Imagine you want to call your friend.
You don't remember their number. So you search their name in your contacts.
Your phone finds the number and calls them.
That's exactly what DNS does — but for websites.
google.com (the name)142.250.195.46 (the number / IP address)Computers only understand numbers (IP addresses). DNS translates names → numbers.
Without DNS, you'd have to memorize IP addresses for every website. 😵
Every device on the internet has an IP address.
It's like a home address — but for computers.
Example: 152.67.10.5
When you visit techwithjuned.com, you're actually connecting to an IP like that.
You just don't see it — because DNS hides it behind a friendly name.
Before we see how it works, meet the team:
| Name | What it does |
|---|---|
| DNS Resolver | Your agent — asks questions on your behalf |
| Root Name Server | Knows where to find .com, .in, .org servers |
| TLD Name Server | Knows who manages techwithjuned.com |
| Authoritative Name Server | Has the final IP address answer |
| Cache | Remembers recent answers so you don't ask again |
Let's say you type techwithjuned.com in your browser.
Here's exactly what happens:
Your browser first asks itself:
"Have I visited this site before? Do I remember the IP?"
Your operating system also keeps a DNS memory (called a cache).
There's also a special file called /etc/hosts on Linux/Mac:
127.0.0.1 localhost
192.168.1.10 myserver.local
If the domain is listed here, your computer uses that IP directly — no DNS query needed.
Your computer sends the question to a DNS Resolver.
This is usually your ISP's server, or a public one like:
8.8.8.81.1.1.1Think of the resolver as a librarian.
You ask the librarian for a book. The librarian goes and finds it for you.
The resolver also has memory.
If someone else already asked about techwithjuned.com recently — it already knows the answer.
The resolver asks a Root Name Server:
"Where can I find info about
techwithjuned.com?"
There are 13 sets of Root Servers worldwide. They are the top of the DNS system.
The Root server doesn't know the IP. But it knows who manages .com domains.
Answer: "Go ask the .com TLD server."
Now the resolver asks the .com TLD Server:
"Who manages
techwithjuned.com?"
The TLD server still doesn't have the IP. But it knows which nameserver is in charge.
Answer: "Go ask ns1.example-dns.com."
This is the final stop. ✅
The Authoritative Name Server is the one you set up when you buy a domain.
It has the real, actual IP address.
Answer: techwithjuned.com → 152.67.XX.XX
The resolver:
1. Gets the IP ✅
2. Saves it (caches it for next time)
3. Sends it to your browser
4. Your browser connects to 152.67.XX.XX
5. 🎉 Page loads!
You type: techwithjuned.com
│
▼
[Browser Cache] ── found ──▶ Done ✅
│ not found
▼
[OS Cache / /etc/hosts] ── found ──▶ Done ✅
│ not found
▼
[DNS Resolver]
│ not in cache
▼
[Root Server] → "Ask .com TLD"
│
▼
[.com TLD Server] → "Ask ns1.example-dns.com"
│
▼
[Authoritative Server] → "IP is 152.67.XX.XX" ✅
│
▼
Resolver saves it → sends to browser → Page loads 🎉
When you own a domain, you create DNS Records.
Each record tells the world something about your domain:
| Record | What it does | Example |
|---|---|---|
| A | Points domain to an IP address | techwithjuned.com → 152.67.10.5 |
| CNAME | Points domain to another domain | www → techwithjuned.com |
| MX | Where to send emails for your domain | mail.techwithjuned.com |
| TXT | Stores text (used for verification) | Email security settings |
| NS | Which nameservers manage your domain | ns1.cloudflare.com |
You set these records on your domain provider (Cloudflare, GoDaddy, Namecheap etc.)
TTL = Time To Live
Every DNS record has a TTL — a timer that says:
"Cache this answer for X seconds. After that, ask again."
Example:
techwithjuned.com TTL=3600 → 152.67.10.5
TTL of 3600 means: remember this for 1 hour.
Pro tip: Before changing your server IP — lower your TTL to 300 first. After the change is done, raise it back.
| With DNS | Without DNS |
|---|---|
Type google.com |
Type 142.250.195.46 |
| Easy to remember | Impossible to remember |
| Change IP anytime | Everyone needs the new IP |
| Works everywhere | Only works if you know the number |
Since DNS is everywhere, attackers target it too. Good to know:
DNS Spoofing — Attacker injects a fake IP into a resolver's cache.
You type bank.com but you land on a fake copy. Your password gets stolen.
DNS over HTTPS (DoH) — Encrypts your DNS queries. Your ISP can't see which sites you're visiting.
DNSSEC — Adds a digital signature to DNS records. Proves the answer hasn't been tampered with.
DNS Tunneling — Attackers secretly send data through DNS queries. Common in CTF challenges and real corporate breaches.
DNS = Phone book of the internet
Name → IP Address translation
Flow:
Browser cache → OS cache → Resolver → Root → TLD → Authoritative → IP ✅
DNS Records:
A = IP address
CNAME = Alias
MX = Email
TXT = Verification
TTL = How long to cache the answer
Site not loading after changing DNS → TTL hasn't expired yet. Wait for the old TTL to run out. Usually 1–24 hours.
ERR_NAME_NOT_RESOLVED in browser
→ DNS couldn't find an IP for that domain. Check your A record is set correctly.
DNS change not working on your device → Your device cached the old answer. Flush your DNS cache:
# Linux
sudo systemd-resolve --flush-caches
# Windows
ipconfig /flushdns
👉 "How HTTPS & SSL Works — From Handshake to Encrypted Connection"
TechWithJuned · Learn → Execute → Build