Episode 1 — Fundamentals / 1.1 — How The Internet Works
1.1.e — How ISP and DNS Work Together to Deliver Data
In one sentence: Your ISP provides the physical connection to the internet and usually runs the DNS resolver that translates domain names into IP addresses — together they form the bridge between "I typed google.com" and "I see the Google homepage."
Table of Contents
- 1. What Is an ISP?
- 2. ISP Tiers — The Hierarchy of the Internet
- 3. What Is DNS?
- 4. The Complete DNS Resolution Process
- 5. DNS Record Types
- 6. DNS Caching — Why Speed Matters
- 7. How ISP and DNS Work Together — Full Workflow
- 8. DHCP — How Your Device Gets Configured
- 9. Public DNS vs ISP DNS
- 10. DNS Security
- 11. Common DNS Tools & Commands
- 12. Key Takeaways
1. What Is an ISP?
An ISP (Internet Service Provider) is the company that connects your home or business to the internet. They own and operate the physical infrastructure (cables, routers, data centers) that carries your data.
What Your ISP Provides
┌─────────────────────────────────────────────────────────────────┐
│ YOUR ISP PROVIDES: │
│ │
│ 1. PHYSICAL CONNECTION │
│ └── Fiber optic, cable (coaxial), DSL, cellular, satellite │
│ │
│ 2. PUBLIC IP ADDRESS │
│ └── Your unique address on the internet │
│ └── Can be static (fixed) or dynamic (changes) │
│ │
│ 3. DNS RESOLVER │
│ └── The server that translates domain names to IPs │
│ └── Usually assigned automatically via DHCP │
│ │
│ 4. EMAIL SERVICE (sometimes) │
│ └── Legacy — most people use Gmail/Outlook now │
│ │
│ 5. ROUTING │
│ └── Your data enters their network and they route it │
│ to the rest of the internet │
└─────────────────────────────────────────────────────────────────┘
ISP Connection Types
┌────────────────┬──────────────────┬───────────┬──────────────────┐
│ Type │ Technology │ Speed │ Latency │
├────────────────┼──────────────────┼───────────┼──────────────────┤
│ Fiber (FTTH) │ Light through │ Up to │ Very low │
│ │ glass fiber │ 10 Gbps │ (~1-5ms) │
├────────────────┼──────────────────┼───────────┼──────────────────┤
│ Cable │ Coaxial cable │ Up to │ Low │
│ (DOCSIS 3.1) │ (shared) │ 1 Gbps │ (~10-20ms) │
├────────────────┼──────────────────┼───────────┼──────────────────┤
│ DSL │ Phone lines │ Up to │ Medium │
│ │ (copper) │ 100 Mbps │ (~20-40ms) │
├────────────────┼──────────────────┼───────────┼──────────────────┤
│ Cellular (5G) │ Radio waves │ Up to │ Low-Medium │
│ │ │ 1-5 Gbps │ (~10-50ms) │
├────────────────┼──────────────────┼───────────┼──────────────────┤
│ Satellite │ Radio to orbit │ Up to │ High │
│ (Starlink/GEO) │ │ 300 Mbps │ (~20-600ms) │
└────────────────┴──────────────────┴───────────┴──────────────────┘
2. ISP Tiers — The Hierarchy of the Internet
Not all ISPs are equal. The internet has a hierarchy:
┌─────────────────────────────────────────────────────────────────┐
│ TIER 1 ISPs │
│ (The "backbone" of the internet) │
│ │
│ • Own global fiber infrastructure │
│ • Can reach EVERY part of the internet without paying │
│ anyone for transit │
│ • Peer freely with other Tier 1 networks │
│ • Examples: Lumen (CenturyLink), NTT, Telia Carrier, │
│ GTT, Cogent, Hurricane Electric │
│ │
│ ┌───────────────────────────────┐ │
│ │ TIER 1 │ │
│ │ (Global backbone) │ │
│ └──────────┬──────────────────┘ │
│ │ Pay for transit │
│ ┌──────────▼──────────────────┐ │
│ │ TIER 2 │ │
│ │ (Regional / National) │ │
│ │ Examples: Vodafone, │ │
│ │ Orange, Reliance Jio │ │
│ └──────────┬──────────────────┘ │
│ │ Pay for transit │
│ ┌──────────▼──────────────────┐ │
│ │ TIER 3 │ │
│ │ (Local / Last mile) │ │
│ │ Examples: Your local │ │
│ │ cable or DSL provider │ │
│ └─────────────────────────────┘ │
│ │ │
│ YOU (end user) │
└─────────────────────────────────────────────────────────────────┘
Key concepts:
TRANSIT: Paying a larger ISP to carry your traffic ($$)
PEERING: Two networks agreeing to exchange traffic for free
(usually at an IXP)
3. What Is DNS?
DNS (Domain Name System) is the internet's phone book. It translates human-readable domain names into machine-readable IP addresses.
