modern
DNS Beyond the Web
DNS in gaming, IoT, mobile, streaming, cryptocurrency, advertising, and space — the protocol shows up everywhere
DNS is not just for websites
Every online gaming session, every smart home device check-in, every streaming play button, every mobile app launch — they all start with DNS. The protocol designed in 1983 for translating hostnames on a research network now underpins virtually every connected system humans have built.
Gaming
DNS is the first step in every online gaming session. Before a player enters a match, their device resolves matchmaking servers, authentication endpoints, content delivery URLs, and update servers.
| Phase | DNS role |
|---|---|
| Login/Auth | Resolving auth server domains |
| Matchmaking | DNS steers players to the nearest regional server |
| Content delivery | Game patches and assets served via CDNs using DNS for edge selection |
| Voice chat | Discord and in-game VOIP resolve their own server infrastructure |
Once the connection is established and the player is in-game, DNS no longer directly affects moment-to-moment gameplay latency. But the quality of the initial resolution determines how quickly a player gets into the game and which server they land on. Competitive gaming operates in single-digit millisecond margins — a slow DNS resolver can add 50-200ms to the initial connection. This is why gamers frequently switch to public resolvers like Cloudflare (1.1.1.1) or Google (8.8.8.8).
Minecraft and SRV records
Minecraft is perhaps the most prominent consumer-facing use of SRV DNS records. Since the 1.3 patch, the Minecraft client performs SRV lookups to discover custom server ports, allowing server operators to host on non-standard ports while giving players clean domain names.
A player enters play.example.com, the client queries _minecraft._tcp.play.example.com for an SRV record, and the response directs them to the actual server hostname and port. Thousands of Minecraft hosting providers offer SRV record configuration as a standard feature, making Minecraft one of the largest deployments of SRV records in consumer applications.
The Dyn attack: gaming’s collateral damage
The October 2016 Dyn DDoS attack was likely originally targeted at gaming platforms. A Cloudflare analysis concluded the widespread internet outage — PlayStation Network, Xbox Live, Twitter, Netflix, and dozens of other services — was “spectacular collateral damage of a war between gamers.” The perpetrator, a teenager, used the Mirai botnet to attack Dyn’s DNS infrastructure. Sony estimated it lost approximately $2.7 million in revenue that day.
Internet of Things
Every IoT device — smart speakers, thermostats, cameras, doorbells, light bulbs — relies on DNS to phone home. The patterns are remarkably predictable: firmware update checks, cloud service communication, telemetry reporting, and time synchronization via NTP.
How chatty are IoT devices?
A UC Davis study analyzing over 200 homes found that Google Home devices send DNS queries 24/7/365, with approximately 95% of queries directed to Google services. Netflix-connected devices are “extremely chatty,” constantly polling CDN servers even when not actively streaming.
A critical finding: 98% of smart assistants and 72% of smart TVs use hard-coded Google DNS (8.8.8.8) rather than locally configured resolvers, bypassing any network-level DNS policies or filtering.
In March 2025, the IETF published RFC 9726 recommending that IoT devices use DHCP-provided DNS servers rather than hard-coded public resolvers, and that firmware update patterns deserve particular privacy attention since they reveal which devices are present at a location.
mDNS and the smart home
Multicast DNS (RFC 6762) is the backbone of local IoT device discovery. Devices announce themselves on the local network using multicast address 224.0.0.251 on port 5353, resolving .local hostnames without a central server.
The Matter protocol — the smart home industry’s unified standard backed by Apple, Google, Amazon, and Samsung — relies heavily on mDNS and DNS-SD (DNS-based Service Discovery) for device commissioning and operational discovery. Every Matter-compatible device generates mDNS traffic on the local network.
IoT DNS fingerprinting
The predictability of IoT DNS patterns creates both security tools and privacy concerns. Researchers have achieved 98.19% accuracy in identifying IoT device types based on DNS traffic characteristics alone — DNS protocol headers, response sizes, and queried domains. An ISP or network administrator can determine exactly what smart home devices you own, and when you use them, simply by observing DNS traffic.
Mobile
Mobile devices face unique DNS challenges. A phone may switch between WiFi, 4G, and 5G multiple times per day, each with different DNS resolvers. On cellular networks, carriers control DNS resolution — on most platforms, users cannot change the cellular DNS server without rooting or using a VPN.
Android Private DNS
Android 9 (August 2018) introduced Private DNS — system-wide DNS-over-TLS. In “Automatic” mode, the device attempts a TLS connection on port 853 before falling back to unencrypted DNS. With Android holding approximately 72% of global mobile OS market share (3.3 billion active devices), Android’s Private DNS represents the single largest deployment of encrypted DNS on the planet.
iOS encrypted DNS
Apple introduced encrypted DNS support in iOS 14 / macOS Big Sur (2020) through the NEDNSSettingsManager API. Apps can create system-wide DoH or DoT configurations without requiring MDM enrollment. However, cellular DNS cannot be changed on iOS without a VPN or NetworkExtension-based app — the carrier controls cellular DNS resolution.
The network-switching problem
When a mobile device switches from WiFi to cellular, the DNS resolver changes, the local cache may become stale, existing connections may break, and DNS-based load balancing may direct the user to different servers. This creates a “DNS identity crisis” where the same device appears to come from different networks within seconds, potentially triggering anti-fraud systems or re-authentication requirements.
