Every time you type a website address into your browser, a crucial system called the Domain Name System (DNS) works behind the scenes to connect you to the right server. DNS is often called "the phone book of the internet" because it translates human-readable domain names (like wheresthatip.com) into machine-readable IP addresses (like 104.21.32.1). Without DNS, you would need to memorize the IP address of every website you want to visit.
How DNS Works: Step by Step
When you type www.wheresthatip.com into your browser, here is what happens in milliseconds:
Step 1: Browser Cache Check
Your browser first checks its own cache to see if it has recently looked up this domain. If found, it uses the cached IP address immediately — no DNS query needed.
Step 2: Operating System Cache
If the browser cache misses, the request goes to your operating system's DNS resolver cache. On Windows, you can view this cache with ipconfig /displaydns.
Step 3: Recursive DNS Resolver
If the OS cache also misses, the query is sent to a recursive DNS resolver — typically operated by your ISP or a public DNS service like Google (8.8.8.8) or Cloudflare (1.1.1.1). This resolver does the heavy lifting.
Step 4: Root Name Servers
The recursive resolver contacts one of the 13 root name server clusters. The root server does not know the IP address of wheresthatip.com, but it knows which servers are authoritative for the .com top-level domain (TLD) and directs the resolver there.
Step 5: TLD Name Servers
The .com TLD name server does not know the final IP either, but it knows which name servers are authoritative for wheresthatip.com and refers the resolver to them.
Step 6: Authoritative Name Server
The authoritative name server for wheresthatip.com holds the actual DNS records. It responds with the IP address, and the recursive resolver caches this answer and returns it to your device.
Step 7: Connection Established
Your browser now has the IP address and can establish a connection to the web server. The entire process typically takes 20-120 milliseconds.
Types of DNS Records
DNS is not just about mapping names to IP addresses. There are several record types, each serving a different purpose:
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps a domain to an IPv4 address | wheresthatip.com -> 104.21.32.1 |
| AAAA | Maps a domain to an IPv6 address | wheresthatip.com -> 2606:4700:: |
| CNAME | Alias — points one domain to another | www.example.com -> example.com |
| MX | Mail server for the domain | example.com -> mail.example.com |
| TXT | Text data (SPF, DKIM, verification) | v=spf1 include:_spf.google.com |
| NS | Name servers for the domain | example.com -> ns1.provider.com |
| PTR | Reverse DNS — maps IP to domain | 1.32.21.104 -> wheresthatip.com |
| SOA | Start of Authority — domain metadata | Serial number, refresh intervals |
You can look up any of these records using our DNS Lookup tool.
DNS Caching and TTL
DNS responses include a Time to Live (TTL) value that tells resolvers how long to cache the result. Common TTL values:
- 300 seconds (5 minutes) — Common for dynamic services
- 3600 seconds (1 hour) — Standard for most websites
- 86400 seconds (24 hours) — For stable, rarely-changing records
Lower TTL means faster propagation when you change records, but more DNS queries. Higher TTL reduces queries but means changes take longer to propagate globally.
Popular Public DNS Resolvers
| Provider | Primary | Secondary | Key Feature |
|---|---|---|---|
8.8.8.8 | 8.8.4.4 | Reliability, global presence | |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | Speed, privacy-focused |
| Quad9 | 9.9.9.9 | 149.112.112.112 | Security, malware blocking |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | Content filtering options |
DNS Security
DNS Spoofing (Cache Poisoning)
Attackers can inject false DNS records into a resolver's cache, redirecting users to malicious websites. This is one of the reasons DNSSEC (DNS Security Extensions) was developed — it adds cryptographic signatures to DNS records to verify their authenticity.
DNS over HTTPS (DoH) and DNS over TLS (DoT)
Traditional DNS queries are sent in plain text, allowing ISPs and network operators to see every domain you visit. Modern protocols encrypt DNS traffic:
- DNS over HTTPS (DoH) — Encrypts DNS queries inside HTTPS traffic (port 443). Used by Firefox and Chrome.
- DNS over TLS (DoT) — Encrypts DNS queries using TLS (port 853). Used by Android and some routers.
For more on protecting your privacy, see our online privacy guide and learn about how VPNs work.
How to Troubleshoot DNS Issues
Flush Your DNS Cache
# Windows
ipconfig /flushdns
# macOS
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
# Linux
sudo systemd-resolve --flush-cachesCheck DNS Resolution
# Using nslookup
nslookup wheresthatip.com
# Using dig (Mac/Linux)
dig wheresthatip.com
# Using our online tool
# Visit https://www.wheresthatip.com/tools/dnsCommon DNS Problems
- "DNS_PROBE_FINISHED_NXDOMAIN" — The domain does not exist or DNS cannot resolve it. Try flushing your cache or switching to a public DNS resolver
- Slow page loads — Your DNS resolver may be slow. Switch to Cloudflare (1.1.1.1) or Google (8.8.8.8)
- Wrong website appearing — Could be DNS cache poisoning or your ISP redirecting failed queries. Use DoH or switch resolvers
- DNS changes not propagating — Check the TTL of the old record. Use our DNS Lookup tool to verify current records from different locations
DNS and IP Addresses
DNS is intimately connected with IP addresses. Every DNS A record ultimately points to an IP address where a server is hosted. You can use our IP Lookup tool to find out who owns the IP address a domain resolves to, or use WHOIS to get registration details for both domains and IP addresses.
Frequently Asked Questions
Can changing DNS make my internet faster?
Switching to a faster DNS resolver (like Cloudflare 1.1.1.1) can reduce the time it takes to resolve domain names, which can make websites feel like they load faster. It does not increase your actual download speed.
Does DNS affect my privacy?
Yes. Your DNS resolver can see every domain you visit. Using encrypted DNS (DoH or DoT) and a privacy-focused resolver helps. A VPN also typically handles DNS queries through its own encrypted servers.
What is reverse DNS?
Reverse DNS (rDNS) maps an IP address back to a domain name. It uses PTR records and is commonly used for email server verification and network diagnostics. You can perform reverse DNS lookups with our DNS tool.