DNS stands for Domain Name System. It translates human-friendly domain names into the IP addresses that computers use to communicate. Without DNS, you'd need to memorize a number like 142.250.72.14 just to visit Google.

Simple definition: DNS is the internet's phonebook.

You type
google.com
DNS finds
142.250.72.14
Browser connects to
Google's server

How Does DNS Work? (Step-by-Step)

This entire process typically happens in milliseconds:

1
You type a domain name
You enter google.com into your browser
2
Your computer checks its DNS cache
If it's visited this site recently, the answer may already be stored locally — no lookup needed
3
Your computer asks a DNS server
It queries your configured DNS server (usually your router or ISP): "What is the IP for google.com?"
4
The DNS server responds with the IP
The server returns the IP address: 142.250.72.14
5
Your browser connects to that IP
The connection is made — Google loads in your browser

What Is a DNS Server?

A DNS server is a system that stores and provides domain name → IP address mappings. Most home routers automatically assign a DNS server via DHCP. Common public DNS servers you'll see on the A+ exam:

8.8.8.8
Google DNS
Fast, reliable, globally available
8.8.4.4
Google DNS (Secondary)
Backup DNS server from Google
1.1.1.1
Cloudflare DNS
Privacy-focused, one of the fastest
1.0.0.1
Cloudflare DNS (Secondary)
Backup DNS server from Cloudflare

Common DNS Problems (A+ Exam Clues)

DNS failures produce a specific, recognizable pattern — websites fail even though the connection itself works:

You can ping an IP address but not a website name — the connection works, but name resolution is broken
Websites won't load, but internet appears active — you have a working IP address but names don't resolve
"DNS server not responding" errors — your configured DNS server is unreachable or offline
⚡ CompTIA A+ Exam Tip — The Classic DNS Test

If you can ping 8.8.8.8 but NOT google.com — it's a DNS problem.

The internet connection itself works (you can reach an IP), but name resolution is broken. This specific scenario appears frequently in A+ troubleshooting questions.

How to Troubleshoot DNS Issues

1
Flush the DNS cache
Clears stale or corrupted cached entries: ipconfig /flushdns
2
Try a different DNS server
Manually set DNS to 8.8.8.8 (Google) to bypass a broken ISP or router DNS
3
Restart your router
Your router may be acting as a DNS forwarder — restarting it often clears DNS issues
4
Check DHCP settings
DHCP assigns DNS servers automatically — if DHCP is misconfigured, DNS settings may be wrong or missing

DNS and DHCP — How They Work Together

These two protocols are closely linked and are often tested together on the A+ exam:

DHCP
Assigns your IP address

Gives your device an IP address, subnet mask, gateway, and DNS server — automatically.

DNS
Resolves website names

Translates domain names into IP addresses so your browser knows where to connect.

Without DHCP, your device may not get an IP. Without DNS, your device can't resolve website names. Both need to work for normal internet access.

DNS Record Types

DNS record types are heavily tested on Network+. Each record type stores a different kind of information about a domain. Know every type below — the exam will describe a scenario and ask which record type is needed.

Record Full name What it maps / stores Exam scenario
A Address Hostname → IPv4 address "What record maps a domain name to an IPv4 address?"
AAAA IPv6 Address Hostname → IPv6 address "Which record resolves a hostname to an IPv6 address?"
CNAME Canonical Name Alias → another hostname (not an IP directly) "www.example.com pointing to example.com" — classic CNAME use
MX Mail Exchanger Domain → mail server responsible for receiving email "Email to @company.com isn't delivering — which record would you check?"
PTR Pointer IP address → hostname (reverse lookup) "Which record is used for reverse DNS lookups?"
NS Name Server Identifies the authoritative name servers for a domain "Which DNS servers are authoritative for this domain?"
SOA Start of Authority Zone metadata — primary NS, admin email, serial number, refresh/retry/expire timers "Which record contains zone transfer timing information?"
TXT Text Arbitrary text — used for SPF, DKIM, DMARC email authentication records "Which record type is used to publish SPF email sender policy?"
SRV Service Specifies hostname and port for specific services (SIP, XMPP, etc.) Less commonly tested — know it exists and what it does
⚡ The most tested record type question

A record = hostname to IPv4. AAAA record = hostname to IPv6. PTR record = IP to hostname (reverse — the opposite of A/AAAA). CNAME = alias to another name, never directly to an IP.

The MX record is the one to check whenever an email delivery scenario appears. The TXT record is what SPF, DKIM, and DMARC email security policies use.

DNS Hierarchy

DNS is a distributed, hierarchical system — no single server knows every domain. Resolution works by walking down the hierarchy from the top until an authoritative answer is found.

