DNS is one of those things that is a very simple concept but why we get paid the big bucks is taking that simple concept and turning it into a complex infrastructure that solves your security issues.
I like to start all my explanations with “what problem do we have”, and only then to “this is our solution”.
So, let’s say DNS does not exist. Let’s also say, you want to visit youtube. How do you do that?
In the real world the answer would be straightforward: you type youtube.com, your browser connects to
the server – problem solved.
But if you look closer at this sentence, you might catch a subtle step we missed to get to youtube, that actually involves DNS.
… you type
youtube.com-> ??? -> your browser connects to the server …
The thing is, there is no server that has the address youtube.com on the internet. Internet has no
computers, server, nothing that has a readable address. The only1 address computers can have on the internet is the IP-address. For example, at
the moment of writing this article, the IP address of youtube shows up as 142.250.186.110.
So, there must be something that gets us from youtube.com to 142.250.186.110. That thing
is the Domain Name System, a.k.a. DNS. Without DNS, we would always have to remember and type
142.250.186.110 to get to youtube, which kinda sucks already. Oh, and did I mention that the IP
addresses of servers change time to time? What if youtube decides to upgrade the server, and
consequently changes the IP?
Let’s say we, in our hypothetical no-DNS world got bored of using IPs all the time. I don’t know about you, but the
solution that immediately comes to mind is to set up another server, that will remember that youtube is
on the address 142.250.186.110. Then, when someone wants to visit youtube, they ask our
server for youtube’s IP, and connect happily.
Now, I wish that was the end to it, but no…
If you think about the mentioned concept for an extra microsecond, you can understand that you, as the owner of the
server with addresses, have a LOT of power: you can simply change the IP address of youtube however you
want (for example, to a fake fishing website, or completely disable it if you didn’t like the content).2
So, as you can probably guess, governments around the world looked around, saw the power they can have over the
interenet with this technology, and said “We want this server. NOW!”.
So, they build their address servers too. But now the question is: if I want youtube, where do I look?
In the Netherlands server? US server? Your server?
And not only the governments wanted the server, private companies all got themselves one. And now you sit here with all thousands of these servers not knowing where to look.
So, we now have the same problem as we started with: many servers without an easy way of finding them.
And now you got tired of this too, and you say “let’s make a server with addresses of all servers with addresses”. So, you get all of the governments together and you agree to create an Internet Corporation for Assigned Names and Numbers or simply ICANN, that will control the server of all servers, and from now on if someone wants to visit website, they would have to first tell the name of the company/country where the server with it’s address is.
This way, if someone wants a website of alza in Slovakia, they would add .sk at the end
of the name. Now, our browser will first got to ICANN and ask “what is the address of .sk address
server?”, and they would reply to you with some IP. Then, you will as .sk server “where is
alza?” and then they would finally reply with the IP you were looking for.
The servers operated by ICANN are called the root servers (because that’s where you start looking up the address), the servers which the root server has addresses for are called top-level domain name servers and all other address servers are called domain name servers.
Now, if you look close at our system, you may notice that we can simply add name servers to infinity. We can use a
. symbol to separate previous domain name server from the next.
This way, we can create a top-level server .code then it would point to another name server
.free, and then it will point to .minds, and then to some website free, so it
would have an address free.minds.free.code.
That’s it. There is nothing else to it.3
The system we have “created” above is DNS.
The terminology we used so far does not feature any “DNS” servers. There is the root server, TLD name server, the name server, but none of these are really what we call DNS servers.
DNS server is some server that will perform a lookup in all of the above mentioned mess on our behalf. Typical
example of this server is the 1.1.1.1 owned by cloudflare. If you send youtube.com to
1.1.1.1 it will go and ask the other root/name servers where it is, and send the answer back to you.
Doing this makes sense, because:
1.1.1.1 almost definitely has much better internet connection than you do.Not really. If the address lookup returns the correct IP, it’s good enough, because that’s literally the point of it.
People assign value to these addresses based on superficial characteristics, like their memorability or lengths. Because TLD name server owners control the addresses, they can artificially inflate the value of certain addresses by shortening the supply of addresses.
It’s all like NFTs: the only reason people value a special address is in it’s exclusivity, not because it's actually useful.
Of course, having an address kjhfkdsjhf.com might be worse than having coffeshop.com in
terms of legibility, but there is literally nothing else to it.
No. Like I already explained higher, if we want to make www.aura.org from aura.org, we
can simply make aura.org a name server, that will have exactly one address www saved.
Then, after getting the IP for aura.org, the user’s software would simply ask aura.org
“where is the www?”, and the received answer would be the IP of www.aura.org.
A BIG simplification here. Computers also have MAC addresses, for example. However, since we are talking about the internet layer of TCP/IP, other types of addresses have practically no significance at the moment.↩︎
There are many other methods we use to prevent creation of fake websites, for example by using ssl certificates, but this is out of scope of this article.↩︎
There is a lot more to it.↩︎