What Is DNS and How It Works A Simple Explainer

Slug

what-is-dns-and-how-it-works

Excerpt

Understand what is DNS and how it works with this simple guide. We break down the DNS lookup process, common records, and custom domain setup step by step.

Let's be honest: the Domain Name System (DNS) is the internet's address book. It's the magic happening in the background that turns a simple website name, like sotion.so, into the string of numbers a computer needs to actually find anything online.

How DNS Acts as the Internet's Address Book

Ever stop to think about what happens when you type a web address into your browser and hit Enter? It feels instant, but you're kicking off a lightning-fast, global game of telephone. This whole process is orchestrated by DNS.

Without it, surfing the web would be like trying to call a friend using only their name, with no phone number. It just wouldn't work.

The problem DNS solves is fundamental: we remember words, but computers only really care about numbers. A website's real address—its IP address—is a numeric code like 172.67.158.114. Imagine having to memorize one of those for every single site you visit. Impossible, right?

From a Single File to a Global System

Believe it or not, that was almost our reality. Back in the early 1980s, the "internet" was a small network of computers, and to keep track of them, a single text file called HOSTS.TXT was manually updated with every machine's name and address.

As you can imagine, once the network grew beyond a few hundred computers, that system fell apart. This growing pain led to the birth of the Domain Name System in 1983—a brilliant, automated solution that could scale with the internet's explosive growth.

This modern "address book" relies on a few key players working in perfect harmony:

Your Web Browser: Where it all begins. You type in the name.

The Recursive Resolver: Think of this as a super-helpful librarian. It's a server, usually run by your Internet Service Provider (ISP), that takes your request and promises to find the right IP address.

Nameservers: A hierarchy of specialized servers scattered across the globe that hold the actual address records. They're the ones the "librarian" asks for information.

Getting a handle on this system is step one for anyone wanting to get a site online. It’s the foundational knowledge you need before you can point a custom domain name to your new digital home.

Platforms like Sotion, for instance, are designed to make this easy, often requiring just two simple DNS records to connect your branded domain to a Notion-powered site. But that entire, seamless experience is built on the back of this powerful DNS framework working tirelessly behind the scenes.

The Four Servers Behind Every DNS Lookup

When you type a domain name and hit Enter, you kick off a lightning-fast, invisible relay race across the internet. This whole process, called a DNS lookup, feels instant but involves a clever handoff between four specialized servers. It’s the core magic that turns a human-friendly name into a machine-readable IP address.

To really get what’s going on, let's follow your request on its journey. Imagine you’re trying to find a specific book in the world's largest library. You wouldn’t just start wandering—you’d ask the librarian for help. And that's exactly where the DNS lookup begins.

This simple flowchart shows how your request for a domain name flows through the DNS system to find the right IP address for your browser.

As the visual shows, DNS is just the essential translator between the name we use and the IP address the server actually needs.

The DNS Recursor: The Helpful Librarian

Your first stop is the DNS Recursor, also known as a recursive resolver. This is our helpful librarian who takes your request and promises to find the answer. Most of the time, this server is operated by your Internet Service Provider (ISP), like Comcast or Verizon.

The recursor’s job is to do all the legwork. First, it checks its own memory—its cache—to see if it has looked up this same domain recently. If so, it gives you the IP address right away, and the whole process is over in milliseconds. This caching trick is what makes the DNS so efficient.

If the domain isn't in its cache, the recursor starts the real search, moving up the chain of command.

The Root Server: The Main Library Index

The recursor’s first question goes to one of the 13 Root Servers positioned strategically around the globe. These servers don't know the exact IP address for your website, but they act as the main index for the entire internet library.

Instead of a final answer, the root server offers a crucial referral. It looks at the very end of your domain name—the Top-Level Domain (TLD) like .com, .org, or .io—and points the recursor to the next server in line, the one responsible for that specific TLD.

The TLD Name Server: The Specific Aisle

Following the root server's lead, the recursor now contacts the TLD Name Server. If the root server is the main index, think of the TLD server as the manager of a specific aisle in our library—in this case, the ".com" aisle.

