Updated 2 hours ago
When you type a domain name into your browser, your computer doesn't go find the IP address. It asks someone else to do it.
That someone is a DNS resolver—a server whose entire job is to take your question and hunt down the answer. You ask once. The resolver does all the running around.
This is convenient. It's also worth understanding, because whoever runs your resolver sees everywhere you go online.
What the Resolver Actually Does
A DNS resolver, technically called a recursive resolver, accepts your query and performs every step needed to get an answer. When your browser asks "What's the IP for example.com?", the resolver:
- Checks its cache—maybe it looked this up recently
- If not cached, starts at the root nameservers
- Follows referrals through TLD nameservers
- Reaches the authoritative nameserver for example.com
- Gets the answer, caches it, returns it to you
The word "recursive" is key. The resolver recursively queries different nameservers, following the trail until it reaches a definitive answer. Your device just waits.
Your Device Is Lazy (On Purpose)
Your computer has something called a stub resolver—but it doesn't do much resolving. It's a messenger.
The stub resolver:
- Takes DNS queries from applications (browser, email, whatever)
- Forwards them to a real resolver somewhere else
- Waits
- Hands the answer back
All the actual work happens on the recursive resolver server. This division makes sense: recursive resolution requires big caches, handling thousands of queries per second, and maintaining connections to nameservers worldwide. That's server work, not phone work.
Your device is lazy—gloriously, efficiently lazy. It asks one question and waits.
Who Runs Your Resolver?
When you connect to a network, DHCP hands your device a DNS resolver address along with your IP address. By default, this points to your ISP's resolver.
Your ISP runs recursive resolvers as part of their service. Every DNS query from your device goes there first. Convenient—requires no setup—but not your only option.
Public DNS Resolvers
Several organizations run free, public DNS resolvers:
| Provider | Primary | Secondary | Notable Feature |
|---|---|---|---|
| Google Public DNS | 8.8.8.8 | 8.8.4.4 | Global infrastructure |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | Speed, privacy focus |
| Quad9 | 9.9.9.9 | 149.112.112.112 | Malware blocking |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | Content filtering |
These services operate massive infrastructure optimized for speed, reliability, and sometimes security features like malware blocking.
Switching Resolvers
Changing your DNS resolver is a simple configuration change—you specify the IP addresses you want instead of your ISP's defaults.
You can change this in your operating system's network settings, on your router (affects all devices), or in your browser using DNS over HTTPS.
Why You Might Switch
Speed
Not all resolvers respond equally fast. Cloudflare's 1.1.1.1 is often faster than ISP resolvers because of their investment in global infrastructure. A faster resolver means faster page loads—DNS happens before anything else can start.
Privacy
Your DNS queries are a complete log of everywhere you've been online. Every website, every service, every API call. Whoever operates your resolver sees it all.
ISPs sometimes sell this data. Some public resolvers commit to stronger privacy—Cloudflare deletes query logs within 24 hours and doesn't use them for advertising.
Encrypted DNS protocols (DNS over HTTPS, DNS over TLS) go further, preventing anyone between you and the resolver from seeing your queries. Without encryption, your ISP can still observe DNS traffic even if you're using a different resolver.
Security
Some resolvers add protection:
- Quad9 blocks domains known to distribute malware
- OpenDNS offers phishing protection and content filtering
- Cloudflare provides a family-friendly variant at 1.1.1.3
Your ISP's resolver probably doesn't include these features.
Reliability
Public resolvers often have better uptime than ISP resolvers. If your ISP's resolver fails, DNS stops working for you. Configuring multiple resolvers as backups adds redundancy.
The Cache Makes It Fast
Caching is what makes DNS feel instant. When a resolver looks up a domain, it stores the result for a period defined by the TTL (Time to Live) set by the authoritative nameserver.
Query the same domain again before the TTL expires? The resolver answers from cache immediately. No recursive lookup needed.
For popular domains, resolvers handle thousands of queries per second. Almost all answered from cache.
This is why big public resolvers can be faster than small ISP resolvers—their enormous user base means better cache hit rates. The domain you're looking up? Someone else probably looked it up a second ago.
Frequently Asked Questions About DNS Resolvers
Was this page helpful?