Featured image of post How Do Domain Names Work?
Network

How Do Domain Names Work?

The basics on how IP addresses and domain names work

If you’re familiar with the IP address leak memes, you may know that people can find out “where you are” on the internet with one. Luckily, as long as you have a reputable router, routers are configured by default to not expose your entire internal network to the outside world, so the damage someone could do with it is limited. But did you know that under the hood, IP addresses are how you access all the websites you normally do on the internet? This is where domain names and DNS servers come into play.

This article will only go over the very basics, meant to be a companion to an article about blocking social media Big Tech domains that I will be putting out as soon as I can.

IP Addresses

Before we get into domain names, we should first go back and talk about IP addresses. They’re really just a set of numbers that identify a computer in a network, whether that’s the wider internet or your local network. It’s analogous to a real address – if I don’t know your IP address, I wouldn’t know where you are on the internet. But if you gave me your IP address and you ran a website off your computer, forwarding that port to your router, I could access it from my home just by putting in your IP address (assuming your ISP didn’t put you behind CGNAT but that’s another rabbit hole lol).

Now think of any website you normally visit as that computer (because they do run off of computers at the end of the day) – logically, I would also need that IP address to access it in the same way. But it would be a pain in the ass to keep track of every single IP address… imagine needing a thick yellow pages book just to figure out how to get to Google!

Domain Names

This is where domain names come in: domain names are just human-readable representations of IP addresses. You can see this mapping with the nslookup utility in Windows, dscacheutil on macOS, or dig on Linux. For example, if you run nslookup google.com, it will return something like this:

running nslookup google.com and getting IP addresses

(And yes, assuming they still use that IP address, you can access Google by typing that IP address in your browser.)

DNS Servers

How does your computer know the IP addresses when you type in a domain name? Under the hood, your computer contacts a DNS (Domain Name System) server to get that IP address… they basically are the yellow pages of the internet lol.

Normally, your ISP automatically assigns your router to a DNS server, usually one they maintain, so this all happens seamlessly without you even knowing it. Then, your computer will automatically get that DNS server from the router and use that to resolve domain names.

That said, the DNS server of every ISP I’ve had has tended to be somewhat unreliable. You can override this both at the router level as well as the individual device level to point to any other DNS server, and there are many other alternatives out there that are usually more reliable – big companies like Google and Cloudflare have their own that have much better reliability, for example. Here’s how I currently have my router’s DNS servers configured:

my current router DNS settings; you can usually find these under Internet settings or WAN settings

The first 2 DNS servers are Quad9, a DNS service with a focus on security and privacy by filtering out malicious websites (and also avoiding commercialization of your data via DNS requests). The third is Cloudflare, which is fast and reliable and really only there in case Quad9 is down.

Wait, Filtering Out Websites?

Yes, that’s doable through DNS! Going back to the yellow pages analogy, if you had a yellow pages book and the contact you were trying to find isn’t in the book or has the wrong contact info, you simply wouldn’t be able to reach that person. It’s the same case with DNS servers – they can filter out malicious domains by not providing IP addresses for them or redirecting them to safe sites. (On the opposite side of the coin, a malicious DNS server could redirect safe sites to malicious ones, so only use DNS servers that you trust!)

If there are other domains you want to block beyond those a DNS server does, you can always directly set hostname IPs on your computer or set up your own DNS server that does additional filtering, forwarding any other requests to an upstream DNS server. I will go into that in more detail on that future article.

And that’s all there is to it! Feel free to DM me if you have questions about this or other techy things :3

© 2025 Zeb's Tech Tips
Corrections/improvements? DM me on bsky or submit a fix to the git repo! (article on that TBD)
Built with Hugo
Theme Stack designed by Jimmy