionally minimal responses.
  • RFC 8659 for Certification Authority Authorization, the CAA record type.
  • RFC 5737 for the documentation-only IPv4 example address used in the diagrams.
  • IANA DNS Parameters for the public registry of DNS resource record types.