What Is DNS? How Domains Actually Work
DNS (Domain Name System) is the internet's address book. It translates human-readable domain names like yourbusiness.com into the numeric IP addresses computers use to find servers. Every time someone visits your website or emails your business, a DNS lookup happens first. DNS is managed through records — A, CNAME, MX, TXT, NS — stored at your DNS host, and mistakes there can take your site or email offline even when the server itself is fine.
- Invented
- 1983, by Paul Mockapetris (RFC 882/883)
- Registered domains worldwide
- Over 350 million across all TLDs (Verisign Domain Name Industry Brief)
- Root server identities
- 13 named root server clusters, operated globally (IANA)
- Typical propagation time
- Minutes to a few hours for most changes; up to 48 hours worst case (industry consensus)
The address book analogy (and where it breaks down) #
The classic explanation is that DNS is a phone book: you look up a name, you get a number. That is broadly right. When someone types yourbusiness.com, their device asks DNS for the IP address, gets back something like 203.0.113.42, and connects to that server. But the analogy undersells two things. First, DNS is distributed — there is no single phone book, but millions of servers cooperating, each responsible for its own slice of the namespace. Second, DNS carries far more than website addresses. It tells the world which servers receive your email, which services are authorized to send email on your behalf, and how to verify your domain with Google, Microsoft, and dozens of other providers. That is why we treat DNS as business-critical infrastructure, not a set-and-forget checkbox. A single wrong record can silently break email for days while your website looks perfectly healthy.
How does a DNS lookup actually work? #
When a customer visits your site, their device first asks a recursive resolver — usually run by their ISP, or a public one like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare). If the resolver has the answer cached, it replies instantly. If not, it works down the hierarchy: 1) it asks a root server, which points to the servers for the .com zone; 2) it asks the .com TLD servers, which point to your domain's authoritative nameservers; 3) it asks your authoritative nameserver, which returns the actual record. The resolver caches the answer for the record's TTL and hands it to the browser. The whole chain typically completes in tens of milliseconds. The key concept for business owners: your authoritative nameserver is the source of truth. Whoever controls your NS records controls where your website and email point — which is why knowing where your DNS is hosted matters.
The DNS record types that matter #
You only need to understand a handful of record types. An A record maps a name to an IPv4 address — this is what points yourbusiness.com at your web server (AAAA does the same for IPv6). A CNAME is an alias: it says www.yourbusiness.com is just another name for yourbusiness.com, so you only update the target once. MX records list the mail servers that receive email for your domain, in priority order. TXT records hold arbitrary text and do heavy lifting for email authentication (SPF, DKIM, DMARC) and domain verification. NS records declare which nameservers are authoritative for the domain. A realistic small-business zone looks something like the example shown here — one A record for the site, a CNAME for www, MX records for Google Workspace or Microsoft 365, and TXT records for verification and email authentication.
yourbusiness.com. A 203.0.113.42
www.yourbusiness.com. CNAME yourbusiness.com.
yourbusiness.com. MX 1 smtp.google.com.
yourbusiness.com. TXT "v=spf1 include:_spf.google.com ~all"
yourbusiness.com. NS ns1.examplehost.com.
yourbusiness.com. NS ns2.examplehost.com.What is TTL, and why do DNS changes take time? #
Every DNS record carries a TTL — time to live — measured in seconds. It tells resolvers around the world how long they may cache the answer before asking again. A TTL of 3600 means any resolver that looked up your record may keep serving the old value for up to an hour after you change it. This is what people call propagation, and it is why a DNS change is not instant: it is not that the change is spreading, it is that old cached answers are expiring at different times in different places. Practical playbook for a migration: 1) lower the TTL to 300 seconds at least a day before the move; 2) make the change; 3) verify from multiple locations; 4) raise the TTL back to 3600 or higher once stable. Skipping step one is the most common reason a website move drags out over a day or two instead of five minutes.
Registrar vs. DNS host vs. web host #
Three different companies can be involved in serving one website, and confusing them causes real outages. Your registrar is where the domain is registered — it manages ownership, renewal, and which nameservers the domain delegates to. Your DNS host runs those nameservers and stores your records. Your web host runs the server your A record points at. Often one company plays two or three roles, which is convenient until you switch one service and accidentally break another. A classic failure: a business moves web hosting, cancels the old host's account, and discovers their DNS was hosted there too — so email and everything else goes dark. Before changing any provider, write down where each of the three roles lives. Our managed domains, DNS, and email service exists largely because untangling this after an outage is far more expensive than mapping it beforehand.
