DNS Explained: How Your Domain Actually Reaches Your Server

What Is a Domain Name?

The Simple Explanation

A domain name is the address people type into their browser to visit your website. Instead of remembering 185.199.108.153, you type example.com. That is it. A domain is a human-friendly label that points to a server somewhere on the internet.

The Technical Explanation

A domain name is a hierarchical identifier within the Domain Name System (DNS). It is structured right-to-left: the top-level domain (TLD) comes last (.com, .dev, .io), followed by the second-level domain (the name you register, like example), and optionally subdomains to the left (blog.example.com).

When someone visits your domain, their browser doesn't actually know where your server lives. It has to ask the DNS system to translate that name into an IP address. That translation process is the backbone of how the internet works.

How DNS Works

DNS is often called "the phone book of the internet," and that analogy still holds. Here is the chain of events when someone types yoursite.com into their browser:

1. Browser cache - The browser checks if it already knows the IP address from a recent visit.
2. OS resolver - If not cached, the operating system asks a recursive DNS resolver (usually your ISP's or a public one like 1.1.1.1 or 8.8.8.8).
3. Root nameservers - The resolver asks a root nameserver: "Who handles .com?"
4. TLD nameservers - The .com TLD nameserver responds: "The nameservers for yoursite.com are ns1.registrar.com and ns2.registrar.com."
5. Authoritative nameservers - The resolver asks those nameservers for the actual DNS records (A, CNAME, etc.).
6. Response - The resolver gets the IP address and passes it back to the browser, which connects to your server.

This entire process typically takes under 100 milliseconds. The result gets cached at multiple levels so subsequent visits are nearly instant.

# You can trace this yourself:
dig yoursite.com +trace

# Or just see the final answer:
nslookup yoursite.com

Domain vs Hosting

This is one of the most common points of confusion for new developers. Here is the difference:

• Domain - The address (like example.com). You buy it from a registrar. It does not store any files or run any code.
• Hosting - The server where your website files, database, and application actually live. This is where your code runs.

Think of a domain as a street address and hosting as the building at that address. You need both, but they are separate things. You can buy a domain from Cloudflare and host your site on Vercel. You can move your hosting without changing your domain, and vice versa. DNS records are what connect the two.

Types of DNS Records

When you open your domain's DNS settings, you will see different record types. Here is what each one does and when you would use it.

A Record

Maps a domain to an IPv4 address. This is the most fundamental record type.

Type: A
Name: @          (or your domain)
Value: 76.76.21.21
TTL: 300

AAAA Record

Same as an A record, but for IPv6 addresses. As IPv6 adoption grows, you will see these more often.

Type: AAAA
Name: @
Value: 2606:4700:3030::6815:1234
TTL: 300

CNAME Record

Points one domain name to another domain name (not an IP). Common for subdomains and platform integrations.

Type: CNAME
Name: www
Value: cname.vercel-dns.com
TTL: 300

A CNAME cannot coexist with other record types on the same name. That is why you typically use an A record for the root domain (@) and a CNAME for www.

MX Record

Tells the internet where to deliver email for your domain. If you want you@yourdomain.com to work, you need MX records.

Type: MX
Name: @
Value: mx1.emailprovider.com
Priority: 10

TXT Record

Stores arbitrary text. Used for domain verification (Google Search Console, email providers), SPF records for email authentication, and DKIM signatures.

Type: TXT
Name: @
Value: "v=spf1 include:_spf.google.com ~all"

NS Record

Specifies which nameservers are authoritative for your domain. You usually set these at your registrar to point to your DNS provider.

Type: NS
Name: @
Value: ns1.cloudflare.com

Subdomains

A subdomain is anything to the left of your main domain: blog.example.com, app.example.com, api.example.com. Technically, www is also a subdomain.

You create subdomains by adding DNS records. Want blog.example.com to point to a different server? Add a CNAME or A record with the name blog.

# Point blog subdomain to a different platform
Type: CNAME
Name: blog
Value: your-blog-platform.com

# Point API subdomain to your backend server
Type: A
Name: api
Value: 203.0.113.50

Subdomains are free to create - you do not pay extra for them. They are just additional DNS records under a domain you already own. This makes them great for separating concerns: your marketing site at example.com, your app at app.example.com, and your docs at docs.example.com.

