Sticky Banner Visual Mobile 5

Lock in premium privacy for less: 2 years + 4 months at a special price.

Lock in 2 years + 4 months at a special price. Claim now!

Claim Now!
Sticky Banner Visual Mobile 3

Spring deal: Save up to 78% — Offer ends in

Spring Deal: Save up to 78%

Claim Now!

Expressvpn Glossary

DNS query

DNS query

What is a DNS query?

A Domain Name System (DNS) query is a request for DNS records sent from a device to a DNS server. It translates domain names such as example.com into numeric IP addresses like 181.25.7.2 so devices can connect to websites.

DNS queries are generated automatically when a browser, application, or other networked service accesses a domain. Without DNS queries, devices would need to connect using IP addresses instead of domain names.

How does a DNS query work?

A DNS query follows a hierarchical lookup process.

When a domain is requested, the device sends a query to a DNS resolver. If the resolver doesn’t have the response cached (stored), it queries the DNS hierarchy.

It first contacts a root name server, which directs it to the appropriate top-level domain (TLD) name server, which manages records for top-level domains such as .com or .org. The TLD server then refers the resolver to the correct authoritative name server. The authoritative server holds the DNS records for a specific domain and provides the IP address to the resolver.

The resolver stores the result for a defined period based on the record’s time-to-live (TTL) value and returns the result to the requesting device. The device can then establish a connection to the destination server.Flow diagram showing the DNS query lookup process.

Types of DNS queries

DNS queries differ based on how the lookup is handled and where the response is obtained.

  • Recursive query: The DNS resolver must return a final answer or an error. It handles all necessary lookups on behalf of the requesting device to complete the request.
  • Iterative query: The responding server returns the best information it has. If it doesn’t hold the record, it refers the requester to another DNS server.
  • Non-recursive query: The server returns the requested record immediately because the record is already cached or the server is authoritative for the domain.
  • Reverse lookup: This query starts with an IP address and returns the associated domain name, often used for verification and logging.

Why are DNS queries important?

DNS queries are essential to internet functionality. They allow devices to identify and connect to the correct servers using domain names rather than IP addresses.

They also affect performance. Cached DNS responses reduce lookup times and improve connection speeds. In network management and security contexts, DNS queries provide visibility into domain access patterns, which can help identify configuration issues or malicious activity.

Risks and privacy concerns

DNS queries can pose privacy and security risks if not properly managed.

  • Exposure of domain requests: Standard DNS queries are transmitted in plaintext. DNS operators or network intermediaries can observe and log requested domain names for monitoring or profiling.
  • DNS cache poisoning: Corrupted or fraudulent DNS data is inserted into a resolver’s cache, redirecting users to fraudulent websites.
  • DNS hijacking: Attackers manipulate DNS settings or servers to reroute traffic without the user’s knowledge.

Further reading

FAQ

What’s the difference between recursive and iterative queries?

A recursive query requires the resolver to return a final answer or an error. An iterative query may instead return a referral to another Domain Name System (DNS) server instead of the final record.

What information does a DNS query expose?

A Domain Name System (DNS) query reveals the domain name being requested. This information may be logged by the DNS server handling the request.

Are DNS queries encrypted by default?

No. Traditional Domain Name System (DNS) queries are transmitted in plaintext. This means they could be intercepted and viewed unless encrypted DNS protocols such as DNS over HTTPS (DoH) or DNS over Transport Layer Security (TLS) are used.

What is a DNS leak, and why does it matter?

A Domain Name System (DNS) leak occurs when DNS requests bypass a virtual private network (VPN) or proxy connection and are sent directly to an internet service provider (ISP) or other unintended DNS server, potentially exposing browsing activity that was meant to be private.
Get Started