How a DNS query works (and what can go wrong)
How a DNS query works (and what can go wrong)
Every time you type a website like example.com, your computer needs to know which IP address to connect to.
That job is handled by the DNS — Domain Name System.
🔄 What happens when you open a website?
- Your browser checks if the address is saved in the local DNS cache
- If not found, it asks the DNS resolver (usually from your ISP or Google/Cloudflare)
- The resolver contacts root DNS servers, then the TLDs (.com, .org…), then the authoritative server
- It gets the IP address and returns it to your system
- The browser connects to that IP
All this happens in less than a second ⏱️
🧠 What can go wrong?
If someone intercepts or manipulates the DNS query:
- you might be redirected to a fake site
- your connection could be hijacked
- you might be tracked without knowing
🔐 What is encrypted DNS?
For years, DNS queries were sent in plaintext — anyone on the network (router, ISP, attacker) could see what domains you visited.
Now there are encrypted versions:
- DoH (DNS over HTTPS)
- DoT (DNS over TLS)
🔐 That means only you and the DNS resolver can read the request → more privacy, lower risk of tampering.
⚠️ But now the resolver holds more power (and responsibility).
🎯 Real-world example
Mario types bank.com.
His router has been hacked and replies with a fake DNS.
The site looks real — but isn’t.
Mario enters his password → stolen.
➡️ Why? Because the DNS was not encrypted or trusted.