SEARCH

How-To Geek

HTG Explains: What is DNS?

image

Did you know you could be connected to facebook.com – and see facebook.com in your web browser’s address bar – while not actually being connected to Facebook’s real website? To understand why, you’ll need to know a bit about DNS.

DNS underpins the world wide web we use every day. It works transparently in the background, converting human-readable website names into computer-readable numerical IP addresses.

Image Credit: Jemimus on Flickr

Domain Names and IP Addresses

DNS stands for “domain name system.” Domain names are the human-readable website addresses we use every day. For example, Google’s domain name is google.com. If you want to visit Google, you just need to enter google.com into your web browser’s address bar.

However, your computer doesn’t understand where “google.com” is. Behind the scenes, the Internet and other networks use numerical IP addresses (“Internet protocol” addresses). Google.com is located at the IP address 173.194.39.78 on the Internet. If you typed this number into your web browser’s address bar, you’d also end up at Google’s website.

We use google.com instead of 173.194.39.78 because addresses like google.com are more meaningful and easier for us to remember. DNS is often explained as being like a phone book – like a phone book, DNS matches human-readable names to numbers that machines can more easily understand.

image

DNS Servers

Domain name system servers match domain names like google.com to their associated IP addresses — 173.194.39.78 in the case of google.com. When you type google.com into your web browser’s address bar, your computer contacts your current DNS server and asks what IP address is associated with google.com. Your computer then connects to the IP address and displays “google.com” in your web browser – the connection to 173.194.39.78 happens behind the scenes.

The DNS servers you use are likely provided by your Internet service provider (“ISP”). If you’re behind a router, your computer is likely using your router as your DNS server, but the router is likely forwarding requests to your Internet service provider’s DNS servers.

image

Computers cache DNS responses, so the DNS request doesn’t happen each time you connect to google.com. Once your computer has determined the IP address associated with a domain name, it will remember that for a period of time – this improves connection speed by skipping the DNS request phase. Your computer just needs to connect to Google, not its DNS server and then Google.

Security Concerns

Some viruses and other malware programs change your default DNS server to a DNS server run by a malicious organization or scammer. This malicious DNS server can point popular websites to different IP addresses, which could be run by scammers.

For example, when you connect to facebook.com while using your Internet service provider’s legitimate DNS server, the DNS server will respond with the actual IP address of Facebook’s servers.

However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your web browser’s address bar, but you may not actually be at the real facebook.com – behind the scenes, the malicious DNS server has pointed you to a different IP address.

image

To avoid this problem, ensure you’re running antivirus software. You should also watch for certificate error messages on encrypted (HTTPS) websites. For example, if you try to connect to your bank’s website and see an “invalid certificate” message, this could be a sign that you’re using a malicious DNS server that’s pointing you to a fake website, which is only pretending to be your bank.

Malware can also use your computer’s hosts file to override your DNS server and point certain domain names (websites) at other IP addresses. For this reason, Windows 8 prevents users from pointing facebook.com and other popular domain names to different IP addresses by default.

Why You Might Want To Use Third-Party DNS Servers

As we’ve established above, you’re probably using your Internet service provider’s default DNS servers. However, you don’t have to – you can use DNS servers run by a third party instead of your default DNS servers. Two of the most popular third-party DNS servers are OpenDNS and Google Public DNS.

In some cases, these DNS servers may provide you with faster DNS resolves, speeding up your connection the first time you connect to a domain name. However, the actual speed differences you see will vary depending on how far you are from the third-party DNS servers and how fast your ISP’s DNS servers are. If your ISP’s DNS servers are fast and you’re located a long way from OpenDNS or Google DNS’s servers, you may see slower DNS resolves with a third-party DNS server.

OpenDNS also provides optional website filtering. For example, if you enable the filtering, accessing a pornographic website from your network could result in a “Blocked” page appearing instead of the pornographic website. Behind the scenes, OpenDNS has returned the IP address of a website with a “Blocked” messsage instead of the IP address of the pornographic website – this takes advantage of the way DNS works to block websites.

image

For information on using Google Public DNS or OpenDNS, check out the following articles:

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 08/28/12

Comments (19)

  1. Yawhatever

    Want to extend the time limit of your DNS cache? Check this out:

    http://analogx.com/contents/download/Network/fc/Freeware.htm

  2. SatoMew

    OK but how do I change the DNS of the router when the ISP intentionally blocks the option from it? I wish I could set up my OWN router again but it’s required to use the ISP’s due to being a fiber optic-based connection. I’m not familiar with this so any help would be appreciated. The router is a Thomson TG784n. All admin-related accounts in the router’s firmware are blocked by the ISP and only these allow to configure things such as the DNS servers.

  3. Vasu

    @SatoMew, You can change DNS settings in you PC (over write default dns entries), check this link for info:http://www.labnol.org/internet/setup-google-dns-servers/11439/

  4. Nick

    Very nice, I was expecting DNS records (MX, A) to be discussed. Maybe next time?

  5. hamncheese

    Sato, you can easily change the DNS settings on each individual computer or set up a router in front of your fiber optic modem to and change the settings on it. My ISP also blocks me from changing DNS settings on their crappy modem but I have a wireless gigabit speed router that functions as the DHCP server and is set with google public dns servers.

