How DNS Works: Domain Names, Resolvers, and Record Types Explained

BY TOOLS.FUN · MARCH 28, 2026 · 7 min read

When you type tools.fun into your browser, a complex lookup process happens in milliseconds to find the IP address where that website lives. This system — the Domain Name System (DNS) — is often called the phone book of the internet. Understanding how it works is essential for anyone who deploys web applications, configures servers, or debugs network issues.

Why DNS Exists

Computers communicate using IP addresses — numerical identifiers like 104.21.67.145. Humans are far better at remembering names like tools.fun. DNS translates between the two, allowing humans to use memorable names while computers use routable IP addresses. Every domain name ultimately resolves to an IP address through DNS.

The DNS Resolution Process

When you visit a website, your device performs a DNS lookup — a recursive query through several servers:

Browser cache: checks if the IP is already cached from a previous visit
OS resolver cache: checks the system-level DNS cache
Recursive resolver: your ISP's (or Google's/Cloudflare's) DNS server takes over
Root nameservers: 13 root server clusters that know which nameservers handle each TLD (.com, .fun, .io)
TLD nameservers: the nameserver for .fun knows which authoritative nameserver handles tools.fun
Authoritative nameserver: returns the actual IP address for tools.fun

It's faster than it sounds: a full DNS lookup typically completes in 20-120ms. After the first lookup, the result is cached for the duration of the TTL (Time To Live), so subsequent visits are instant.

DNS Record Types

DNS stores multiple record types for each domain:

A record: maps a hostname to an IPv4 address (tools.fun → 104.21.67.145)
AAAA record: maps a hostname to an IPv6 address
CNAME: alias — maps one hostname to another (www.tools.fun → tools.fun)
MX record: specifies mail servers for the domain
TXT record: stores arbitrary text — used for SPF, DKIM, domain verification
NS record: delegates a subdomain to a different nameserver
SOA record: Start of Authority — contains administrative information about the zone
PTR record: reverse DNS lookup — maps an IP address back to a hostname

TTL: Time To Live

Every DNS record has a TTL value in seconds. This tells resolvers how long to cache the record before checking for updates. A TTL of 3600 means the record is cached for one hour. Low TTLs (60-300 seconds) allow faster propagation of DNS changes but increase load on authoritative servers. High TTLs (86400 = 24 hours) reduce load but mean changes take longer to propagate globally.

Before a migration: lower your TTL to 60-300 seconds 24-48 hours before changing DNS records. Once the old TTL has expired everywhere, your change will propagate in minutes instead of hours. Use our Timestamp Converter to calculate when TTLs will expire.

DNS Caching and Propagation

DNS propagation is the time it takes for a DNS change to reach all resolvers worldwide. This is determined by the TTL of the old record — resolvers that have cached the old value will keep serving it until the TTL expires. Despite what hosting providers say, "48-hour propagation" is a myth with modern low TTLs. With a TTL of 300 seconds, changes propagate globally within minutes.

Common DNS Record Configurations

Setting up email for a domain requires MX records pointing to your mail server, TXT records for SPF (authorised sending servers), and CNAME/TXT records for DKIM (email signature verification). Missing or misconfigured email DNS is the most common cause of emails going to spam. Use our IP Lookup tool to verify IP-based DNS records.

DNS Security: Attacks and Defences

DNS spoofing / cache poisoning injects false DNS records into a resolver's cache, redirecting traffic to a malicious server. DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent this. DNS hijacking occurs when attackers compromise the authoritative nameserver or domain registrar account. Use strong passwords, MFA, and registry locks on your domains. Our Password Generator can help create secure registrar credentials.

DNS over HTTPS (DoH) and DNS over TLS (DoT)

Traditional DNS queries are sent in plain text — anyone on your network can see which domains you're looking up. DNS over HTTPS (DoH) encrypts DNS queries inside regular HTTPS traffic, making them indistinguishable from web browsing. DNS over TLS (DoT) encrypts DNS over a dedicated TLS connection on port 853. Both are supported by Cloudflare (1.1.1.1) and Google (8.8.8.8).

← Back