What Is DNS? The Internet's Address Book, Explained
Every website visit starts with a lookup you never see. A beginner friendly guide to how DNS turns a name like holyghost.sh into an address, and why it matters for security.
Think about how you actually reach a friend on the phone. You do not memorise their phone number any more. You remember their name, tap it in your contacts, and the phone quietly looks up the number and dials it for you. The name is for you, the number is for the machine, and a hidden lookup bridges the two. The internet works in almost exactly the same way, and the system that plays the role of your contacts list is called DNS.
You type a name, and a website appears. In between those two moments, a quiet system does the unglamorous work of turning that human friendly name into a number a computer can actually connect to. That system is DNS, short for the Domain Name System, and understanding it explains a surprising amount about how the internet runs and, just as usefully, how a whole family of attacks work. It is one of those foundations that, once it clicks, makes many other topics fall into place.
The problem DNS solves
Computers reach each other using IP addresses, which are numbers like 216.198.79.1. People, on the other hand, are hopeless at remembering long strings of numbers but wonderfully good at remembering names. There is a genuine mismatch here: the thing that is easy for us is useless to the machine, and the thing the machine needs is a nightmare for us to recall.
DNS is the translator that sits in the middle of that mismatch. Give it a name, and it hands you back the address.
holyghost.sh -> DNS lookup -> 216.198.79.1Think of it as the internet's address book. You know the name, DNS finds the number, and your browser connects to the number. You get to keep using friendly names, and the machines get the numbers they need, with DNS doing the tedious translation every single time so you never have to. If addresses and connections still feel unfamiliar, networking basics covers them from scratch.
How a lookup actually works
Here is the part that surprises most people: no single machine anywhere holds a complete list of every name on the internet. There are far too many names, and they change far too often, for that to be practical. Instead, DNS is a chain of helpers, each one knowing just enough to hand you along to the next, until finally someone has the exact answer you need.
1. Your device asks a RESOLVER (usually run by your ISP or a service like 1.1.1.1).
2. The resolver asks a ROOT server: "who handles .sh names?"
3. It then asks that TLD server: "who handles holyghost.sh?"
4. It asks that AUTHORITATIVE server: "what is the address for holyghost.sh?"
5. The answer comes back, and the resolver hands it to your device.Let us make sense of the cast of characters, because the names sound more intimidating than the idea behind them.
- A resolver is the helper your device talks to directly. It does the legwork of asking around on your behalf. Often it is run by your internet provider, though many people choose a public one such as
1.1.1.1or8.8.8.8. - A root server is like the front desk of the internet's address book. It does not know individual sites, but it knows who is in charge of each ending, such as
.sh,.com, or.org. - A TLD server, where TLD means Top Level Domain, handles one of those endings. The
.shserver knows which name server is responsible forholyghost.sh, even though it does not know the final address itself. - An authoritative server is the one that holds the real, official answer for a specific domain. When it speaks, that is the definitive record.
A helpful way to picture the whole thing is asking for directions in an unfamiliar town. You stop someone at the entrance who says "the address book people are down that way." They point you to the district office, which points you to the specific street's caretaker, who finally tells you the exact house number. Nobody knew the full answer alone, but each pointed you one step closer.
To avoid repeating this whole journey every single time, answers are cached, which simply means remembered for a while. Each record carries a time to live, usually shortened to TTL, that says how long the answer may be kept before it must be looked up fresh. This is exactly why a DNS change, such as moving a website to a new server, can take a while to appear everywhere: the old answers are still sitting in caches around the world until their TTL runs out and they expire.
Common record types
DNS holds more than just addresses. An A record maps a name to an IPv4 address, AAAA maps it to an IPv6 address, CNAME points one name at another name, MX says where email for a domain should be delivered, TXT holds free form text used for verification and policies, and NS lists the authoritative name servers for a domain. When people talk about editing their DNS, they usually mean adding or changing records like these.
Look up a name yourself
DNS is easy to poke at directly. On most systems you can run nslookup holyghost.sh or dig holyghost.sh in a terminal and watch the address come back. Trying it on a few names you know is one of the quickest ways to turn the diagram above into something concrete, because you can see the actual answers the chain produces.
Why DNS matters for security
DNS was designed decades ago, in a far more trusting era of the internet, and that history quietly shows. The system was built to be helpful and fast, not suspicious, and several of its weak points follow directly from that original mindset.
- It is usually unencrypted. By default your lookups travel across the network in the clear, which means anyone positioned on the path can see which sites you are visiting, even if the sites themselves use HTTPS. Encrypted DNS fixes this by wrapping the lookups in protection. The two common flavours are DNS over HTTPS, written DoH, and DNS over TLS, written DoT. Both hide the contents of your lookups from onlookers.
- It can be lied to. In an attack called DNS spoofing, or cache poisoning, an attacker feeds a resolver a false answer. The victim asks for a legitimate name, receives a malicious address in return, and gets sent to an attacker's server while the name in the address bar still looks perfectly correct. This is nasty precisely because nothing looks wrong on the surface. A defence called DNSSEC adds digital signatures to DNS answers so that a resolver can verify an answer is genuine and has not been forged.
- A local resolver can override the public answer. On a home or office network, the DNS server you are told to use gets to decide what names resolve to for you. If that resolver is misconfigured, or has been compromised, it can quietly point you to the wrong place even for a name that is perfectly healthy on the public internet. Whoever controls the resolver controls what names mean to you.
A correct name is not proof of a safe site
It is tempting to assume that if the name in the address bar is right, you must be in the right place. DNS spoofing breaks that assumption: the name can be genuine while the address behind it has been swapped. This is one of the reasons the encryption step in how HTTPS works matters so much, because a valid certificate ties the site to its name and helps expose an imposter that DNS alone would let through.
A real world gotcha
If a website works on mobile data but not on your home WiFi, DNS is a prime suspect. Your network's own resolver may simply be answering differently from the public internet. Testing a name against a known public resolver, for example nslookup example.com 1.1.1.1, is a quick way to tell whether the problem is the website itself or something specific to your network's DNS.
Where DNS sits in the bigger picture
It is worth stepping back to see how central this all is. Every time you load a page, DNS runs first, before any connection is even attempted. That makes it the opening move of nearly every online action, described step by step in how the web works. Because it runs so early and so quietly, DNS is both a foundation you rely on constantly and a tempting target, since fooling the very first step of a request means everything after it can be steered wherever the attacker likes.
The takeaway
DNS is the address book that turns friendly names into IP addresses through a chain of resolvers, root servers, TLD servers, and authoritative servers, with caching and TTLs keeping the whole thing fast. It is genuinely foundational, running before almost everything else you do online. And because it was built in a trusting age, it is also a real security concern: prefer encrypted DNS such as DoH or DoT, remember that answers can be spoofed unless DNSSEC is protecting them, and keep in mind that your local network's resolver always has the final say on what a name means to you. Get comfortable with this quiet first step and a great deal of the rest of the internet, and its attacks, will make far more sense.