Type a website name, and the right page loads almost instantly. In between, a vast, invisible directory service does the heavy lifting: the Domain Name System, or DNS. It is one of the most important pieces of internet infrastructure, and most people have never heard of it.

DNS is what lets you use words rather than numbers to reach a site. Here is how the internet's address book actually works.

What DNS is

DNS is the system that translates human-friendly website names into the numerical addresses computers use to find one another.

Behind every domain name is an IP address — a string of numbers that identifies a specific server, a bit like a phone number identifies a specific phone. People are good at remembering names; computers work with numbers. DNS bridges the two. When you type a domain name into your browser, DNS looks up the matching IP address so your device knows where to connect.

The classic comparison is a phone book. You know the name you want; you look it up to find the number. DNS does exactly that, billions of times a day, usually in a fraction of a second.

Why we need it

Imagine having to remember a long string of numbers for every website you visit, and imagine those numbers changing whenever a site moved to a new server. It would be unworkable.

DNS solves both problems. It lets us use memorable names, and it lets the underlying numbers change without anyone noticing. If a website moves to a new server with a new IP address, the owner simply updates the DNS record, and the same familiar name keeps working. The name stays put while the plumbing shifts beneath it.

How a DNS lookup works

When you request a website, the answer is found through a relay of servers, each with a job:

  1. Your device checks its own memory. Computers and browsers keep a short-term cache of recent lookups. If the answer is there, you skip the rest.
  2. A resolver takes over. If not cached, the request goes to a DNS resolver, usually run by your internet provider or a public service. The resolver does the legwork of finding the answer.
  3. The root and TLD servers point the way. The resolver asks the system where to find records for that top-level domain — the .com or .uk part — and is directed to the right place.
  4. The authoritative server answers. Finally the resolver reaches the authoritative name server, which holds the official records for that specific domain and returns the correct IP address.
  5. You connect. The resolver hands the address back to your device, which connects to the website. The result is cached along the way so the next visit is faster.

A DNS lookup is a chain of polite questions: "Where do I find this?" passed along until a server that knows for certain gives the answer.

All of this typically happens in well under a second, which is why you never notice it.

Caching keeps it fast

Repeating that full journey for every single request would be slow and would overload the system. Caching prevents that. At many points — your browser, your device, your resolver — answers are stored temporarily and reused.

Each DNS record carries a setting called TTL (time to live), which says how long it may be cached before it should be checked again. A long TTL means faster repeat visits but slower propagation of changes; a short one means changes take effect quickly but lookups happen more often. This is why, after changing a domain's settings, updates can take time to appear everywhere as old cached answers gradually expire. Reliable DNS resolution is one of the quiet ingredients behind a fast site, alongside the techniques in our guide to speeding up a website.

When DNS goes wrong

Because so much depends on DNS, problems with it can be dramatic and confusing. A website might be running perfectly, yet appear completely unreachable simply because the address book step failed.

Common symptoms include:

  • A site that "cannot be found" even though it is online, because the lookup failed.
  • Slow loading if a resolver is overloaded or far away.
  • Stale results after a change, where some people see the new site and others still see the old one while caches catch up.

A frequent first-aid step is switching to a different, well-run public resolver, which can resolve issues caused by a slow or misconfigured provider resolver.

DNS and security

DNS was designed in the internet's early, more trusting days, with openness rather than security in mind. That creates risks:

  • Snooping. Traditional DNS lookups are unencrypted, so others on the network can see which sites you are asking for.
  • Spoofing and poisoning. Attackers can try to feed false answers into the system to redirect you to a fake site — a tactic that makes DNS a real cybersecurity concern.

Two important defences have grown up in response. Encrypted DNS (such as DNS over HTTPS) scrambles your lookups so they cannot be read in transit, and DNSSEC adds digital signatures so a resolver can verify an answer genuinely came from the legitimate source and was not tampered with. Neither is a complete shield on its own, but together they make DNS considerably safer.

The bottom line

DNS is the internet's address book, quietly translating the names you type into the numerical addresses computers use to connect. A lookup relays through caches, resolvers and authoritative servers, almost always in a fraction of a second, and caching keeps repeat visits fast.

Because nearly everything online depends on it, DNS problems can make healthy websites seem to vanish, and its original openness means security additions like encrypted DNS and DNSSEC matter. You will rarely think about DNS, but it is working every single time you open a web page.