A DNS resolver (also called a recursive resolver or recursive nameserver) is the first DNS server your device queries when looking up a domain name. It acts on your behalf, recursively querying root servers, TLD servers and authoritative servers until it obtains the final answer, which it then caches and returns to you.
How a Recursive Resolver Works
- Your device sends a query for
example.comto the resolver. - The resolver checks its cache. Cache hit → returns immediately.
- Cache miss → queries a root name server for the TLD's nameserver.
- Queries the TLD nameserver for the domain's authoritative nameserver.
- Queries the authoritative nameserver for the A record.
- Returns the IP to your device and caches the result for the record's TTL duration.
Your ISP's Resolver vs Public Resolvers
By default, your device uses your ISP's DNS resolver. You can change this in your OS or router settings:
- Google Public DNS:
8.8.8.8/8.8.4.4— Fast, reliable, global. - Cloudflare:
1.1.1.1/1.0.0.1— Privacy-focused (no query logging), very fast. - OpenDNS:
208.67.222.222— Offers content filtering options. - Quad9:
9.9.9.9— Blocks known malicious domains.
DNS over HTTPS (DoH) and DNS over TLS (DoT)
Standard DNS queries are sent in plain text, exposing which sites you visit to network observers. DoH and DoT encrypt DNS queries — Cloudflare and Google support both. Most modern browsers support DoH natively.