Explainer: what is 'DNS', why does it matter and how does it work?
DNS – or domain name system – is the protocol on the internet that turns human-comprehensible website names such as bbc.co.uk or guardian.co.uk into addresses understandable by machines.
DNS translates human-language domain names – guardian.co.uk or wikileaks.org, for example – into machine-readable "IP addresses". These allow the users' computer to connect to the destination web server and get to what they're after. Normally, DNS is a superfast process that takes virtually no time at all, and once the "lookup" is done the client computer connects directly to the destination server, leaving the DNS server free to deal with another request. Almost every site has a server which does its DNS for it, though the two do not need to have any business connection.
Free services like everyDNS offer DNS services to huge numbers of sites for free, but don't have any other link to the sites.
If the DNS fails, however, the site is only reachable via an IP address.
DNS failure, or DNS "poisoning" (in which the table of lookups is intentionally or accidentally filled with wrong information) creates huge problems: the former makes a site unreachable to most people, and the latter redirects them to fake sites.
An "IP address"?
IP stands for internet protocol and is the label assigned to each device – mobile phone, PC, tablet computer or website – that connects to the internet. Typically an IP address has a "dotted quad" form - four numbers each between 0 and 255, separated by a dot.
Every internet-connected device needs to have a unique IP address, at least within its domain – although the outside world might see a household with two computers connected to a router as just having a single IP address, which belongs to the router.
(The two computers will then have different IP addresses within the "subdomain" determined by the router. Those may be the same as other devices elsewhere in the world, but they aren't visible to their duplicates because the router "translates" their internal IP address into its own internet-facing IP address when they make an internet request, and translates it back when the response returns.)
Thus the IP address for guardian.co.uk is 77.91.249.30 - so http://77.91.249.30 is exactly equivalent to http://www.guardian.co.uk, but the former saves a DNS lookup and so is fractionally faster.
A "DDoS" attack?
Distributed denial of service (DDoS) attacks are commonly used as a coordinated means of internet activism in protest at the target, or by hackers to threaten sites for blackmail - a common tactic a few years ago used against gambling sites.
Typically, a hacker gains control of a few hundred or thousand infected PCs running Microsoft's Windows, and use them to "ping" - try to connect briefly - to the target site. A "syn flood" can consist of millions of pings per second, equilvalent to ringing the front door bell on the site and running away. In such a flood, it becomes impossible for the site to deal with legitimate requests.
The only ways to deal with a DDOS attack are to wait for it to subside, to find out who is targeting the site and prevent them acting, or to recruit extra servers that can divert the "syn flood" away from the main site while allowing legitimate requests for full pages through.
Providing such hosting help has become big business in the past few years as DDOS has become a more common attack method for criminal hackers.
