Not to be confused with a DNS nameserver, the other component of the Domain name system (DNS). (However, note that the same host may perform both jobs.)
The job of a DNS resolver is to return an up-to-date DNS resource record (RR) for a given domain name. When initiated from a personal host, this is usually an A (IPv4) or AAAA (IPv6) record.
DNS resolvers make heavy use of caching. The caches have definite TTL values specified by the nameserver responsible for the RR value. New values can also be propagated on demand via anycast, resulting in fast propagation of changes from major DNS providers.
If the DNS resolver has an unexpired cached value, it will return that value. If it does not, it will send the request to the lowest node in the nameserver hierarchy for which it has an unexpired cached value.
For example, if the request is foo.bar.com, and the resolver has a cached nameserver for bar.com, it will forward the request to that nameserver.
In the event that the resolver does not have a cached value for the top-level domain, it will need to contact a DNS root server. (This is rare.)
DNS resolvers, by default, make strong assumptions about the authenticity of content returned from nameservers. These requests are also sent via plaintext. As such, naive DNS resolvers are extremely vulnerable to attacks. DNSsec can help with this, though it’s not perfect.