DNS for beginners: what is it, how does it work, and what is it for?

11 min readJan 15, 2024

DNS is a distributed system made for receiving the information about domains. Simply put, DNS servers are an equivalent of a phonebook, where a contact’s name is a name of a website and a number is an IP-address on the internet. As soon as you are about to enter any website the distributed DNS system lets a browser quickly “get through” to a particular recipient, in other words — to access the resource. We will explain to you how this happens.


A DNS server exists so that a new website is available for all internet users, not only for its creator. If the necessary settings are not applied, no one will find out about the resource. For a better fault tolerance servers are usually written in pairs, in which one DNS is used as a primary one, and others (in the amount of 1 to 12 for each domain) serve as secondary ones and turn on when the primary server goes off.

Without the use of DNS it is impossible to imagine proper work of websites, online apps, email, messengers, multiplayer video games, virtual private networks (VPN) and many other services that use the internet. Here are some tasks that require the use of technology in question:

• a prompt distribution of connections between the data centres in order to reduce the server load and increase the reliability of access to a domain;
• geographic routing of users based on the information about distance to the nearest data centers — this increases the quality and the speed of an internet connection;
• a comfortable migration of data centres (for example, from the physical centres to the cloud ones). This possibility is used by many large companies.

We are not talking only about the computers because nowadays it is possible to set up a personal DNS server on a smartphone and, for example, completely block ads on websites/in apps as a result.


Depending on the specific purpose the following types of DNS servers exist:

• Authoritative servers. These servers are responsible for the correct work of a DNS zone. They are additionally divided into primary and secondary services. The difference is in the permissions. Primary services can make changes in the parameters of a zone, whereas secondary services lack this possibility.
• Cashing servers. These servers work with the user queries. They transmit the information from cache or forward the query to the parent system in case the information is missing.
• Forwarding servers. They forward user queries to a parent DNS server. Usually, they are used to reduce the load on caching systems.
• Root servers. They control the root zones. These servers can be global (e.g., 123 servers in different countries) and local.

Root servers also include DNS servers that register dynamic updates from users.


DNS works every time a user enters the internet with a certain query. As soon as you enter the name of a website in the address bar and press Enter, the browser immediately starts a search for a ‘hosts’ file on your computer. In this file, a match between a domain and an IP address is carried out. Usually there are no entries in the file, but if there are any, and they contain the domain typed into the address bar, the website opens immediately. Otherwise, the browser will form a DNS request and send it to the provider, who will start searching for an IP address of a needed domain.

  1. The provider addresses its own local cache, which may contain the information about the match between a domain requested by the user and an IP address attached to it. If the entry is in the cache, the provider will send an IP address to the browser, which will access the given address through hosting. If the latter works, the website will open immediately.
  2. There are often cases when an address is missing in the provider’s cache. In this case the internet provider sends a request to the root DNS servers. They cannot give out a certain IP address, however, they can provide IP addresses of a domain zone, which the needed website belongs to. So if you type an address ending with .RU into the address bar, an IP address of a .RU zone will be sent your way.
  3. At this step the provider receives an IP of a domain zone, in which the needed resource is registered. As a result of a following search of matches between the domain and the IP address, the internet provider receives the needed IP and saves it in cache. After that it sends the result of the DNS search (the IP address) to the browser.
  4. The browser forms a request to host using the received IP and gets the information from it. For the user it means that the needed website will be opened in the browser window.

Despite the complexity of the work of the domain names and IP addresses system, the operations listed above are performed in a few milliseconds, especially when the data is taken from the provider’s cache. Different desktop and mobile apps that use the internet work the same way.


For better clarity let’s have a look at the work of a DNS server system at the specific example. We will take into consideration the request in the form of ‘passport.yandex.ru/name’. This address in entered in the address bar and consists of several parts:

  • .ru — the name of a top-level-domain.
  • yandex.ru — the domain name.
  • passport.yandex.ru — the subdomain.
  • /name — a specific page in the subdomain.

Let’s consider the path which the named query takes after being typed into the address bar.

  1. The browser looks for the data in its own cache, then checks the OS cache. If the match is not found, the query will be sent to the DNS server.
  2. The query is passed to the nearest DNS server, where the cache is checked. If it does not contain the needed information, queries are sequentially sent to the parent servers.
  3. After that, the address of a DNS zone is identified. This zone stores information regarding the top-level-domain .RU.
  4. Then, the data about the yandex.ru domain is requested from the named zone.
  5. As a last step the IP address of the domain and subdomain is requested from the primary server. In this example it is passport.yandex.ru.
  6. The search for a /name page will take place on the server, whose IP address matches the domain name.

As a result of these steps the browser will immediately open the requested page, which is passport.yandex.ru/name.


You can use Whois to find out data on your DNS server. On the main page of the website there is a blank field in which you must enter the domain and press “Check”. Pay attention — the domain must be entered without http:// and www. After a couple of seconds, the information is presented in a list of DNS servers which comply with the entered name of the resource. In the report they are mentioned in ‘nserver’ strings. ‘State’ string deserves particular attention. If it shows the NOT DELEGATED status, it means the domain does not have a list of DNS servers. Consequently, this resource is not available to users. The cause of this status appearing for a properly set up website may be a forced removal of a domain delegated by a registrar/administrator. In any case, this problem needs to be resolved as soon as possible.


