The Basics · 7 min read

What Is a DNS Server? The Internet's Phone Book Explained

Every time you type a website name, a DNS server translates it into the IP address your device needs to find the site. It happens in milliseconds, billions of times a day, and it's quietly one of the most important systems on the internet. Here's how it works — and why your choice of DNS provider matters.

Updated May 19, 2026 · Check your DNS →

Quick answer

A DNS server translates website names (like google.com) into IP addresses (like 142.251.32.110) so your device knows where to send the request. Your default DNS is provided by your ISP, but you can switch to faster or more private alternatives like Cloudflare 1.1.1.1, Google 8.8.8.8, or Quad9 9.9.9.9 for better speed and privacy.

What is DNS?

DNS (Domain Name System) is the global directory that translates human-readable website names into computer-readable IP addresses. It's sometimes called "the internet's phone book."

Here's the problem DNS solves: computers don't actually use names like google.com. They use numerical IP addresses like 142.251.32.110. Memorizing those numbers for every site you visit would be impossible. So we invented DNS as a translation layer.

When you type scanmyipaddress.com in your browser, your device asks a DNS server "what's the IP address for scanmyipaddress.com?" The DNS server responds with the IP, and your browser then sends the actual request to that address.

This translation happens for every website, app, email, and online service you use — usually within 10-50 milliseconds. You never see it. But if DNS breaks, the entire internet appears broken from your perspective.

How DNS works (step by step)

Here's what actually happens behind the scenes when you visit a website:

  1. You type "google.com" in your browser
  2. Your device checks its local cache — recent lookups are stored locally for speed. If found, skip to step 7.
  3. Your device asks the local DNS resolver — this is the DNS server set in your network settings (usually your ISP's or one you've configured manually like 1.1.1.1).
  4. The resolver checks its cache. If found, returns the IP immediately. If not, it queries other DNS servers.
  5. The resolver asks root servers "where can I find .com domains?" Root servers respond with the address of .com nameservers.
  6. The resolver asks .com nameservers "where can I find google.com?" They respond with the authoritative nameservers for google.com (Google's own DNS).
  7. The resolver asks Google's nameservers "what's the IP for google.com?" They return the IP (like 142.251.32.110).
  8. Your device receives the IP and your browser sends the actual HTTP request to it.
  9. Google's server returns the webpage. You see the page load.

This entire process — including the actual page load — happens in well under a second for popular sites. For uncached lookups, DNS alone can take 50-200ms. Cached lookups are essentially instant.

Why DNS caches matter: Without caching, every page load would require multiple full DNS lookups. With caching at every level (your browser, your operating system, your DNS resolver), most lookups happen in microseconds. This is one of the unsung achievements of internet engineering.

Types of DNS records

DNS stores different types of information, called "records." Here are the most common:

  • A record — maps a domain name to an IPv4 address (e.g., scanmyipaddress.com → 104.21.61.95)
  • AAAA record — maps a domain to an IPv6 address (the "quad-A" record)
  • CNAME — aliases one domain to another (e.g., www.example.com → example.com)
  • MX — specifies mail servers for a domain
  • TXT — arbitrary text records, often used for domain verification and email security (SPF, DKIM, DMARC)
  • NS — specifies which DNS servers are authoritative for a domain
  • PTR — reverse lookup, mapping an IP back to a domain
  • SOA — start of authority, the "official" record about a zone

Most users only care about A and AAAA records (the IP lookups). The rest are important for site owners and administrators.

DNS and your privacy

Here's the privacy reality of DNS that most people don't realize: your DNS provider sees every domain you visit.

Every time you visit a website, even if the site is HTTPS-encrypted, your DNS server logs the lookup. They don't see what you do on the site — just that you went there. Over time, this creates a detailed map of your browsing habits.

Default DNS = your ISP's DNS. This means:

  • Your ISP knows every domain you visit (often retained for months)
  • In the US, ISPs can legally sell anonymized browsing data
  • Even on a VPN, if your DNS isn't routed through the VPN, your ISP still sees your queries (a "DNS leak")
  • Governments can subpoena DNS logs

Switching to a privacy-focused DNS provider (Cloudflare, Quad9, NextDNS) doesn't make you invisible — the DNS provider still sees the queries — but it does take the data out of your ISP's hands.

Best DNS providers

Cloudflare (1.1.1.1) — best for most users

Free, extremely fast, and committed to privacy. Cloudflare publicly commits to not logging IP addresses and undergoes regular third-party audits to verify. Supports encrypted DNS (DoH and DoT). Excellent global infrastructure means low latency from almost anywhere.

  • Primary: 1.1.1.1
  • Secondary: 1.0.0.1
  • IPv6: 2606:4700:4700::1111

Google Public DNS (8.8.8.8) — reliable but tracked

Extremely reliable and fast. Major upside: it just works, everywhere. Major downside: Google logs queries and uses them for analytics (though they say they don't link to ads). Good for users who prioritize reliability over privacy.

  • Primary: 8.8.8.8
  • Secondary: 8.8.4.4
  • IPv6: 2001:4860:4860::8888

Quad9 (9.9.9.9) — best for security

Blocks known malicious domains (phishing, malware, botnets) at the DNS level. Operated by IBM and the Global Cyber Alliance. Switzerland-based, strong privacy stance. Slightly slower than Cloudflare in most tests but worth it for the security filtering.