Why DNS exists:
Humans remember: google.com
Computers need: 142.250.190.46
DNS bridges this gap.
Without DNS, you'd have to memorize:
142.250.190.46 for Google
157.240.241.35 for Facebook
151.101.1.140 for Reddit
... and millions more
The DNS Hierarchy
. (Root)
13 root server clusters
(operated by 12 organizations)
│
┌────────────┼────────────┐
▼ ▼ ▼
.com .org .net ... 1,500+ TLDs
(Verisign) (PIR) (Verisign)
│
┌────┼──────────┐
▼ ▼ ▼
google amazon example ... millions of domains
│
┌──┼──────┐
▼ ▼ ▼
www mail maps ... subdomains
The 13 Root Server Clusters
Root servers are identified by letters A through M:
A — Verisign (USA)
B — USC-ISI (USA)
C — Cogent (USA)
D — University of Maryland (USA)
E — NASA (USA)
F — Internet Systems Consortium (worldwide)
G — US DoD (USA)
H — US Army (USA)
I — Netnod (Sweden)
J — Verisign (worldwide)
K — RIPE NCC (worldwide)
L — ICANN (worldwide)
M — WIDE Project (Japan)
"13" is misleading — there are 13 LOGICAL root servers
but 1,700+ physical instances distributed globally via Anycast.
4. The Complete DNS Resolution Process
Step-by-Step: What happens when you type www.example.com
┌─────────────────────────────────────────────────────────────────┐
│ │
│ STEP 1: Browser Cache │
│ ┌────────┐ │
│ │Browser │── "Do I already know the IP for example.com?" │
│ └───┬────┘ YES → Use cached IP (skip everything) │
│ │ NO → Continue to step 2 │
│ ▼ │
│ STEP 2: OS Cache │
│ ┌────────┐ │
│ │ OS │── Check /etc/hosts file and OS DNS cache │
│ └───┬────┘ YES → Return IP │
│ │ NO → Continue to step 3 │
│ ▼ │
│ STEP 3: Recursive DNS Resolver (usually from your ISP) │
│ ┌─────────────┐ │
│ │ Resolver │── Check resolver's cache │
│ │ (ISP or │ YES → Return IP │
│ │ 8.8.8.8) │ NO → Start the recursive lookup │
│ └───┬─────────┘ │
│ │ │
│ ▼ │
│ STEP 4: Root Name Server │
│ ┌─────────────┐ │
│ │ Root (.) │── "I don't know example.com, but .com is │
│ │ │ handled by these TLD servers: [list]" │
│ └───┬─────────┘ │
│ │ │
│ ▼ │
│ STEP 5: TLD Name Server (.com) │
│ ┌─────────────┐ │
│ │ .com TLD │── "I don't know example.com, but its │
│ │ (Verisign) │ authoritative NS is: ns1.example.com" │
│ └───┬─────────┘ │
│ │ │
│ ▼ │
│ STEP 6: Authoritative Name Server │
│ ┌─────────────┐ │
│ │ Authoritative│── "YES! example.com = 93.184.216.34" │
│ │ NS for │ Returns the actual IP address │
│ │ example.com │ (the "source of truth") │
│ └───┬─────────┘ │
│ │ │
│ ▼ │
│ STEP 7: Response Returns │
│ Resolver caches the result and returns IP to your browser │
│ Browser can now connect to 93.184.216.34 │
│ │
│ Total time: typically 20-120 milliseconds │
│ (or <1ms if cached) │
└─────────────────────────────────────────────────────────────────┘
Simplified Flow Diagram
Browser → OS Cache → Resolver → Root → TLD → Authoritative
│
IP: 93.184.216.34
│
Browser ◀── OS ◀── Resolver ◀──────────────────────┘
5. DNS Record Types
When the authoritative server responds, it returns specific record types:
┌──────────┬────────────────────────────────────────────────────────┐
│ Record │ What It Does │ Example │
├──────────┼───────────────────────────────────────┼───────────────┤
│ A │ Maps domain → IPv4 address │ example.com → │
│ │ │ 93.184.216.34 │
├──────────┼───────────────────────────────────────┼───────────────┤
