DNS, or Domain Name System, is the system that translates human-readable domain names (like www.mywebsite.com) into numerical Internet Protocol addresses. Computers and devices rely on these machine-readable addresses to identify each other on the internet.

DNS is often called the Internet’s phone directory. By matching names with numbers, it enables you to browse websites, send emails, or use apps without having to memorize complex identifiers.

In this guide, we deep-dive into everything DNS. We go into its inner workings, explore the key components, and discuss leading DNS servers. We also compare free, public, and private DNS to help your organization make the best choice around this service.

What Is A DNS Server?

A DNS server is a critical component that translates a website’s domain name (e.g. www.website.com) into its corresponding IP address when you enter or click it. Every device connected to the internet, whether it’s a website server or your smartphone, has a unique IP address.

By providing this essential information, DNS facilitates a connection to the right site. Similarly, when sending an email to [email protected], DNS finds the correct mail server. If you connect to api.service.com via an app, DNS locates the right backend system for you.

Without DNS, you’d have to manually enter long IP addresses such as:

  • 93.184.216.34
  • 2001:0db8:85a3:0000:0000:8a2e:0370:7334

You’d also have great difficulty accessing apps, content delivery networks (CDNs), or internal company systems that might change IP addresses frequently.

Essentially, DNS turns complex connections into simple clicks, making navigation quick and user-friendly. Without DNS working intelligently in the background, the internet as we know it would be far less accessible.

How Does DNS Work?

DNS works using a series of rapid, automatic queries. It also stores information on frequent searches to speed up the process. 

Let’s take a look at the process step by step. 

Your request

You open your web browser and type in a website address, say www.dnsworkings.com.

Does your existing network support the performance you’re targeting? How many users are projected (currently and into the future)? Scope your app and software requirements (including persistent vs. non-persistent). Your remote work and BYOD policies and future staffing models are all relevant considerations here.

Query from your device

Your device doesn’t know the IP address for dnsworkings.com, so it sends a query to your local DNS server, known as a recursive DNS server. This local server is typically provided by your Internet Service Provider. Alternatively, it could be a private one you’ve set up.

The recursive server reacts

Your recursive DNS server might already have the IP address for dnsworkings.com stored from a previous lookup (this is called “caching”). If so, it will send it back immediately, making the process incredibly swift and efficient.

Working through the DNS tree

If it doesn’t have the answer cached, the recursive server moves up the DNS tree:

  • It asks a root server for guidance.
  • The root server points it to the correct Top-Level Domain (TLD) server for .com domains.
  • The TLD server directs it to the specific authoritative DNS server that holds the records for dnsworkings.com.

The authoritative server answers

The authoritative DNS server for dnsworkings.com provides the exact IP address to the recursive server.

Answer delivered

The recursive server sends that IP address back to your computer.

Connection made

With the IP address, your device now connects to the dnsworkings.com website’s server, and the webpage loads on your screen.

What’s The Difference Between Authoritative DNS Servers And Recursive DNS Servers?

Recursive and authoritative DNS servers are fundamental to the DNS protocol. The recursive server does the legwork for your device, while the authoritative server provides the ultimate answer for a domain it “owns.”

Let’s examine them in more detail.

Recursive DNS servers

Recursive DNS servers are the first point of contact after you initiate a search. Their role is to accept your query (e.g. www.website.com) and find the answer for you. Think of this server as an agent acting on your behalf.

First, they check their cache to see if they have the answer readily available. If not, they query other DNS servers up the hierarchy to get the definitive IP address. Once obtained, they return it to your device.

Your Internet Service Provider (ISP) typically provides a recursive DNS server. You can also use public recursive servers like Google DNS or Cloudflare DNS. Private recursive resolvers are widely employed in larger business networks for more control.

Authoritative DNS servers

These are the servers that hold the official records for a specific domain name. They don’t need to ask other servers; they are the source of information for that domain. Every website or online service has one or more authoritative DNS servers that publish its IP address.

Authoritative servers are usually managed by the domain name registrar (where a website owner buys their domain name) or a web hosting provider.

DNS Servers and IP Addresses

An IP address (Internet Protocol address) is a unique set of numbers assigned to every device or website on a network.

