ıpdex

What is DNS (the Domain Name System)?

DNS is the internet's directory. It translates the human-friendly names you type — like example.com — into the numeric IP addresses machines use to connect. Without it you would have to remember an address for every site.

DNS (the Domain Name System) is the internet’s directory. It translates the human-friendly names you type — like example.com — into the numeric IP addresses that machines actually use to connect. It is one of the internet’s quietest and most essential systems: almost every connection you make begins with a DNS lookup, and you never notice it happening.

Why DNS exists

People remember names; computers route to numbers. You want to type wikipedia.org, not 185.15.59.224 — and certainly not a 39-digit IPv6 address. DNS is the layer that lets both sides have what they need: memorable names for humans, numeric addresses for machines. Without it, the web as a usable, human-readable place would not exist.

The old analogy is a phone book — look up a name, get a number. It is a useful starting point, but DNS is more interesting than that. A phone book is one static list; DNS is a distributed, hierarchical, live database spread across thousands of servers worldwide, updated continuously, and answering hundreds of billions of queries a day. No single machine holds all of it.

How a lookup actually works

When you open a site, a short relay race happens in milliseconds:

  1. Your device asks a resolver — usually run by your ISP, or a public one — for the address of the name.
  2. If the resolver has the answer cached from a recent lookup, it returns it immediately. If not, it walks the hierarchy.
  3. It asks a root server which servers handle the top-level domain (.org, .com, a country code, and so on).
  4. It asks those TLD servers which servers are authoritative for the specific domain.
  5. It asks the domain’s authoritative servers for the actual record.
  6. It caches the answer for a set time and returns it to your device, which then connects to the address.

That whole chain typically completes faster than you can perceive, and caching means most lookups never travel the full distance.

The hierarchy

DNS is organised as an upside-down tree, read right to left.

  • At the top is the root (the implicit trailing dot in every name), served by a small set of root server identities deployed across the world through anycast.
  • Below the root are the top-level domains (TLDs): generic ones like .com, .org, .net, and country-code ones like .eg, .fr, .jp.
  • Below each TLD are the second-level domains people register — example in example.com.
  • The domain’s owner runs (or delegates) the authoritative name servers that hold its records.

This delegation is what lets the system scale: no one has to know everything, only who to ask next.

Record types

A domain’s DNS holds several kinds of record, each with a job:

  • A — maps a name to an IPv4 address.
  • AAAA — maps a name to an IPv6 address.
  • CNAME — aliases one name to another (www pointing at the bare domain, say).
  • MX — directs email for the domain to its mail servers.
  • NS — lists the domain’s authoritative name servers.
  • TXT — holds free-form text, widely used for ownership verification and email-authentication policies such as SPF and DKIM.

Resolvers, and why people change them

The resolver is the part of DNS closest to you. By default it is your ISP’s, but you can point any device or router at a public resolver instead — among the best known are Cloudflare’s 1.1.1.1, Google’s 8.8.8.8, and Quad9’s 9.9.9.9. People switch for speed, reliability, content filtering, or privacy.

That resolver 1.1.1.1, for example, is run by the network below — a real operator you can resolve from a single address:

The live card at the end of this article shows that network’s profile directly from the ipdex index, with a link to its full live data. If an address is not in the index, the lookup reports an honest “not found” rather than guessing.

DNS and privacy

Classic DNS has a privacy weakness: queries traditionally travel in plain text, so any network between you and your resolver can read the names you look up — even when the sites themselves use HTTPS. Two newer standards fix this: DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt your queries, hiding them from the network in between.

But encryption changes who sees your lookups, not whether anyone does. Whichever resolver you choose still sees every name you ask for. This is why resolver choice is a genuine privacy decision — and why an infrastructure index like ipdex is careful to map networks, never a visitor’s own lookups or activity.