│ AAAA │ Maps domain → IPv6 address │ example.com → │
│ │ (4 A's because IPv6 is 4× longer) │ 2606:2800:... │
├──────────┼───────────────────────────────────────┼───────────────┤
│ CNAME │ Alias — points one domain to another │ www.example │
│ │ (Canonical Name) │ .com → example│
│ │ │ .com │
├──────────┼───────────────────────────────────────┼───────────────┤
│ MX │ Mail Exchange — where to send email │ example.com → │
│ │ │ mail.example │
│ │ │ .com (pri: 10)│
├──────────┼───────────────────────────────────────┼───────────────┤
│ TXT │ Text record — verification, SPF, │ "v=spf1 │
│ │ DKIM, arbitrary text │ include:..." │
├──────────┼───────────────────────────────────────┼───────────────┤
│ NS │ Name Server — which server is │ example.com → │
│ │ authoritative for this domain │ ns1.example │
│ │ │ .com │
├──────────┼───────────────────────────────────────┼───────────────┤
│ SOA │ Start of Authority — admin info │ Primary NS, │
│ │ about the domain zone │ email, serial │
├──────────┼───────────────────────────────────────┼───────────────┤
│ SRV │ Service — locates servers for specific │ _sip._tcp. │
│ │ services │ example.com │
├──────────┼───────────────────────────────────────┼───────────────┤
│ PTR │ Reverse DNS — maps IP → domain name │ 34.216.184.93 │
│ │ (opposite of A record) │ → example.com │
└──────────┴───────────────────────────────────────┴───────────────┘
6. DNS Caching — Why Speed Matters
DNS results are cached at multiple levels to avoid repeating lookups:
Cache Level 1: BROWSER CACHE
│ Chrome, Firefox, etc. cache DNS for a short time
│ Duration: seconds to minutes
│
▼
Cache Level 2: OPERATING SYSTEM CACHE
│ Your OS maintains its own DNS cache
│ macOS: scutil --dns
│ Windows: ipconfig /displaydns
│ Duration: minutes
│
▼
Cache Level 3: ROUTER CACHE
│ Your home router may cache DNS responses
│ Duration: varies
│
▼
Cache Level 4: ISP RESOLVER CACHE
Your ISP's recursive resolver caches for all customers
Duration: defined by TTL (Time To Live) in DNS record
TTL examples: 300 seconds (5 min), 3600 (1 hr), 86400 (24 hr)
TTL (Time To Live)
When a DNS record is returned, it includes a TTL value:
example.com. 3600 IN A 93.184.216.34
────
TTL = 3600 seconds (1 hour)
This means: "Cache this answer for 1 hour.
After that, ask again in case it changed."
Low TTL (60-300s): Good for services that change IPs often
(load balancers, failover)
High TTL (3600-86400s): Good for stable services
(less DNS traffic, faster)
7. How ISP and DNS Work Together — Full Workflow
The Complete Picture: From Plugging In to Loading a Page
PHASE 1: GETTING CONNECTED (happens when you plug in / connect to Wi-Fi)
══════════════════════════════════════════════════════════════════════
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Your │──WiFi──▶│ Router │──Cable──▶│ ISP │
│ Device │ │ │ │ DHCP │
└──────────┘ └──────────┘ │ Server │
└────┬─────┘
│
DHCP Response:
┌────────────────────────┐
│ Your IP: 192.168.1.10 │
│ Gateway: 192.168.1.1 │
│ DNS: ISP's resolver│
│ Subnet: 255.255.255.0 │
└────────────────────────┘
PHASE 2: DNS RESOLUTION (happens when you type a URL)
══════════════════════════════════════════════════════
Browser ──▶ "What is google.com?"
