If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

IP addresses and DNS

The co-founder of the Internet Vint Cerf and software engineer Paola Mejia take us through the ins and outs of how networks talk to each other.

Want to join the conversation?

  • leaf green style avatar for user MehulSharma.253
    I thought IP address was specific for a device. Why do websites have an IP address ? I'm confused now.
    (33 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      MAC addresses are specific to devices. Typically a network interface device will have a sticker or label with its MAC address on it.

      IP addresses are not specific to devices. Often, when you hook up a device to a network it requests an IP address to be assigned to it. The amount of time it is allowed to keep that IP address can vary (some networks may even choose to permanently assign a device an IP address ). It is even possible, through the use of Network Address Translation, for many devices to share the same IP address.

      So why don't we just use MAC addresses for websites ?
      A MAC address is just for a single network interface device. If that device broke down and had to be replaced or the website want to use several different devices to balance the load of requests, a single MAC address wouldn't work.

      Hope this makes sense
      (64 votes)
  • hopper jumping style avatar for user 22g.wentzel
    How do you know if you are using a fake website and not the real one?
    (31 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      If you are using https: then your browser will receive a certificate signed by a certification authority confirming that the website is who it says it is.

      For example on Chrome, if I click on the lock by the web address and the tab for "Connection" it will have a link to the "Certificate Information".

      If you are using just plain http: then you can't be certain whether the site is fake or not.
      (59 votes)
  • hopper jumping style avatar for user 22g.wentzel
    How can you figure out what your computer's address is?
    (13 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      For Windows command prompt: use the command ipconfig
      For Unix command prompt: use the command ifconfig

      It will look something like this: X.X.X.X where X are numbers

      If the IP address you find looks like 192.168.X.X (it starts with 192.168), then:
      - You only found out your local IP address on your internal network.
      - Your router is using NAT (network address translation), so that outside world only sees one IP address, but all your devices on your local network can use it
      (For more info see: https://en.wikipedia.org/wiki/Network_address_translation)
      - To find the IP address that the outside world sees use https://www.whatismyip.com/
      (alternatively you can run the administrator tools for you router and it should tell you)
      (30 votes)
  • winston baby style avatar for user ahmet
    if my hardware (say PC) is connected to a LAN will it have same IP address for local network and public network (internet) ?
    (8 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      It depends.

      If you are not using Network address translation (NAT) then your external IP address will be the same as your local IP address.

      If you are using NAT (which most home networks with a router will be using) your router will present a single external IP address to the world, and your devices on your local network will have addresses between and NAT works by making up port numbers for each device on your local network. When one of your devices sends a packet to the internet, NAT will replace the source IP address with the external IP, and the source port with the port number it made up for that device. When NAT receives a packet, it looks at the port number for the packet and then forwards it on to the device associated with that port number.

      Why do we use NAT ? Under the dominant standard IPv4 there are a limited number of IP addresses, and buying them is expensive. NAT lets many devices share one IP address. Under IPv6 (the newer standard, which is slowly spreading) there are so many IP addresses that every device can have its own IP address, which will make NAT, for the most part, unnecessary.

      For more info see: https://en.wikipedia.org/wiki/Network_address_translation
      (16 votes)
  • mr pink green style avatar for user abdullahaliabbasi1
    So an IP Address is 4 bytes?

    That also means the highest CURRENT possible IP could be 1111111111111 or

    This also means the future IP will be 16 bytes and the IP will be in hexadecimal, right?
    (5 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      IPv4, the older standard, uses a 4 byte address
      One of the standard ways to present an IPv4 address is dotted decimal notation.
      (Decimal values for each byte are seperate by '.', e.g. )

      IPv6, the newer standard, uses a 16 byte address.
      (don't ask about where IPv5 went, it's a long story...)
      One of the standard ways to present an IPv6 address is 8 groups of 4 hexadecimal digits separated by colons e.g. 2001 : 0db8 : 85a3 : 0000 : 0000 : 8a2e : 0370 : 7334 (which can be further simplified to 2001 : db8 : 85a3 :: 8a2e : 370 : 7334 by eliminating leading zeroes and replacing consecutive blocks of zeros with :: )

      Both of these protocols are in use, but the majority (>80%) of the traffic currently uses IPv4.

      Of course, the IP addresses are just numbers, so there are many other ways to represent them.