Do I need Cloudflare-style proxied DNS? #
Services like Cloudflare add a twist: instead of your A record exposing your server's real IP, DNS answers with Cloudflare's IP, and Cloudflare proxies traffic to your server. Visitors connect to Cloudflare's edge network, which caches static content close to them, filters malicious traffic, absorbs DDoS attacks, and can enforce HTTPS. For most small business sites this is a genuine win: faster load times, a free SSL layer, and protection you would otherwise pay for. The trade-offs are modest but real. Your server sees Cloudflare's IPs instead of visitors' (fixable with header handling), some records must stay unproxied — mail traffic, notably, cannot be proxied — and you add one more company to your dependency chain. Our default recommendation: proxied DNS is worth it for public websites, but keep MX and other mail-related records DNS-only, and document which records are proxied so future changes do not surprise you.
What are the most common DNS mistakes? #
After years of audits, the same handful of mistakes keeps appearing. 1) Orphaned records: old A records or CNAMEs pointing at services you canceled, which can enable subdomain takeover attacks. 2) Missing or duplicate SPF records — you may have only one SPF TXT record per domain; two invalidates both. 3) Editing records at the registrar's DNS panel when the domain actually delegates to different nameservers, so nothing you change takes effect. 4) Deleting the www CNAME during cleanup and breaking half your inbound links. 5) Letting the domain itself lapse because renewal emails went to a defunct address — the single most catastrophic and most preventable failure. 6) TTLs left at 86400 before a migration. A quarterly fifteen-minute review of your zone file catches nearly all of these. If you are launching something new, our free Domain Availability Checker helps you confirm naming options before you commit.
How do I look up DNS records myself? #
You do not need special tools to inspect DNS — every Mac and Linux machine ships with dig, and Windows has nslookup. The commands shown here answer the questions we get most: what does the domain point at, who handles its email, which nameservers are authoritative, and what does the SPF record say. Adding +short strips the output to just the answers. One diagnostic trick worth knowing: query your authoritative nameserver directly (dig @ns1.examplehost.com yourbusiness.com) to see the current truth, then query a public resolver (dig @8.8.8.8 yourbusiness.com) to see what the world's caches still believe. If the two disagree, you are watching TTL expiry in action, not a broken change. Web-based lookup tools show the same data from multiple global locations, which is useful for confirming a migration has fully settled before you decommission the old server.
dig yourbusiness.com A +short
dig yourbusiness.com MX +short
dig yourbusiness.com NS +short
dig yourbusiness.com TXT +short
# Compare authoritative vs. cached answers
dig @ns1.examplehost.com yourbusiness.com +short
dig @8.8.8.8 yourbusiness.com +shortWhen to get help with DNS #
Plenty of owners manage their own DNS successfully, and for a simple site with a stable setup that is fine. The moments that justify professional help are transitions: switching web hosts, moving email providers, adding email authentication, or consolidating domains after an acquisition — anywhere a wrong record means lost email or a dark website. It is also worth help if you cannot currently answer three questions: where is my domain registered, which nameservers are authoritative, and what would happen if my card on file expired? Our managed domains-DNS-email service handles registration, records, renewals, and monitoring as one accountable package, and our free Website Grader flags common DNS-adjacent issues like missing www redirects as part of its report. Whoever you use, insist on two things: you remain the registered owner of your domain, and you have login access to the registrar. No agency should ever own your domain for you.
FAQ
What is DNS in simple terms?
DNS is the system that converts the domain names people type, like yourbusiness.com, into the numeric IP addresses computers use to locate servers. It works like a distributed address book: your device asks a chain of DNS servers until one authoritative for your domain answers. Websites, email, and most online services all depend on it.
How long does DNS propagation really take?
It depends on the TTL of the record you changed. With a TTL of 300 seconds, most of the internet sees your change within minutes. With the common default of 3600 or 86400 seconds, cached old answers can persist for an hour to a day. The often-quoted 48 hours is a worst case, not the norm.
Is my domain registrar the same as my DNS host?
Not necessarily. The registrar manages your domain's registration and renewal; the DNS host runs the nameservers that answer queries. Many businesses use one company for both, but if your domain delegates to third-party nameservers, editing records at the registrar does nothing. Check your NS records to see who actually answers for your domain.
Can bad DNS settings hurt my SEO?
Indirectly, yes. DNS failures make your site unreachable to crawlers, and repeated downtime can suppress rankings. Slow DNS resolution adds latency to every first visit. Missing www redirects can split your site into duplicate versions. DNS itself is not a ranking factor, but reliability and speed — which depend on it — absolutely matter.
What happens if my domain expires?
Your website and email stop working almost immediately once the registry suspends the domain. Most registrars offer a grace period, often 30 days, to renew at the normal price, followed by a redemption period with fees commonly around $80-150. After that the domain can be auctioned or registered by anyone. Auto-renew with a current payment card prevents all of this.
Should I use Cloudflare for my small business site?
For most public websites, yes — the free tier adds caching, DDoS protection, and edge SSL with little downside. Keep mail-related records unproxied, since Cloudflare's proxy does not carry email traffic, and document your setup. If your site is behind another managed platform that provides equivalent protection, adding Cloudflare may be redundant.
Was this helpful?