Back to Articles

The Domain Name System (DNS)

By Tony Perez (@perezbox) Posted in: educational-guide, dns

In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we’ll dive deeper into the world of DNS—what it is, how it routes users to the right servers, and which parts you can control.

The Art of Routing Web Requests (Hello, DNS)

DNS stands for Domain Name System (often confused with “Domain Name Server”). It’s the mechanism that lets us find websites like noc.org without memorizing IP addresses. Any server on the Internet or a private network maps to an IP address—its “street address.” Imagine having to remember 137.220.48.110 instead of noc.org (and that’s before IPv6).

Technically, DNS is a redundant, hierarchical, distributed database used to pass information about domain names—one of the world’s largest distributed databases. DNS follows a client–server model: clients query servers to retrieve data from that distributed system.

The DNS Hierarchy

While DNS feels simple, it’s implemented as a layered system with four key components:

Type Description Layman’s Explanation Example
Recursive resolver Receives your query and finds the correct IP for a domain. Your gateway to the wider DNS. It doesn’t “know” domain data; it’s great at asking the right questions. CleanBrowsing
Root nameserver Authoritative servers that serve the DNS root zone. The first stop for resolvers—points the way to the right Top-Level Domain (TLD). Root Server Operators (e.g., Verisign’s A/J-root)
TLD nameserver Authoritative servers for a TLD (e.g., .com, .net, .org). Keeps the index of domains under its TLD and points to the right authoritative server. .com (Verisign), .org (PIR)
Authoritative nameserver Holds the definitive DNS records for a domain. Knows where a domain “lives” (e.g., which IP serves the site, where email should go). NOC Authoritative DNS

How DNS Works

Your device’s local resolver first checks its cache; if a fresh answer exists, it uses that. If not, your configured recursive resolver begins the search. It asks the Root, which points to the correct TLD nameserver, which then points to the domain’s Authoritative DNS. The authoritative server replies with the record (e.g., an A/AAAA record), and the resolver returns that to your browser—all in milliseconds.

Basic DNS flow from resolver to root, TLD, and authoritative nameservers

Controlling Parts of the DNS Chain

As a user or site owner, you directly control two critical pieces:

Type Description
DNS Resolver (Recursive DNS) You choose which resolver to use. At NOC, we use CleanBrowsing because it lets us filter content and enforce a DNS-based network policy for our team.
Authoritative DNS (AuthDNS) Essential for site owners. Your authoritative DNS stores your domain’s records (e.g., noc.org). Poorly managed AuthDNS is a single point of failure and a high-value target—it controls routing for your website, email, and other services.

Mastering these pieces lets you shape what’s accessible on your network and protect critical digital assets. At NOC, our Authoritative DNS platform supports outage auto-detection and self-healing, smart geo-routing, and high-availability nodes worldwide—core capabilities for performance and resilience, all powered by DNS.

NOC — Authoritative DNS, CDN & WAF

Accelerate and protect your sites with global DNS, edge caching, and an always-on web application firewall.

See Plans