UK DNS Privacy Project
  1. Home
  2. Documentation
  3. How it works

Overview ​

The Domain Name System (DNS) is often referred to as the internet's phonebook. When you type a website address (like example.com) into your browser, DNS translates that human-readable address into an IP address (like 192.0.2.1) that computers use to locate and connect to each other. Without DNS, navigating the internet would require memorising long strings of numbers for every website you wish to visit.

How DNS Resolution Works ​

When you enter a URL into your browser, a process called DNS resolution begins:

  1. Your device sends a query to a DNS resolver, asking for the IP address associated with the domain name.
  2. The resolver checks its cache to see if it already knows the IP address. If not, it queries other DNS servers.
  3. The resolver contacts a root DNS server, which directs it to the appropriate top-level domain (TLD) server (e.g., .com, .uk).
  4. The TLD server directs the resolver to the authoritative server for the domain.
  5. This authoritive server provides the resolver with the final IP address.
  6. The resolver sends the IP address back to your device, enabling you to connect to the website.

This process happens in milliseconds, ensuring seamless browsing experiences.

How DNS Is Used ​

DNS is foundational to nearly every internet activity. It enables you to:

  • Visit websites by typing domain names rather than IP addresses.
  • Send emails by mapping domain names to mail servers.
  • Use online services like streaming and gaming, which rely on DNS for server connections.

However, traditional DNS queries are sent in plaintext, which means they can be intercepted, monitored, or manipulated by attackers or internet service providers (ISPs). This lack of privacy and security in DNS has led to the development of more secure alternatives.

Types of DNS and Their Ports ​

DNS operates over different protocols and ports, each serving specific purposes:

  • Port 53 (Traditional DNS): The default and most widely used DNS protocol. It operates over both UDP (for simple queries) and TCP (for larger responses or specific tasks). However, traditional DNS lacks encryption, making it vulnerable to eavesdropping and tampering.
  • DNS over HTTPS (DoH): This protocol encrypts DNS queries using HTTPS, ensuring that they are secure and cannot be easily intercepted. DoH runs over port 443, the same port used for standard HTTPS web traffic. A deeper dive into DoH is available on its dedicated page.
  • DNS over TLS (DoT): DoT encrypts DNS queries using the Transport Layer Security (TLS) protocol, providing privacy and security. DoT operates over port 853. Like DoH, it ensures that DNS queries remain private. Further details about DoT are covered on its own page.

When exploring DNS, it’s important to consider:

  • Caching: Many DNS resolvers cache responses to improve speed and reduce load on authoritative servers. While beneficial, this can occasionally lead to outdated information being served.
  • DNS Security Extensions (DNSSEC): DNSSEC adds a layer of security by ensuring that DNS responses are authentic and have not been tampered with. However, it does not encrypt the queries themselves.
  • Privacy Concerns: Traditional DNS allows third parties to monitor which websites you visit. Secure alternatives like DoH and DoT address this by encrypting queries.
  • Performance: The choice of DNS resolver can affect browsing speed.

For more detailed information about specific DNS protocols, continue to the pages on DNS over HTTPS (DoH) and DNS over TLS (DoT).

Give us Feedback Support Our Project
Share Share Share Share
Cookies? Nope, we don’t use them — so there’s nothing to accept!