1. 1Browser cache - has the browser itself recently resolved this domain? Chrome, Firefox, and others maintain their own DNS cache for recently visited sites.
2. 2OS cache - your operating system maintains a separate DNS cache. On Windows, you can view it with `ipconfig /displaydns`. On Mac, it lives in the system resolver.
3. 3Router cache - your home router typically caches DNS results too.
4. 4ISP's DNS resolver - your Internet Service Provider runs DNS servers that cache popular lookups.

If any of these caches has a fresh (non-expired) record for "google.com," the lookup is nearly instant - no internet traffic needed. This is why the second visit to a website often loads faster than the first.

Only if all caches miss does the actual DNS resolution process begin.

When your ISP's resolver does not have the answer cached, it performs a recursive lookup:

1. 1Root server query - your resolver asks one of the 13 root server clusters (labeled A through M) "Who manages .com domains?" These 13 clusters are actually hundreds of servers distributed globally using anycast routing.

1. 1TLD server query - the root server responds with the address of the .com TLD (Top-Level Domain) server. Your resolver asks the TLD server "Who manages google.com?"

1. 1Authoritative server query - the TLD server responds with Google's authoritative nameserver. Your resolver asks that nameserver "What is the IP address for google.com?"

1. 1Response - Google's nameserver responds with the IP address. Your resolver caches this answer and returns it to your browser.

This entire chain typically completes in 20-120 milliseconds. The first time. Subsequent lookups hit the cache and take less than 1 millisecond.

DNS is not just a technical curiosity:

• •Censorship - governments block websites by ordering ISPs to remove DNS records. When a country "blocks" a site, they are usually poisoning DNS responses.
• •Performance - slow DNS resolution adds latency to every website you visit. Switching to a fast DNS provider (like Cloudflare's 1.1.1.1 or Google's 8.8.8.8) can noticeably speed up browsing.
• •Security - DNS queries are traditionally unencrypted, meaning your ISP (and anyone monitoring your network) can see every website you visit. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt these queries.
• •Outages - when DNS goes down, the internet appears "broken" even though the underlying infrastructure is fine. The 2021 Facebook outage (which also took down Instagram and WhatsApp for 6+ hours) was caused by a DNS configuration error.

1. 1SYN - your computer sends a "synchronize" packet to the server, saying "I want to establish a connection"
2. 2SYN-ACK - the server responds with "Acknowledged, and I want to synchronize too"
3. 3ACK - your computer responds with "Acknowledged, connection established"

This process takes one round trip (RTT) - the time for data to travel from you to the server and back. For a server in your same city, this might be 5-10 milliseconds. For a server on another continent, it could be 150-300 milliseconds.

TCP solves several critical problems:

• •Reliability - it guarantees that every packet arrives and in the correct order. If a packet is lost, TCP automatically retransmits it.
• •Flow control - it prevents a fast sender from overwhelming a slow receiver
• •Congestion control - it detects network congestion and slows down to prevent collapse

The alternative, UDP (User Datagram Protocol), skips all of this and just blasts packets with no guarantees. This is why it is used for video calls and gaming where speed matters more than perfection - a dropped frame in a video call is better than a delayed one.

TLS provides three guarantees:

1. 1Encryption - nobody between you and the server can read the data
2. 2Authentication - you are actually talking to google.com and not an impersonator
3. 3Integrity - the data has not been tampered with in transit

1. 1Client Hello - your browser sends a list of encryption methods it supports, plus a random number
2. 2Server Hello - the server picks an encryption method, sends its own random number and its digital certificate
3. 3Certificate verification - your browser checks the certificate against its list of trusted Certificate Authorities (CAs). If the certificate is valid, it extracts the server's public key.
4. 4Key exchange - using the public key, your browser and the server agree on a shared secret key through a process called Diffie-Hellman key exchange. This is the mathematical magic that lets two parties create a shared secret over an insecure channel.
5. 5Encrypted communication begins - all subsequent data is encrypted with the shared key

Modern TLS 1.3 completes this in a single round trip. Older TLS 1.2 required two round trips.

Without TLS:

• •Your ISP could read every web page you visit and every form you submit
• •Anyone on the same WiFi network (coffee shop, airport) could intercept your passwords, credit card numbers, and private messages
• •Governments and corporations could modify web content in transit (injecting ads, removing information, or altering downloads)

HTTPS is not optional. It is the bare minimum for internet security. Free certificate services like Let's Encrypt have made it accessible to every website - there is no excuse for HTTP in 2026.

> GET / HTTP/2

>

> Host: google.com

>

> User-Agent: Chrome/120.0

>

> Accept: text/html

>

> Accept-Language: en-US

>

> Accept-Encoding: gzip, br

This tells the server: "Give me the homepage (/) using HTTP version 2. I am Chrome. I want HTML. I prefer English. I can handle compressed responses."

The server processes your request and sends back:

> HTTP/2 200 OK

>

> Content-Type: text/html; charset=UTF-8

>

> Content-Encoding: br

>

> Content-Length: 45672

Followed by the actual HTML content of the page.

