What is DNS?
Also known as: Domain Name System
The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.
The Domain Name System (DNS) is the phonebook of the internet. It converts domain names, which are easy for people to remember, into numerical IP addresses that computers use to identify each other on the network. Without DNS, users would have to memorize strings of numbers like 192.0.2.1 or 2001:db8::1 to visit a website.
DNS operates as a hierarchical, delegated system. At the top are the root name servers, which direct queries to top-level domain (TLD) servers (e.g., .com, .org). The TLD servers then refer the resolver to the authoritative name servers for the specific domain, which finally provide the IP address. This process is called a recursive query, and it is governed by standards in RFC 1034 and RFC 1035. DNS uses UDP port 53 for standard queries and TCP port 53 for zone transfers or responses larger than 512 bytes.
The DNS data is stored in resource records (RRs): A records map names to IPv4 addresses, AAAA records to IPv6 addresses, MX records designate mail servers, CNAME records provide aliases, and NS records delegate authority. DNS is also critical for email delivery (MX), service discovery (SRV), and security extensions (DNSSEC, RFC 4033). Nearly every internet application, from web browsing to VoIP, depends on DNS as the underlying directory service.
Key facts
- DNS is defined primarily by RFC 1034 and RFC 1035.
- Standard queries use UDP port 53; TCP port 53 is used for zone transfers.
- Resource record types include A, AAAA, CNAME, MX, NS, and SRV.
- The system is hierarchical with root, TLD, and authoritative name servers.
- DNSSEC (RFC 4033) adds cryptographic authentication to DNS responses.
How it works in practice
Related terms
References
More in DNS
A Record
A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.
AAAA Record
A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.
Authoritative DNS
An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.
CAA Record
A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.
CNAME Record
A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.
DNS Anycast
DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.
DNS Caching
DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.
DNS Hijacking
DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.
DNSSEC
DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.
DoH
DNS over HTTPS (DoH) encrypts DNS queries and responses inside HTTPS traffic, preventing on-path observers from seeing or tampering with DNS lookups.