What is DNS?
The Domain Name System (DNS) is an Internet protocol that enables a browser and operating system to look up the IP addresses that correspond to domain names. IP addresses and domain names are each a type of identifier for devices on the Internet. IP addresses are numerical (like 203.0.113.43), while domain names are human-readable (like “brave.com”). DNS is not a website, and you don’t need to interact with it directly when you’re using the Internet. Your browser and operating system handle it automatically.
Why is DNS necessary?
For one device to communicate with another over a network like the Internet, it needs the other device’s IP address. IP addresses are the only type of identifier that network infrastructure understands. However, people can’t easily remember IP addresses.
DNS is the solution. It allows people to use domain names instead, while their devices use DNS to look up the corresponding IP addresses.
The functionality of DNS is analogous to the contact list on your phone. You need someone’s phone number to call or text them, but phone numbers are hard to memorize. The contact list lets you store names and phone numbers together, and look up a name to find that person’s number.
How does DNS work?
When you visit a URL like brave.com in your Web browser, your browser must first look up “brave.com” in DNS to get the domain’s IP address. Then, the browser can contact the server at that IP address, asking it to send back the content of Brave’s website.
To do DNS lookups, your device must have the IP addresses of one or more DNS servers. When you connect your device to a network (like your home Internet, or public Wi-Fi) the network usually tells your device a DNS server’s address automatically. You can also manually specify which DNS servers your device uses, although you shouldn’t need to do so.
There’s no single entity in charge of maintaining DNS. Lots of different companies operate DNS servers, including ISPs, domain registrars (the companies that you can buy domain names from), and some large tech companies like Google.
What types of DNS records are there?
DNS holds a collection of “records,” each of which contains some information about a domain name. There are several different types of records.
- “A” records hold one or more IPv4 addresses that correspond to a domain name. If there are multiple IP addresses, any of them can be used. Putting multiple IP addresses in an A record is a common technique for “load balancing,” which spreads the work of hosting a website evenly across several different servers.
- “AAAA” records are like A records, but for IPv6 addresses instead of IPv4.
- “CNAME” records hold a domain name that corresponds to another domain name. For example, if a browser looks up “example.com”, it may get back a CNAME record that says “example.com maps to example.net”. In this case, it would then look up “example.net”. However, you would still see “example.com” in your browser’s address bar.
- “MX” records are for email. When you send an email, your email provider will look up the MX record for the domain that comes after the “@” in the destination email address. The MX record contains the IP address where email to that domain should be delivered.
There are lots of other record types, but the four listed above are the most common.
The DNS server your device uses can see which domain names your device is looking up, which gives it a lot of information about which websites you’re visiting. This can be a privacy concern if you don’t trust whoever is operating the DNS server, which is often your ISP. To mitigate this problem, you can configure your device to use an alternate DNS server, although you’d need to find a DNS provider you trust.
Another problem is that most DNS lookups are not encrypted, which means that if you’re on an unencrypted Wi-Fi network, anyone else on the network can see which domain names your device is looking up. One partial solution is called “DNS over HTTPS,” which uses encryption to protect DNS traffic. Most major browsers support it, including Brave, which calls the feature “secure DNS.” You can enable it in Brave’s settings. However, note that this will only protect DNS lookups that result from your Web browsing; DNS lookups from apps other than your browser may still be unencrypted.
Ready for a better Internet?
Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.Download Brave