Internet, Networking, & Security Home Networking 775 775 people found this article helpful What Is a DNS Server? Everything you need to know about network DNS servers by Tim Fisher General Manager, VP, Lifewire.com Tim Fisher has 30+ years' professional technology support experience. He writes troubleshooting content and is the General Manager of Lifewire. our editorial process Facebook Twitter LinkedIn Tim Fisher Updated on May 08, 2020 Home Networking ISP The Wireless Connection Routers & Firewalls Network Hubs Broadband Ethernet Installing & Upgrading Wi-Fi & Wireless Tweet Share Email A DNS server is a computer server that contains a database of public IP addresses and their associated hostnames, and in most cases serves to resolve, or translate, those names to IP addresses as requested. DNS servers run special software and communicate with each other using special protocols. You may see a DNS server referred to by other names, such as a name server or nameserver, and a domain name system server. The Purpose of DNS Servers It's easier to remember a domain or hostname like lifewire.com than it is to remember the site's IP address numbers 126.96.36.199. So when you access a website, like Lifewire, all you have to type is the URL https://www.lifewire.com. However, computers and network devices don't work well with domain names when trying to locate each other on the internet. It's far more efficient and precise to use an IP address, which is the numerical representation of what server in the network (internet) the website resides on. Lifewire / Chloe Giroux The DNS server sits in the space between humans and computers to help facilitate their communication. How DNS Servers Resolve a DNS Query When you type a website address into your browsers address bar and press Enter, a DNS server goes to work to find the address that you want to visit. It does this by sending a DNS query to several servers, each of which translates a different part of the domain name you entered. The different servers queried are: A DNS Resolver: Receives the request to resolve the domain name with the IP address. This server does the grunt work in figuring out where the site you want to go actually resides on the internet.A Root Server: The root server receives the first request, and returns a result to let the DNS resolver know what the address of the Top Level Domain (TLD) server that stores the information about the site. A top level domain is the equivalent of the .com or .net portion of the domain name you entered into the address bar.A TLD Server: The DNS resolver then queries this server, which will return the Authoritative Name Server where the site is actually returned.An Authoritative Name Server: Finally, the DNS resolver queries this server to learn the actual IP address of the website you're trying to deliver. Once the IP address is returned, the website you wanted to visit is then displayed in your web browser. It sounds like a lot of back and forth, and it is, but it all happens very quickly with little delay in returning the site you want to visit. The process described above happens the first time you visit a site. If you visit the same site again, before the cache on your web browser is cleared, there's no need to go through all these steps. Instead, the web browser will pull the information from the cache to serve the website to your browser ever faster. Primary and Secondary DNS Servers In most cases, a primary and a secondary DNS server are configured on your router or computer when you connect to your internet service provider. There are two DNS servers in case one of them happens to fail, in which case the second is used to resolve hostnames you enter. Several publicly accessible DNS servers are available for you to use. If you want to change the DNS servers your network connects to, see our Free & Public DNS Servers List for an up-to-date listing, and How Do I Change DNS Servers?. Why You Might Change Your DNS Server Settings Some DNS servers can provide faster access times than others. This is often a function of how close you are to those servers. If your ISP's DNS servers are closer to you than Google's, for example, you may find domain names are resolved quicker using the default servers from your ISP than with an external server. If you experience connection problems where it seems no websites will load, it's possible there's an error with the DNS server. If the DNS server isn't able to find the correct IP address that's associated with the hostname you enter, the website can't be located and loaded. A computer or device, including smartphones and tablets, connected to your router can use a different set of DNS servers to resolve internet addresses. These will supersede those configured on your router and will be used instead. How to Obtain Internet Server Information The nslookup command is used to query your DNS server on Windows PCs. Start by opening the Command Prompt tool and then typing the following: nslookup lifewire.com This command should return something like this: Name: lifewire.comAddresses: 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 In the example above, the nslookup command tells you the IP address, or several IP addresses in this case, that the lifewire.com address translates to. DNS Root Servers There are 13 important DNS root servers on the internet that store a complete database of domain names and their associated public IP addresses. These top-tier DNS servers are named A through M for the first 13 letters of the alphabet. Ten of these servers are in the US, one in London, one in Stockholm, and one in Japan. The Internet Assigned Numbers Authority (IANA) keeps this list of DNS root servers if you're interested. Malware Attacks That Change DNS Server Settings Malware attacks against DNS servers are not at all uncommon. Always run an antivirus program because malware can attack your computer in a way that changes the DNS server settings. For example, if your computer uses Google's DNS servers (22.214.171.124 and 126.96.36.199) and you open your bank's website, you naturally expect that when you enter its familiar URL, you'll be sent to the bank's website. However, if malware changes your DNS server settings, which can happen without your knowledge after an attack on your system, your system no longer contacts Google's DNS servers but instead a hacker's server that poses as your bank's website. This fake bank site might look exactly like the real one, but rather than logging you into your bank account, it harvests the username and password you just typed, giving the hackers the essential information they need to get into your bank account. Malware attacks that hijack your DNS server settings may also redirect traffic away from popular websites to ones that are full of advertisements or to a fake site designed to scare you into believing your computer has been infected with a virus, and that you must buy their advertised software program to remove it. Don't fall for websites that suddenly pop up with flashing warnings telling you your computer has been infected with a virus, and that you must purchase some software to get rid of it. They're always scams. Protecting Yourself From DNS Attacks There are two things you should do to avoid becoming a victim of a DNS settings attack. The first is to install antivirus software so that malicious programs are caught before they can do any damage. The second is to pay close attention to the appearance of important websites you visit regularly. If you visit one and the site looks off in some way—maybe the images are all different or the site's colors have changed, or menus don't look right, or you find misspellings (hackers can be dreadful spellers)—or you get an "invalid certificate" message in your browser, it might be a sign that you're on a faked website. How DNS Redirection Can Be Positively Used This ability to redirect traffic can be used for positive purposes. For example, OpenDNS can redirect traffic to adult websites, gambling websites, social media websites, or other sites network administrators or organizations don't want their users visiting. Instead, they may be sent to a page with a "Blocked" message.