infrastructure
Query Volumes and Traffic
The scale of global DNS traffic — volumes, patterns, and what the numbers reveal
500 trillion questions per day
The internet asks the Domain Name System approximately 500 trillion queries per day. That is roughly 5.8 billion queries per second, sustained, around the clock. Every web page load, every API call, every app refresh, every email delivery, every IoT sensor check-in — each begins with at least one DNS lookup, and often several.
To put this in perspective: the entire human population speaks approximately 16,000 words per day on average. The internet’s DNS infrastructure handles more queries in a single second than every person on earth speaks words in a day.
Who handles the traffic
No single entity sees all DNS traffic, but the largest providers offer a window into the scale:
| Provider | Queries Per Day | Role |
|---|---|---|
| Akamai | ~7 trillion | Authoritative DNS for major websites |
| Cloudflare (1.1.1.1) | ~1.9 trillion | Public recursive resolver |
| Google (8.8.8.8) | ~1+ trillion | Public recursive resolver |
| Cisco Umbrella (OpenDNS) | ~620 billion | Enterprise/consumer resolver |
| Root servers (combined) | ~130 billion | Root zone referrals |
| Vercara UltraDNS | ~124 billion | Authoritative DNS for enterprises |
These numbers overlap — a query to Cloudflare’s resolver may result in a query to an Akamai-hosted authoritative server, which in turn may have been referred by a root server. The 500 trillion estimate accounts for this by measuring at the stub resolver level.
Query type breakdown
Not all DNS queries are created equal. The overwhelming majority are simple IPv4 address lookups:
| Query Type | Approximate Share | Purpose |
|---|---|---|
| A (IPv4) | ~55–60% | IPv4 address lookups |
| AAAA (IPv6) | ~20–25% | IPv6 address lookups |
| CNAME | ~5–8% | Canonical name aliases |
| TXT | ~3–5% | SPF, DKIM, DMARC, domain verification |
| PTR | ~3–5% | Reverse DNS lookups |
| MX | ~2–3% | Mail exchange records |
| NS | ~1–2% | Nameserver lookups |
| SOA | ~1–2% | Start of authority |
| Other | ~2–3% | SRV, HTTPS, SVCB, and emerging types |
A and AAAA records combined account for approximately 80% of all queries received by Cloudflare’s 1.1.1.1 resolver. The AAAA share is growing — up 16.47% year-over-year — as IPv6 adoption increases.
Response code distribution
Most DNS queries succeed. But the ones that don’t reveal interesting patterns:
| Response Code | Approximate Share | Meaning |
|---|---|---|
| NOERROR | 80–90% | Successful resolution |
| NXDOMAIN | 10–15% | Domain does not exist |
| SERVFAIL | ~1% | Server failure |
| REFUSED | Under 1% | Query refused |
The NXDOMAIN rate — 10 to 15% of all queries returning “this domain does not exist” — is surprisingly high. It reflects typos, misconfigured software, malware querying randomly generated domains (a technique called domain generation algorithms or DGAs), and applications checking for domains that may or may not exist. NXDOMAIN responses are cached (negative caching), but with shorter TTLs than positive responses.
Daily traffic patterns
DNS traffic follows the rhythm of human activity. It correlates strongly with internet usage in each time zone, creating a diurnal cycle:
- Peak hours occur during local business hours (09:00–17:00) and early evening (19:00–22:00) in each region.
- Global traffic never drops to zero. As one hemisphere enters nighttime, the other enters peak usage.
- Seasonal spikes are significant. Cloudflare’s authoritative DNS peaked at 811 billion queries on Cyber Monday 2024, with a burst rate of 9.4 million queries per second around 15:00 UTC.
The diurnal pattern means that DNS infrastructure must be provisioned for peak load, but most of the time operates well below capacity. This headroom is critical — it provides the margin needed to absorb sudden traffic spikes and DDoS attacks.
Geographic distribution
DNS traffic roughly follows internet usage, but with some notable asymmetries:
| Region | Share of Global DNS Traffic | Characteristics |
|---|---|---|
| North America | ~30–35% | Highest per-capita query volume |
| Europe | ~25–30% | Dense peering, fast resolution |
| Asia-Pacific | ~25–30% | China is second-largest by volume |
| South America | ~5–7% | Growing rapidly |
| Africa | ~2–4% | Fastest-growing by percentage |
| Middle East | ~2–3% | Developing infrastructure |
The United States generates more DNS traffic from more unique IP addresses than any other country. China is the next largest source, with 40% of the US address count but 80% of its packet volume at root servers — a ratio that suggests Chinese networks generate more queries per address, likely due to different caching behavior and a large population of mobile devices.
IPv4 vs. IPv6
DNS is the canary in the coal mine for IPv6 adoption. The share of AAAA (IPv6) queries reveals how quickly the transition is actually happening:
| Metric | IPv4 | IPv6 |
|---|---|---|
| Share of DNS queries | ~75–80% | ~20–25% |
| Cloudflare client-side IPv6 | — | 30.5% by query volume |
| YoY growth in AAAA queries | — | +16.47% |
IPv6 adoption varies wildly by country. France leads at ~78%, followed by Germany (~76%) and India (~72%). The US sits at ~53%. China has ~865 million IPv6-capable users but lower traffic percentages. The global average is approximately 40–48% depending on methodology.
The IPv6 transition has implications for DNS infrastructure because dual-stack networks generate both A and AAAA queries for every lookup — effectively doubling the query volume per resolution. As IPv6 adoption grows, total DNS query volumes grow with it.
Growth trajectory
DNS query volumes have grown consistently year over year. Root server traffic alone increased 40% between early 2023 and early 2025. The drivers are compounding:
- More devices. The IoT explosion means billions of new devices making DNS queries — from smart thermostats to industrial sensors.
- More applications. Modern web pages load resources from dozens of domains. A single page load can trigger 50–100 DNS queries.
- More encryption. HTTPS Everywhere and HSTS mean more connections to more domains, each requiring DNS resolution.
- IPv6 dual-stack. As noted above, dual-stack queries roughly double the query count per resolution.
- DNS-based security. Enterprise DNS filtering services (Cisco Umbrella, Cloudflare Gateway, NextDNS) route all queries through their infrastructure, increasing measured volumes.
The domain registration market is projected to reach 464.8 million domains by 2030 (from 378.5 million in 2025), growing at 3.3% CAGR. Query volumes will grow faster than domain counts because existing domains accumulate more traffic as internet usage intensifies.
DNS encryption adoption
One dimension of DNS traffic that is changing rapidly is encryption:
| Technology | Adoption |
|---|---|
| DNS over HTTPS (DoH) | Server support mature; client adoption growing |
| DNS over TLS (DoT) | Server support mature; Android uses natively |
| DNSSEC signing (.com/.net) | ~4–5% of zones |
| DNSSEC validation | ~34% of resolvers |
For comparison, HTTPS adoption among the top 1,000 websites is at 96%. The gap between web encryption and DNS encryption remains enormous, though it is closing as browsers and operating systems increasingly default to encrypted DNS.