For those of you even vaguely interested in the workings of the Internet, this article may be a harbinger of things to come. It’s been widely acknowledged for some time that if someome was determined to bring down the Internet’s naming system, they could probably do it. Some basic explanation below…
Forget website names for a minute. On the Internet, every computer is represented by a number, called an IP (Internet Protocol) number. If you want to reach a computer and you know the number, you can type that into the browser bar and you’ll get to the site directly. Try it – type http://188.8.131.52/ into the browser bar and you’ll get to the Google site. The crucial thing here is that you have gone direct to the computer holding the information displayed on the Google site by typing in this number (i.e. your computer has understood that the number 184.108.40.206 corresponds to the information you are seeking).
So why can you get to this site by typing in http://www.google.com instead of the number? That’s down to the DNS (Domain Name System) which is basically a more user-friendly and memorable naming system for getting to Internet sites (imagine trying to remember all those numbers everytime you wanted to find a site on the Internet…).
The DNS is actually very simple, although it takes a little bit of time to understand the intricacies of it (it’s important for all the various bits if the internet like e-mail and file transfer, not just getting to websites). You don’t need the intricacies though, so I’ll keep it simple and concentrate on a simple explanation of the getting to websites bit. (N.B. Apologies to techies who will see all kinds of little things missing (like the final dot, and caching etc), but this is a basic intro…)
When you type http://www.google.com into your browser bar, that request goes to your ISP, which has DNS servers dedicated to helping you get to named websites. This DNS server passes the query onto one of the 13 “root servers” of the DNS (more about these later) that are referred to in the article above.
The root server starts reading the name backwards, letter by letter until it comes to a dot. So the root server reads m-o-c before it comes to a dot (.com). That means that it knows to go and look at the computer that has a listing of all the websites ending in “.com”.
The “.com” server then starts to read backwards from the dot in “.com, so it reads e-l-g-o-o-g before it comes to the next dot (.google.com).
Now it finds the number that it’s looking for, 220.127.116.11, and returns it to your computer which then goes out and tries to find the computer corresponding to that number, just like you did when you typed in 18.104.22.168 directly!
So what’s really happened is that your computer has sent out the query http://www.luddo.com, which has gone on a loop of a number of computers to find out what the number is that is represented by http://www.luddo.com, and then your computer has actually gone and found the information by looking for 22.214.171.124. Clever, huh?
OK, so what’s the problem? Well the problem (such as there is one) lies in the fact that this Domain Name System relies on 13 root servers (remember – the ones that started reading from the end of the name) and that these root servers can come under attack from a dedicated hacker or group of hackers. By sending in millions of enquiries very very fast, they can overload the root servers and “bring down” the DNS. There are obviously safeguards built into this system, but the worry is that a really clever bunch of hackers with malicious intent could still get round these safeguards…. Email me if you want to know more about how this might be avoided.