The websites we visit are scattered across a vast, messy web of underground cables, racks of metallic boxes, and a myriad of routers that we’ve come to call the internet. So when you punch in an address and hit enter, how does your browser know where to look?
The answer is a system that’s been around since the days that the internet was so small and so compact, it could all be mapped in a single text file. It’s called the Domain Name System (or DNS for short), and although it has kept up with the internet’s evolving role for decades, it has also crumbled more frequently than ever in recent years — and taken down some of the web’s biggest sites along with it.
That increasing frequency has led many to call for a better system — but replacing the very foundations of the worldwide web is no easy undertaking.
The ABCs of DNS
The DNS is one of the internet’s most vital cogs. It acts as the internet’s phonebook. Not the thick, physical kind but more akin to the digital one on your phone.
The DNS’s job is to translate a website name into its computer-friendly address.
You see, electronic devices like your computer or your modem router don’t understand the language we speak. They talk in numbers. So when you type in a domain name like “digitaltrends.com,” the browser doesn’t quite know what it means. It needs that website’s unique identification number — its physical address (126.96.36.199 for We) to navigate through the maze of servers and routers, then trace the website’s location and bring it up on your screen.
In other words, the DNS’s job is to translate a website name into its computer-friendly address — similar to how your phone’s contacts app lets you access a mobile number or an address by simply entering a person’s name. Except unlike your phone’s contacts app, the internet’s phonebook has nearly 2 billion entries of websites (and counting).
So every time you enter a URL in the address bar, your browser first calls the DNS and requests it to fetch the website’s number. Once the DNS returns that information, the browser can find and connect to the website’s server.
This all happens in the blink of an eye, and browsers are able to cut back further on how long the DNS process takes by caching the IDs of the websites you visit often.
Without the DNS, your browser would be lost in the dark without a flashlight. It’s essential for pretty much anything that involves a web address, which covers most of your internet activities, from sending someone a text to processing a digital payment. In the span of a single a day, hundreds of billions of DNS pings are exchanged — a trillion in the case of Comcast.
Where the modern DNS went wrong
The DNS has been around since the 1970s, when the internet was restricted to the walls of a few universities. Unlike today’s global, decentralized system, it was just a text file with a list of all the connected computers’ numerical addresses — and it was maintained by a single woman named Elizabeth Feinler.
But DNS has unquestionably evolved far beyond what its original makers envisioned. And as a result of this forced evolution, cracks have begun to appear in its architecture.
The bigger concern is the consolidation in the DNS market.
In July 2021, several banking pages and services like Airbnb, Amazon, and others went offline for over an hour due to a DNS bug. A similar issue disrupted a large chunk of the internet in 2020. In fact, such outages are so common that the phrase “it’s always DNS,” which pokes fun at how the DNS is usually responsible for a network snag, has become a popular joke among technologists.
The reason DNS is involved with so many internet outages, according to Dan York, the director of online content at the Internet Society, is simply because “it operates at a huge scale beyond that of any other service.” There are dozens of moving parts, and since it all works like some high-speed relay race, even when one of them malfunctions, it breaks the entire DNS chain.
In the grand scheme of things, though, DNS’s error rate is fairly low (remember: trillions of queries pass through it every day). According to data supplied by Pingdom, a global network-monitoring platform, DNS has been only responsible for 4% of daily outages this year so far.
The bigger concern is the consolidation in the DNS market. One of the original objectives behind moving on from the original text file to the modern DNS was to engineer a “distributed database” that “avoids the problems caused by a centralized database.”
But what has happened is that as more people came online and network demands grew, large companies delegated their DNS duties to third-party hosting services like Cloudflare and Amazon Web Services. Most of the top thousand domains have coalesced around just four infrastructure providers. So any time there’s a bug in one of these providers, a massive chunk of the mainstream web goes offline.
ICANN, or the Internet Corporation for Assigned Names and Numbers, a nonprofit regulatory body that oversees DNS standards, has no control over which hosting services companies pick. Because of this, Raj Jain, a computer science professor at Washington University, believes there’s a dire need for a law against all internet monopolies, including DNS providers and search engines.
Is there a better way to do DNS?
A few startups have more ambitious solutions in mind, however. Handshake, a blockchain-powered platform, argues the centralization of the DNS into the hands of a couple of hosting companies and “gatekeepers” like ICANN has made it vulnerable to cyberattacks and censorship. It wants to decentralize the Domain Name System for good by distributing its root onto a blockchain network, where everyone can “truly” own their domains instead of trusting a third party.
“Handshake lets us create a whole new phone book,” Handshake’s head of marketing, Jake Schaeffer, told We, “owned by no one and everyone at the same time.”
In reality, though, it’s close to impossible to replicate DNS’ ability to scale. Previous attempts similar to Handshake’s have come and failed.
DNS processes hundreds of thousands of queries per second, and any new technologies such as blockchain can’t keep up with this rapid rate of change, says Eric Osterweil, an assistant computer science professor at George Mason University and former vice-chair of the team responsible for analyzing the DNS’ security, stability, and reliability.
“My view is that the collision-free namespace of DNS is something we would likely never be able to create again,” added Osterweil.
An ICANN spokesperson said the coalition doesn’t believe “there are significant issues with DNS administration or scaling,” and that it “closely follows the development of new identifier technologies, such as those based on blockchain and peer-to-peer networks.”
A blockchain-based alternative to the DNS doesn’t have any takers yet. But it’s a familiar story — and one we’ve seen before in the case of Bitcoin. However, Bitcoin has been in development for over a decade, and it’s still far from replacing traditional currencies. Its partial success paints a promising picture, though. Whether companies like Handshake can replicate this success to build a reliable DNS alternative remains to be seen.
ICANN, in its strategic plan for the next few years, has identified many of the DNS’ common issues and allocated more budget to pare down its risks. But if history is any indication, even once updates to resolve these issues are executed, they’ll take years to roll out.
Until then, DNS will keep knocking the internet’s most visited destinations offline once in a while, and the “it’s always DNS” chants will continue.