this post was submitted on 06 Jul 2026
11 points (100.0% liked)
Explain Like I'm Five
21715 readers
2 users here now
Simplifying Complexity, One Answer at a Time!
Rules
- Be respectful and inclusive.
- No harassment, hate speech, or trolling.
- Engage in constructive discussions.
- Share relevant content.
- Follow guidelines and moderators' instructions.
- Use appropriate language and tone.
- Report violations.
- Foster a continuous learning environment.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
DNS servers are just phone books. If you want to connect to maps.google.com, you can do it in two ways:
You can ask .com who hosts google.com, then ask google.com who hosts maps.google.com (this is called recursive lookup), it's a slow process relatively speaking, especially when you may need to do it dozens of times to open a single webpage.
Alternatively, you can go to a "phonebook" like Cloudflare's 1.1.1.1 or Google's 8.8.8.8 or any one of a million others and just ask them for the info. They're constantly getting these requests so they save the info in their cache and can just pull the direct IP. If they don't have something cached (rare, except for very new or u popular domains), they revert to step 1.
Because most devices are set up to query up to 2 DNS servers, one primary, one fallback. If both fail, (or if only one was configured from the start) that device will have issues. If that device is a critical link in the world wide web, the failures cascade. If your non-tech-savy grandmother is running on the default DNS of her ISP, and they're pointing their servers at Cloudflare because its faster, then if Cloudflare's DNS goes down, her internet seems to go down.
Also, even if you have a backup solution, Cloudflare DNS handles likely trillions of DNS queries each day. Easy enough for them, but when they fail, all of those queries suddenly hit other DNS servers like a DDOS attack, which can cause failures and propagation down the line.
Generally, probably no. Some government agencies may be paranoid enough to run their own DNS servers that do recursive lookups etc, but I'd wager many just use whatever's default in the OS. CIA certainly rolls their own, but the City Council of Des Moines, Iowa probably doesn't. A bad DNS server could run some pretty sophisticated MITM/phishing schemes, so there very much is a risk there though.