The DNS system works on the base of the root servers, which initially were situated in the amount of 13 on the territory of North America and belonged to different internet operators. After some time has passed, many similar servers appeared in other countries. It was done to increase the reliability and the stability of the system. As a result, the number of root servers was increased to 123. Most of them are situated in the USA.

The packing density of DNS system servers depends on the rate of internet infrastructure exploitation. Except for the USA and Canada, they can be found in Russia, Australia, Brazil, the UAE, China, Iceland, countries of Europe and other states of the world. The fastest DNS servers in Russia are located in Moscow, Saint Petersburg, Rostov-on-Don, Yekaterinburg and Novosibirsk.


Several IP addresses may be connected to a single domain simultaneously. For example: a regular website and an email server for working with electronic messages. The situation is aggravated by the fact that each domain name has one or two subdomains. DNS zones are used for a convenient storage of data about the compliance of domains and its IP addresses. There is a set of resource records, which are added to the system to provide information:

  • A. An IP address of a website which corresponds with a DNS domain name.
  • MX. Mail server address.
  • CNAME. A record for attaching a subdomain to an actual website.
  • TXT. Domain information presented in a text version.
  • SOA. Original record with data about server and domain name.
  • NS. DNS server tag for containing other types of resource records.
  • SPF. A list of servers which can send letters from the domain name.

Using these types of DNS records you can specify the information which is written in the zone.


DNS servers often face external attacks, which result in problems with access to the website. Attackers may do it to blackmail owners, do it as an attempt to drive a competitor out of business or for other purposes. Attacks can be avoided if several measures to organize protection are undertaken:

  • the DNS server is hosted on a separate high capacity physical server.
  • the recursive query processing is turned off.
  • dynamic updates of DNS zones are prohibited.
  • the additional IP address search is canceled.
  • server software is regularly updated.
  • a regular scanning for known vulnerabilities is carried out.
  • the option of transferring domain zones to a DNS server is turned off.

There are several technologies which significantly increase the protection of DNS servers from external attacks. For example, DNSSEC — a set of extensions which minimize the success of attacks based on the DNS address spoofing. TSIG, DANE and other tools can also be of interest considering the protection.


DNS servers of different internet providers refresh once in 24 hours. Because of that a situation may arise when after а change in parameters a website may be available to one provider but unavailable to another. Generally, the problem with availability solves itself within 24 hours, often you just have to wait it out. If it did not happen do the following:

  1. Clear browser cache — it may help if the browser saved wrong data.
  2. In the server settings enter “” and “”, save, clear the browser cache.
  3. Enter your domain profile and make sure its status is active.
  4. Check the website’s availability using 2ip.ru. If it is accessible, then the problem is connected to the provider.

For a quick efficiency evaluation of a web source, it is better to use Google’s DNS servers. They usually take less than a day (from 3 to 4 hours) to update. If your DNS server is not responding within 24 hours make sure you set it up properly. Probably a typo was made in the address and because of it the website is not available.


TTL is an abbreviation for Time to live. It is the maximum lifetime of a data packet or the ultimate number of iterations, which it can perform. TTL prevents data from circulating indefinitely and polluting traffic.

TTL is measured in hops. As the packet passes through the next intermediate node (router), the number of hops decreases by one. The lifetime of a packet may end earlier than it reaches the recipient, and in that case, it would be destroyed. For Windows, default TTL equals 128 hops, for other operating systems it is 64 hops.

The TTL parameter can be changed manually. As for IPv4 it is defined in the 8-bit field of a corresponding header. In IPv6 the TTL field is called Hop Limit.


DNS record has two parameters:

  • addressing, that is the defining the compliance of a query, for different records.
  • a lifetime of a record (TTL); TTL in DNS settings is time in seconds which specifies for how long the DNS parameters will be stored in cache.

The recommended TTL of a DNS record is 24 hours, after which DNS servers stop using data from cache and refresh it.

The lifetime of a DNS record ranges from one to infinity. It is technically possible to set TTL to 0, but it may lead to the situation where the data packet may be ignored. The minimal optimal TTL is considered to be 1 hour or 3600 seconds. There is no limit for the maximum possible TTL value, however, TTL will automatically decrease to 7 days or 604800 seconds if the value set was too high.


For Linux, Mac OS and Unix users the easiest way would be to use the dig tool. Write ‘dig’ in the command line, press Space and add the website address in the ‘example.com’ format. The TTL value will be displayed in seconds.

Windows users can use the nslookup tool. To do this, you have to type ‘nslookup -type=soa’ in the command line, press Space and write the website address as ‘example.com’. You can also use ‘nslookup -type=cname -debug’.


The owners of a custom domain may set their own TTL value. It can be done from a personal account on the provider’s website.

Increasing the TTL will reduce the DNS server load because of fewer incoming queries. Reducing the TTL will increase the synchronization speed.


Now you are more enlightened on the topic and you understand why we cannot avoid setting up a DNS hosting when registering a website. Always pay attention to the protection from external attacks or else the attendance rates of your web resource will experience a downfall, since the users often will not have access to the website. Don’t fear spending money on hosting and domain. The investments will definitely pay off!