fundamentals
What is DNS?
How the Domain Name System translates human-readable names into machine-readable addresses
You already used DNS today — thousands of times
Before you finished your morning coffee, your phone made hundreds of DNS queries. Checking email, scrolling social media, loading a weather widget, syncing a podcast — every single one of those actions started with a DNS lookup. Your devices asked the Domain Name System to translate a name like weather.com into an IP address like 199.232.34.42, and the system answered in milliseconds. You never noticed. That is the point.
The Domain Name System is one of those rare technologies that succeeds precisely because it is invisible. When it works, nobody thinks about it. When it fails — as happened during the AWS DNS outage on October 20, 2025 — millions of people cannot reach websites and apps, not because the servers went down, but because their names could no longer be resolved.
The phone book analogy (and why it falls short)
DNS is often called “the phone book of the internet.” The comparison is intuitive: just as a phone book maps a person’s name to their phone number, DNS maps a domain name like example.com to the IP address of the server hosting it, such as 93.184.216.34.
But phone books are printed, centralized, and static. DNS is none of those things. A more accurate picture: imagine a directory service split across thousands of offices worldwide, each responsible for a different portion of the namespace, all coordinating seamlessly to answer billions of lookups every day. No single server holds the complete database. No single organization controls it. It is distributed by design.
This distributed architecture is what allows DNS to scale to the demands of the modern internet — handling approximately 7 trillion queries per day through Akamai’s network alone, and serving a namespace of 378.5 million registered domain names across roughly 1,593 top-level domains.
The hierarchy: an inverted tree
DNS organizes the entire internet namespace as an inverted tree structure. Every domain name you have ever typed into a browser is a path through this tree, read from right to left.
. (root)
|
+-------------+-------------+
| | |
.com .org .uk
| | |
example wikipedia bbc
| | |
www en wwwThe tree has four levels, each serving a distinct purpose:
| Level | Description | Example |
|---|---|---|
| Root | The invisible top of the tree, represented by a single dot (.) | . |
| Top-Level Domain (TLD) | First level below root; managed by registry operators | .com, .org, .uk, .xyz |
| Second-Level Domain (SLD) | The registered domain name itself | example.com, wikipedia.org |
| Subdomain | Any label added to the left of the registered domain | www.example.com, mail.example.com |
This hierarchy is not just organizational — it is operational. Each level delegates authority to the level below it. The root zone knows which servers are responsible for .com. The .com TLD servers know which servers are responsible for example.com. And example.com’s servers know the IP addresses for www.example.com, mail.example.com, and any other subdomains.
This principle of delegation is what makes DNS a truly distributed system rather than a single massive database.
Fully Qualified Domain Names
When you type www.example.com into a browser, you are actually using an abbreviated form. The full, unambiguous version is www.example.com. — note the trailing dot. That trailing dot represents the root of the DNS tree and makes the name a Fully Qualified Domain Name (FQDN).
An FQDN reads right-to-left as a path through the tree:
www.example.com.
| | | |
| | | └── Root zone (.)
| | └───── Top-level domain (com)
| └─────────── Second-level domain (example)
└───────────────── Subdomain / host (www)Most software automatically appends the trailing dot, so you never need to type it. But understanding it matters when you work with DNS zone files or troubleshoot resolution issues, because a missing trailing dot can cause a record to be interpreted relative to the zone origin rather than as an absolute name.
The distributed database
Unlike a traditional database that lives on one server (or a cluster of servers under one organization’s control), DNS distributes its data across millions of authoritative name servers operated by thousands of independent organizations.
No single entity holds the complete DNS dataset. Instead, each authoritative server holds the records for the zones it is responsible for. When a resolver needs to look up www.example.com, it follows the delegation chain from the root to the TLD to the authoritative server, gathering referrals at each step until it reaches the server that holds the answer.
This architecture gives DNS several critical properties:
Fault tolerance. If one authoritative server goes down, others in the same zone can answer. The root level alone consists of 13 logical server names backed by approximately 1,954 physical instances distributed across all six populated continents using anycast routing.
Scalability. Adding a new domain to the internet does not require updating a central database. The domain owner configures their authoritative servers, registers delegation with the TLD operator, and the system works.
Local authority. Each zone’s administrator has full control over the records in their zone. Google manages google.com’s DNS records. Your company manages yours. The root zone operators do not need to know or care about the contents of individual domains.
DNS by the numbers
The scale of DNS is staggering. Here are the numbers that define the system as of 2025:
| Metric | Value |
|---|---|
| Total registered domains worldwide | 378.5 million |
.com registrations alone | 157.2 million |
| Number of TLDs in the IANA root database | ~1,593 |
| Root server logical names | 13 (A through M) |
| Root server physical instances (anycast) | ~1,954 |
| DNS queries per day (Akamai) | ~7 trillion |
| DNS queries per day (Vercara UltraDNS, 2023 avg) | ~115 billion |
| Generic TLD share of registrations | 61.2% |
| Country-code TLD registrations | 144.8 million |
| Year-over-year domain growth | 1.7% |
To put the query volume in perspective: 7 trillion queries per day works out to roughly 81 million queries per second, sustained, through a single provider’s network. Across all DNS infrastructure worldwide, the total is far higher.
What happens when DNS breaks
Because DNS sits at the very beginning of virtually every internet connection, its failure is uniquely catastrophic. Servers can be running, databases can be healthy, application code can be flawless — none of it matters if the client cannot resolve the hostname to connect in the first place.
The Dyn DDoS attack of October 2016 demonstrated this vividly. Attackers flooded Dyn’s managed DNS infrastructure with traffic from the Mirai botnet, knocking out name resolution for major sites including Twitter, Reddit, Netflix, GitHub, and Spotify. The websites themselves were fine. Their names simply could not be looked up.
DNS misconfigurations also have measurable performance impacts during normal operations. A slow or poorly configured DNS setup can add 100-300 ms to page load times on every navigation — latency that users perceive as sluggishness even though the web server is responding quickly.
What DNS is not
A few common misconceptions worth clearing up:
DNS is not hosting. DNS tells your browser where to find a server. It does not host the website itself. Moving your DNS to Cloudflare does not move your website to Cloudflare.
DNS does not “propagate.” When you change a DNS record, the update does not actively push across the internet. Instead, cached copies of the old record expire based on their TTL (Time to Live), and resolvers fetch the new record on their next lookup. The term “propagation” is a misnomer — what you are really waiting for is cache expiration.
DNS is not a single system. There is no “the DNS server.” DNS is a protocol and an architecture. Thousands of organizations operate authoritative servers, recursive resolvers, and root servers independently. Coordination happens through standards (RFCs) and delegation, not through centralized control.
Where to go from here
Understanding what DNS is gives you the foundation. The next step is understanding how it actually resolves a name — the step-by-step journey from your browser typing a URL to an IP address arriving back. That process involves four distinct actors, multiple network round-trips, and a caching system that makes the whole thing feel instant.
Read How DNS Resolution Works to follow a query from start to finish, or jump to DNS Record Types if you want to understand the building blocks — the A records, CNAME records, MX records, and others — that make up the DNS database.