  • Primary: 9.9.9.9
  • Secondary: 149.112.112.112
  • IPv6: 2620:fe::fe

NextDNS — best for customization

Has a free tier (300k queries/month). Lets you customize blocklists for ads, trackers, malware, adult content. Per-device analytics if you want them. Excellent for parental controls or maximum personalization. Slightly more setup required.

  • Free tier available, paid plans start at $20/year
  • Visit nextdns.io for setup

OpenDNS (208.67.222.222) — legacy choice

Owned by Cisco. Family-friendly filtering built in. Reliable but no longer the cutting-edge option it once was. Acceptable if you specifically want their content filtering features.

  • Primary: 208.67.222.222
  • Secondary: 208.67.220.220

How to change your DNS server

You can change DNS at several levels — pick the one that works best for your situation.

Option 1: Change on your router (affects all devices)

The best option for whole-home protection. Once you change DNS on your router, every device on your network uses it automatically.

  1. Find your router's IP and log in.
  2. Find DNS settings (usually under Internet / WAN / Network settings).
  3. Replace your ISP's DNS servers with your chosen provider (e.g., 1.1.1.1 and 1.0.0.1).
  4. Save and restart router.

Option 2: Change on individual devices

Useful if you only want to change DNS on certain devices, or you can't access your router.

  • Windows: Settings → Network & Internet → Wi-Fi → click your network → Edit DNS settings
  • Mac: System Settings → Wi-Fi → Details → DNS tab → add servers
  • iPhone: Settings → Wi-Fi → (i) icon → Configure DNS → Manual
  • Android: Varies by manufacturer — often under Network & Internet → Private DNS

Option 3: Use encrypted DNS in your browser

Modern browsers support DNS over HTTPS (DoH) directly. This encrypts DNS queries even if your system DNS is set to your ISP.

  • Chrome: Settings → Privacy and security → Security → Use secure DNS
  • Firefox: Settings → Privacy & Security → DNS over HTTPS
  • Edge: Settings → Privacy, search, and services → Use secure DNS

Encrypted DNS (DoH, DoT)

Traditional DNS is unencrypted. Every query is sent in plain text, visible to your ISP and anyone else watching the network. Two newer protocols fix this:

DNS over HTTPS (DoH)

Wraps DNS queries inside encrypted HTTPS connections. To your ISP, your DNS traffic looks like normal web traffic — they can't see the domains you're looking up. Supported by Cloudflare, Google, Quad9, and most modern browsers.

DNS over TLS (DoT)

Similar concept but uses a dedicated port (853) and the TLS protocol directly. More efficient than DoH but easier for ISPs to identify and (potentially) block.

For most users, DoH in your browser is the simplest way to start. Combined with a privacy-focused DNS provider (Cloudflare or Quad9), you get encrypted, private DNS lookups with essentially zero setup.

Reality check: Encrypted DNS hides your queries from your ISP, but the DNS provider you switch to still sees them. The benefit is choosing who sees your data — picking a provider with a strong privacy track record instead of your ISP's default.

Frequently asked questions

What is a DNS server?

A DNS (Domain Name System) server is like the internet's phone book. When you type a website name like google.com, your DNS server looks up the actual IP address (like 142.251.32.110) so your device knows where to send the request. Without DNS, you'd have to memorize numerical IP addresses for every site you visit.

What DNS server should I use?

For most users: Cloudflare 1.1.1.1 (fast, privacy-focused, free), Google 8.8.8.8 (very reliable), or Quad9 9.9.9.9 (blocks malicious sites). For maximum privacy with content filtering, NextDNS offers a free tier with customization. Avoid your ISP's default DNS — they often log every domain you visit.

Can changing DNS improve my internet speed?

Sometimes. If your ISP's DNS is slow or overloaded, switching to Cloudflare 1.1.1.1 or Google 8.8.8.8 can make websites load faster — especially first-time visits. The actual download/upload speed doesn't change, just how quickly your device finds where to download from.

Is DNS encrypted?

By default, no. Traditional DNS sends your queries in plain text, so your ISP and anyone monitoring the network can see every domain you look up. Modern alternatives like DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt these queries. Most major browsers now support encrypted DNS by default.

What is a DNS leak?

A DNS leak happens when your DNS queries go through your ISP's servers even though you're connected to a VPN. The VPN encrypts your web traffic but if DNS goes around the tunnel, your ISP still sees which domains you visit. Most good VPNs include built-in DNS leak protection that routes all DNS through the VPN.

Can DNS block ads?

Yes. DNS-based ad blockers work by refusing to resolve known ad domains. Pi-hole (run on a Raspberry Pi at home) and NextDNS are popular options. The advantage over browser ad blockers: it works for every device on your network and blocks ads in apps too.

What happens if a DNS server goes down?

If your primary DNS fails, your device automatically tries the secondary. This is why you always configure two DNS servers. If both fail (extremely rare for major providers), websites stop loading even though the actual internet connection works fine.

Related articles