There are currently two versions of the protocol. IPv4 (version 4) addresses comprise four sets of numbers separated by dots, such as:

  • 202.178.4.10

The rapidly exploding number of internet users/devices means we’re running out of IPv4 addresses (the version allows for around 4.3 billion unique addresses). 

The latest IPv6 (version 6) protocol uses much longer addresses, incorporating a combination of numbers and letters (it provides around 340 undecillion possible addresses). Here’s an example of an IPv6 address:

  • 2001:0db8:85a3:0000:0000:8a2e:0370:7334

You’ll appreciate that trying to navigate the internet using these identifiers would be a nightmare.

Fortunately, the Domain Name System translates the simple domain names we use into machine-readable IP addresses.

DNS servers and IP addresses work hand in hand to make internet access easy.

  • The DNS tells your browser where to go (without requiring you to input complex identifying labels).
  • The IP address is the actual location you want.

DNS Server Not Responding? What Does That Mean?

An error message like “DNS Server Not Responding” indicates your device can’t “find” or “resolve” the address of the website you’re trying to reach. This can happen even if your internet connection appears to be working normally. 

Common reasons for this error include:

  • Temporary network glitch: Sometimes, your ISP’s DNS server experiences a brief outage or overload.
  • Misconfiguration: Your computer’s network settings might be pointing to an invalid or unreachable DNS server.
  • Router issues: Your office router, which often handles DNS requests, might need a simple reboot.
  • Local connection problems: A weak Wi-Fi signal or a loose Ethernet cable can prevent DNS requests from going through.
  • Firewall or antivirus interference: Security software may accidentally block DNS traffic.

A “Not Responding” issue can often be resolved with basic troubleshooting steps, such as:

  • Restarting your router and/or computer.
  • Checking and securing a loose network or Wi-Fi cable.
  • Waiting a few minutes and trying again.
  • Temporarily switching to a public DNS server (like Google’s 8.8.8.8) as a stopgap workaround. 

The Best DNS Servers

While your ISP provides a default DNS server, many users opt for public DNS servers to access superior speed, security, or performance. 

The most highly regarded public DNS servers include:

  • Google Public DNS (8.8.8.8 and 8.8.4.4): The Google DNS is generally fast, highly reliable, and globally available. It’s a solid choice for an efficient, straightforward performance boost.
  • Cloudflare DNS (1.1.1.1): Cloudflare DNS is consistently rated one of the fastest public DNS services. Besides speed, user privacy is also safeguarded. Cloudflare commits not to log your IP address. If they must temporarily log an IP for operational reasons, it’s purged within 24 hours. 
  • OpenDNS (now Cisco Umbrella): OpenDNS offers valuable security features, including blocking phishing and malicious sites. It also provides content filtering capabilities, such as controls to block inappropriate content.
  • Quad9 (9.9.9.9): Quad9 is built with security at its core, blocking access to malicious domains using real-time threat intelligence. It’s well-regarded for protecting devices from malware, spyware, and phishing threats.
  • NextDNS: NextDNS offers powerful privacy, security, and customization features, including strong analytics. It’s ideal for privacy-conscious users and tech-savvy small businesses.

Which DNS server is best for you?

The ideal DNS server for your organization depends on your needs and priorities:  

  • If speed is your main concern, Cloudflare or Google DNS are strong choices.
  • If security and content filtering for a small business are priorities, OpenDNS or Quad9 might be more suitable.
  • Businesses often invest in a more powerful DNS solution that integrates advanced security and management features. However, you usually have to pay for such systems.  

Free vs Paid DNS Servers: What Is the Difference?

Several good DNS services are available for free. If you just use the system for normal web browsing or running a small site, a free DNS server usually does the job.

However, for businesses depending on robust uptime, speed, and user experience, investing in a paid DNS provider can make all the difference. The best paid services deliver enterprise-grade reliability, advanced security, and extensive features necessary for large-scale and critical online activities.

Let’s explore the free vs paid distinction more deeply.

Free DNS servers

As mentioned, free DNS servers are offered by reputable public DNS providers like Google DNS, Cloudflare DNS, Cisco Umbrella (basic version), Quad9, and NextDNS (free plan). Your ISP usually provides your default DNS.

