This article is part of my series on Digital Infrastructure

In the previous article from the series, we looked at the historical background of the Internet, what are IP and DNS technologies and the critical role that DNS plays in today's Internet, and sets the stage for today's topic. I suggest reading the previous article first if you haven't already.

New websites are launched every day and others stop existing overnight. Servers and IP addresses get repurposed. DNS being the address book that ties it together for the whole internet, how do we make sure the names and addresses are always up to date? Who is "we", i.e. who is in charge of setting up and making sure DNS works so that the rest of us can use our favorite apps and internet services?

In this article we will expand on the governance and power structures behind DNS, how do you get your own fancy domain like google.com or omarkama.li (the website you're currently on), the ways DNS is intimately tied to your network's performance. We will also touch on  geographic restrictions for video content, website takedowns and internet outages, all surprisingly related to the DNS technology.

A quick primer on DNS

DNS (Domain Name Service) is at the core a simple registry, keeping track of a specific kind of record (DNS records). These records are accessed by computers all around the world to contact other computers by their domain name, instead of their IP address, just like you use your phone's contact book to communicate with other people using their name instead of using their number directly.

Domain names, or domains for short, are words or short sentences that take a form similar to www.google.com. Originally used as a way for people to easily access computers instead of using IP addresses, DNS turned out to be quite a successful technology as time passed. It is nowadays also used to:

1. Speed up websites you access, by routing you to the nearest computer to you. In practice, this means that instead of a domain corresponding to a single computer, the DNS system has a list of them, and it picks which one you can connect to based on geographic proximity. Think of it like a contact who has a work and a personal number. Which one you will use depends on the context. [1]
2. Allow multiple computers to cooperate in order to serve a website. In this case, to handle a large amount of users, a website such as google.com or netflix.com could choose to run several computers to serve their users requests. Which specific computer you'll talk to will be determined by the DNS system. [2]
3. Reduce spam and scam emails, by providing a way for email providers to verify if an email comes indeed from the address it was sent from, rather than someone spoofing the provenance. [3]
4. Filter and restrict content. DNS can be used to implement content filtering and access controls. By blocking or redirecting requests for certain domain names or types of content, DNS can help enforce parental controls, workplace restrictions, or network-wide content filtering policies. Netflix is a famous user of this approach to segregate their catalog, and using different DNS settings is a common workaround. [4]
5. Disable internet access. While it doesn't happen as often nowadays, DNS can be used as a method for Internet Service Providers to disable your internet if you didn't pay your bills on time, or as a method for some governments to disable or restrict internet access. The internet pipes would still work in theory, but your computer doesn't know what any domain refers to, and as a practical result Internet doesn't work. [5]

And there's a lot more to it.

Ultimately, as a user of apps and the internet, there is a certain level of control you have over DNS as it is used by your computer, phone, TV or your home wifi. Surprisingly, most of the scenarios described above rely entirely on your cooperation and good will. We'll explore this in more detail further down. 

DNS in practice

We spoke about DNS, the technology, but we kept it as a quite abstract concept. In practice it is pretty simple, as like everything else on the Internet (as explained in the previous article) it is a communication between two computers.

The steps go as follows:

1. You open a website in your browser, say www.example.com
2. Your browser contacts another computer who acts as a DNS server, asking it "what's the IP address for www.example.com?". 
3. The DNS server, taking your location into information, replies to your browser "The IP address for www.example.com is 12.34.56.78"
4. Your browser proceeds to contact the computer located at the address 12.34.56.78, telling it "Hey I've been told you're in charge of www.example.com. Can you send me what you got?"
5. The computer at 12.34.56.78, let's call it the web server, upon receiving this request will produce a webpage and then send it to your browser.
6. You are able to read the website and interact with.

Keep in mind this does not happen only once when opening a website. In fact this could happen hundreds of time when opening a single website, for example when loading each image, or when an app checks if you have new notifications.

This process also happens when you use an app on your phone. In fact, near the absolute majority of every interaction an electronic device like a phone, computer, TV, smartwatch makes with the internet is involving at least one if not dozens of DNS exchanges such as the one I laid down above.

Now onto the critical question, how does your computer know which DNS server to communicate with? After all, your device needs an IP address to reach it, since domains cannot be used before we contact a DNS server (or does it? there's an exception to this I'll be talking about further below).

By default, the IP of the DNS server is provided by your network, either the wireless or wired connection you have to internet. It usually comes all the way down from the ISP you're subscribed to, unless the administrator of your network or the computer you're using has changed it. This is a common occurrence in corporate environments.

The other side of the coin is that you can also set it to whichever value you like, at least in your own devices. For example, your router probably allows you to set a custom DNS server, and doing so is likely to improve the performance of your internet in general. The faster and more reliable the DNS server is, the faster and more reliable websites will open up. You can also avoid several types of content filtering and blocks just by switching your DNS provider.

Alternative DNS providers

In addition to your ISP, which is the de-facto DNS provider until you touch anything, there are several options for you out there:

1. Quad9 at 9.9.9.9
2. Cloudflare at 1.1.1.1
3. Google at 8.8.8.8

These are all decent options from a performance perspective. Privacy-wise, the best option would be to have a personal DNS server, which you can achieve using something like Pi-Hole, which I personally use. [6]

How do you make use of this information? You can search for the name of your device and add to it "Change DNS settings" on your search engine of choice, for example "iPhone change DNS settings", or ask an AI chatbot. The specific instructions differ depending on the manufacturer and the device.

