DNS

The Domain Name System (DNS) translates human-readable domain names (speedtesthq.com) into IP addresses (192.0.2.1) that computers use to route traffic. Every time you type a URL or click a link, a DNS lookup happens before any content loads. Slow DNS adds latency to every new connection.

DNS hierarchy

DNS is a distributed, hierarchical database. At the top sit 13 sets of root nameservers (operated by organisations like ICANN, Verisign, and NASA) that know the authoritative nameservers for every top-level domain. Below the root are TLD nameservers — one set for .com, one for .org, one for .uk, and so on — which know the authoritative nameservers for every domain registered under that TLD. At the bottom are the authoritative nameservers for each domain, which hold the actual DNS records mapping hostnames to IP addresses. When you register a domain, you configure its authoritative nameservers at your registrar, and that information propagates up to the TLD nameservers.

The recursive resolver's role

Your device does not query the root servers directly. Instead, it sends all queries to a recursive resolver — typically provided by your ISP (configured automatically via DHCP) or a public service like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare). The recursive resolver does the work of walking the DNS hierarchy on your behalf: it queries a root server to find the TLD nameserver, queries the TLD nameserver to find the authoritative nameserver, and queries the authoritative nameserver to get the final answer. It then caches the result and returns it to your device. Subsequent queries for the same domain hit the cache and return in milliseconds without contacting any external servers.

DNS record types

DNS TTL and caching

Every DNS record has a TTL (Time To Live) value — a number of seconds that resolvers and devices are permitted to cache the record before re-querying. A TTL of 300 means the record can be cached for 5 minutes. A TTL of 86400 means 24 hours. Low TTLs (60–300 seconds) allow rapid DNS changes but increase query load on nameservers and add lookup latency for uncached records. High TTLs (3600–86400 seconds) reduce query load and speed up repeat visits but slow down propagation of DNS changes. When migrating a website to a new IP address, operators typically lower the TTL to 300 seconds a day before the change, perform the change, then raise the TTL again afterward.

How to check DNS resolution

On Windows, run nslookup speedtesthq.com in a command prompt to see which IP address your resolver returns and which server answered. On macOS and Linux, dig speedtesthq.com gives more detail including the TTL, query time, and which server responded. To query a specific DNS server rather than your default, use nslookup speedtesthq.com 1.1.1.1 or dig @8.8.8.8 speedtesthq.com. To check DNS resolution time, dig speedtesthq.com reports the query time in milliseconds at the bottom of the output — under 20 ms is fast; over 100 ms indicates a slow or distant resolver.

DNS over HTTPS and DNS over TLS

Traditional DNS queries are sent in plaintext over UDP port 53 — visible to your ISP, network administrator, or anyone monitoring the network path. DNS over TLS (DoT) encrypts DNS queries using TLS on TCP port 853. DNS over HTTPS (DoH) wraps DNS queries inside standard HTTPS traffic on port 443, making them indistinguishable from regular web traffic. Both protocols prevent your ISP from reading or modifying your DNS queries. Cloudflare (1.1.1.1), Google (8.8.8.8), and Quad9 (9.9.9.9) all support both DoT and DoH. Modern browsers (Firefox, Chrome) can be configured to use DoH directly, bypassing the system resolver entirely.

Why DNS matters for speed

DNS lookup time is added to every page load for uncached domains. A DNS server that takes 200 ms to respond makes every new site feel slow even on a gigabit connection. When you navigate to a page that loads resources from 10 different domains (a common scenario with ads, CDNs, and analytics), each uncached domain requires a separate DNS lookup — 10 lookups at 200 ms each adds 2 seconds of latency before a single byte of content has loaded. Switching to a fast public resolver (Cloudflare 1.1.1.1 typically responds in 5–15 ms globally) can make browsing feel noticeably snappier, especially on sites that load resources from many origins.

Common DNS problems

• NXDOMAIN: The queried domain does not exist. Either the domain name is misspelled, the domain has expired, or the DNS record has been deleted. Some ISPs intercept NXDOMAIN responses and redirect to a search/ad page — this can be bypassed by using a public resolver.
• SERVFAIL: The resolver could not get a response from the authoritative nameserver. This can mean the authoritative nameserver is down, DNSSEC validation failed, or a network problem between the resolver and the nameserver.
• Slow DNS: Queries taking over 100 ms consistently. Fix by switching to a faster public resolver in your router's DNS settings.
• Stale cache: After a DNS record changes, devices may continue using the old cached value until the TTL expires. Flush the DNS cache on Windows with ipconfig /flushdns, on macOS with sudo dscacheutil -flushcache.

Faster DNS alternatives

• 1.1.1.1 (Cloudflare) — typically the fastest globally; strong privacy policy
• 8.8.8.8 (Google) — widely used; good global coverage
• 9.9.9.9 (Quad9) — privacy-focused; blocks malicious domains

Change DNS in your router settings to apply to all devices on the network simultaneously.

Frequently Asked Questions

Will changing DNS make my internet faster?

It can improve page load times by 20–200 ms for uncached lookups, which is noticeable when browsing many sites. It does not change your download or upload speed — those are determined by your ISP plan.

What is a DNS leak?

A DNS leak occurs when your device sends DNS queries through your ISP's server even when you are connected to a VPN, exposing your browsing to the ISP. Test for DNS leaks with a DNS leak test tool and configure your VPN to use its own DNS servers.