• Glossary
  • What is DNS resolution? | ExpressVPN Glossary

Expressvpn Glossary

DNS resolution

DNS resolution

What is DNS resolution?

Domain Name System (DNS) resolution, or DNS lookup, is the process of mapping human-readable domain names like www.example.com to machine-readable IP addresses like 196.3.47.23. It translates domains into locations on the internet that computers can understand and use to communicate.

See also: DNS, DNS server, DNSSEC (DNS Security Extensions), DNS over HTTPS, DNS cache

How DNS resolution works

DNS resolution follows a process of steps to find the correct IP address:The steps of a DNS resolution process from a user device to authoritative servers.

    • Browser or app lookup: When someone enters a domain name, the browser, app, or service asks the device to look up the matching IP address.
    • Cached resolution: The device first checks its own cache before querying the router, which checks its cache too.
    • Recursive resolution: If there’s no saved answer, the query goes to a recursive resolver. This is the DNS server that performs the lookup for that network. It’s usually run by an ISP, workplace, school, or public DNS provider. If the recursive resolver doesn’t already have the answer, it asks the following servers step-by-step (this sequence of queries is called iterative resolution):
      • Root server: Tells the DNS resolver which server manages the top- level domain (TLD) it’s looking for. Examples include “.com” or “.net”. Since these TLDs rarely change, most resolvers have this information cached, making root server queries rare.
      • TLD server: Tells the DNS resolver which server is authoritative for the domain in question (the server that holds the domain’s DNS records). Record types include A (address), AAAA (IPv6 address), CNAME (canonical name), or MX (mail exchanger).
      • Authoritative server: Checks the records for the domain and returns the relevant information to the DNS resolver.
  • Connection: The DNS resolver passes this information on to the browser, which can then connect to the correct IP address for the domain.

Where is DNS resolution used?

This mechanism operates in the background of almost every networked application.

  • Web browsing: Entering a URL prompts the browser to resolve A or AAAA records to locate the web server and load the page.
  • Email routing: Mail clients query the mail exchanger records to find the correct destination server for outgoing emails.
  • Content delivery networks (CDN): A CDN is a system of servers distributed across multiple locations. DNS resolution can direct a request to a nearby CDN server, reducing buffering and improving load times.
  • Security filtering: Corporate zero-trust networks and security tools use private DNS resolvers to enforce access policies, maintain user privacy, and block malicious domains.
  • Virtual private networks (VPNs): VPNs encrypt DNS queries, and some services provide private DNS servers. This prevents the local network from seeing visited domains.

Why is DNS resolution important?

DNS resolution makes networks more user-friendly by allowing users to input simple domain names instead of IP addresses. Without it, people would have to remember long strings of numbers to reach websites and online services.

Because resolution is so central to networking, it also needs to be quick, reliable, and secure. Fast DNS resolution helps websites and apps load quickly, while slow or failed lookups can cause disruption to services. If not properly protected, DNS resolution can put online privacy at risk.

Risks and privacy concerns

DNS resolution isn’t automatically secured; DNS queries were traditionally sent over the internet in plain text. That means anyone with access to network traffic could see which domains the DNS resolver was accessing.

Many modern browsers secure DNS requests with encryption, such as sending DNS requests over HTTPS. Some public DNS services also encrypt DNS resolution by default, while DNS Security Extensions (DNSSEC) can make DNS processes safer.

Without these protections in place, DNS resolution can be vulnerable to:

  • DNS spoofing: If an attacker manages to intercept a target’s connection, they can send a spoofed DNS response, causing traffic to be routed to the wrong destination.
  • Cache poisoning: If a spoofed DNS response is stored by a device’s local cache, it’s known as cache poisoning. Cached records can be stored for varying lengths of time, corrupting DNS resolution until the cache is cleared or the DNS record is refreshed.
  • Resolver logging: DNS servers can track query logs, enabling user profiling.

Further reading

FAQ

What’s the difference between recursive and iterative DNS resolution?

In recursive resolution, the server does all the work to find the final IP address for the user. In iterative resolution, the server only provides a partial answer or a referral to the next server in the chain.

What causes DNS resolution to fail?

Failures happen when records aren’t updated, the authoritative server is down, or there is a network outage. Misconfigured local settings or blocked ports can also stop queries from going through.

How do DNS caching and TTL affect speed?

Caching DNS records stores previous answers locally, skipping external lookups, and speeding up load times. The time to live (TTL) value of a record dictates how long it stays in the cache before the system must request an update.

Does DNSSEC encrypt DNS queries?

No. DNS Security Extensions (DNSSEC) adds cryptographic signatures to verify that the records are authentic and haven’t been tampered with. It doesn’t hide the contents of the query from onlookers.
Get Started