Domain names are a foundational service of the Internet, and are controlled by a protocol called Domain Name System, or DNS. While the details are complicated, DNS ultimately serves a straightforward purpose: it helps route traffic on the internet using human-friendly names.
Everything connected to the internet, from smartphones and fitness trackers to enterprise-level email servers, has a unique identifying address called an IP address. Every activity on the internet, from checking email to web browsing to posting to Instagram is a means of connecting a request from one IP address to its destination IP address.
IP addresses aren’t especially user-friendly. In much the same way that the standard smartphone will connect a contact like “Mom” or “Pizza Parlor” to its corresponding phone number, DNS works by connecting a domain name like “Google.com” to the corresponding IP address, which in Google’s case is 22.214.171.124.
When a domain name is entered by a user, they’re connected to a DNS server, which functions as a switchboard of sorts by looking up the IP address associated with the domain name. Several companies provide public DNS servers, including Google and Cloudflare, and most major ISPs provide and maintain them as well.
A single domain name can point to different IP addresses depending on the user’s destination within a digital ecosystem. To use Google as an example again, any traffic to their main search page is routed to one IP address, traffic to Gmail would point to another, as would Google Docs, Google translate, and so on.
This might sound complicated, but it’s pretty seamless. For most of us, there’s no real perceivable difference between a domain name and the server it connects to. It just works. Unfortunately, this seamlessness creates a golden opportunity for hackers, who can use a wide variety of techniques to redirect us to other sites, capture credentials, and spread malware.
“That moment when a name is matched to a number is where hackers can intervene,” says CyberScout founder Adam Levin. “There are a number of ways it can happen... when your page request doesn't go to the site you asked for, or it takes a detour through a hacker's computer before it gets there. And the problem here is that there's no obvious way to tell that it's happening.”
In short: in making the internet easier to use and more accessible, DNS has also opened the door to a multitude of potential hacks.