I’ve twice discussed SSL (here and here), the encryption method that protects your web browsing traffic. If you’re on Youtube as much as me, you’ve seen VPN commercials that say they protect your browsing, but they’re REALLY exaggerating the amount of security they add for that scenario (I’ll have to do a blog about that next). I’ve also done a blog about how internet routing works, in which I mentioned DNS, but I’ve not done a full description of how it really works.
DNS (Domain Name System) is a technology that allows computers to take human readable URLs (birdsonacable.com) and turn them into IP addresses they can route to and access (192.185.71.128), much like a phone book.
In the phone book analogy, your phone book is a collection of phone numbers in a certain area around you who were all covered by the phone company serving it, and the phone company published it. It didn’t contain numbers for two states over, or numbers in England, just a certain “local” area. If you wanted to find a number in another area, you needed to call an operator, who could look up numbers for other areas.
The Internet vaguely works in the same way. When you buy a domain, you specify which DNS servers are responsible for maintaining your DNS entry. Usually, this is whatever company you buy the domain from, but doesn’t have to be. Those servers maintain the record of what IP addresses to point certain domains to (as well as other records for things like mail, VoIP calls, and setting up Office).
But how does your computer know which company is in charge of these records? It turns out there is a massive operator working to help coordinate. There are 13 servers (actually, way more, but they work together and act like 13 servers) spread throughout the world that are known as the “root” DNS servers. These are lettered A-M, and are maintained by various organizations like NASA, the US Army, Verisign, ICANN (Internet Corporation for Assigned Names and Numbers), RIPE NCC (the ICANN of Europe/West Asia/former USSR) in Amsterdam, and the WIDE Project in Tokyo. These servers are contacted by the domain registrar whenever a domain is registered or the DNS authority is changed, and the root servers keep a record.
Then, when you type “birdsonacable.com” into your browser, it goes to your local DNS on your computer to see if you’ve been there recently (and why AREN’T you visiting our site daily!?). From there, it checks the designated DNS server set on your machine, which is likely either your home router or ISP. If they don’t have the record, they’ll go ask the root servers for who holds that records, then go ask that server for the info they seek. Once that record is looked up, the ISP DNS server, your computer, and any other servers in that chain will keep it stored locally for a certain period of time known as the Time To Live, which is usually measured in hours to avoid sending the same request again in a minute when you click a link.
Surprisingly, DNS was created in 1983, and is still mostly unchanged from the initial creation (other than adding new top level domains like .pizza). The same cannot be said for actual phone books.