DNS for Website Owners

Let's say you own a photography business, and you would like to have an online presence beyond social media. While it is not mandatory, having a domain name gives you visibility, credibility, and looks nice on a business card. Let's say you went ahead and bought omarphotostudio.com from a Domain Registrar.

As a (future) website owner, there are two additional concepts you need to grasp to setup your domain so that your website appears when someone types your domain name in their browser.

1. DNS records, which represent entries in the contact book, matching a domain or a subdomain with an IP address (or some additional annotations)
2. NS (Name Server) records, which are special DNS records that tell the rest of the internet where DNS records are stored for your domain name.

DNS records

A DNS record is a piece of text that looks like the following.

It is structured as follows:

Host

The first part is called the host, and specifies which subdomain the record applies to. @ is a special value, which refers to the domain itself omarphotostudio.com.

Assuming you want to setup gallery.omarphotostudio.com, then the host section will contain gallery instead of @.

Type

The second part is the type of record we're creating. Records have a different behavior depending on the type.

The two most common types you'll be dealing with are A and CNAME records which behave comparably. Both allow you to say, I want gallery.omarphotostudio.com to point somewhere. A records point to an IP address, while CNAME records point to another domain or subdomain.

CNAME has the benefit of leveraging the DNS system of the other domain it's pointing to, so if your website host provides you with a subdomain for your website rather than an IP address, you can use a CNAME record and point it to that subdomain, and automatically benefit from your host's infrastructure, such as a CDN (Content Delivery Network). One limitation of CNAME records on some providers is that you can not set it with a value of @ for the host (i.e. on the naked domain).

Other common types are MX records (Mail eXchange), used to setup your email provider and TXT records, often used to prove you own the domain or to sign emails and prove they come from your actual email address.

Data

The third part is officially named Data, and its meaning depends on the type of record we're creating. In the case of an A record, that's the IP address, so an A record for omarphotostudio.com will look as follows:

A CNAME record for gallery.omarphotostudio.com will look like this (notice the mandatory dot added at the end):

NS records

Name Servers are the computers storing the original DNS records about your website. These are often offered to you by your domain registrar, or by your DNS service provider.

When you buy a domain, the company you bought it from sets it up with default NS records. Just like your residential internet, the default settings are not always optimal and you might want to use an alternative DNS provider. I personally tend to use Cloudflare, but there also great options out there.

So who owns DNS?

Like many other systems on the Internet, DNS is not controlled by a single entity, even though the public DNS providers I mentioned earlier tend to have a significant share of global usage. These is a concentration of power that gives these entities an outsized control over this vital system, as well as an overview of global internet activity as well as yours (although this is slowly improving). One way as an individual to counter this is to use a private DNS provider, but some might find this exercise effortful and overkill, 

For website owners, NS providers (the hosts for your DNS records) tend to have a similar concentration, mostly around cloud giants such as Amazon, Google, Microsoft and Cloudflare. In B2B settings, going with a tested and tried provider has significant advantages, but this concentration of power can also represent a business risk, and depending on your website's business model you might want to go with a less notorious provider.

Is DNS only for the Internet?

Great question! DNS can work on any network, and is in fact often used inside enterprise and corporate networks to provide employees with access to internal apps and computer systems. While you might be interested to run it on your personal network (and you can!), consider two alternative approaches first that are simpler to use:

• using the hosts file to map any domain to any IP address from your computer. This is commonly used by developers or to block ads and intrusive software at your computer's level, regardless of which browser or application you use. [7]
• using the target computer name as a domain name, which is how things worked for a long time until networks started growing and we needed to organize all these computers coming up online. [8]
  

In conclusion

DNS is one of those vital technologies we barely hear about, that is until something goes wrong. Yet we interact with it on a daily basis and rely on it to carry out our regular activities, be it working on that report, listening to a new music album, watching a movie or researching travel destinations. Learning about its basics can help one improve the quality of our network and internet, and our computer experience in general. 

In a future article we will try to build a better understanding of ping, latency (a.k.a. why is my game so laggy?), and packet loss to get a more intuitive understanding of the factors that affect our connection quality itself. We will dive deeper into CDNs (Content Delivery Networks), which is a technology that works closely with DNS to ensure an optimal transfer of information, data and videos on the internet.

Make sure to subscribe to my monthly newsletter to be informed when new articles are released, and feel free to contact me with suggestions, feedback, or topics you'd like me to talk about.

-

[1]: https://ns1.com/resources/how-geographic-routing-works

[2]: https://www.cloudflare.com/en-gb/learning/performance/what-is-dns-load-balancing/

[3]: https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/

[4]: https://flashstart.com/dns-geo-blocking-an-online-security-instrument-from-the-commercial-sector/

[5]: https://www.accessnow.org/wp-content/uploads/2022/06/A-taxonomy-of-internet-shutdowns-the-technologies-behind-network-interference.pdf (page 15)

[6]: https://pi-hole.net/

[7]: https://www.howtogeek.com/27350/beginner-geek-how-to-edit-your-hosts-file/

[8]: https://www.ionos.com/digitalguide/hosting/technical-matters/hostname