DNS is a network protocol used to resolve human-readable URL addresses into the IP address that your computer needs to communicate over the internet. DNS stands for Domain Name System and was first designed in 1983 as the size of its predecessor, the centralized “Assigned Numbers List” was becoming unmanageable. To improve upon this, DNS has a distributed design with three main types of servers, caching, root, and authoritative.
A caching DNS server caches, or stores a temporary copy, of any DNS response that it processes. The purpose of a caching server is to reduce the loads on the rest of the network as it can respond to repeated or common requests with the same answer, without having to recheck it every time. ISPs routinely provide caching DNS servers that are used by default by most devices. This keeps the delay in providing a response to your DNS request to a minimum as the DNS server is as close to you as possible.
If a caching server doesn’t have a cached result for a requested domain name, it makes a request to a root DNS server. The root DNS server doesn’t respond to the DNS request directly but redirects the request to a more authoritative DNS server. For example, if you make a DNS request for example.org, a root DNS server would refer your request to a DNS server for the “.org” TLD.
Tip: A TLD or Top-Level Domain is the last part of the domain name, such as “.com” or “.org”.
Once a root DNS server refers your DNS to a more authoritative DNS server, this process will be repeated until an authoritative server responds. An authoritative server has been directly configured with the details of the requested URL. The authoritative DNS server will respond with the IP address of the requested domain, the caching DNS server will forward the result to your device and store the result in its cache until it expires.
Modern browsers also often cache DNS results for around a minute, so they don’t have to make a DNS request for the same website every time you click a link.
One flaw in DNS is that the protocol is unencrypted, this can let your ISP or other users on your network track what websites you’re browsing to, even if you explicitly configure your devices not to use your ISPs DNS servers. Privacy advocates have been pushing for an encrypted version of DNS to be standardized. One example protocol is DoH, or “DNS over HTTPS” which simply transmits the DNS request over an encrypted HTTPS connection.