What is DNS (Domain Name System)?

An Explanation of Domain Name System (DNS)

Illustration of domain name system translating a hostname into an IP address

In simple terms, DNS (Domain Name System) is a collection of databases that translate hostnames to IP addresses.

DNS is often referred to as the Internet's phone book because it converts easy-to-remember hostnames like www.google.com, to IP addresses like 216.58.217.46. This takes place behind the scenes after you type an URL into a web browser's address bar.

Without DNS (and especially search engines like Google), navigating the Internet wouldn't be easy, as we'd have to enter the IP address of the each website we want to visit.

How Does DNS Work?

If I'm still not getting the point across, the basic concept for how DNS does its job is rather simple: each website address entered into a web browser (like Chrome, Safari, or Firefox) is sent to a DNS server, which understands how to map that name to its proper IP address.

It's the IP address that devices use to communicate with one another, for they can't and don't relay information using a name like www.google.com, www.youtube.com, etc. We get to merely enter the simple name to these websites while DNS does all the lookups for us, giving us near-instant access to the proper IP addresses needed to open the pages we want.

Again, www.microsoft.com, www.about.com, www.amazon.com, and every other website name is only used for our convenience because it's much easier to remember those names than to remember their IP addresses.

Computers called root servers are responsible for storing the IP addresses for every top-level domain.

When a website is requested, it's the root server that processes that information first in order to identify the next step in the lookup process. Then, the domain name is forwarded to a Domain Name Resolver (DNR), which is located within an ISP, to determine the correct IP address. Finally, this information is sent back to the device you requested it from.

How to Flush DNS

Operating systems like Windows and others will store IP addresses and other information about hostnames locally so that they can be accessed quicker than having to always reach out to a DNS server. When the computer understands that a certain hostname is synonymous with a certain IP address, that information is allowed to be stored, or cached on the device.

While remembering DNS information is helpful, it can sometimes become corrupted or outdated. Normally the operating system removes this data after a certain period of time, but if you're having troubles accessing a website and you suspect it's due to a DNS issue, the first step is to force delete this information to make room for new, updated DNS records.

You should be able to simply reboot your computer if you're having troubles with DNS because the DNS cache isn't retained through a reboot. But flushing out the cache manually in place of a reboot is much quicker...

You can flush the DNS in Windows through a command prompt with the ipconfig /flushdns command. The website What's My DNS? has instructions on flushing the DNS for each version of Windows plus for Mac OS X and Linux.

It's important to remember that, depending on how your specific router is setup, DNS records may be stored there too.

If flushing the DNS cache on your computer doesn't fix your DNS problem, you should definitely try restarting your router to flush that DNS cache.

Note: Entries in the hosts file are not removed when the DNS cache is wiped clean. You must edit the hosts file to eliminate hostnames and IP addresses that are stored there.

Malware Can Affect DNS Entries

Given that DNS is responsible for directing hostnames to certain IP addresses, it should be obvious that it's a prime target for malicious activity. Hackers can redirect your request for a normal functioning resource to one that's a trap for collecting passwords or serving malware.

DNS poisoning and DNS spoofing are terms used to describe an attack on a DNS resolver's cache for the purpose of redirecting a hostname to a different IP address than what is truthfully assigned to that hostname, effectively redirecting where you intended to go. This is normally done in an effort to take you to a website that's full of malicious files or to perform a phishing attack for tricking you into accessing a similar-looking website in order to steal your login credentials.

Most DNS services provide protection against these types of attacks.

Another way for attackers to affect DNS entries is to use the hosts file. The hosts file is a locally stored file that was used in place of DNS before DNS actually become a widespread tool for resolving hostnames, but the file still exists in popular operating systems. Entries stored in that file override DNS server settings, so it's a common target for malware.

A simple way to protect the hosts file from being edited is to mark it as a read-only file. In Windows, just navigate to the folder that has the hosts file: %Systemdrive%\Windows\System32\drivers\etc\. Right-click it, choose Properties and then place a check in the box next to the Read-only attribute.

More Information on DNS

The ISP that's currently serving you Internet access has assigned DNS servers for your devices to use (if you're connected with DHCP), but you aren't forced to stick with those DNS servers. Other servers may provide logging features to track visited websites, advertisement blockers, adult website filters, and other features. See this list of Free and Public DNS Servers for some examples of alternative DNS servers.

Whether a computer is using DHCP to get an IP address or if it's using a static IP address, you can still define custom DNS servers. However, if it's not setup with DHCP, you must specify the DNS servers it should use.

Explicit DNS server settings take precedence over implicit, top-down settings. In other words, it's the DNS settings closest to a device that the device uses. For example, if you change the DNS server settings on your router to something specific, then all devices connected to said router will also use those DNS servers. However, if you then change the DNS server settings on a PC to something different, that computer will be using different DNS servers than all the other devices connected to the same router.

This is the reason that a corrupted DNS cache on your computer can prevent websites from loading even if the same ones open normally on a different computer on the same network.

Although the URLs we normally enter into our web browsers are the easy-to-remember names like http://www.about.com, you can instead use the IP address that the hostname points to (http://207.241.148.80) to access the same website. This is because you're still accessing the same server either way - one method (using the name) is just easier to remember.

On that note, if there's ever some sort of issue with your device contacting a DNS server, you could always bypass it by entering the IP address into the address bar instead of the hostname. Most people don't keep a local list of IP addresses that correspond to hostnames, though, because after all, that's the entire purpose of using a DNS server in the first place.

The "phone book" lookup that determines the IP address based on the hostname is called a forward DNS lookup. The opposite, a reverse DNS lookup, is something else that can be done with DNS servers. This is when a hostname is identified by its IP address. This type of lookup relies on the idea that the IP address associated with that particular hostname is a static IP address.

DNS databases store lots of things in addition to IP addresses and hostnames. If you've ever set up email on a website or transferred a domain name, you may run into terms like domain name aliases (CNAME) and SMTP mail exchangers (MX).