What is a DNS server?

What is a DNS server?
The DNS (Domain Name System) is the telephone directory of the Internet. When users enter domain names such as "google.com" or "nytimes.com" into web browsers, the DNS is responsible for finding the correct IP address of these sites. Browsers then use these addresses to communicate with origin servers or CDN edge servers to access website information. This is all thanks to DNS servers: machines dedicated to answering DNS queries.

What is a server?
A server is a device or program dedicated to providing services to other programs, called "clients". DNS clients, built into most modern desktop and mobile operating systems, allow web browsers to interact with DNS servers. For more information, see The client-server model.

How do DNS servers resolve a DNS query?
In a typical non-caching DNS query, four servers work together to provide an IP address to the client: recursive resolvers, root name servers, TLD name servers and authoritative name servers.

The DNS "recursor" (also known as a DNS resolver) is a server that receives the DNS client request and then interacts with other DNS servers to look up the correct IP address. Once the resolver receives the request from the client, it then behaves like a client itself, querying the other three types of DNS servers for the correct IP address.

DNS Lookup
The resolver first queries the root name server. The root server is the first step in translating (resolving) domain names into human-readable IP address information. The root server then replies to the resolver with the address of a Top Level Domain (TLD) DNS server such as .com or .net that stores its domain information.

Then the resolver queries the TLD server. The TLD server responds with the IP address of the domain's authoritative name server. The recursor then queries the authoritative name server, which will respond with the IP address of the originating server.

The resolver will finally pass the IP address of the originating server to the client. Using this IP address, the client can also make a request directly to the origin server and the origin server will respond by sending website data that can be interpreted and displayed by the web browser.

What is DNS caching?
In addition to the process described above, recursive resolvers can also resolve DNS queries using cached data. After retrieving the correct IP address of a given website, the resolver will then store this information in its cache for a limited time. During this time, if other clients send queries for that domain name, the resolver can ignore the typical DNS lookup process and simply respond to the client with the IP address stored in the cache.

Once the caching period has expired, the resolver must retrieve the IP address again, creating a new entry in its cache. This time, called the time-to-live (TTL), is explicitly defined in the DNS records of each site. Typically, the TTL is in the range of 24 to 48 hours. A TTL is necessary because web servers sometimes change their IP addresses, so resolvers cannot provide the same IP address from the cache indefinitely.

What happens if the DNS servers fail?
DNS servers can fail for a number of reasons, such as power outages, cyber attacks and hardware malfunctions. In the early days of the Internet, DNS server failures could have a relatively large impact. Fortunately, today the DNS has a lot of redundancy built in. For example, there are many instances of root DNS servers and TLD name servers, and most ISPs have backup recursive resolvers for their users. (Individual users can also use public DNS resolvers, such as Cloudflare's 1.1.1.1. Most popular websites also have multiple instances of their authoritative name servers.

In the event of a major DNS server outage, some users may experience delays due to the number of requests processed by backup servers, but it would take a very large DNS outage to make a significant portion of the Internet unavailable. (This happened in 2016 when the DNS provider named Dyn suffered one of the largest DDoS attacks in history). Cloudflare offers a managed DNS service with built-in DNS security to protect DNS servers from attacks as well as other common sources of server failure.