Benefits:

  • Cost-effective: Free to use.
  • Improved speed: These servers are often faster than your ISP’s default.
  • Basic security/filtering: Some (like Cisco Umbrella and Quad9) offer built-in protection against known malicious sites.

Downsides:

  • Logging: Free services might log your DNS queries, which could be used for analytics or even targeted advertising. Privacy-focused ones like Cloudflare explicitly promise not to log your information.
  • Support: Limited or community-based support.
  • Features: Fewer advanced features compared to paid services.
  • SLA (Service Level Agreement): No or limited guarantees on uptime or performance.

Paid DNS servers

Respected providers of enterprise-grade paid DNS services include companies like Oracle Dyn, Akamai, Amazon Route 53, and Cisco Umbrella (higher-tier plans).

Benefits:

  • Enhanced security:
    • DDoS protection for your domains
    • Advanced threat intelligence
    • Stronger content filtering
    • Stringent access controls
  • Guaranteed reliability and uptime: Service Level Agreements (SLAs) may guarantee very high uptime (e.g. 99.999%), crucial for business-critical assets.
  • Advanced features: More customization options and advanced analytics/reporting, automation, and traffic management capabilities.
  • Dedicated support: Professional, often 24/7, technical support.
  • Privacy guarantees: Stronger privacy assurances are especially appreciated by businesses handling sensitive data.

Downsides:

  • Cost: The additional expense is the main consideration.

FAQs

What are the steps in a DNS lookup?

Here are the steps that take place after you enter a URL in your browser:

  1. Local cache search: Your computer checks its local DNS cache to see if it already knows the IP address.
  2. DNS resolver query: If it’s not cached, it queries the recursive DNS resolver.
  3. Root name server inquiry: The resolver asks a root name server where to find information for the top-level domain (TLD), like .com and .org.
  4. TLD name server: The root server directs the resolver to the appropriate TLD name server.
  5. Authoritative name server query: The TLD server guides the resolver to the authoritative name server, which holds the IP address for the website.
  6. IP address is returned: The resolver gets the IP address from the authoritative server and returns it to your device.
  7. Connection established and content loaded: Your computer now connects to the site using the address and loads the content.
  8. Results stored in cache: The result is saved in your local DNS cache for quicker access next time.

What is a DNS resolver?

A DNS resolver is the component, often a server, that receives a DNS query from a client (like your device) and finds the corresponding IP address. This resolving process often involves querying a series of other DNS servers, including the root, TLD, and authoritative name servers, to retrieve the final answer on your behalf.

The whole process may take mere milliseconds. It’s a critical part of making the internet feel instant and seamless.

The terms “DNS resolver” and “recursive DNS server” are often used interchangeably. In most cases, when someone refers to a DNS resolver, they’re talking about the recursive server that performs the full lookup process for the client.

What are the types of DNS queries?

There are three types of queries used during the DNS lookup process to resolve domain names into IP addresses. Here’s a quick breakdown:

  1. Recursive query: The DNS client asks a DNS server to locate the domain name. If the server doesn’t know the answer, it queries other servers until it gets the answer. It returns the final result to the client.
  2. Iterative query: This interaction takes place between DNS servers. Every server approached provides the best answer it can. This is usually a referral to another DNS server closer to the answer. The original client (or the recursive server on its behalf) follows the trail to the final answer.
  3. Non-recursive query: This occurs when the DNS server already knows the answer because it has the information cached. It responds immediately without needing to consult other servers.

What is DNS caching? Where does DNS caching occur?

DNS caching is the process of temporarily storing a resolved IP address in memory. When your device or a DNS server successfully looks up an IP address, it doesn’t immediately forget it. Instead, the information is “cached”.

If you or another user requests the same site or app again soon, the system can provide the answer quickly from its local memory. It doesn’t need to repeat the entire lookup process across the internet.

DNS caching occurs at several levels within the network. The largest caches are held by Recursive DNS servers. They are the primary “librarians” of the internet and maintain massive caches of DNS records for all their users. This substantial storage saves constant queries to authoritative servers, expediting lookups significantly.