This server manages all domains ending in .com. Just like the root server, it doesn't have the final IP address. Instead, it knows exactly who does. It points the recursor to the final stop on the journey: the domain's authoritative nameserver.

The Authoritative Name Server: The Exact Shelf

Finally, the recursor reaches the Authoritative Name Server. This is the ultimate source of truth for a specific domain—the exact shelf in the library where the book is located. The domain owner manages the official DNS records held here.

The authoritative server looks at its records, finds the IP address for the domain you requested, and hands it back to the recursor. The lookup is complete.

The recursor then passes this IP address back to your browser, which can finally connect to the website's server and start loading the page. It also caches this answer for a while, making the next request for that same site even faster.

Decoding The Most Common DNS Records

Alright, we've followed the DNS lookup from start to finish. Now let's talk about the final destination: the actual DNS records. These are the specific instructions sitting on the authoritative nameserver, telling the internet exactly what to do with your domain.

For most startups, creators, and agencies, the good news is you only need to get comfortable with a handful of these to get your website, email, and other services up and running.

Think of your domain's DNS settings like a switchboard. Each record is a different switch that directs a specific type of internet traffic. One switch points visitors to your website, another routes your incoming emails, and a third can be used to prove you actually own the domain. Getting a handle on these is the key to managing your online world.

Let's break down the records you'll actually use, skipping the heavy jargon and focusing on what they do in the real world.

A and AAAA Records: The Direct Address

The A record is the most basic and essential DNS record out there. The "A" simply stands for Address, and it does exactly that—it maps your domain name to a specific IPv4 address (those familiar four-part numbers like 192.0.2.1). It’s the clearest instruction you can give, like telling the post office, "This name lives at this exact street address."

The AAAA record is its more modern cousin. It points a domain to an IPv6 address, which uses a much longer, alphanumeric format. This new system was created to handle the explosion of devices connecting to the internet. Today, many services use both A and AAAA records to make sure they work on any network.

When you use a platform like Sotion, one of the two records you'll set is an A record. That one simple entry is what tells the entire internet where to find your beautiful Notion-powered website.

CNAME Record: The Forwarding Address

A CNAME (Canonical Name) record acts like a forwarding address. It doesn’t point to a numeric IP address but instead points one domain (or subdomain) to another domain name. It essentially says, "this name is just an alias for another name."

Its most common job is to handle subdomains. For example, a CNAME record is perfect for pointing www.yourcompany.com to your main yourcompany.com address. This ensures visitors land on your site whether they bother to type "www" or not.

MX Record: The Mail Carrier's Route

The MX (Mail Exchanger) record is all about email. It tells the internet which mail servers are in charge of accepting emails for your domain. Without an MX record, you can’t receive emails at your custom address (like hello@yourcompany.com). Simple as that.

MX records also come with a priority number. If you list multiple mail servers for backup, the server with the lowest priority number gets tried first. This creates a handy fallback system, making your email delivery much more reliable.

When you sign up for a service like Google Workspace or Microsoft 365, they’ll give you a list of MX records to add. This is how you tell the world's email systems to send your mail to their servers, not somewhere else.

TXT Record: The Universal Note Field

Finally, the TXT (Text) record is the jack-of-all-trades. It’s a versatile record that lets you store any kind of text information and make it publicly available. It doesn't direct traffic, but it’s absolutely essential for verification and security.

Think of it as a public sticky note you can attach to your domain.

You’ll most often use TXT records for two key jobs:

Verifying Domain Ownership: Services like Google Search Console or Facebook Business Manager will ask you to add a TXT record with a unique code. This is how you prove you're the one in control of the domain.

Boosting Email Security: Modern email standards like SPF and DKIM use TXT records to publish rules about who is allowed to send email from your domain, which is a massive help in fighting spam and phishing.

To help you keep these straight, here's a quick reference table.

