Back to Blog
DNSInfrastructureWeb Fundamentals

DNS Explained: The Internet's Phone Book

Code435 min read
HOW DNS RESOLUTION WORKSYour Browsercode43.dev1RecursiveResolver2Who handles .dev?RootNameserver3Try .dev TLDTLD Nameserver(.dev)4Ask authoritative NSAuthoritativeNameserver5IP: 76.76.21.216Cached for TTLQueryResponseEntire process: ~20-120ms
The DNS resolution process: from your browser's query to the IP address that loads the page.

What Is DNS?

Every time you type a web address into your browser, something invisible happens before the page loads. Your device needs to translate that human-readable domain name — like code43.dev — into a numerical IP address that servers actually understand. The system responsible for this translation is called the Domain Name System, or DNS.

Think of DNS as the internet's phone book. Instead of looking up a person's name to find their number, DNS looks up a domain name to find the IP address of the server hosting that website. Without it, you'd have to memorize strings of numbers like 76.76.21.21 for every site you visit.

A Brief History

In the earliest days of the internet (then ARPANET), there was no DNS. Every networked computer kept a single text file called HOSTS.TXT that mapped hostnames to addresses. As the network grew from dozens to hundreds of hosts, maintaining that file became unsustainable. Updates had to be manually distributed, and conflicts were constant.

In 1983, Paul Mockapetris published RFC 882 and RFC 883, proposing a distributed, hierarchical naming system — the foundation of DNS as we know it. By 1987, the protocol was refined into RFC 1034 and RFC 1035, which remain the core specifications today. This shift from a centralized file to a distributed system is what allowed the internet to scale from hundreds of hosts to billions of devices.

How DNS Resolution Works

When you type code43.dev into your browser, here's what actually happens behind the scenes:

  1. Browser cache check. Your browser first checks its own cache. If you've visited this site recently, it may already know the IP address and can skip the rest of the process entirely.
  2. Recursive resolver query. If the cache is empty, the request goes to a recursive resolver — typically operated by your ISP or a service like Cloudflare (1.1.1.1) or Google (8.8.8.8). This resolver is the workhorse of the DNS process.
  3. Root nameserver. The resolver asks one of the 13 root nameserver clusters: "Who handles .dev domains?" The root server responds with a referral to the appropriate TLD (Top-Level Domain) nameserver.
  4. TLD nameserver. The .dev TLD nameserver is queried next. It doesn't know the final IP address either, but it knows which authoritative nameserver is responsible for code43.dev.
  5. Authoritative nameserver. This is the server that holds the actual DNS records for the domain. It responds with the IP address — for example, 76.76.21.21.
  6. Response delivered. The recursive resolver passes the IP address back to your browser, caches it for future use (based on the record's TTL, or time-to-live), and your browser connects to the web server to load the page.

This entire chain typically completes in 20 to 120 milliseconds. Most users never notice it happening.

Why DNS Matters for Your Web Presence

If you own a website, run a business online, or manage any kind of web presence, DNS directly affects three things you care about:

Performance

DNS resolution is the first step in every page load. A slow DNS provider adds latency before your site's content even begins to transfer. Choosing a fast, reliable DNS provider (like Cloudflare, AWS Route 53, or Google Cloud DNS) can shave tens of milliseconds off every request — which compounds across every visitor, every page view, every interaction.

Reliability

If your DNS goes down, your entire site goes dark — even if the web server itself is perfectly healthy. Major DNS outages have taken down large portions of the internet in the past. Redundancy matters: use a provider with a globally distributed network and consider a secondary DNS provider as a failover.

Security

DNS was designed in an era when security wasn't a primary concern. Attacks like DNS spoofing (cache poisoning) can redirect your visitors to malicious sites without them knowing. Modern protections like DNSSEC add cryptographic signatures to DNS responses, verifying that the answer came from a legitimate source. If you're serious about protecting your visitors, enabling DNSSEC on your domain is a meaningful step.

Common DNS Record Types

When you configure DNS for your domain, you work with different record types. Here are the ones you'll encounter most often:

  • A Record — Maps a domain to an IPv4 address. This is the most fundamental record type. When someone visits your site, the A record tells DNS which server to point them to.
  • AAAA Record — Same as an A record, but for IPv6 addresses. As the internet transitions to IPv6, these are becoming increasingly important.
  • CNAME Record — Creates an alias from one domain to another. For example, pointing www.code43.dev to code43.dev. Useful for subdomains and third-party service integrations.
  • MX Record — Directs email to the right mail server. If you use Google Workspace or any email provider, MX records tell the internet where to deliver messages sent to your domain.
  • TXT Record — Stores arbitrary text data. Most commonly used for email authentication (SPF, DKIM, DMARC) and domain ownership verification for services like Google Search Console.
  • NS Record — Specifies which nameservers are authoritative for your domain. These are usually set at your domain registrar.

Practical Takeaways

DNS is one of those foundational technologies that most people never think about — until something breaks. Here are a few things worth keeping in mind:

  • Choose a reputable DNS provider. Free DNS from your domain registrar works, but dedicated providers like Cloudflare offer faster resolution, better uptime, and more features.
  • Understand TTL values. TTL (time-to-live) controls how long resolvers cache your DNS records. Lower TTL means faster propagation when you make changes, but higher TTL reduces the load on your nameservers. A common default is 3600 seconds (1 hour).
  • Plan for DNS changes ahead of time. When migrating a site or switching hosts, lower your TTL a day or two before the change. After the migration, update the records and wait for propagation. Rushing this process is one of the most common causes of downtime during migrations.
  • Enable DNSSEC if your provider supports it. It adds a layer of verification that prevents DNS spoofing attacks. Most modern providers make this a one-click setup.
  • Monitor your DNS. Tools like DNS Checker or whatsmydns.net let you verify that your records are propagating correctly across the globe.

DNS is invisible when it works and catastrophic when it doesn't. Understanding the basics puts you in a better position to make informed decisions about your web infrastructure — whether you're launching a new site, migrating an existing one, or troubleshooting why your domain suddenly stopped resolving. It's the kind of knowledge that pays for itself the first time something goes wrong.

Want to make sure people can actually find your site once DNS is working? Learn how search engines discover and rank your content in our guide to SEO fundamentals.

Need help with your infrastructure?

Whether it's DNS, deployment, or full-stack architecture — Code43 can help you get it right.

Book a Consultation