DNS

What is DNS and how
does it work?

What does DNS mean?

DNS stands for Domain Name System. This system uses designated authoritative nameservers to map domain names to numerical IP addresses. Often referred to as the phone book for the internet, DNS contains a record of the 1) domain name 2) the associated numerical IP address (canonical name) for each domain name, and 3) the location of the server where the website associated with the domain name is hosted. Users access DNS every time they type a domain name or URL into their browser—it’s how you find sites.

There are definitive or root DNS “phone books” for the entire internet, but keeping those records in a single place, where every query would be resolved at the root would cause the internet to slow down dramatically. In the early days of the internet, this was called a “brown out” event. That’s why years ago DNS went from meaning one phone book in one place, to now meaning a networked way-finding system of distributed “phone books” with accurate records, caching and closer proximity to users.

How does DNS work? 

Since computers use numbers instead of words to communicate, DNS acts as a sort of phone book, translating the human-readable domain you enter in your web browser (www.digicert.com) into a computer-readable Internet Protocol (IP) address (216.168.246.55).‍

By default a domain name is added to the root DNS record, but that doesn’t automatically make a website or a server easy to find or findable in a timely manner. Without a managed DNS product, a website query in Brooklyn could travel around the world pinging DNS servers looking for the domain record only to find that the server for that query was hosted next door in Queens—but most users trying to find your site won’t wait for that global journey to be resolved. DNS works by making your domains or services more accessible to your users and constituents faster.

What is a DNS server?

DNS servers, or nameservers, are the machines that respond to DNS queries. DNS servers cache, or store, DNS records to conduct faster lookups. When a user types a domain name into their browser, that query—the request to find where the site associated with the web address is hosted and then directing the browser to that server—happens because of DNS. It happens faster and with greater accuracy when the website owner uses an optimized and managed DNS service, rather than relying on the default DNS system for every domain name on the internet.

What are the types of DNS servers?

When a DNS query is run without caching, four DNS servers work together to deliver an IP address to the client:

  • Recursive resolver: For most internet users, DNS recursive resolvers are provided by the internet service provider (ISP). Also known as DNS recursors, they act as a go-between for a web client and nameserver. The first stop in a DNS query, recursive resolvers respond to queries first with cached data when possible. If no cached data is available, the recursor will send a request to a root nameserver, then to a TLD nameserver, and finally to an authoritative nameserver. Once the recursor has received a response containing the IP address, it will send the response to the client.
  • Root server: DNS root zones sit at the top of the DNA administration hierarchy. The DNS nameservers operating within the root zone are called root servers. These servers can answer queries for any records stored or cached within the root zone or, when no cached records are available, refer requests to the appropriate TLD server.
  • TLD server: These nameservers are located one level beneath root servers on the DNS hierarchy. The information for all domain names sharing a common domain extension (.com, .net, .org, etc.) is maintained by a TLD nameserver.
  • Authoritative server: Typically the last stop in the search for an IP address, authoritative nameservers sit at the bottom of the DNS hierarchy. Each authoritative nameserver serves a specific domain name (e.g. digicert.com). If the DNS resolver can’t locate an IP address in cache or from a root or TLD server, it will send a request to the authoritative server, which will return the IP address if found in the DNS A record. If the domain has an alias (CNAME record), an alias domain will be provided. When this happens, the recursive resolver must perform a new DNS lookup to retry retrieving the record from an authoritative nameserver.

What are DNS A records and CNAME records?

The “A” in “DNS A” stands for address. This record indicates the IP address of a given domain name.

“CNAME” stands for “canonical name.” When a domain or subdomain is an alias of another domain, this record is used in place of an A record. CNAME records always point to a domain instead of an IP address.

Here's an example of how these two records differ: When you type “google.com” into your address bar, your recursive DNS server will return an A record after retrieving the IP address from the root nameserver. But if you type “passwords.google.com” into the address bar, the first record returned will be the A record for google.com, followed by another request to an authoritative nameserver for the A record of passwords.google.com. 

What does private DNS mean?

Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS) encrypt DNS queries before sending them out. DNS that follows these protocols is referred to as DoH (DNS over HTTPS) and DoT (DNS over TLS). 

DoH and DoT are considered private DNS because they encrypt communications between your network and the DNS server, preventing third parties from intercepting the data.

What is my IP address?

How to find your public IP address

Your router assigns every device connected to your local network an identifying number. This number is a local IP address.

The public IP address assigned by your ISP is the primary address used by your network to connect to the internet. You can find your public IP address by typing “what is my IP address,” “how to find my IP address” or “my IP address” into a search engine.

You can also find it by with online IP address lookup tools like www.whatismyipaddress.com. Tools like the Neustar IP lookup will provide your IP address and can also be used to determine the geolocation of any public IP. 

How to find your private IP address

Finding your private IP on Windows

Follow these steps to find your private IP address on Windows 10 and 11:

  1. Press the Windows + R keys on your keyboard to open Run
  2. Type cmd
  3. Click Okay 
  4. Type this command into the command prompt line: ipconfig/all
  5. Press Enter
  6. The command window will display your IPv4 and IPv6 addresses

You can also find your IP by clicking the internet icon in the taskbar, then selecting Network & Internet Settings. Follow these steps:

  • Click Properties
  • Scroll down to view or copy your IPv4 or IPv6 addresses in the properties section
  • Press Enter
  • On the list of network adapters, locate the section titled “Ethernet adapter Ethernet” or “Wireless LAN adapter Wi-Fi”
  • Your IP address will display beside “IPv4 address”

Finding your private IP on Mac

Follow these steps to find your private IP address on Mac:

  • Click the Apple menu and select System Preferences
  • Select the Network icon
  • Select the network connection (Ethernet or Wi-Fi) from the column on the left, depending on the device’s connection.

    1. If connected via ethernet, the IP address will be displayed.
    2. If connected via Wi-Fi, click the Advanced button to display more options. You’ll find the IP address under the TCP/IP tab.

Finding your private IP using the MacOS Terminal

Follow these steps to find your IP address on Mac using Command Prompt:

  1. Start the MacOS Terminal app
  2. The system will return the IP address when you enter one of the following commands:

    • For a wired ethernet connection: ipconfig getifaddr en1
    • For a wireless connection: ipconfig getifaddr en0
    • For the Mac Terminal’s public IP: curl ifconfig.me