Other levels where caching occurs include:

  • Your router: Many home and business routers also have a DNS cache to serve requests for all devices connected to that local network.
  • Your operating system (OS): Your computer’s operating system (Windows, macOS, Linux) keeps a DNS cache, storing records for all applications on your device, not just your web browser.
  • Your web browser: Modern web browsers (like Chrome, Firefox, Safari) maintain a small, individual DNS cache for recently visited websites, providing the fastest possible response for sites you frequent.

What is an example of DNS?

Google Public DNS (8.8.8.8) is an example of a globally available and widely used Domain Name System (DNS). Cloudflare DNS (1.1.1.1) is another very well-known example.

How do I find my DNS?

You may need to locate your DNS for troubleshooting network issues or configuring a custom DNS. Finding the details is fairly straightforward on both Windows and macOS.

On Windows 10/11:

  • Go to Settings.
  • Go to Network & Internet.
  • Click Wi-Fi or Ethernet, depending on your connection.
  • Select Properties on your active network.
  • Scroll down to see your DNS servers under “IP settings.”

On macOS

  1. Go to System Settings (or System Preferences on older versions).
  2. Go to Network.
  3. Select your active connection (Wi-Fi or Ethernet).
  4. Click Details or Advanced next to the network name.
  5. Go to the DNS tab.
  6. You’ll see the list of DNS servers your Mac is currently using.

What are the types of DNS?

The four main component types in the DNS resolution process include:

  1. Recursive resolvers: Recursive resolvers receive the DNS request from your device and do the searching on your behalf. They act like an agent, handling the entire process so you don’t have to manually.
  2. Root nameservers: DNS root nameservers point to the right TLD server based on the domain ending (.com or .net, for example). They’re the global gatekeepers at the top of the DNS hierarchy.
  3. TLD nameservers: TLD nameservers send the query to the correct authoritative server for that specific domain. Each one manages a particular domain family (e.g. .org or .net).
  4. Authoritative nameservers: These provide the final answer—the IP address linked to the domain. They hold the definitive records that tell your browser where to go.

Is changing DNS safe?

Yes, changing your DNS settings from your default ISP-provided DNS is generally safe, provided you choose a reputable provider. Changing to a random or unknown provider is more risky. It may log, misuse, or sell your data.

Using a well-regarded DNS provider could even improve your internet experience. For example, Cloudflare (1.1.1.1) and Cisco Umbrella rarely go down and promise faster browsing, enhanced security, and greater online privacy.

If you do change DNS, it’s advisable to back up your original settings. This covers you in case you want to revert.

Should I use private DNS?

Private DNS offers organizations greater control and improved performance than public DNS. Setting up a private DNS server is advantageous if your organization prioritizes any of the following:

  • Better performance for internal networks.
  • DNS activity logs for auditing or compliance.
  • Support for internal-only domain names like the company intranet and internal app URLs.
  • No external data sharing. When run entirely on-premises, DNS queries stay within your infrastructure, protecting data privacy.
  • Enhanced security and traffic filtering. You can configure your server to block malicious sites and deny requests to known dangerous domains. 

You can deploy a private DNS server on-premises or in the cloud, using software such as Windows DNS Server.

Contact us to get started

Find out how Acrisure Cyber Services can turbocharge your technology.

New York City Technology HQ

55 W 39th St. Floor 12
New York, NY 10018

Email: [email protected]

Phone: 212-299-7654

Let’s Talk

Boston Cybersecurity HQ

200 Clarendon St. Floor 51 Boston, MA 02116

Email: [email protected]

Phone: 877-650-1751

Let’s Talk

Acrisure Corporate Headquarters

100 Ottawa Ave SW Grand Rapids, MI 49503

Email: [email protected]

Phone: 212-299-7654

Let’s Talk

Technology Support Field Offices

Indianapolis

8888 Keystone Crossing, Suite 1300 Indianapolis, IN 46240

Email: [email protected]

Phone: 317-705-0333

Let’s Talk

Chicago

541 N. Fairbanks Ct., Suite 2200 Chicago, IL 60611

Email: [email protected]

Phone: 773-862-0658

Let’s Talk

Denver

1400 16th Street Denver, CO 80202

Email: [email protected]

Phone: 317-705-0333

Let’s Talk

Virginia

14508 Lee Road Suite E Chantilly, VA 20151

Email: [email protected]

Phone:

Let’s Talk