Common DNS Record Types and Their Functions

This table summarizes the most common records you'll encounter, what they do, and where you'll see them used.

Record Type	Stands For	Function	Common Use Case
A	Address	Maps a domain to an IPv4 address.	Pointing `yourcompany.com` to your web host's server.
AAAA	(Quad-A) Address	Maps a domain to an IPv6 address.	The modern equivalent of an A record for IPv6 networks.
CNAME	Canonical Name	Points a subdomain to another domain name (an alias).	Pointing `www.yourcompany.com` to `yourcompany.com`.
MX	Mail Exchanger	Directs a domain's email to specific mail servers.	Setting up Google Workspace or another custom email service.
TXT	Text	Stores text information for external services to read.	Verifying domain ownership or setting up email security (SPF).

Mastering just these few records gives you the power to connect almost any service to your domain with total confidence.

If you’re ready to put this knowledge into practice, our guide on how to set up DNS records provides a full, step-by-step walkthrough.

You’ve just updated your DNS records, maybe pointing your domain to a new web host or setting up a fancy new email service. You hit refresh, excited to see your new site… but nothing happens. It’s a common, and frankly, frustrating moment. But it’s not a sign you did something wrong. It's actually the global DNS system working exactly as it should.

This delay you're seeing comes down to two key ideas: DNS propagation and caching. Getting a handle on how these two work together turns that moment of panic into a predictable, manageable waiting period.

What is Time to Live or TTL?

Every single DNS record has a value attached to it called Time to Live (TTL). Think of it like a "best before" date for your DNS information. It’s a number, measured in seconds, that tells DNS servers all over the world how long they should "remember" or cache your record's info before they need to check back in for an update.

For example, a pretty standard TTL is 3600. That’s 3600 seconds, or one hour. When a DNS resolver looks up your A record, it will hang onto that IP address for a full hour. Any requests that come in during that time get the saved copy, no questions asked.

This whole caching system is what makes the internet feel so incredibly fast. By storing answers nearby, resolvers can respond in a blink instead of having to do a full, cross-country lookup every single time someone visits your site.

The Global Ripple Effect of Propagation

When you update a DNS record, you’re changing it at the source—your domain's authoritative nameserver. The problem is, countless DNS resolvers across the globe still have the old information stored in their local cache. DNS propagation is simply the time it takes for all that old, cached data to expire and get replaced with your new information.

It doesn’t happen all at once. It’s more like a slow-moving ripple spreading across a pond.

You update the A record on your nameserver.

Any resolver whose cache for your domain has already expired will now go out and fetch the new IP address.

But, any resolver with a non-expired cache will keep serving the old IP address until its TTL timer finally runs out.

This is exactly why you might see your shiny new website live and working, while a friend in another city still sees the old one. Their local DNS resolver just hasn't gotten the memo yet.

While propagation can sometimes feel complete within an hour, it can technically take up to 48 hours for the changes to fully ripple out across every last server on the internet. This isn't a bug; it's a fundamental feature of the internet's massive, decentralized infrastructure.

So, the next time you push an update and don’t see an instant change, just remember the TTL and that global ripple effect. Your update is on its way—it just needs a little time to travel. Patience is the name of the game.

An Introduction to Modern DNS Security

That lightning-fast journey your DNS request takes feels totally seamless, but its inherently open design can, unfortunately, leave it wide open to bad actors. Think of a standard DNS query like sending a postcard—anyone who happens to intercept it along the way can read its contents or, even worse, scribble a new delivery address on it.

This is precisely why modern DNS security has shifted from a "nice-to-have" to an absolute necessity. It’s a critical layer of protection for both you and your visitors.

Without proper security, attackers can run wild with exploits like DNS cache poisoning. In this nasty trick, a malicious actor fools a DNS resolver into storing a fake IP address in its cache. The result? Anyone trying to visit your website gets unknowingly shuttled off to a fraudulent clone designed to steal their information.

