As we just learned, IP addresses are how computers identify other computers on the Internet. IP addresses aren't particularly human-friendly, though. Who wants to memorize an address like
184.108.40.206? Or the even harder IP v6 addresses?
The domain name system (DNS) gives us humans an easy way to identify where we want to go on the Internet.
We simply type in a domain name like "
www.wikipedia.org", and our computer connects us to the computers powering Wikipedia:
A domain name is a human-friendly address for a website, something that's easy for us to remember and type in.
Anatomy of a domain name
Each domain name is made up of parts:
There are a limited set of top level domains (TLDs), and many websites use the most common TLDs,"
.org", and "
The second level domain is unique to the company or organization that registers it, like "
wikipedia" or "
The third level domain is also called a subdomain, because it's owned by the same group and that URL often directs you to a subset of the website, like "
m.wikipedia.org" (mobile-optimized Wikipedia) or "
es.khanacademy.org" (Spanish-language Khan Academy).
Domains ↔ IP addresses
Behind the scenes, each domain name maps to an IP address. When we type a URL in the address bar of our browser, the computer has to figure out its IP address.
The computer can't store a database of more than 300 million domain names locally, so it goes through a multi-step process to find out the IP address.
Step 1: Check the local cache
If you've visited a website once, there's a fairly good chance you'll visit it again. That's why computers keep their own local cache of domain name to IP mappings. The cache stays small, because it kicks out domains you haven't visited in a while or domains that send down expiration dates.
🔍 In the Chrome browser, you can view the database yourself. Just type "chrome://net-internals/#dns" in the address bar.
Here's a snippet from my browser's cache:
Step 2: Ask the ISP cache
Every ISP provides a domain name resolving service and keeps its own cache. Perhaps you haven't visited a particular website, but your neighbor just did, so the ISP can lookup the IP from their visit.
If it's not in the ISP's cache, then it's off to the next step.
Step 3: Ask the name servers
There are domain name servers scattered around the globe that are responsible for keeping track of a subset of the millions of domain names.
The servers are ordered in a hierarchy:
Root name servers → TLD name servers → Host name servers.
The ISP starts by asking the root name servers: "hey, which name server knows about .org domains?" The root name server responds with the IP address of a TLD name server that tracks "
Next, the ISP asks the TLD name server: "so, who knows about wikipedia domains?" The TLD name server responds with the IP address of a host name server that contains the "
Finally, the ISP asks the host name server: "okay, so where's www.wikipedia.org?" The host name server responds with an exact IP address.
The ISP sends the IP address back to the requesting computer, and now our computer can successfully connect with the computer powering that domain.
If that sounds like quite a process: yes, it is! But don't worry, it's not done that often. A lot of information is cached along the way, so it's rare that a DNS lookup has to go through so many steps.
When a lookup does have to go through all the steps, there are multiple name servers that can answer each question, so a computer doesn't have to wait too long for a response or worry about a name server going down.
We've had the domain name system since 1985, and it's scaled impressively to match the growth of the Internet, thanks to its hierarchy, redundancy, and caching.
The domain name system is scalable, but it is not always secure. Cyber criminals figured out a way to exploit flaws in DNS name servers, in an attack known as DNS spoofing or DNS cache poisoning.
As we saw above, a domain resolver service must ask name servers when it doesn't already know the mapping of a domain to an IP.
If a cyber criminal manages to take control of a name server or redirect requests to its own server, then it can reply with any IP address it wants:
The domain resolver now stores the new IP in its cache and sends that IP back to the requesting computer. The IP address often redirects users to a page that will download computer viruses or ask for their secure information.
DNS cache poisoning can happen at any level in the name server hierarchy. Imagine a cyber criminal intercepting requests to a root name server: they'd be able to direct all traffic for .org domains!
Once the domain ↔ IP mapping is poisoned in one server, it can spread to any other server that asks for information from that server.
There is good news, however: DNS spoofing can be prevented. The DNSSEC protocol extends the original DNS protocol and specifies the best way for DNS resolvers to authenticate the information sent to them.
Upgrading old systems takes time, so it may be years or decades before all DNS systems are using DNSSEC.
In the meantime, be careful when you load a website and see an unexpected result. Not all websites are what they seem. ☠️
Want to join the conversation?
- Does the ISP see every site and app I use even if they're encrypted since they collect so many data? If so, how can I know and prevent them from selling this data, or using it to target me with ads?(10 votes)
- The ISP can see the servers that your HTTP requests are routed to, as the server URL is not encrypted. To hide that, you can look into using the Tor browser, as that obfuscates the server requests as well. It will be a slower browsing experience but it may be worth it if you like increased anonymity.