• •HTTP/1.1 (1997) - one request at a time per connection. To load 50 resources, browsers opened 6 parallel connections and took turns. Slow.
• •HTTP/2 (2015) - multiple requests simultaneously over a single connection (multiplexing). Plus header compression and server push. Major speed improvement.
• •HTTP/3 (2022) - uses QUIC instead of TCP, eliminating the separate TCP and TLS handshakes. Built-in encryption. Better performance on unreliable connections (mobile networks). The future.

1. 1HTML parsing - the browser reads the HTML and builds the DOM (Document Object Model) - a tree structure representing every element on the page.

1. 1CSS parsing - stylesheets are parsed and combined into the CSSOM (CSS Object Model). This defines how every element should look.

1. 1Render tree construction - the DOM and CSSOM are merged into a render tree that contains only visible elements with their computed styles.

1. 1Layout - the browser calculates the exact position and size of every element. "This div is 500px wide, positioned 200px from the left, and its children flow vertically." This is also called "reflow."

1. 1Painting - the browser fills in the pixels. Text is rasterized, images are decoded, borders and shadows are drawn.

1. 1Compositing - the painted layers are combined in the correct order and sent to the GPU for display.

You have seen this: you start reading an article, and suddenly the text jumps down because an image or ad loaded above it. This is called Cumulative Layout Shift (CLS), and it happens when resources load out of order, forcing the browser to recalculate the layout.

Good web development prevents this by:

• •Specifying image dimensions in HTML so the browser reserves space before the image loads
• •Loading fonts efficiently to prevent text reflow
• •Avoiding dynamically injected content above existing content

Over 95% of intercontinental internet traffic travels through undersea fiber optic cables - not satellites. There are currently over 550 active submarine cables, totaling over 1.3 million kilometers of cable on the ocean floor.

These cables are roughly the diameter of a garden hose but carry virtually all international internet traffic:

• •A single modern cable can carry 250+ terabits per second
• •They are laid by specialized ships that cost $250,000+ per day to operate
• •Sharks occasionally bite them (seriously - Google had to add Kevlar protection to some Pacific cables)
• •They land at "cable landing stations" that are critical but deliberately inconspicuous buildings, usually near coastlines

Geopolitical implications: Control of undersea cables is a matter of national security. Countries that host landing stations have the theoretical ability to tap international traffic. Most cables are owned by private consortiums, but increasingly by tech giants - Google, Meta, Microsoft, and Amazon now own or lease significant submarine cable capacity.

To avoid sending every request across oceans, companies use CDNs - networks of servers distributed globally that cache copies of content close to users.

When you load a website using Cloudflare, Akamai, or AWS CloudFront:

1. 1Your request goes to the nearest CDN edge server (there are thousands worldwide, typically within 50ms of most internet users)
2. 2If the edge server has a cached copy, it responds immediately - no need to reach the origin server
3. 3If it does not, it fetches from the origin, caches the result, and serves it

CDNs are why a website hosted in Virginia loads fast in Tokyo. Without them, every request would cross the Pacific Ocean - adding 150-200ms of latency each way.

The slowest part of the internet is usually the "last mile" - the connection from the ISP's infrastructure to your home:

• •Fiber optic - light through glass fibers. Fastest option: symmetrical speeds up to 10 Gbps. Low latency.
• •Cable - electrical signals through coaxial cable. Fast download (up to 1+ Gbps) but typically slower upload. Shared bandwidth with neighbors.
• •DSL - electrical signals through copper phone lines. Slowest fixed-line option but widely available. Speed degrades with distance from the exchange.
• •5G/LTE - radio waves to cellular towers. Increasingly competitive with wired connections but variable latency and affected by obstacles and weather.
• •Satellite - signals bounced off orbiting satellites. Traditional satellites (geostationary, 36,000km up) have 600ms+ latency. Newer constellations like Starlink (low earth orbit, 550km up) achieve 20-50ms latency - a game changer for rural areas.

You can test your connection speed with our Speed Test to see how your last mile performs.

• •"DNS not resolving" - the domain lookup fails. Try switching DNS servers. If 1.1.1.1 works but your ISP's DNS does not, the problem is your ISP.
• •"Connection timed out" - TCP handshake fails. The server might be down, or a firewall might be blocking the connection.
• •"SSL certificate error" - TLS handshake fails. The certificate might be expired, self-signed, or for a different domain.
• •"404 Not Found" - HTTP works fine, but the specific resource does not exist on the server.
• •"Slow loading" - could be DNS (check with dig or nslookup), TCP latency (check with ping or traceroute), large resources (check DevTools Network tab), or slow server processing.

• •ping - tests basic connectivity and round-trip time to a host
• •traceroute (tracert on Windows) - shows the path packets take and where delays occur
• •nslookup / dig - queries DNS directly to test name resolution
• •curl - makes HTTP requests from the command line
• •Browser DevTools Network tab - shows every resource loaded, its size, timing breakdown, and any errors