How Domains Work

Each web site (and everything else on the internet) is on a computer (sometimes called a server) which has one or more IP addresses associated with it. IP stands for Internet Protocol and is a way of identifying a particular computer on any network that uses that protocol. The protocol has the name it does because it is the protocol used by the Internet (which is the biggest network of computers that there is).

The IP address is usually represented as four numbers with dots between them (eg. but there are several other ways in which the number can be represented such as using two hexadecimal characters for each of the numbers and getting rid of the dots (eg. C0A50111) or even as just a number without dots (eg. 3232235793). It doesn't really matter which form the IP address is shown in since whichever form is used it will be hard to remember. Also moving a site from one computer to another will result in its IP address changing.

To resolve the problem of IP addresses being hard to remember, domain names were created. Each domain name merely serves as an easy to remember name that a computer somewhere will translate into the IP address of the computer where that site can be found. The lookup is usually done via what is known as a Domain Name Server (DNS) and if the first DNS your request goes to doesn't know where to find the site it passes it along to another DNS and so on until one that does know where to find the site is found.

Your ISP will supply you with the IP addresses of their DNS that you normally include in your computer configuration when you set up your internet access. That gives your computer somewhere to start looking when it needs to locate a particular domain name. You don't have to use the DNS that your ISP provides, there are a number of other DNS services that anyone can use as the starting point for domain lookups.

When a web site is first set up or is moved the site owner notifies their domain registrar of where the site can now be found. The various DNS around the world are updated at intervals varying from every few hours (for a few), every day or two (for most) and every few weeks (for a few). How long it would be between the site being moved and your seeing it at its new location will depend on how quickly the DNS that your search passes through are updated with the new information.

There are a couple of other things regarding these lookups that you need to know about, both security related.

What is known as a pharming attack is where someone manages to convince one of the DNS that a particular web site is located on a different IP address than where it is really located. A fake version of the site is set up on that different IP address that looks exactly like the real site but which captures certain information from visitors before forwarding them back to the real site. There isn't anything individuals can do with regard to pharming attacks, the security features needed to prevent them are the responsibility of the owner of each DNS.

The other place where domain names can be translated into IP addresses is via the hosts file that exists on all computers running Windows. This file serves a couple of legitimate purposes.

It can contain the domain to IP conversion information for your most frequently visited sites so as to allow you to access them directly without needing to do a DSN lookup at all (except that if the site is moved you'd have to change the entry).

For those with their own site who are in the process of moving it from one location to another they can use an entry in the hosts file to point their domain specifically to their old or new hosting as needed to test and check stats independently of the change propagating to the various DNS.

It can be used to completely block the computer from accessing specific domains at all by pointing those domains at the IP address

Unfortunately if some malware on your computer gets access to the hosts file it can create its own entries to point various domains to fake copies of the sites with the same end result as pharming except that it only affects your computer rather than everyone who goes through a particular DNS. This gives you another reason for keeping the security software on your computer up to date.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow