Did you know you could be connected to facebook.com – and see facebook.com in your web browser’s address bar – while not actually being connected to Facebook’s real website? To understand why, you’ll need to know a bit about DNS.
DNS underpins the world wide web we use every day. It works transparently in the background, converting human-readable website names into computer-readable numerical IP addresses.
Image Credit: Jemimus on Flickr
Domain Names and IP Addresses
DNS stands for “domain name system.” Domain names are the human-readable website addresses we use every day. For example, Google’s domain name is google.com. If you want to visit Google, you just need to enter google.com into your web browser’s address bar.
However, your computer doesn’t understand where “google.com” is. Behind the scenes, the Internet and other networks use numerical IP addresses (“Internet protocol” addresses). Google.com is located at the IP address 188.8.131.52 on the Internet. If you typed this number into your web browser’s address bar, you’d also end up at Google’s website.
We use google.com instead of 184.108.40.206 because addresses like google.com are more meaningful and easier for us to remember. DNS is often explained as being like a phone book – like a phone book, DNS matches human-readable names to numbers that machines can more easily understand.
Domain name system servers match domain names like google.com to their associated IP addresses — 220.127.116.11 in the case of google.com. When you type google.com into your web browser’s address bar, your computer contacts your current DNS server and asks what IP address is associated with google.com. Your computer then connects to the IP address and displays “google.com” in your web browser – the connection to 18.104.22.168 happens behind the scenes.
The DNS servers you use are likely provided by your Internet service provider (“ISP”). If you’re behind a router, your computer is likely using your router as your DNS server, but the router is likely forwarding requests to your Internet service provider’s DNS servers.
Computers cache DNS responses, so the DNS request doesn’t happen each time you connect to google.com. Once your computer has determined the IP address associated with a domain name, it will remember that for a period of time – this improves connection speed by skipping the DNS request phase. Your computer just needs to connect to Google, not its DNS server and then Google.
Some viruses and other malware programs change your default DNS server to a DNS server run by a malicious organization or scammer. This malicious DNS server can point popular websites to different IP addresses, which could be run by scammers.
For example, when you connect to facebook.com while using your Internet service provider’s legitimate DNS server, the DNS server will respond with the actual IP address of Facebook’s servers.
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your web browser’s address bar, but you may not actually be at the real facebook.com – behind the scenes, the malicious DNS server has pointed you to a different IP address.
To avoid this problem, ensure you’re running antivirus software. You should also watch for certificate error messages on encrypted (HTTPS) websites. For example, if you try to connect to your bank’s website and see an “invalid certificate” message, this could be a sign that you’re using a malicious DNS server that’s pointing you to a fake website, which is only pretending to be your bank.
Malware can also use your computer’s hosts file to override your DNS server and point certain domain names (websites) at other IP addresses.
Why You Might Want To Use Third-Party DNS Servers
As we’ve established above, you’re probably using your Internet service provider’s default DNS servers. However, you don’t have to – you can use DNS servers run by a third party instead of your default DNS servers. Two of the most popular third-party DNS servers are OpenDNS and Google Public DNS.
In some cases, these DNS servers may provide you with faster DNS resolves, speeding up your connection the first time you connect to a domain name. However, the actual speed differences you see will vary depending on how far you are from the third-party DNS servers and how fast your ISP’s DNS servers are. If your ISP’s DNS servers are fast and you’re located a long way from OpenDNS or Google DNS’s servers, you may see slower DNS resolves with a third-party DNS server.
OpenDNS also provides optional website filtering. For example, if you enable the filtering, accessing a pornographic website from your network could result in a “Blocked” page appearing instead of the pornographic website. Behind the scenes, OpenDNS has returned the IP address of a website with a “Blocked” messsage instead of the IP address of the pornographic website – this takes advantage of the way DNS works to block websites.