This fundamental need for trust has been driving security improvements for decades. The DNS system, born way back in 1983, got its first real security upgrade in 1994 with the early drafts of what would become DNSSEC. As threats have gotten more sophisticated, so have the defenses, leading to modern encryption standards like DNS over HTTPS (DoH), which is now used by 10-20% of browsers to keep user queries private.

DNSSEC: The Digital Wax Seal

To fight back against this kind of tampering, engineers developed DNSSEC (Domain Name System Security Extensions). The easiest way to picture DNSSEC is as a digital 'wax seal' on a letter. It uses clever cryptography to sign DNS responses, verifying that the information you receive is the real deal and hasn't been messed with in transit.

When DNSSEC is enabled, your browser can check this digital signature to confirm it's talking to the right server. This simple check slams the door on attackers trying to forge directions and send your visitors to the wrong place.

DoH: The Encrypted Tunnel

While DNSSEC confirms authenticity, another technology protects your privacy: DNS over HTTPS (DoH). If a regular DNS query is a postcard, DoH is like sticking that postcard inside a sealed, opaque envelope. It wraps your DNS requests in the same powerful HTTPS encryption that secures your connection to websites.

This creates a private, encrypted tunnel between your device and the DNS resolver.

It’s also worth noting that DNS records are foundational to implementing robust email security best practices. Together, these technologies create a much more secure foundation for the entire internet. They offer peace of mind that your domain—and the people who visit it—are shielded from common threats.

To take your knowledge even deeper, check out our guide on essential website security best practices.

A Few Common Questions About DNS

When you're trying to get your website, project, or portfolio online, DNS can feel like a maze. Let's clear up a few of the most common questions that pop up for creators, agencies, and founders.

How Long Do I Really Have to Wait for DNS Changes?

The official (and safest) answer is to give it up to 48 hours. While you'll often see your changes pop up in under an hour, the full, worldwide update takes time.

This delay isn't a bug—it's a feature. The whole system is built on caching, where servers around the globe hang onto your old DNS info for a certain amount of time (called the Time to Live, or TTL). They won't check for your new records until that timer runs out. So, even if it looks like it's working for you, it can take a day or two for every server on the internet to get the memo.

What's the Difference Between a Domain Registrar and a DNS Host?

This is a super common mix-up, but the roles are actually pretty distinct.

A Domain Registrar is where you buy and renew your domain name. Think of them as the official business registry—they handle the ownership. Companies like GoDaddy, Namecheap, or Google Domains are all registrars.

A DNS Host is the service that actually stores and manages your DNS records (your A, CNAME, and MX records). They're the ones who tell browsers where to go when someone types in your domain.

Your registrar is often your default DNS host, but they don't have to be. You can keep your domain registered at one place and point it to a specialized DNS host like Cloudflare by updating your nameservers. This can often give you better performance and more advanced features.

Can I Use Multiple A Records or CNAMEs?

This is a "yes and no" situation, and it all depends on what you're trying to do.

You can definitely have multiple A records pointing to different IP addresses. This is a standard way to do load balancing, spreading traffic across several servers to keep your site fast and prevent it from going down if one server has an issue.

But you cannot have a CNAME record on your main root domain (like yoursite.com). Why? Because a root domain needs other essential records to function (like SOA and NS records), and the rules of DNS say a CNAME can't exist alongside any other record type for the same name. That’s why you almost always use CNAMEs for subdomains, like www.yoursite.com or blog.yoursite.com.

Do I Need to Worry About My IP Address Changing?

Probably not. If you're using a typical web host for your site, they almost always give you a static IP address—one that stays the same. You'll set your A record to point to it once, and you can pretty much forget about it.

In some rare or more advanced cases, you might have a dynamic IP that changes from time to time. If that happens, all you have to do is log into your DNS host and update your A record with the new number. It’s a simple fix to get traffic flowing to the right place again.

Ready to put all this knowledge into action? Sotion turns any Notion page into a sleek, professional website in minutes. The best part? The setup only requires adding two simple DNS records—no coding or technical headaches required.

Start building your website with Sotion today