Did you know you could be connected to facebook.com—and see facebook.com in your browser’s address bar—while not actually being connected to Facebook’s real website? To understand why, you’ll need to know a bit about DNS.
DNS stands for “Domain Name System”. DNS servers translate web addresses (like www.howtogeek.com) into their IP addresses (like 188.8.131.52) so users don’t have to remember strings of numbers for every website they want to visit.The Domain Name System (DNS) underpins the web we use every day. It works transparently in the background, converting human-readable website names into computer-readable numerical IP addresses. DNS does this by looking up that information on a system of linked DNS servers across the Internet. However, different DNS servers can behave differently in terms of speed and security. So, let’s take a look at how DNS works and what you can do to make sure it’s working its best for you.
Domain names are the human-readable website addresses we use every day. For example, Google’s domain name is google.com. If you want to visit Google, you just need to enter google.com into your web browser’s address bar.
However, your computer doesn’t understand where “google.com” is. Behind the scenes, the Internet and other networks use numerical IP addresses. One of the IP addresses used by Google.com is 184.108.40.206. If you typed this number into your web browser’s address bar, you’d also end up at Google’s website.
We use google.com instead of 220.127.116.11 because addresses like google.com are more meaningful and easier for us to remember. IP addresses are also known to change, but the DNS servers keep up with that new information. DNS is often explained as being like a phone book, where you look up someone’s name and the book gives you their phone number. Like a phone book, DNS matches human-readable names to numbers that machines can more easily understand.
DNS servers match domain names to their associated IP addresses. When you type a domain name into your browser, your computer contacts your current DNS server and asks what IP address is associated with the domain name. Your computer then connects to the IP address and retrieves the right web page for you.
The DNS servers you use are likely provided by your Internet service provider (ISP). If you’re behind a router, your computer may be using the router itself as its DNS server, but the router is forwarding requests to your ISP’s DNS servers.
Computers cache DNS responses locally, so the DNS request doesn’t happen every single time you connect to a particular domain name that you’ve already visited. Once your computer has determined the IP address associated with a domain name, it will remember that for a period of time, which improves connection speed by skipping the DNS request phase.
Some viruses and other malware programs can change your default DNS server to a DNS server run by a malicious organization or scammer. This malicious DNS server can then point popular websites to different IP addresses, which could be run by scammers.
For example, when you connect to facebook.com while using your Internet service provider’s legitimate DNS server, the DNS server will respond with the actual IP address of Facebook’s servers.
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your browser’s address bar, but you may not actually be at the real facebook.com. Behind the scenes, the malicious DNS server has pointed you to a different IP address.
To avoid this problem, ensure that you’re running good antivirus and anti-malware apps. You should also watch for certificate error messages on encrypted (HTTPS) websites. For example, if you try to connect to your bank’s website and see an “invalid certificate” message, this could be a sign that you’re using a malicious DNS server that’s pointing you to a fake website, which is only pretending to be your bank.
Malware can also use your computer’s hosts file to override your DNS server and point certain domain names (websites) at other IP addresses. For this reason, Windows 8 and 10 prevent users from pointing facebook.com and other popular domain names to different IP addresses by default.
As we’ve established above, you’re probably using your ISP’s default DNS servers. However, you don’t have to. Instead, you can use DNS servers run by a third party. Two of the most popular third-party DNS servers are OpenDNS and Google Public DNS.
In some cases, these DNS servers may provide you with faster DNS resolves—speeding up your connection the first time you connect to a domain name. However, the actual speed differences you see will vary depending on how far you are from the third-party DNS servers and how fast your ISP’s DNS servers are. If your ISP’s DNS servers are fast and you’re located a long way from OpenDNS or Google DNS’s servers, you may see slower DNS resolves than when using your ISP’s DNS server.
OpenDNS also provides optional website filtering. For example, if you enable the filtering, accessing a pornographic website from your network could result in a “Blocked” page appearing instead of the pornographic website. Behind the scenes, OpenDNS has returned the IP address of a website with a “Blocked” messsage instead of the IP address of the pornographic website—this takes advantage of the way DNS works to block websites.
For information on using Google Public DNS or OpenDNS, check out the following articles:
Image Credit: Jemimus on Flickr