DNS security

Because so much depends on DNS, it is a target. Attackers try cache poisoning (tricking a resolver into storing a false answer) and spoofing (forging replies). DNSSEC addresses this by cryptographically signing DNS records, so a validating resolver can confirm an answer genuinely came from the domain’s owner and was not altered in transit. It does not encrypt anything — that is DoH/DoT’s job — but it guarantees authenticity.

Myth-busting

Myth: “DNS is just a phone book.” A phone book is one static list. DNS is a live, distributed, hierarchical database across thousands of servers, with caching and delegation built in. The analogy gets the idea across but undersells the engineering.

Myth: “Changing my DNS makes me anonymous.” Switching resolvers changes who sees your lookups and can improve privacy, but your ISP still sees the addresses you connect to, and tracking relies on many other signals. It is one useful choice, not a cloak.

Myth: “A DNS change takes effect instantly everywhere.” Caching and TTLs mean old answers linger until their timers expire. That is why an update appears to “propagate” over minutes or hours rather than flipping at once.

Myth: “DNS and my domain registrar are the same thing.” The registrar is where you buy and own a name. DNS is the system that maps the name to addresses once you have it. Different roles, often handled by different companies.

Key takeaways

  • DNS translates human-readable names into the IP addresses machines connect to.
  • It is a distributed, hierarchical, cached database — resolver → root → TLD → authoritative servers.
  • Records (A, AAAA, CNAME, MX, NS, TXT) each serve a specific purpose.
  • Classic DNS is plaintext; DoH and DoT encrypt your queries, and DNSSEC authenticates the answers.
  • Whichever resolver you use sees your lookups — which is why resolver choice matters, and why ipdex maps infrastructure, not people.
Live dataAS13335Cloudflare, Inc.see live data

Frequently asked questions

What does DNS do?

It translates human-readable names like example.com into the IP addresses machines use to connect. Every time you open a site, your device first asks DNS for that name's address, then connects to the address it gets back.

What happens when I type a web address?

Your device asks a resolver for the name's IP address. The resolver, if it does not already have the answer cached, asks the root servers, then the relevant top-level-domain servers, then the domain's authoritative servers, caches the result, and returns it. Your browser then connects to that address.

What is a DNS resolver?

The service that does the lookups on your behalf — usually run by your ISP, or a public one like 1.1.1.1, 8.8.8.8, or 9.9.9.9. It walks the DNS hierarchy, caches answers, and hands your device the final address.

What are the main DNS record types?

A maps a name to an IPv4 address, AAAA to an IPv6 address, CNAME aliases one name to another, MX directs email, NS lists a domain's authoritative name servers, and TXT holds arbitrary text used for verification and policies like SPF and DKIM.

Can I change my DNS resolver, and should I?

Yes. You can point a device or router at a public resolver instead of your ISP's. People do this for speed, reliability, filtering, or privacy. Your ISP can still see the addresses you connect to, but a different resolver sees your lookups.

Is DNS encrypted?

Traditionally no — classic DNS queries travel in plain text, so the network can read them. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt them, hiding the names you look up from the network between you and your resolver.

What is a TTL, and why do DNS changes take time?

A TTL (time to live) tells resolvers how long to cache an answer. Until that timer expires, cached copies keep serving the old value, which is why a DNS change appears to "propagate" gradually rather than instantly.

What is DNSSEC?

A set of extensions that cryptographically sign DNS records, so a resolver can verify an answer really came from the domain's owner and was not forged in transit. It protects against certain spoofing and cache-poisoning attacks.

What is the difference between DNS and a domain registrar?

A registrar is the company you buy and register a domain name through. DNS is the system that, once you own a name, maps it to addresses. The registrar handles ownership; DNS handles resolution.

Does DNS know which websites I visit?

Whatever resolver you use sees the names you look up. With unencrypted DNS, your network can see them too. This is exactly why resolver choice and encrypted DNS matter — and why a network index like ipdex deliberately maps infrastructure, never a visitor's lookups.

Updated 2026-06-17T00:00:00.000Z