  6. SatoMew

    @hamncheese, so does that mean that I could replace their crappy modem or would it still be required for IPTV? The router I personally bought and own is an already old (but far better than the ISP’s) D-Link DIR-615, which I already have for some years now.

  7. hamncheese

    Well, not replace their modem. It would still be connected to provide your internet connection. Hook your router up to it and all the computers up to the router instead of the modem. Use the router for your wifi, etc… and disable the wireless radio in your modem (if there is any). Then, you can use your router to change all your settings such as DNS settings and your modem will do nothing more than connect to the ISP.

  8. hamncheese

    Here is a fairly straight forward HTG article explaining how to use alternative DNS on your router. They have a linksys but its basically the same for most others too. http://www.howtogeek.com/79833/easily-add-opendns-to-your-router/

  9. r

    @ Sato

    I think you can switch it, but it has to have IGMP, which is found mostly on the crappy locked ISP routers.
    try it!!..you never know

  10. bedlamb

    I’ve tried switching a couple times. Fios automatically switched back.

  11. Raging Piton

    I’m lucky since I live in Dublin, Ireland. there is Google server not far from me.

    I’ve been getting max download speed since I switched to Google DNS

  12. TheFu

    The simple way to think of DNS is like a phone book and a reverse phone number to name lookup.
    * number –> name
    * name –> number
    It is more complex than that, but for 99% of readers, that is enough detail.

    Not all ISPs will let you use outside DNS servers. They redirect all DNS queries to their internal servers. They are protecting you from viruses, rootkits and other nastiness. For most end-user consumers, this is a good idea.

    Some ISPs do let you override this no-external-DNS-queries for your account in the account network settings on their website. This way you can point to any DNS server that you trust or that is faster than the ISP’s. Just be certain that you really, really, really trust the DNS provider.

    DNS is the cornerstone of HTTPS security.
    The security of DNS is critical on the internet. Being redirected to (or choosing) another DNS server means that every SSL/HTTPS connection can be spoofed and, if the perpetrator is smart, you can’t tell the difference without taking extra precautions.

    Servers can create a valid SSL certificate on the fly. Many large businesses have been doing this DNS+certificate swap by default for almost a decade to further protect their networks from SSL-tunneled spyware, viruses and rootkits infiltrating their networks. It is just easier these days.

  13. Iszi

    @Sato: I recommend switching it statically on your individual computers, on all interfaces. That way, your computers use the alternate DNS server no matter where they are. However, keep in mind that this could cause some trouble if your computers roam between personal and corporate or educational networks. Specifically, you may not be able to reach resources internal to those networks if you have your DNS settings locked in to an external server. For this, you may want to look in to writing scripts to switch you back and forth.

    If you’d rather just make sure that you’re using an alternate DNS server while you’re on your home network, or would like to provide your guest users with the benefits of an alternate DNS automatically, set up your own router hardware behind the ISP’s router and change the settings on yours.

    Regarding the article itself:

    The minor mention of using SSL certs to verify DNS on a compromised host misses one important point: On a compromised system, all bets are off. If you have malware on your system doing DNS re-direction, it is possible that the malware has also gotten into your Trusted Root Certificates store and added its own certificate. This way, its author could create any website out there (to which you would be re-directed by the malicious DNS server) and have it look like the real Facebook.com, Google.com, et. al. – “valid” SSL certificate and all.

    Alternately, with access to the Trusted Root Certificates store, they could set up an SSL Proxy which is a sort of man-in-the-middle attack that would allow the malware to read your SSL traffic while you’re still interacting with the real site. This leaves them without the need to host and manage their own fake websites.

    It should also be noted that using an alternate DNS server does not protect you from any of the above, as that setting could be changed by the malware. In short, if you ever do get a virus, don’t trust the compromised host machine for anything until it has been thoroughly cleaned. Preferably, “nuke from orbit”.

  14. Mattt

    If any of you have AT&T uverse you can set the RG to place a router in DMZ mode and it will get direct IP from the modem, then just set the DNS servers in the router.

  15. Naseer

    Dear Sir,
    I am very thankfull to you for sending many items of Netwoking
    Kindly send most important items i.e., Hardware, Networking, Server thier usefull today.
    Thanks & Regards,
    Naseer

  16. sana

    thank for this valuable article, hope u will load more valuable article here………….!!!!!!

  17. Seenu

    Enjoyed reading nice stuff

  18. jeorgekabbi

    i did a lookup and the answer came different from the picture above !!

    Server: ry-lb1.saudi.net.sa
    Address: 84.235.6.55

    Non-authoritative answer:
    Name: google.com
    Addresses: 2a00:1450:4006:802::1000
    173.194.39.41
    173.194.39.36
    173.194.39.37
    173.194.39.40
    173.194.39.38
    173.194.39.35
    173.194.39.33
    173.194.39.34
    173.194.39.39
    173.194.39.32
    173.194.39.46

    any idea why ?

  19. zach

    If I use the IP address of a site, will that site load up faster than if I was to type in “www.eample.com”? Or would the time be so minute that it won’t matter?

Enter Your Email Here to Get Access for Free:

Go check your email!