How DNS Works

What is DNS? #

The Domain Name System (DNS) is the Internet’s distributed directory that maps human-readable domain names such as example.com to numerical IP addresses such as 93.184.216.34.

Without DNS, users would need to remember IP addresses for every website and service. DNS allows applications such as web browsers, email servers, and APIs to locate services using simple domain names.

DNS Queries: UDP and TCP #

Most DNS queries use the User Datagram Protocol (UDP) on port 53. UDP is fast and efficient, allowing DNS servers to answer millions of queries per second.

However, DNS responses sometimes exceed the size limit allowed by UDP packets. When this happens, the DNS server sets the TC (Truncated) flag in the response.

When a client receives a response with TC=1, it automatically retries the query using TCP.

• UDP port 53 – default protocol for DNS queries
• TCP port 53 – used when responses are truncated
• TCP is also used for zone transfers between DNS servers

Recursive vs Authoritative DNS #

DNS resolution involves two main types of servers: recursive resolvers and authoritative name servers.

Recursive DNS Resolver

A recursive resolver receives DNS queries from users or applications and performs the work of locating the correct DNS records.

Recursive resolvers typically belong to:

• Internet Service Providers (ISPs)
• enterprise networks
• public DNS services such as Cloud resolvers

These resolvers cache DNS responses to improve performance and reduce the number of external queries required.

Authoritative DNS Servers

An authoritative DNS server stores the official DNS records for a domain.

These records include:

• A records and AAAA records
• MX records for email delivery
• TXT records used for SPF, DKIM and other policies
• NS records defining the domain’s name servers

When a recursive resolver asks an authoritative server for information about a domain, the authoritative server returns the definitive answer.

The DNS Resolution Process #

When a user enters a domain name in a browser, the DNS resolution process typically follows these steps:

1. The user device sends a DNS query to a recursive resolver.
2. If the resolver has the answer cached, it immediately returns the result.
3. If not cached, the resolver queries the DNS hierarchy starting with the root servers.
4. The resolver then queries the appropriate TLD servers.
5. Finally it queries the authoritative name servers for the domain.
6. The authoritative server returns the requested record.
7. The resolver returns the answer to the user and caches the result.

Encrypted DNS #

Traditional DNS queries are transmitted in clear text and can be observed by network operators or attackers monitoring the network path.

Several modern protocols provide encryption for DNS traffic:

• DNS over TLS (DoT)
• DNS over HTTPS (DoH)
• DNS over QUIC (DoQ)

These protocols encrypt DNS queries between the client and the resolver, improving privacy and protecting DNS traffic from interception.

Why DNS Matters #

DNS is one of the most critical components of Internet infrastructure. Every web request, email delivery, or API call depends on DNS resolution.

Because of its central role, DNS is also widely used for security monitoring, filtering, and threat detection. Technologies such as DNSSEC, RPZ, and Protective DNS help protect networks from malware, phishing domains, and command-and-control infrastructure.

Related DNS Topics

• What is DNS?
• What is DNSSEC ?
• What is DNS Anycast?
• Can DNS zone transfers be encrypted?