How Nameservers Work: DNS Explained in Plain Language

How Nameservers Work: DNS Explained in Plain Language

Rishav Kumar · November 18, 2025 · 2 min read

DNS gets described as "the phone book of the internet," which is accurate enough as a metaphor but does not really explain what is happening under the hood. Here is a more grounded explanation.

The Problem DNS Solves

Computers find each other on the internet by IP address — a number like 93.184.216.34. Humans find websites by name — like example.com. DNS is the system that translates one to the other.

The Four Players in a DNS Lookup

When you type a URL into a browser and hit enter, here is what happens:

  1. Your recursive resolver (usually provided by your ISP or a service like 8.8.8.8) receives your query and handles the lookup on your behalf.
  2. The root nameserver tells the resolver which nameserver is responsible for the top-level domain (.com, .net, .io, etc.).
  3. The TLD nameserver knows which nameservers are authoritative for the specific domain.
  4. The authoritative nameserver holds the actual DNS records and returns the answer.

The whole process typically takes 20–120ms. Results are cached at each step for the duration of the TTL, so subsequent lookups are much faster.

What "Authoritative" Means

The authoritative nameserver is the final word on a domain's DNS records. When you update your A record at Cloudflare DNS or Route 53, you are updating the authoritative nameserver. The change is reflected in new lookups once existing cached records expire.

Changing Nameservers

If you want to migrate DNS from one provider to another — say, from your registrar's default DNS to Cloudflare — you update the NS records at your registrar. This tells the TLD nameserver "for this domain, go ask these nameservers." The change takes up to 48 hours to fully propagate because TLD nameservers also cache NS record responses.

The practical approach: create all your records at the new DNS provider first, then update the NS records. That way there is no window where your records are missing.

Why Your Domain Has Two Nameservers

Redundancy. If ns1 is unreachable, ns2 answers. DNS is designed to be resilient, and having multiple authoritative nameservers is part of that design. Some providers give you four or more for extra redundancy across different data centers and network paths.

Back to Blog
Share: