Every time you type a web address and press Enter, a hidden lookup runs before the page even starts loading. Your computer does not know where the website lives. It only knows its name.

This post explains exactly how DNS turns that name into a number your computer can connect to. In simple steps.

The Problem: Names vs Numbers

Every device on the internet is reached by an IP address — a number like 142.250.72.196. Routers move traffic using these numbers, not words.

But two things make raw numbers hard to use:

  • No human wants to memorize digits for every website.
  • Those numbers change. Servers move, and the address changes with them.

So we need a directory. It must map readable names to the current numbers, work everywhere at once, and update quickly. That directory is the Domain Name System (DNS).

DNS Is a Tree, Not a List

DNS is not one giant list on one computer. That could never scale to the whole internet. It is a tree.

Read a domain name from right to left:

  • . — the root, at the very top.
  • .com — a top-level domain (TLD). Others are .org, .net.
  • example — the domain itself.
  • www — a subdomain.

Each level only needs to know one thing: where to find the level below it. No single server holds the whole internet. The work is split across millions of servers.

The Resolver Does the Hunting

Your computer does not walk the tree itself. It asks a resolver.

A resolver is usually run by your internet provider. You can also use a public one, like 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google).

The resolver does the hunting for you:

  1. It asks a root server: where are the .com servers?
  2. The root replies with a referral.
  3. It asks the .com servers: where is example.com?
  4. They point to that domain’s authoritative nameserver — the server that holds the real answer.
  5. The authoritative server returns the IP address.

Three or four quick questions, and the resolver has the number.

Caching and TTL

If every lookup walked the whole tree, the internet would be slow. So nothing does the full walk twice if it can avoid it.

Every answer comes with a TTL (time to live). This is how long the answer can be reused before checking again.

The answer is cached at every level:

  • Your browser caches it.
  • Your operating system caches it.
  • The resolver caches it.

The next time you visit, the IP comes back instantly from cache. No global hunt.

The TTL is a trade-off:

  • A short TTL means changes spread fast, but there are more lookups.
  • A long TTL means less traffic, but updates take longer to take effect.

The Full Lookup, Step by Step

Put it all together:

  1. Check the cache — your browser and OS check first. If the answer is there, you are done in microseconds.
  2. Ask the resolver — if it is not cached.
  3. Walk the tree — the resolver asks root, then the TLD, then the authoritative nameserver.
  4. Return and cache — the IP is returned and cached at every level for next time.

Only now does your browser have an address to connect to.

After the Lookup

So that little pause in the address bar before anything appears? A lot of the time, that is DNS finishing.

Here is where it connects to the last post. The moment DNS returns the IP address, your browser opens a connection to that number and starts the TLS handshake. (See How HTTPS Actually Works.)

DNS finds the door. HTTPS proves it is the right one and locks it behind you. Name → number → secure connection — all before the first pixel of the page.

See It Yourself

You can run a real DNS lookup from your terminal.

Use dig to see the answer and its TTL:

# +noall +answer keeps just the answer section
dig example.com +noall +answer

The output shows the IP and the TTL (the number before IN A).

Trace the full path down the tree — root, then TLD, then authoritative:

# +trace walks the hierarchy one level at a time
dig example.com +trace

Or use nslookup, which works the same on most systems:

# Ask a specific resolver (here: Cloudflare's 1.1.1.1)
nslookup example.com 1.1.1.1

Run the first command twice. The second time, the TTL is lower — proof the answer is being cached and counted down.

What You Learned

  • Computers route by IP numbers, not by names.
  • DNS is a tree: root → TLD → domain, read right to left.
  • A resolver walks the tree for you and returns the IP.
  • Answers are cached with a TTL, so the second visit is instant.
  • The whole lookup runs before the page loads — then HTTPS takes over.

Follow @kemal_codes on X and kemalcodes on GitHub. This is part of “Under the Hood” — how everyday tech really works.