The Problem DNS Solves
Computers on the internet communicate using numerical addresses called IP addresses — something like 142.250.80.46. Humans, on the other hand, are much better at remembering names like google.com. The Domain Name System (DNS) is the layer that bridges these two realities, translating human-readable domain names into the numerical addresses computers actually use.
It's often described as the internet's phonebook — though a distributed, automated, global one that handles billions of queries every day.
What Happens When You Type a URL
When you type nkpl.info into your browser and press Enter, a series of lookups happens almost instantaneously:
- Browser Cache Check: Your browser first checks whether it already has the IP address cached from a recent visit. If so, it skips the rest.
- Operating System Cache: If the browser doesn't have it, your OS checks its own DNS cache.
- Recursive Resolver: If neither cache has the answer, your request goes to a recursive resolver — typically operated by your ISP, or a public resolver like Cloudflare (1.1.1.1) or Google (8.8.8.8). This resolver does the searching on your behalf.
- Root Name Servers: If the resolver doesn't have the answer cached, it asks one of the 13 root name server clusters — the authoritative top of the DNS hierarchy. The root server doesn't know the final answer but points the resolver to the right TLD name server (e.g. the server responsible for all .info domains).
- TLD Name Server: The TLD server points the resolver to the authoritative name server for the specific domain.
- Authoritative Name Server: This server knows the actual IP address for nkpl.info and returns it.
- Response: The resolver passes the IP address back to your browser, which then opens a connection to the web server at that address.
This entire process typically takes under 100 milliseconds.
Key DNS Record Types
| Record Type | Purpose |
|---|---|
| A | Maps a domain to an IPv4 address |
| AAAA | Maps a domain to an IPv6 address |
| CNAME | Aliases one domain name to another |
| MX | Specifies mail servers for the domain |
| TXT | Stores text information (used for verification, SPF, etc.) |
| NS | Identifies the authoritative name servers for the domain |
DNS and Privacy
Standard DNS queries are sent in plain text, which means your ISP — or anyone monitoring your network traffic — can see every domain name you look up, even if the actual web traffic is encrypted via HTTPS.
Two technologies address this:
- DNS over HTTPS (DoH): Encrypts DNS queries inside standard HTTPS traffic, making them indistinguishable from regular web browsing.
- DNS over TLS (DoT): Encrypts DNS traffic using TLS on a dedicated port.
Major browsers now support DoH, and enabling it is a simple privacy improvement for most users.
DNS Caching and TTL
To avoid looking up every domain from scratch every time, DNS responses are cached — stored temporarily by resolvers and browsers. Each DNS record includes a TTL (Time To Live) value, which specifies how long the cached answer should be considered valid. Once the TTL expires, the resolver must fetch a fresh answer.
This is why changes to a website's DNS settings (such as moving to a new hosting provider) can take hours to propagate globally — old cached answers need to expire first.
Why This Matters
DNS is foundational infrastructure. Understanding it helps explain why website changes take time to propagate, how privacy can leak even over encrypted connections, and how internet censorship sometimes works (by manipulating or blocking DNS responses). It's one of those invisible systems worth understanding precisely because it underpins everything else.