      By the way, is reserved as a broadcast address in IPv4 (https://en.wikipedia.org/wiki/Broadcast_address)
      (18 votes)
  • winston baby style avatar for user ahmet
    can someone comment on the concept of a logical port number, explanations I could find are way too abstract for me to comprehend. thank you.
    (6 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      Suppose I wanted to send a package to Bob Smith at the XYZ company.
      I would have to write the address of the XYZ company on the package, and I would also have to write the name of Bob Smith on the package. The delivery person would deliver the package to the mail room at the XYZ company. The mail room at XYZ would then sort out the mail and deliver Bob Smith his package.

      A similar thing happens with packets on the internet. The IP address is the address, that tells the internet where the packet needs to go to on the network. The port number tells the computer where the data needs to go once it has reached the computer e.g. one packet could be part of a picture loading on your web browser, and another packet could be part of an update for some program.
      (12 votes)
  • blobby green style avatar for user Yizhou A. Jiang
    I have several questions in regard to IP addresses:)
    1) Do Internet Service Providers and websites buy IP addresses?
    2) When my computer connects to different networks it uses different IP addresses?
    3) If some IP addresses are temporary, how did people catch hackers based off that?
    4) If a hacker knows the IP address I'm using (which is temporary) and tries to hack the address when someone else uses it, will the hacker be hacking someone else's computer?
    5) How can I protect my IP address from hackers?
    6) Does Cloud mean uploading local files to servers so that given the IP address of the server we can use different IP addresses to access the files?
    7) How does the DNS servers know the IP addresses given the DNS of websites at the very beginning? How do the website set up the "memory"?
    Thanks in advance for your generous answers! Love the video - always wanted to learn about how Internet works!!
    (6 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      1) Yes

      2) For your computer to talk on a network it will be need an IP address. Typically, it will be leased an IP address by the local DHCP server. So, if you hook your computer up to your ISP's network, the ISP's DHCP server will lease you an IP address. If you take your laptop to school and hook up to their network, then the school network's DHCP serve will assign you an IP address. When the time expires, the DHCP server will lease you a different IP address.

      3) IP addresses do change often. However, an ISP would own a block of IP addresses. It is possible that they might maintain logs of who was leased what IP address for how long. So, it might be possible to associate an IP address with a person. However, most hackers will hide their IP address behind proxy server(s), which can makes finding the hackers real IP address effectively impossible.( Don't believe what you watch on detective shows )

      4) Yes

      5) Usually it's not necessary to. If you really want to hide your IP address then hide it behind a proxy server. Alternatively, you could periodically tell your network interface device to release the old IP address and obtain a new one from the DHCP server.

      6) The cloud is basically accessing servers by the internet. You could store files on them, run programs on them, etc. (depending on what the owner of the server has agreed to).

      7) Typically when the website is registered with a domain name registrar e.g. Go Daddy, will add the entries to the authoritative name server. When other DNS servers look for that website, they will eventually ask that server.
      (6 votes)
  • orange juice squid orange style avatar for user raineeee
    When I accidentally type .khanacademy.com, how does it turn into khanacademy.org?
    (2 votes)
    Default Khan Academy avatar avatar for user
  • spunky sam blue style avatar for user Marc Rodriguez
    How do you know if a website is fake?
    (3 votes)
    Default Khan Academy avatar avatar for user
    • hopper happy style avatar for user Sheikhmrizwan
      The lock and the URL(Uniform Resource Locator) are your friends if a website has a HTTP(Hypertext Transfer Protocol) instead of the normal HTTPS(Hypertext Transfer Protocol Secure) then you can easily be hacked and the URL like if I wanted to publish a replica of Khan Academy it would probably be something like this:
      kahnacademy.org This can make a huge difference because the website khanacademy.org is not kahnacademy.org. Another tip is if there is a green lock on the side of the URL bar then that website is secured otherwise it is most likely a phishing website.
      (9 votes)
  • blobby green style avatar for user Palash  Jain
    Is IP address for various devices or for websites only or for different different for both?
    (4 votes)
    Default Khan Academy avatar avatar for user
    • starky ultimate style avatar for user Morgan (nee JPG200)
      Anything that connects to the internet has to have an IP address. That means servers (which serve websites among other things), smart devices (like an iPhone or smart watch), and even cars.
      An IP address is somewhat somewhat like a real address; if your smart watch asks a server for Khan Academy then the server has to know where to send the information once it finds it.
      (4 votes)

