DNS is the internet's phone book. When you type a URL, your OS asks a recursive resolver, which walks the DNS tree from root → TLD → authoritative server until it finds the answer.
Beyond A/AAAA (address) records, DNS carries MX (mail routing), TXT (verification, SPF/DKIM/DMARC), NS (which servers own a zone), CNAME (aliases), SRV (service discovery), and CAA (cert-issuance restrictions).
Try it on IPFerret
See also
- DoHDNS queries encrypted inside HTTPS so neither your ISP nor the local network can read or modify them.
- DoTDNS encrypted with TLS on dedicated port 853 — same goal as DoH but uses its own protocol port.
- DNSSECCryptographic signatures on DNS records so resolvers can verify the answer wasn't forged or tampered with.