Internet

Explainer: What Is DNS?

by Baz Edwards

DNS or Domain Name System is one of those things you probably haven't heard of, but is fundamental to how the internet works. In this guide, I'll explain what it is, how it works and how it can apply to internet security.

Explainer: What Is DNS?

DNS or Domain Name System is a fundamental part of the Internet that we use everyday.  It works silently in the background and most of us probably don't know that it exists.  But it's a protocol on the internet that turns human-readable website name such as bbc.co.uk or bonkersabouttech.com into address that computers can understand

Without this system in place, the internet would be a lot more difficult to navigate as you would have to remember the IP Address of each webpage or computers you wanted to access.

What You Will Learn

  • What DNS is and how it works

  • What Domain Names and IP Address are

  • DNS and how it relates to online security

What Is DNS?

DNS is like a phone book and is often dubbed the "phone book of the internet".  It's like a phone book because it translates human-readable domain names such as google.com or bonkersabouttech.com into machine-readable "IP Addresses".

Because your computer doesn't understand what google.com is or where it is, it has to look it up.  So behind the scenes, here's what happens.

Say a user wants to visit Bonkers About Tech, all they have to do is type "bonkersabouttech.com" into the address bar in their browser.

Once this has been entered, the browser then contacts a DNS server and asks for the IP Address.  DNS servers match domain names like google.com to their associated IP Addresses such as 173.194.39.78.

Once the browser has the IP Address it needs, it then displays google.com in the browser.  This process happens behind the scenes and is hidden from the user.

By Б.Өлзий - Own work, CC BY-SA 4.0, Link

IP Addresses?

So we've just said that DNS servers translate domain names into IP Addresses, but what are they exactly?

Well the first two letters stand for Internet Protocol.  It's a label really that's applied to every device that you own whether it's a phone, laptop, computer, TV, a website, or anything that connects to the internet.

An IP Address has four numbers and each has a value between 0 and 255.  Each number is also separated by a dot.  An example of one would be 70.74.251.42.

Now IP Addresses in this format conform the the IPV4 standard and each number is called an "octet".  It's the base-10 equivalent (the number system that we're all familiar with) of 8-digit base-2 (binary number system) which is used for routing network traffic.

So for example the number 42 in an IP Address could be written as 00101010 in binary.

In the new IPV6 standard, an IP Address has eight hexadecimal numbers (base-16), each separated by colons.  An example would be 2001:0cb8:85a3:0000
:0000:8a2e:0370:7334.

By Indeterminate - Own work, Public Domain, Link

How Does DNS Actually Work?

DNS servers are responsible for matching up domain names such as google.com to their associated IP Addresses such as 173.194.39.78.

One of the first DNS servers that your computer encounters are those provided by your Internet Service Provider (your "ISP").  If you have a router in your home though, then your computer will most likely use the router as your DNS server but ultimately, your router will forward an DNS requests to you ISP's DNS servers.

Doing DNS lookups for IP Addresses adds a bit of latency to your connection speed.  Fortunately, you computer can cache DNS responses so that it doesn't have to find the IP Address of Google every time you go to google.com for example.

However, assuming that neither your browser, your Operating System nor your Internet Service Providers (your "ISP") have the IP Address to bonkerabouttech.com in their caches, this is what happens:

  1. Whenever you type bonkersabouttech.com into your browser, your browser sends a question in a request over the internet.  That question is, "what is the IP Address of bonkersabouttech.com".  Of course it isn't actually phrased like that, it's actually a series of digits at its lowest level.

  2. This request is first picked up by a server is known as a recursive resolver.  This can be operated by your ISP, your mobile phone carrier or a third party provider.  This server knows which other DNS servers it needs to contact to find out the answer to the original question.

  3. The first port of call for the recursive resolver is the Root server.  These root servers are literally all over the world and which server you connect to will depend on your location.
    Each server knows about Top Level Domains (such as .com and .co.uk).  Therefore when these TLD name servers are contacted, they respond with information about second level domains such as bonkersabouttech.com within the top level domain (.com).  The information that the server responds with is the IP address of the domains name server which we'll come to next.

  4. Finally, the recursive resolver sends a request to the domain's name server which responds with the IP Address for the full domain bonkersabouttech.com.

  5. Once the recursive resolver has the final IP Address, it tells the browser what it is, so that it can then send out a request to the website's server to retrieve the content using the IP Address it has just been given.

  6. Boom!  The website appears in your browser!

DNS Security

It wouldn't be right to talk about DNS, or anything related to the internet, without talking about internet security.

It transpires that if you get a virus or other malware progams on your computer, they could change your default DNS server to a DNS server run by bad guys.

What this means is, is that this malicious DNS server can point popular websites such as facebook.com to completely different IP Addresses.

So whilst you might look in your address bar and see facebook.com in there, you could be looking at different site entirely.

So what can you do about this?  Well make sure you're running antivirus software and that it's kept up to date.

Watch out for error messages too, in particular certificate errors on secure (https) websites.  For example you may get "invalid certificate" messages.

Using Third-Party DNS Servers

When your computer connects to the internet, you're more than likely using your ISP's DNS servers.  But it doesn't have to be that way, and there's good reasons for using DNS providers run by third parties instead.

The most popular ones are OpenDNS and Google Public DNS.

You might want to use third party DNS servers as they may give you quicker lookups when you go to a website for the first time.  But this really depends on your location.  It might be that using Google's DNS is actually slower than the one you're currently using because you're located a long way from Google's servers.

Other advantages of using third party DNS is website filtering.  For example OpenDNS can block certain pages (such as pornographic websites) if you enable filtering.

In this case, instead of actually getting an IP Address back from the DNS server, your browser will receive a "blocked" message and display something appropriate inside you.

Wrapping It Up

If it wasn't for DNS, I'm pretty sure the internet would shut down.  If it didn't it would be incredibly difficult to use as you would have to keep track of IP Addresses for each website you want to visit.  

For new websites, you wouldn't know their IP Addresses and if websites ever moved to a new server provider, your records would be obsolete.

Fortunately DNS is here and it's here to stay.

I hope you've learned something about this massive part of the internet which is DNS.

Cheers!

Love this article?  Share it with your friends on Facebook!

Don't miss out! Get quality how-to's, tech tips and explainers delivered to your inbox!

You Might Also Like...