Video transcript

(upbeat piano and drum music) - Hi. My name is Paola, and I am a software engineer at Microsoft. Let's talk about how the internet works. My job relies on networks being able to talk with one another. But back in the 1970s, there was no standard method for this. It took the work of Vint Cerf and Bob Kahn to invent the Internetworking Protocol to make communication possible. This invention laid the groundwork for what we now call the internet. - The internet is a network of networks. It links billions of devices together all around the globe. Maybe you're connected with a laptop or a phone through wifi. But then that wifi connection connects to an Internet Service Provider, or ISP. And that ISP connects you to billions and billions of devices around the world through hundreds of thousands of networks that are all interconnected. One thing that most people do not appreciate, is that the internet is really a design philosophy and an architecture expressed in a set of protocols. A protocol is a well-known set of rules and standards that, if all parties agree to use it, will allow them to communicate without trouble. How the internet actually physically works is less important than the fact that this design philosophy has allowed the internet to adapt and absorb new communication technologies. This is because in order for a new technology to use the internet in some fashion, it just needs to know which protocols to work with. All the different devices on the internet have unique addresses. An address on the internet is just a number, similar to a phone number, or a sort of street address that's unique to each computer or device at the edge of the network. This is similar to how most homes and businesses have a mailing address. You don't need to know a person to send them a letter in the mail, but you do need to know their address, and how to write the address properly, so the letter can be carried by the mail system to its destination. The addressing system for computers on the internet is similar, and it forms part of one of the most important protocols used in internet communication, simply called the Internet Protocol, or IP. A computer's address, then, is called its IP address. Visiting a website is really just your computer asking another computer for information. Your computer sends a message to the other computer's IP address, and it also sends along its origin address so the other computer knows where to send its response. - You may have seen an IP address. It's just a bunch of numbers. These numbers are organized in a hierarchy. Just like a home address has a country, a city, a street, and a house number, an IP address has many parts. Just like all digital data, each of these numbers is represented in bits. Traditional IP addresses are 32 bits long, with eight bits for each part of the address. The earlier numbers usually identify the country and regional network of the device. Then come the subnetworks. And then, finally, the address of the specific device. This version of IP addressing is called IPv4. It was designed in 1973, and widely adopted in the early '80s, and provides for more than 4 billion unique addresses for devices connecting to the internet. But the internet has turned out to be much more popular than even Vint Cerf imagined, and 4 billion unique addresses won't be enough. We're now in the middle of a multi-year transition to a longer IP address format called IPv6, which uses 128 bits per address, and provides over 340 undecillion unique addresses. That's more than enough for every grain of sand on Earth to have its own IP address. - Most users never see or care about internet addresses. A system called the Domain Name System, or DNS, associates names, like www.example.com, with the corresponding addresses. Your computer uses the DNS to look up domain names and get the associated IP address, which is used to connect your computer to the destination on the internet. - [Voiceover] And it goes a little something like this. - Hey, hi there. I want to go to www.code.org - Yeah, well I don't know the IP address for that domain. Let me ask around. Hey, anyone know how to get to a... code.org? - Yeah, I got it right here. It's 174 dot 129 dot 14 dot 120. - Oh, okay, great. Thanks. Yeah, I'm gonna write that down and save it for later in case I need it. Hey, here's that address you wanted. - Awesome. Thank you. (piano flourish) - So how do we design a system for billions of devices to find any one of billions of different websites? There is no way one DNS server can handle all of the requests from all devices. The answer is that DNS servers are connected in a distributed hierarchy, and are divided into zones, splitting up responsibility for the major domains such as .org, .com, .net, et cetera. DNS was originally created to be an open and public communication protocol for government and educational institutions. Because of its openness, DNS is susceptible to cyber attacks. An example attack is DNS spoofing. That's when a hacker taps into a DNS server and changes it to match a domain name with the wrong IP address. This lets the attacker send people to one imposter website. If this happens to you, you are vulnerable for more problems because you are using that fake website as if it is real. The internet is huge, and getting bigger every day. But the Domain Name System and Internet Protocol are designed to scale, no matter how much the internet grows.