How does DNS work

#networking #dns

I was trying to explain the concept of a Domain Name Server to a friend who has very minimal networking background.

How does web pages work

When you open a website like google.com, your browser will download the web page and render the content for you to see and interact.

Where do IP addresses come in

When you key in a domain name (such as google.com), your computer does not understand where to find it. It relies on a phone book, a service known as Domain Name Server. Like a phone book, it translates the google.com to an actual IP address such as 172.217.194.113 where your browser will go in and download the web page before displaying it to you. Your browser does not know where is google.com, but it knows where to find 172.217.194.113.

Where is this Domain Name Server

All of that happens in the background, your computer interacts with other elements on the network and make that happen, all transparent to you (the user). Typically, the router provided by your ISP (Internet Service Provider) will point to a DNS that is hosted by your ISP. In some cases, the connection might be slower as compared to a public DNS. In other cases, the DNS you are trying to access might not have the domain you want due to piracy, security or censorship concerns set by the DNS host (the admin body of the DNS).

Why use a public DNS instead of the default

There is generally no harm in using your default DNS provided by your ISP. As mentioned before, it could be slower, but it has most of the sites you will want to access. In some parts of the world, certain websites could be censored by a governing body for censorship or security concerns. Some do it at a DNS level and others do it at a firewall level.

In other use cases, the default DNS server might not be as efficient as a public DNS such as those from Cloudfare or Google, thus serving results at a slower rate.

DNS could be used to log your network activity. By mapping the user and the DNS results provided, the DNS provider could keep a log of all your network activity (there are other ways your ISP could do this, DNS is just one of the ways). Carefully choosing and using a public DNS could reduce the risk on this front.

Should all of us just rush out and change our DNS right now?

In most countries, changing your DNS alone might not be enough to circumvent the censorship laws. For most home users, changing the DNS might not appear to improve your network speeds since the network will be bottle-necked elsewhere anyways (like the 6 year old WiFi access point).

In summary, if you really need that slightly faster speeds brought by the Public DNS providers or the security promised by these providers, go ahead and change your DNS. Just like all network related configuration, make sure you fully understand the technology and proceed with caution.

The scope of this article does not serve to provide as a guide to changing your DNS.