DNS Lookup Explained: How Domain Name Resolution Works

February 15, 2026 · 10 min read · Developer

Every time you type a URL into your browser, something remarkable happens in milliseconds: your computer translates a human-readable domain name like "wootils.com" into a machine-readable IP address like "104.21.32.1". This process is called DNS resolution, and it's one of the most critical systems powering the internet.

The Domain Name System (DNS) is often called the "phone book of the internet." But it's far more sophisticated than a simple lookup table. Understanding DNS is essential for web developers, system administrators, and anyone who manages websites or troubleshoots connectivity issues.

What Is DNS?

DNS (Domain Name System) is a hierarchical, distributed database that maps domain names to IP addresses. Without DNS, you'd have to memorize IP addresses to visit websites — imagine typing 142.250.185.14 instead of google.com for every visit.

DNS was created in 1983 by Paul Mockapetris to replace the previous system of maintaining a single hosts file that had to be manually distributed to every computer on the network. As the internet grew, this approach became unsustainable, and DNS provided a scalable, distributed solution.

How DNS Resolution Works

When you enter "example.com" in your browser, a complex chain of lookups happens:

Step 1: Browser Cache

Your browser first checks its own DNS cache. If you visited the site recently, the IP address is already stored locally. Chrome, for instance, stores DNS entries for up to 60 seconds.

Step 2: Operating System Cache

If the browser cache misses, the OS checks its own DNS cache and the local hosts file (/etc/hosts on Linux/Mac, C:\Windows\System32\drivers\etc\hosts on Windows). You can manually add entries here to override DNS.

Step 3: Recursive Resolver

If not cached locally, the query goes to a recursive DNS resolver — typically your ISP's DNS server, or a public resolver like Google (8.8.8.8), Cloudflare (1.1.1.1), or Quad9 (9.9.9.9). The resolver does the heavy lifting of finding the answer.

Step 4: Root Name Servers

If the resolver doesn't have the answer cached, it starts at the top of the DNS hierarchy. There are 13 root server clusters (labeled A through M) distributed worldwide. They don't know the IP for "example.com" directly, but they know which servers handle the .com top-level domain.

Step 5: TLD Name Servers

The root server directs the resolver to the TLD (Top-Level Domain) name servers for .com. These servers know which authoritative name servers handle each domain registered under .com.

Step 6: Authoritative Name Server

Finally, the TLD server points to the authoritative name server for "example.com" — the server that has the definitive DNS records for that domain. This server returns the IP address.

Step 7: Response and Caching

The recursive resolver caches the response (based on the TTL — Time To Live — value) and returns the IP to your browser. The browser caches it too, then connects to the web server at that IP address.

This entire process typically takes 20-120 milliseconds for an uncached lookup.

⚡ Try it yourself: Query DNS records for any domain with the Wootils DNS Lookup tool — see A, AAAA, CNAME, MX, TXT, and NS records instantly.

DNS Record Types

DNS uses different record types to store different kinds of information:

A Record (Address)

Maps a domain to an IPv4 address. This is the most fundamental DNS record. Example: example.com → 93.184.216.34

AAAA Record (IPv6 Address)

Maps a domain to an IPv6 address. As IPv4 addresses become scarce, AAAA records are increasingly important. Example: example.com → 2606:2800:220:1:248:1893:25c8:1946

CNAME Record (Canonical Name)

Creates an alias pointing to another domain. Instead of directly mapping to an IP, a CNAME says "this domain is the same as that domain." Example: www.example.com → example.com. CNAMEs are convenient but add an extra DNS lookup, so they shouldn't be overused.

MX Record (Mail Exchange)

Specifies which mail servers handle email for the domain. MX records have a priority value — lower numbers have higher priority. Example: example.com → 10 mail.example.com

TXT Record (Text)

Stores arbitrary text data, commonly used for email authentication (SPF, DKIM, DMARC), domain ownership verification, and other purposes. Example: example.com → "v=spf1 include:_spf.google.com ~all"

NS Record (Name Server)

Specifies the authoritative name servers for a domain. These tell the DNS system which servers to ask for authoritative answers about the domain.

SOA Record (Start of Authority)

Contains administrative information about the DNS zone, including the primary name server, the domain administrator's email, the serial number (for zone transfers), and timing values for refreshes and retries.

SRV Record (Service)

Specifies the location of services like VoIP, XMPP, or LDAP. Includes priority, weight, port, and target. This allows service discovery without hardcoding server addresses.

DNS Caching and TTL

Every DNS record has a TTL (Time To Live) value in seconds. This tells resolvers how long they can cache the record before checking again. Common TTL values:

300 (5 minutes) — For records that change frequently or during migrations
3600 (1 hour) — A good default for most records
86400 (24 hours) — For stable records that rarely change

When migrating a domain to a new server, it's best practice to lower the TTL 24-48 hours before the change, make the switch, then raise the TTL back once everything is stable.

Common DNS Issues and Troubleshooting

DNS Propagation

When you change DNS records, the change doesn't happen instantly worldwide. Different resolvers have cached the old records for different amounts of time. Full propagation can take up to 48 hours, though it's usually much faster. You can check propagation status using online tools that query DNS from multiple locations.

NXDOMAIN

This response means the domain doesn't exist in DNS. Check for typos, verify the domain is registered, and ensure the name servers are correctly configured at your registrar.

SERVFAIL

Indicates the DNS server failed to answer the query. This might be a temporary server issue, a DNSSEC validation failure, or a misconfigured zone file.

Slow DNS Resolution

If DNS lookups are slow, try switching to a faster public resolver like Cloudflare (1.1.1.1) or Google (8.8.8.8). You can also flush your local DNS cache to clear stale entries.

DNS Security

DNSSEC

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, preventing attackers from returning forged responses (DNS spoofing). When enabled, resolvers can verify that the response came from the authoritative server and wasn't tampered with.

DNS over HTTPS (DoH) and DNS over TLS (DoT)

Traditional DNS queries are sent in plain text, meaning anyone on the network can see which domains you're looking up. DoH and DoT encrypt DNS queries, providing privacy. Most modern browsers now support DoH — Firefox and Chrome enable it by default in many regions.

DNS Poisoning

An attack where false DNS records are injected into a resolver's cache, redirecting users to malicious servers. DNSSEC and encrypted DNS help prevent this.

Useful DNS Commands

# Query A record
dig example.com A

# Query all records
dig example.com ANY

# Use a specific DNS server
dig @1.1.1.1 example.com

# Trace the full resolution path
dig +trace example.com

# Windows equivalent
nslookup example.com

Conclusion

DNS is one of the internet's most essential yet invisible systems. It silently translates billions of domain lookups every day, making the web usable for humans. Understanding how DNS works — from recursive resolvers to authoritative servers, from A records to DNSSEC — gives you the power to troubleshoot connectivity issues, configure domains correctly, and secure your infrastructure. Next time something "doesn't resolve," you'll know exactly where to look.

🔧 Related Wootils Tools:
DNS Lookup · IP Lookup · IP Subnet Calculator