DNS (the Domain Name System) is the distributed lookup that turns a human-readable name, like a website's domain, into the numeric address a machine connects to. Almost every connection starts with a DNS query, so when names stop resolving, everything downstream looks broken even though the servers are fine.
At a glance
What it is
A lookup that maps a name to a numeric network address
Why it matters
Nearly every connection begins with a name-to-address query
Common record types
A and AAAA point a name at an address; CNAME points a name at another name
When it breaks
Services look down but are running; the name just stopped resolving
Flow
What happens when you open a name
The name is resolved to an address first, then the real connection is made. If this first step fails, the working server is never reached.
1
You request a namea domain a person can remember
2
DNS resolves itthe name is looked up and returns an address
3
Connection to the addressnow the actual server is reached
What does DNS actually do?
People remember names. Machines connect to numeric addresses. DNS (the Domain
Name System) is the lookup that bridges the two. When you open a site, your
machine first asks a resolver “what address does this name point to?”, gets an
answer back, and only then makes the real connection. That first step is so
fast and so automatic that it is easy to forget it happens at all, until it
fails.
The mapping lives in records. An A record points a name at an address; an AAAA
record does the same for the newer, longer address format; a CNAME points one
name at another name. You edit these at whoever holds your domain, and the rest
of the internet reads them.
Why does DNS cause outages that are not outages?
The cruel part of DNS is that a broken lookup looks exactly like a broken
server. The service is running, the port is open, the certificate is valid, and
yet nothing connects, because the name no longer resolves to the right address.
A record edited in haste, a change that has not propagated yet, a typo in an
address: any of these takes a healthy system offline without touching the
system.
So when a self-hosted service goes dark, resolve the name before you restart
anything. If dig returns the wrong address, or no address, you have found the
fault, and no amount of rebooting the server will fix a name that points
somewhere else.
Check it yourself
dig +short example.com
Prints the address a name resolves to right now. An empty answer means the name is not resolving, which is a DNS problem, not a server one.
DNS handles
Mapping a memorable name to a numeric address
Pointing several names at one machine
Moving a name to a new address when you migrate hosts
Directing mail and service discovery through dedicated records
DNS does not handle
Encrypting the connection; that is TLS, a separate layer
Deciding who is allowed in; that is a firewall's job
Routing traffic on to a backend; that is a reverse proxy
Proving the server is who it claims to be on its own