Knowledge Base · Networking

What is DNS?

DNS is the internet's address book, it turns names into IP addresses. Here's how resolution works, every record type, TTL and propagation, and how to set records up yourself.

What DNS is

DNS, the Domain Name System, is the internet’s address book. It translates the human-friendly names you type, example.com, into the numeric IP addresses machines actually route to, 76.76.21.21. Every web page load, email, and API call by name starts with a DNS lookup. It is a distributed, hierarchical, cached system, which is exactly why it scales to the whole internet and why changes don’t apply instantly.

How a lookup works

Your device asks a recursive resolver (your ISP’s, or a public one like 1.1.1.1). If it hasn’t cached the answer, it walks the hierarchy:

  • Root servers point it to the right TLD servers (.com).
  • The TLD servers point it to the domain’s authoritative nameservers.
  • Those return the actual record, and the resolver caches it for its TTL.

The next lookup for that name is served from cache, which is why DNS feels instant most of the time.

The record types

TypePurposeExample value
AName → IPv4 address76.76.21.21
AAAAName → IPv6 address2606:4700::6810
CNAMEAlias to another namecname.vercel-dns.com
MXMail servers (with priority)10 mail.example.com
TXTArbitrary text (SPF/DKIM/DMARC, verification)"v=spf1 ..."
NSThe domain’s authoritative nameserversns1.example.com
SOAZone metadata (serial, timers)ns1 ... 3600
CAAWhich CAs may issue certs0 issue "letsencrypt.org"
 
; a small zone file: name, TTL, class, type, value
example.com.         3600  IN  A      76.76.21.21
www.example.com.     3600  IN  CNAME  cname.vercel-dns.com.
example.com.         3600  IN  MX     10 mail.example.com.
example.com.         3600  IN  TXT    "v=spf1 include:_spf.google.com ~all"
_dmarc.example.com.  3600  IN  TXT    "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

Want to see a real domain’s records right now? Run one through the DNS lookup tool, it queries all of these types live in your browser.

TTL & propagation

Every record has a TTL (time to live), the seconds a resolver may cache it. After you change a record, resolvers that cached the old value keep serving it until the TTL expires, which is what people mean by “DNS propagation.” There is no global push; caches simply age out. The trick for a clean cutover: lower the TTL (say to 300s) a day before a planned change, make the change, then raise it again.

How to set it up

DNS records live wherever your domain’s authoritative nameservers are, your registrar by default, or a DNS host (Cloudflare, Route 53, your web host) if you point the NS records there. Wherever that is, you add a record by specifying four things:

  • Name (the host: @ for the root, www, mail…)
  • Type (A, CNAME, MX, TXT…)
  • Value (the IP, target name, or text)
  • TTL (how long it may be cached)

The everyday tasks come down to a few records:

  • Point a domain at a host: an A record on the apex (or CNAME on www).
  • Receive email: MX records for your mail provider, plus the SPF/DKIM/DMARC TXT records below.
  • Verify ownership: a TXT record the service gives you.
$ dig example.com A +short
76.76.21.21

$ dig example.com MX +short
10 mail.example.com.

$ dig _dmarc.example.com TXT +short
"v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

After you add a record, confirm it resolved with the DNS lookup tool rather than guessing.

DNS & email authentication

Here is the connection that trips people up: SPF, DKIM, and DMARC are all just DNS TXT records. SPF on your domain, DMARC at _dmarc.yourdomain, DKIM at selector._domainkey.yourdomain. Fixing why your email goes to spam is, mechanically, publishing the right TXT records, which is why DNS is the foundation under the whole SPF/DKIM/DMARC stack.

FAQ

What is DNS in simple terms?

DNS (the Domain Name System) is the internet's address book. It translates the human-friendly names you type (example.com) into the numeric IP addresses machines route to (76.76.21.21). Every time you load a site, send mail, or call an API by name, DNS resolves that name to an address first.

How does a DNS lookup actually work?

Your device asks a recursive resolver (often your ISP's or 1.1.1.1). If it hasn't cached the answer, it walks the hierarchy: a root server points it to the TLD servers (.com), which point to the domain's authoritative nameservers, which return the record. The resolver caches the result for the record's TTL so the next lookup is instant.

What are the main DNS record types?

A (name to IPv4), AAAA (name to IPv6), CNAME (alias to another name), MX (mail servers), TXT (arbitrary text, used for SPF, DKIM, DMARC, and domain verification), NS (the domain's authoritative nameservers), SOA (zone metadata), and CAA (which certificate authorities may issue certs for the domain).

Why do DNS changes take time to apply?

Because resolvers cache records for their TTL (time to live). After you change a record, resolvers that already cached the old value keep serving it until the TTL expires. Lowering the TTL before a planned change (then raising it after) is how you make a cutover fast. 'Propagation' is really just caches expiring around the world.

What's the difference between a domain registrar and a DNS host?

The registrar is who you bought the domain from; the DNS host runs the authoritative nameservers that answer queries for it. They are often the same company but don't have to be: you can register at one provider and point the domain's NS records at another (Cloudflare, Route 53, your web host) to manage DNS there.

How do SPF, DKIM, and DMARC relate to DNS?

They are all just DNS TXT records you publish: SPF on the domain, DMARC at _dmarc.yourdomain, and DKIM at selector._domainkey.yourdomain. Setting up email authentication is, mechanically, adding TXT records, which is why understanding DNS is the prerequisite for fixing deliverability.

What is a CNAME and when should I use one?

A CNAME makes one name an alias for another (www.example.com points at cname.vercel-dns.com, which resolves to the real IP). Use it to delegate a subdomain to a host that manages the address for you. The catch: you can't put a CNAME on a domain's root (apex) alongside other records, which is why hosts offer A records or ALIAS/ANAME for the apex.

☕ KB Cafe Classic

DNS is the layer under everything else KB Cafe documents, the web (HTTP), email (SMTP), and the feeds this site was built on all start with a name resolving to an address. This is the modern reference: the hierarchy, the records, and how to set them up without fear.