I’m not tech savvy and have noticed that many streaming sites are .ru, and as someone located in Finland, I want to make sure if they are dangerous to use.
I’m not tech savvy and have noticed that many streaming sites are .ru, and as someone located in Finland, I want to make sure if they are dangerous to use.
I’ll throw some more detail, still working from the “your computer” side.
Your computer is almost certainly configured with a couple of DNS server IP addresses, belonging either to your ISP, or to some publicly available DNS server. When you’re going to www.hotmail[.]com, your computer just asks a DNS server that it is configured to ask - it doesn’t go to a root server (although it could, every computer is configured with root server IPs).
But even before that, your computer first looks to its HOSTS file. That’s a local file that contains manually configured matches between DNS hostnames and IP addresses. Under normal circumstances, this HOSTS file would be empty, but it’s there. Side note: DNS (Domain Name System) is what replaced HOSTS files. Prior to DNS, a university network (for example) would distribute a hosts file for everyone to put on their computer, and that was it.
Okay, www.hotmail[.]com isn’t in my hosts file, what next? Not a DNS server yet - next your computer will look to its local cache. You visited www.hotmail[.]com a couple hours ago, you haven’t rebooted yet, computer looks in its local cache and uses whatever it finds there.
Not in the local cache? Now your computer asks the DNS server its configured to ask for everything. That DNS server has its own cache, so if anyone has asked it for www.hotmail[.]com recently, it already has it, and returns an answer to your query.
If that DNS server doesn’t have the entry cached, it may be configured with forwarders. This essentially means “If I, a DNS server, don’t have a listing in my own cache, I will always pass the query to my forwarder instead of going to a root server.” There may be multiple layers of this kind of behavior, maybe the next DNS server even knows who’s authoritative for hotmail[.]com, and says “go ask them.”
The last word, though, is always the root servers. Root DNS servers are authoritative for ‘.’ and they contain lists of TLDs and the DNS servers authoritative for those.
Another thing to be aware of is that if a computer doesn’t have an IP address for a particular hostname (and it is not configured with a DNS server to ask for everything), it only returns “go ask this other DNS server” to the computer making the query, and then that computer goes and makes the full query to that DNS server.
It is also important to make sure that the DNS server(s) your computer is configured to use are themselves trustworthy. “Dan’s Totally Not Sketchy I Promise Public DNS Server” could very easily be configured to believe it is authoritative for the hotmail[.]com domain, and hand you whatever IP address it is configured to hand out from its own “Totally Authoritative I Promise” zone file.
And I forgot about TTL (Time To Live). TTL is measured in milliseconds, and generally speaking, only gets as short as fifteen minutes. If a cached record is older than the TTL, then the DNS server (or your local cache) will discard it and go ask for a fresh one. This does not apply to hosts file entries, or to static entries in an authoritative DNS zone file; those never expire.
Thanks for the great explanation
DNS TTL is in seconds. And it’s frequently ignored, where caching DNS servers make their own decisions.