Shared from "Study" on Inkdown
DNS is the internet's naming system. It converts human-readable domains like example.com into machine-usable answers, most commonly IP addresses, so browsers know which server to connect to.
DNS is not one central database. It is a distributed, hierarchical, cached lookup system.
| Actor | What it does |
|---|---|
| ICANN | Coordinates global DNS governance and root-zone policy. It is not queried directly every time you visit a website. |
| Registry | Operates a top-level domain, such as .com, .in, or .org. It stores delegation info for domains under that TLD. |
| Registrar | The company where you buy/manage the domain registration, such as GoDaddy, Namecheap, or Cloudflare Registrar. |
| Recursive Resolver | The DNS server your device asks first. It performs the lookup on your behalf. Examples: ISP DNS, Google 8.8.8.8, Cloudflare 1.1.1.1. |
| Root Nameserver | Tells the resolver which TLD nameservers handle a TLD like .com. |
| TLD Nameserver | Tells the resolver which authoritative nameservers handle a specific domain like example.com. |
| Authoritative Nameserver | Holds the official DNS records for a domain. This is the final source of truth. |
| Website Server | The actual server that hosts and serves the website after DNS resolution is complete. |
When a user types google.com, the request does not go to ICANN first.
The real flow is:
.com..com TLD nameservers where to find google.com.A nameserver is a DNS server that answers DNS questions.
When people say "your domain's nameservers," they usually mean the authoritative nameservers assigned to your domain.
These nameservers hold and serve records such as:
A: domain to IPv4 addressAAAA: domain to IPv6 addressCNAME: alias to another hostnameMX: mail serversTXT: verification, SPF, DKIM, etc.NS: which nameservers are authoritativeSOA: zone metadataThe nameserver does not host your website. It only answers DNS questions.
| Concept | Meaning |
|---|---|
| Registrar | Where the domain is registered and owned. |
| Nameserver | Where the domain's DNS records are officially answered from. |
| Hosting Server | Where the actual website files/app run. |
A domain can be registered at GoDaddy while using Cloudflare nameservers. These are separate roles.
When you buy a domain from GoDaddy, GoDaddy may initially provide default nameservers like:
That means GoDaddy's DNS servers are authoritative for your domain.
When Cloudflare asks you to replace those with nameservers like:
Cloudflare is asking to become the authoritative DNS provider for your domain.
You are telling the TLD registry:
For this domain, ask Cloudflare's nameservers for the official DNS answers.
This does not necessarily transfer the domain registration from GoDaddy to Cloudflare. It only changes who controls and serves the DNS zone.
Cloudflare needs to be authoritative for your DNS if it is going to manage DNS records and optionally proxy traffic.
Once Cloudflare is authoritative, it can:
If GoDaddy nameservers remain active, Cloudflare is not the authoritative DNS source.
The TLD registry usually does not store your website IP directly.
For example.com, the .com registry mainly stores delegation info:
Then the authoritative nameservers store the actual DNS records:
Simple analogy:
| Internet Concept | Analogy |
|---|---|
| Registrar | Place where you legally register the shop name |
| Registry | Government database for that category of shop names |
| Nameserver | Front desk that gives directions |
| DNS records | Direction book behind the front desk |
| Website server | Actual shop/room where the content exists |
A nameserver attached to your domain is the DNS authority for that domain.
Changing nameservers changes who the internet asks for your domain's official DNS records.
It does not automatically move your domain registration or website hosting. It only changes the authoritative DNS provider.
So the cleanest model is: