0

The SSL/TLS (https) protocol encrypts both of the web page url and its content. So I'm wondering how could the DNS server know the ip address of the requested url if it is encrypted?
Any documented reference or idea?

Community
  • 1
  • 1
M_B216
  • 103
  • 9

1 Answers1

3

When you enter an URL in your browser the DNS server is asked for the URL's IP first by your system, before even connecting to the server. So SSL is not even in the game at this point.

SSL encrypts between the client (e.g. your browser) and the server, but of course both have to have the plain text information of the data, otherwise your browser couldn't show you the website. => Your browser always knows the unencrypted URL.

Think of the DNS server as a phone book: If you want to call someone over an encrypted phone line, you will still have to look up this persons phone number in the phone book. Afterwards you can use this number to call (and use encryption if you like). The phone book itself doesn't care about encryption or even if you want to call or send a fax.

Nitek
  • 2,515
  • 2
  • 23
  • 39
  • can you explain more? – M_B216 Jun 16 '15 at 05:57
  • When the system asks the dns server, about what url the system asks?encrypted one? – M_B216 Jun 16 '15 at 06:02
  • I added the phone book example to my answer, maybe that helps to make it clearer. The DNS server doesn't know anything about the encryption. You can only ask him something like "What is the IP address for google.com?" and he will tell you. Afterwards you(/your system) uses this information to create a connection. – Nitek Jun 16 '15 at 06:04
  • Encryption make sure that nobody inbetween can read your information, but can read it of course – Nitek Jun 16 '15 at 06:08
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/80630/discussion-between-nitek-and-m-b216). – Nitek Jun 16 '15 at 06:09
  • I don't think so. I think that the browser keep the ip address of the server with the certificate at the beginning of the ssl handshake, so the browser doesn't ask for the ip again. Correct me if I was wrong. – M_B216 Jun 16 '15 at 06:12