You can also research ISPs to find if any local ISPs have a policy of not selling data or targeting you with ads. There are a few around here.(23 votes)
- If I was visiting a DNS poisoned website, would I be able to tell that it was DNS poisoned by looking at the HTTP/HTTPS part of the website's URL? Or can DNS poisoned websites be HTTPS encrypted, so I can't figure it out by looking at if the website is encrypted or not?(6 votes)
- Imagine you visit hellofern.edu for the first time. hellofern.edu maps to 220.127.116.11, but because it is DNS-poisoned, it now maps to 18.104.22.168. Because you have not visited the site before, it is difficult to distinguish what is normal or abnormal without some initial experience.
This is the case even when using HTTP or HTTPS as these are protocols independent of DNS. However, because HTTPS requires the owner of 22.214.171.124 to prove that it owns hellofern.edu, it is typically easier to detect DNS spoofing with HTTPS as the owner of 126.96.36.199 will likely not have the certificate for hellofern.edu. See the content on HTTPS for more on how this detection would work.
I hope this helps(17 votes)
- If a computer did have to go through all the steps to get an IP address, how long would that take? Because the internet works so fast I can't imagine it would take very long but there are a lot of steps computers might have to go through.(6 votes)
- You can actually trace the steps for resolving a DNS address. Here's one tool for it: https://simpledns.com/lookup-dg
I see about 4-7 steps depending on the domain I enter. Try it!(17 votes)
- Anybody know where the "fake" wikipedia IP address (in the example) goes? Just wondering if anybody tried it in case my computer gets hacked or something
Not like I thought khan would put harmful viruses on the system or anything for kids like me to click on
But it never hurts to be safe(5 votes)
- It's actually an invalid IP address. The third octet (769) is > 255 which is not allowed.
Hope this helps!(6 votes)
- DNS servers responsible for TLD's direct users to other servers responsible for specific websites, so doesn't that mean that all owners of a second level domain/website would need their own server to direct users to the website? If so, why can you make websites for free if they need individual computers to run, or are single servers responsible for millions of second level domains?(3 votes)
- It's a bit more centralized than that, you basically have servers that are responsible for a huge amount of domain names. Anything else would be too inefficient you'd have to search through millions of computers each time you'd need to lookup a website location.
Think of it more like phonebook or dictonary.(2 votes)
- Is www just a default third level domain? How come sometimes you can't see the third level domain? when websites have different pages you see lots of dashes which I think distinguish different levels of the website. Is that true? Does the host name server give you that information too every time you click a button on a website to go to a new page?(2 votes)
- It's the default, when you visit the web on your computer it's where you want to be most of the time.
Most of the time it isn't really needed because it is the default.
Yes that what they do
https://www.khanacademy.org is the website
ap-computer-science-principles is the active page in the section computing
It works like your file system on your computer, on your hardrive you have different folders many containing more folders pointing to more folders and then files.
No that would be too slow, your computer only needs to ask when it doesn't know where to go. Once you've been on Khanacademy your computer caches the location of the site. From there the site will offer you links that allow you to navigate making calls to other servers unneccessary.(3 votes)
- If I type an IP address in for a website it will take me to a website, but computers and servers have their own similar addresses. How do computers know the difference? What if I asked my ISP via computer for the address of another computer? If I ask for a website IP, rather than using the domain name, would it take me straight there without the need for the DNS?(1 vote)
- They don't you could just randomly ping or scan personal computers, although depending on who you scan you'd might get into trouble if you're too curious.
DNS works like a database you take the name and use it to point to a IP address or many different IP addresses. You generally wouldn't visit sites using IP addresses, tbh I'm not sure if most browsers actually support that way of surfing the web.
But yes if you know the ip you can gain at least ping the computer you know the ip of. It's a bit like a phone number.(3 votes)
- what happens when you have two DNS resolvers having different IP addresses for one website due to one resolver a having poisoned IP?(1 vote)
- Your computer should only ask one DNS resolver, asking more than one could create problems like conflicting information which would require a policy to fix those conflicts.(2 votes)
- So the order goes billions of personal computers to ISP's to Root Name servers, which track TLD servers, which track second level domain servers and so on, and once a domain name is passed through a DNS server, the DNS server remembers it until it is deemed useless?(1 vote)
- An ISP shouldn't receive requests from a billion computers, that would be too much. Different networks connect to different ISPs, but yes if your computer and your ISP doesn't know how to find the site you requested it will keep looking following chain described in the article.
Your computer will delete the entry once it isn't needed anymore or you clear your cache. The DNS server shouldn't delete the entry unless specifically ordered too, otherwise, it could happen that sites get lost and accidentally drop off the grid.(1 vote)
- Are there different systems for identifying personal computers like with email?(1 vote)
- I'm not sure what you mean. Computers are assigned an IP adress when they go online, that can be used to identify them.(1 vote)