Streaming
Every play button press on Netflix, YouTube, Disney+, or Spotify triggers a DNS resolution chain that determines which server delivers content. DNS is the primary mechanism for server selection.
Netflix Open Connect
Netflix operates its own CDN called Open Connect, serving 100% of Netflix video traffic. Open Connect Appliances are deployed both at internet exchange points and directly inside ISP networks at no cost to the ISP. Netflix’s steering service uses DNS and HTTP-based redirection to select the optimal appliance based on network proximity, server load, and content availability.
DNS-based geo-blocking
Streaming services use DNS as one signal for geographic content licensing enforcement. When a DNS request arrives, the resolver’s IP infers the user’s location. Netflix employs cross-domain verification — if one request goes via a proxy while another goes directly, the IP mismatch flags a geo-bypass attempt.
Smart DNS services (Unlocator, SmartDNS Proxy) offer a DNS-only approach to circumventing geo-blocks. They reroute only DNS queries for geo-restricted services through proxy servers in the target country, while actual video traffic flows directly. This avoids VPN encryption overhead, enabling full bandwidth for 4K streaming. The tradeoff: no privacy protection, and streaming providers are increasingly effective at detecting the technique.
Cryptocurrency and blockchain DNS
Ethereum Name Service (ENS)
ENS maps human-readable names like vitalik.eth to Ethereum addresses, with over 2.5 million .eth names registered since launch in 2017. It is supported natively in MetaMask, Coinbase Wallet, and Brave browser. A planned ENSv2 upgrade will migrate to Layer 2 to reduce gas costs.
Handshake
Handshake attempted to replace ICANN’s root zone with a blockchain-based alternative, allowing users to bid on entire top-level domains. As of 2024, it has 11.3 million domain registrations but mainstream browsers do not resolve Handshake domains natively — the fundamental chicken-and-egg problem that has prevented blockchain DNS from going mainstream.
Why blockchain DNS has not displaced traditional DNS
No major browser supports .eth, .crypto, or Handshake TLDs natively. Each system requires its own resolution infrastructure. Operations cost gas fees. And traditional DNS works, is universal, is fast, and is free to resolve. ENS has found genuine utility within the crypto ecosystem (wallet naming, decentralized identity), but blockchain DNS has not displaced DNS for general web browsing.
Advertising and tracking
A typical news website triggers 30-100+ DNS requests per page load, with a significant fraction directed at ad exchanges, tracking pixels, and analytics services. Pi-hole installations typically block 15-30% of all DNS queries on home networks — all of it advertising and tracking traffic.
CNAME cloaking
CNAME cloaking is a technique where tracking companies use DNS CNAME records to disguise their domains as first-party subdomains of the publisher’s website. The publisher creates metrics.publisher.com with a CNAME pointing to tracker.adtech-company.com. Browser-based ad blockers cannot see the CNAME resolution — they only see the first-party domain.
AdGuard identified more than 6,000 CNAME-based hidden trackers, appearing on almost 10% of the top 10,000 websites. Research found that 95% of websites using CNAME cloaking also leaked cookies to the third-party tracker. Defenses include Brave browser (which resolves CNAME chains at the DNS level), Firefox with uBlock Origin, and DNS-level filtering services like AdGuard DNS and NextDNS.
Space
DNS on the International Space Station
The ISS connects to Earth via NASA’s Tracking and Data Relay Satellite System (TDRSS) — geosynchronous satellites at 35,786 km altitude. Internet connectivity has 500-1,000ms latency (round-trip to geostationary orbit and back). DNS resolution adds latency on top of this baseline. The ISS likely caches DNS aggressively to minimize the impact.
Interplanetary DNS
Traditional DNS is fundamentally incompatible with interplanetary communication. Mars communication has 4-24 minute one-way latency depending on orbital positions, intermittent connectivity (Mars is behind the Sun for approximately 2 weeks every 26 months), and high packet loss. TCP/IP handshakes are impractical.
Delay-Tolerant Networking (RFC 4838), originally conceived as the “Interplanetary Internet,” uses the Bundle Protocol — a store-and-forward mechanism where data bundles hop between nodes. DTN does not use DNS. Instead, it uses endpoint identifiers like ipn:42.1.
An active IETF Internet-Draft (draft-johnson-dtn-interplanetary-dns) proposes a model where each celestial body runs its own local DNS infrastructure, with deep-space links bridged by the Bundle Protocol. DNS queries crossing planetary boundaries would be encapsulated in DTN bundles, forwarded through the interplanetary link, resolved on the destination planet, and returned.
Starlink DNS performance
Starlink’s LEO constellation (6,000+ satellites at ~550km) introduces unique DNS characteristics. Research shows 90% of in-flight DNS queries resolve within 40ms, but ground-based users experience 50-150ms variation depending on which resolver handles the query. In Africa, cache misses can push DNS resolution to 250-300ms due to regional infrastructure gaps.
DNS is literally everywhere
From a protocol designed to replace a flat text file at Stanford, DNS has become the invisible foundation of virtually every connected system. The pattern is always the same: before anything can connect to anything else, someone has to ask DNS where to find it. Gaming, IoT, mobile, streaming, cryptocurrency, advertising, and even interplanetary communication — they all start with a DNS query.