DNS lookup

A DNS lookup is what happens when your browser, app, or shell needs to convert example.com into an IP address it can connect to. It takes microseconds when cached, milliseconds when not.

The flow for one lookup (uncached)

1. App asks the OS: "what's the IP for example.com?"
2. OS asks the local recursive resolver (usually your ISP's, or 1.1.1.1, or 8.8.8.8).
3. Resolver, if it has no cached answer, asks the DNS root servers: "who runs .com?"
4. Root tells it the IP of the .com TLD servers.
5. Resolver asks the TLD: "who runs example.com?"
6. TLD returns the NS records for example.com.
7. Resolver asks one of those nameservers: "what's example.com's A record?"
8. Authoritative server returns the IP.
9. Resolver caches it, returns to OS, OS returns to app.

When everything's cached: step 1 and 9 only.

Time budget

• Cached lookup: 0.1–1 ms.
• First lookup with cold cache, same continent: 20–50 ms.
• First lookup with cold cache, across the world: 100–300 ms.
• Cold lookup against a slow authoritative server: 500 ms+.

DNS lookup time is a real part of page load. Sub-50ms is the goal for popular sites. Use anycast DNS (Cloudflare, Route 53) to keep authoritative lookups close to users.

Debugging tools

• dig example.com — the standard. Shows the full response.
• dig +trace example.com — walks the whole resolution chain.
• nslookup example.com — older tool, less detailed.
• host example.com — minimal output.
• Browser dev tools: Network panel shows DNS time as part of the request.