Did you know that you could be logged in to facebook.com – and see facebook.com in your browser’s address bar – while not actually being logged in to the real Facebook website? To understand why, you’ll need to know a bit about DNS.
DNS stands for “Domain Name System”. DNS servers translate web addresses (like www.howtogeek.com) to their IP addresses (like 126.96.36.199) so that users don’t have to remember number strings for every website they want to visit.The Domain Name System (DNS) underpins the web that we use every day. It works transparently in the background, converting human readable website names to computer readable digital IP addresses. DNS does this by finding this information on a system of linked DNS servers on the Internet. However, different DNS servers can behave differently in terms of speed and security. So let’s take a look at how DNS works and what you can do to make sure it works the best for you.
Domain names and IP addresses
Domain names are the human-readable website addresses that we use on a daily basis. For example, Google’s domain name is google.com. If you want to visit Google, all you need to do is enter google.com in the address bar of your web browser.
However, your computer does not understand where “google.com” is located. Behind the scenes, the Internet and other networks use digital IP addresses. One of the IP addresses used by Google.com is 188.8.131.52. If you enter this number in the address bar of your web browser, you will also end up on the Google website.
We are using google.com instead of 184.108.40.206 because addresses like google.com are more meaningful and easier to remember. IP addresses are also known to change, but DNS servers are tracking this new information. DNS is often explained as being like a phone book, where you look up someone’s name and the phone book gives you their phone number. Like a phone book, DNS matches human readable names to numbers that machines can more easily understand.
DNS servers match domain names to their associated IP addresses. When you type a domain name into your browser, your computer contacts your current DNS server and asks which IP address is associated with the domain name. Your computer then connects to the IP address and retrieves the correct web page for you.
The DNS servers you use are likely provided by your Internet service provider (ISP). If you are behind a router, your computer might be using the router itself as a DNS server, but the router forwards requests to your ISP’s DNS servers.
Computers cache DNS responses locally, so the DNS query does not happen every time you connect to a particular domain name that you have visited before. Once your computer determines the IP address associated with a domain name, it will remember it for a while, which improves connection speed by skipping the DNS query phase.
Certain viruses and other malware can change your default DNS server to a DNS server run by a malicious organization or a scammer. This malicious DNS server can then point popular websites to different IP addresses, which could be executed by crooks.
For example, when you log into facebook.com while using your ISP’s legitimate DNS server, the DNS server will respond with the real IP address of Facebook’s servers.
However, if your computer or network points to a malicious DNS server configured by a rogue, the malicious DNS server may respond with an entirely different IP address. This way, you might see “facebook.com” in your browser’s address bar, but you might not actually be on the real facebook.com. Behind the scenes, the malicious DNS server gave you a different IP address.
To avoid this problem, make sure that you are running good antivirus and anti-malware applications. You should also watch for certificate error messages on encrypted (HTTPS) websites. For example, if you try to log into your bank’s website and see an “invalid certificate” message, it could be a sign that you are using a malicious DNS server pointing you to a fake website, which claims only be your bank.
Malware can also use your computer’s hosts file to override your DNS server and point certain domain names (websites) to other IP addresses. For this reason, Windows 10 by default prevents users from pointing facebook.com and other popular domain names to different IP addresses.
Why you might want to use third-party DNS servers
As we established above, you are probably using your ISP’s default DNS servers. However, you don’t have to. Instead, you can use DNS servers managed by a third party. Two of the most popular third-party DNS servers are OpenDNS and Google Public DNS.
In some cases, these DNS servers can provide you with faster DNS resolutions, thereby speeding up your connection the first time you connect to a domain name. However, the actual speed differences you see will vary depending on how far you are from third-party DNS servers and how fast your ISP’s DNS servers are. If your ISP’s DNS servers are fast and you are located far away from OpenDNS or Google DNS servers, you may see slower DNS resolutions than when using your ISP’s DNS server.
OpenDNS also provides optional website filtering. For example, if you enable filtering, accessing a pornographic website from your network may result in a “Blocked” page appearing instead of the pornographic website. Behind the scenes, OpenDNS returned a website’s IP address with a “Blocked” message instead of the pornographic website’s IP address – this takes advantage of the way DNS works to block websites.
For more information on using Google Public DNS or OpenDNS, learn how to speed up your web browsing with Google Public DNS, easily add OpenDNS to your router, and keep your kids safe online using OpenDNS.