│
▼
ISP's DNS Resolver ──▶ Root ──▶ .com TLD ──▶ Google's Authoritative NS
│ │
│◀───────────────── IP: 142.250.190.46 ────────┘
│
▼
Browser now knows the IP
PHASE 3: DATA DELIVERY (happens after DNS resolves)
════════════════════════════════════════════════════
Browser ──▶ TCP Handshake with 142.250.190.46:443
│
▼
TLS Handshake (encryption established)
│
▼
HTTP Request: GET / HTTP/2
│
┌───┴───────────────────────────────────────────────┐
│ Your Device │
│ │ │
│ ▼ │
│ Router (NAT: private→public IP) │
│ │ │
│ ▼ │
│ ISP Network (routes through their backbone) │
│ │ │
│ ▼ │
│ Internet Backbone (IXPs, peering, transit) │
│ │ │
│ ▼ │
│ Google's Edge / CDN Server │
│ │ │
│ ▼ │
│ Response: HTML, CSS, JS, Images │
│ │ │
│ ▼ (reverse path) │
│ Your Browser renders the page │
└────────────────────────────────────────────────────┘
Total time for all 3 phases:
Phase 1: Happens once when you connect (~1-5 seconds)
Phase 2: ~20-120ms (or <1ms if cached)
Phase 3: ~50-300ms depending on distance
8. DHCP — How Your Device Gets Configured
DHCP (Dynamic Host Configuration Protocol) automatically assigns your device all the network settings it needs:
DHCP 4-Step Process (DORA):
┌────────────┐ ┌────────────┐
│ Your │ │ DHCP │
│ Device │ │ Server │
│ (Client) │ │ (Router) │
└──────┬─────┘ └──────┬─────┘
│ │
│──── 1. DISCOVER ─────────────────────────▶│
│ "Hey! I'm new here. Anyone got │
│ an IP for me?" (broadcast) │
│ │
│◀──── 2. OFFER ───────────────────────────│
│ "Sure! How about 192.168.1.10? │
│ Gateway: 192.168.1.1 │
│ DNS: 8.8.8.8 │
│ Lease: 24 hours" │
│ │
│──── 3. REQUEST ──────────────────────────▶│
│ "Yes! I'll take 192.168.1.10 please" │
│ │
│◀──── 4. ACKNOWLEDGE ─────────────────────│
│ "Done! It's yours for 24 hours." │
│ │
▼ ▼
Device is now configured Server records lease
and can use the network in its database
What DHCP Gives You
┌────────────────────────┬─────────────────────────────────────┐
│ Setting │ Example │
├────────────────────────┼─────────────────────────────────────┤
│ IP Address │ 192.168.1.10 │
│ Subnet Mask │ 255.255.255.0 (/24) │
│ Default Gateway │ 192.168.1.1 (your router) │
│ DNS Server(s) │ 8.8.8.8, 8.8.4.4 (or ISP's DNS) │
│ Lease Time │ 86400 seconds (24 hours) │
│ Domain Name │ home.lan (optional) │
└────────────────────────┴─────────────────────────────────────┘
9. Public DNS vs ISP DNS
You can choose to use your ISP's default DNS or switch to a public DNS:
┌──────────────┬────────────────────┬───────────────────────────────┐
│ DNS Provider │ Addresses │ Pros / Cons │
├──────────────┼────────────────────┼───────────────────────────────┤
│ ISP Default │ Auto-assigned │ ✅ No setup needed │
│ │ via DHCP │ ❌ May be slow │
│ │ │ ❌ May log your queries │
│ │ │ ❌ May inject ads/redirects │
├──────────────┼────────────────────┼───────────────────────────────┤
│ Google │ 8.8.8.8 │ ✅ Fast, reliable │
│ │ 8.8.4.4 │ ❌ Google sees your queries │
├──────────────┼────────────────────┼───────────────────────────────┤
│ Cloudflare │ 1.1.1.1 │ ✅ Fastest public DNS │
│ │ 1.0.0.1 │ ✅ Privacy-focused │
│ │ │ ✅ Supports DNS-over-HTTPS │
├──────────────┼────────────────────┼───────────────────────────────┤
│ Quad9 │ 9.9.9.9 │ ✅ Blocks malware domains │
│ │ 149.112.112.112 │ ✅ Privacy-focused │
├──────────────┼────────────────────┼───────────────────────────────┤
│ OpenDNS │ 208.67.222.222 │ ✅ Parental controls │
│ (Cisco) │ 208.67.220.220 │ ✅ Malware blocking │
└──────────────┴────────────────────┴───────────────────────────────┘
How to change your DNS:
macOS: System Preferences → Network → DNS
Windows: Network settings → IPv4 → DNS
Linux: /etc/resolv.conf or NetworkManager
Router: Router admin page (changes for all devices)
10. DNS Security
DNS Threats
┌─────────────────┬────────────────────────────────────────────────┐
│ Attack │ What Happens │
├─────────────────┼────────────────────────────────────────────────┤
│ DNS Spoofing │ Attacker sends fake DNS responses, redirecting │