Root servers
13 sets of root servers (labelled A–M) sit at the top of the hierarchy. They don't know IP addresses — they know which TLD servers to ask next.
TLD servers
Top-Level Domain servers handle .com, .org, .net, .uk and so on. They know which authoritative name servers hold records for domains within their TLD.
Authoritative NS
Authoritative name servers hold the actual DNS records for a specific domain — A records, MX records, etc. This is the definitive answer.
Recursive resolver
Your ISP or configured DNS server (e.g. 8.8.8.8). Does the legwork — queries root → TLD → authoritative on your behalf, caches the result, returns the answer to you.
📌 Recursive vs iterative queries

Recursive query: Your device asks the resolver — the resolver does all the work and returns a final answer. Most client-to-resolver queries are recursive.

Iterative query: The resolver asks a root server — the root server says "ask this TLD server" — the resolver asks the TLD server — and so on. Resolver-to-server queries are iterative.

DNS Zones

A DNS zone is an administrative portion of the DNS namespace — essentially the set of DNS records a particular name server is responsible for managing.

DNS zone types
Primary zone      → The read/write master copy of DNS records for a domain
                      Changes are made here and replicated to secondary zones

Secondary zone    → Read-only copy of a primary zone — provides redundancy
                      Updated via zone transfers from the primary

Stub zone         → Contains only NS records — used to find authoritative servers
                      Lighter than a full secondary zone

Forward lookup zone → Resolves hostnames → IP addresses (standard direction)
Reverse lookup zone → Resolves IP addresses → hostnames (uses PTR records)
⚡ Zone transfers — TCP port 53

When a secondary DNS server requests an updated copy of records from a primary, this is called a zone transfer. Zone transfers use TCP port 53 (not UDP). Regular DNS queries use UDP port 53 — this distinction is tested.

Zone transfers should be restricted to authorised secondary servers only — unrestricted zone transfers are a security vulnerability that can expose your entire DNS record set.

DNSSEC

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to protect against DNS spoofing and cache poisoning attacks — where an attacker injects false DNS responses to redirect traffic to malicious servers.

Without DNSSEC, nothing stops a malicious DNS server from returning a forged IP address for a domain. DNSSEC lets resolvers verify that responses are authentic and haven't been tampered with, using a chain of trust from the root servers down to the authoritative name server.

🔒 DNSSEC exam points

What it protects against: DNS cache poisoning / DNS spoofing — where attackers feed false DNS records to redirect users to malicious sites.

How it works: Cryptographic signatures (using public key cryptography) are added to DNS records. Resolvers validate signatures using a chain of trust anchored at the root.

What it does NOT do: DNSSEC does not encrypt DNS queries — it only authenticates them. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) are what provide encryption.

nslookup — The DNS Troubleshooting Tool

nslookup is the primary tool for DNS diagnostics and is tested on both A+ and Network+. It queries DNS servers directly and shows what records are returned — letting you pinpoint exactly where DNS resolution is failing.

nslookup — common uses
# Basic lookup — find the IP for a hostname
nslookup google.com

# Query a specific DNS server (bypass your default)
nslookup google.com 8.8.8.8

# Look up a specific record type
nslookup -type=MX gmail.com       → Find mail servers
nslookup -type=TXT example.com    → Find SPF/DKIM records
nslookup -type=NS example.com     → Find authoritative name servers

# Reverse lookup — find hostname for an IP
nslookup 8.8.8.8                  → Returns dns.google
⚡ nslookup exam scenario

"A technician can ping 8.8.8.8 successfully but websites will not load. Which tool should they use to verify DNS resolution is working?" → nslookup

"An administrator runs nslookup and gets a response from 192.168.1.1 but the IP returned for google.com is incorrect. What does this indicate?" → The local DNS server (192.168.1.1) has a corrupted or poisoned cache — try querying a known-good server like 8.8.8.8 directly.

Final Summary

DNS stands for Domain Name System — the internet's phonebook
It translates domain names like google.com into IP addresses computers can use
Common public DNS servers: 8.8.8.8 (Google) and 1.1.1.1 (Cloudflare)
If DNS fails: websites won't load but you can still ping IP addresses directly
Fix with ipconfig /flushdns or manually set DNS to 8.8.8.8
DNS record types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (email), PTR (reverse), NS (name servers), TXT (SPF/DKIM)
DNS hierarchy: Root servers → TLD servers → Authoritative NS → Recursive resolver
Zone transfers use TCP port 53 — regular queries use UDP port 53
DNSSEC adds cryptographic signatures to prevent DNS spoofing and cache poisoning
Use nslookup to test DNS resolution and query specific record types
📚 Recommended Study Tools

Test Your Networking Knowledge

Practice exams and structured review make DNS troubleshooting scenarios automatic.

🧪 Take FREE Practice Exams 📖 Bestselling A+ Study Guide

Related Networking Articles

Best A+ Study Resources A+ Cheat Sheet Network+ Cheat Sheet What Is DHCP? Network Troubleshooting Commands Common Port Numbers What is a Router? TCP vs UDP Explained OSI Model Explained DNS Record Types

Preparing for the A+ Exam?

See the books, practice exams, and free resources that actually work.

See Best Study Resources →