How to Buy a Domain

You buy a domain from a registrar. Prices vary, but a .com typically runs $8–$15 per year. Here are solid registrars:

• Cloudflare Registrar - Sells domains at cost with no markup. Also gives you excellent DNS management and DDoS protection built in.
• Namecheap - Competitive pricing, good UI, free WHOIS privacy.
• Google Domains - Clean interface, straightforward pricing. (Note: Google Domains was sold to Squarespace in 2023, but existing domains continue to work.)

Avoid registrars that lure you in with a cheap first-year price and then charge $40+ on renewal. Always check the renewal price before purchasing.

Connecting a Domain to Your App

Once you own a domain, you need to point it at your hosting. Here is how it works with popular platforms.

Vercel

1. Go to your Vercel project → Settings → Domains.
2. Add your domain (e.g., yoursite.com).
3. Vercel gives you the DNS records to add at your registrar:

# For the root domain (@)
Type: A
Value: 76.76.21.21

# For www
Type: CNAME
Value: cname.vercel-dns.com

4. Add those records in your registrar's DNS settings.
5. Wait for propagation (usually a few minutes, sometimes up to 48 hours).
6. Vercel automatically provisions an SSL certificate.

Netlify

Similar process. Netlify gives you either an A record (75.2.60.5) or you can use their DNS by pointing your nameservers to Netlify's NS records for automatic configuration.

Custom Server (VPS)

If you are running your own server, just create an A record pointing to your server's IP. Then set up a reverse proxy (Nginx, Caddy) and handle SSL yourself.

# Caddy automatically handles SSL
# Caddyfile example:
yoursite.com {
    reverse_proxy localhost:3000
}

SSL/HTTPS

SSL (technically TLS now, but everyone still says SSL) encrypts the connection between your visitor's browser and your server. HTTPS is just HTTP with that encryption layer.

Why it matters:

• Browsers show a "Not Secure" warning for HTTP sites.
• Google uses HTTPS as a ranking signal for SEO.
• Without it, data like passwords and form submissions travel in plain text.
• Modern features (service workers, geolocation, etc.) require HTTPS.

The good news: you almost never have to set up SSL manually anymore. Vercel, Netlify, and Cloudflare all provision free SSL certificates automatically. If you are on a VPS, use Let's Encrypt with Certbot or just use Caddy, which handles certificates out of the box.

Want to check if your site's security headers are configured correctly? Try the Security Headers Checker tool on this site.

Common Mistakes to Avoid

1. Buying from Sketchy Registrars

Some registrars offer domains for $1 the first year, then charge $40+ on renewal. Others make it intentionally difficult to transfer your domain away. Stick with reputable registrars like Cloudflare, Namecheap, or Porkbun.

2. Not Setting Up Email Records

If you plan to use email with your domain (even just for receiving), you need MX records. Without proper SPF, DKIM, and DMARC (TXT records), emails sent from your domain will land in spam or get rejected entirely.

# Minimum email DNS setup:
# MX record for receiving
Type: MX
Name: @
Value: mx.youremailprovider.com
Priority: 10

# SPF record to authorize sending
Type: TXT
Name: @
Value: "v=spf1 include:_spf.youremailprovider.com ~all"

# DMARC record for policy
Type: TXT
Name: _dmarc
Value: "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com"

3. Letting Domains Expire

When a domain expires, it enters a grace period, then goes to auction. Someone else can buy it - and they will, especially if it has any SEO value or backlinks. Set up auto-renewal and make sure the payment method on file is current.

4. Ignoring TTL Settings

TTL (Time to Live) controls how long DNS resolvers cache your records. If you are about to make DNS changes (like migrating hosts), lower the TTL to 60–300 seconds a day before the switch. Otherwise, you might be stuck waiting hours for the old records to expire from caches worldwide.

5. Not Using HTTPS

There is no reason to run a site on plain HTTP in 2026. Free SSL certificates are everywhere. If your hosting platform does not handle it automatically, set up Let's Encrypt. It takes five minutes and removes the "Not Secure" warning that drives visitors away.

Wrapping Up

Domains and DNS are not complicated once you understand the moving parts. A domain is the name, DNS is the translation layer, and hosting is where your code runs. The records in between - A, CNAME, MX, TXT - are just instructions that tell the internet where to route traffic and email.

If you are launching a new project, here is the quick checklist: buy a domain from a reputable registrar, point the DNS records at your hosting platform, let SSL get provisioned automatically, and set up your email records if you need them. That is all there is to it.