│ (Cache │ you to a malicious site that looks like the │
│ Poisoning) │ real one. You think you're on your bank's │
│ │ site, but you're on the attacker's. │
├─────────────────┼────────────────────────────────────────────────┤
│ DNS Hijacking │ Attacker compromises your DNS settings │
│ │ (router or ISP level) to redirect all traffic. │
├─────────────────┼────────────────────────────────────────────────┤
│ DNS Tunneling │ Attacker encodes data inside DNS queries to │
│ │ bypass firewalls (data exfiltration). │
├─────────────────┼────────────────────────────────────────────────┤
│ DDoS on DNS │ Overwhelm DNS servers with traffic so │
│ │ legitimate queries can't be answered. │
│ │ (2016 Dyn attack took down Twitter, GitHub...) │
└─────────────────┴────────────────────────────────────────────────┘
DNS Security Solutions
┌─────────────────┬────────────────────────────────────────────────┐
│ Solution │ How It Helps │
├─────────────────┼────────────────────────────────────────────────┤
│ DNSSEC │ Digitally signs DNS records so responses │
│ │ can be verified as authentic (not forged). │
├─────────────────┼────────────────────────────────────────────────┤
│ DNS-over-HTTPS │ Encrypts DNS queries inside HTTPS │
│ (DoH) │ Your ISP can't see your DNS queries. │
│ │ Used by: Firefox, Chrome, Cloudflare 1.1.1.1 │
├─────────────────┼────────────────────────────────────────────────┤
│ DNS-over-TLS │ Encrypts DNS queries using TLS │
│ (DoT) │ Similar to DoH but uses port 853. │
│ │ Used by: Android Private DNS │
└─────────────────┴────────────────────────────────────────────────┘
11. Common DNS Tools & Commands
Look Up a Domain's IP Address
# Using nslookup (available on all platforms)
nslookup google.com
# Using dig (more detailed — macOS/Linux)
dig google.com
# Using dig with specific record type
dig google.com MX # Mail servers
dig google.com AAAA # IPv6 address
dig google.com NS # Name servers
dig google.com TXT # Text records
# Trace the full DNS resolution path
dig +trace google.com
Check Your Current DNS Settings
# macOS
scutil --dns | head -20
# Linux
cat /etc/resolv.conf
# Windows
ipconfig /all | findstr "DNS"
Flush DNS Cache
# macOS
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
# Windows
ipconfig /flushdns
# Linux (systemd)
sudo systemd-resolve --flush-caches
Test DNS Speed
# Time how long a DNS lookup takes
time dig google.com
# Compare ISP DNS vs Cloudflare
time dig @$(grep nameserver /etc/resolv.conf | head -1 | awk '{print $2}') google.com
time dig @1.1.1.1 google.com
12. Key Takeaways
- Your ISP provides the physical connection, public IP address, and (usually) a DNS resolver.
- DNS translates domain names (google.com) into IP addresses (142.250.190.46).
- DNS resolution follows a hierarchy: Browser Cache → OS Cache → Resolver → Root → TLD → Authoritative.
- DHCP automatically configures your device with IP, gateway, and DNS settings when you connect.
- ISPs are organized in tiers: Tier 1 (global backbone), Tier 2 (regional), Tier 3 (local/last-mile).
- You can switch from your ISP's DNS to public DNS (Cloudflare 1.1.1.1, Google 8.8.8.8) for better speed or privacy.
- DNS caching at multiple levels (browser, OS, router, ISP) makes repeat lookups near-instant.
- DNS security threats exist (spoofing, hijacking) but solutions like DNSSEC, DoH, and DoT protect against them.
Explain-It Challenge
Walk through what happens from the moment you type "github.com" in your browser to the moment you see the page. Mention: DHCP, DNS resolution (all steps), TCP handshake, and the role of your ISP at each stage.
Previous → 1.1.d — Domain Names, IP & MAC Addresses, and Routing
Congratulations! You've completed Section 1.1 — How the Internet Works
You now understand:
- The history of the web (1.1.a)
- How computers communicate — OSI & TCP/IP models (1.1.b)
- How data physically travels the world (1.1.c)
- The addressing system — Domain Names, IPs, MACs (1.1.d)
- How ISP and DNS deliver your data (1.1.e)
Return to → Episode 1 — Fundamentals