How Domain Name Servers Work for resolving Web Address

How Domain Name Servers Work

If you've ever used the Internet, it's a good bet that you've used the Domain Name System, or DNS, even without realizing it. DNS is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. Its basic job is to turn a user-friendly domain name like "howstuffworks.com" into an Internet Protocol (IP) address like 70.42.251.42 that computers use to identify each other on the network. It's like your computer's GPS for the Internet.

Computers and other network devices on the Internet use an IP address to route your request to the site you're trying to reach. This is similar to dialing a phone number to connect to the person you're trying to call. Thanks to DNS, though, you don't have to keep your own address book of IP addresses. Instead, you just connect through a domain name server, also called a DNS server or name server, which manages a massive database that maps domain names to IP addresses.

Whether you're accessing a Web site or sending e-mail, your computer uses a DNS server to look up the domain name you're trying to access. The proper term for this process is DNS name resolution, and you would say that the DNS server resolves the domain name to the IP address. For example, when you enter "http://www.howstuffworks.com" in your browser, part of the network connection includes resolving the domain name "howstuffworks.com" into an IP address, like 70.42.251.42, for HowStuffWorks' Web servers.

You can always bypass a DNS lookup by entering 70.42.251.42 directly in your browser (give it a try). However, you're probably more likely to remember "howstuffworks.com" when you want to return later. In addition, a Web site's IP address can change over time, and some sites associate multiple IP addresses with a single domain name.

Without DNS servers, the Internet would shut down very quickly. But how does your computer know what DNS server to use? Typically, when you connect to your home network, Internet service provider (ISP) or WiFi network, the modem or router that assigns your computer's network address also sends some important network configuration information to your computer or mobile device. That configuration includes one or more DNS servers that the device should use when translating DNS names to IP address.

So far, you've read about some important DNS basics. The rest of this article dives deeper into domain name servers and name resolution. It even includes an introduction to managing your own DNS server. Let's start by looking at how IP addresses are structured and how that's important to the name resolution process.

 

 

DNS Servers and IP Addresses

You just learned that the primary job of a domain name server, or DNS server, is to resolve (translate) a domain name into an IP address. That sounds like a simple task, and it would be, except for the following points:

·         There are billions of IP addresses currently in use, and most machines have a human-readable name as well.

·         DNS servers (cumulatively) are processing billions of requests across the Internet at any given time.

·         Millions of people are adding and changing domain names and IP addresses each day.

With so much to handle, DNS servers rely on network efficiency and Internet protocols. Part of the IP's effectiveness is that each machine on a network has a unique IP address in both the IPV4 and IPV6 standards managed by the Internet Assigned Numbers Authority (IANA). Here are some ways to recognize an IP address:

·         An IP address in the IPV4 standard has four numbers separated by three decimals, as in: 70.74.251.42

·         An IP address in the IPV6 standard has eight hexadecimal numbers (base-16) separated by colons, as in 2001:0cb8:85a3:0000:0000:8a2e:0370:7334. Because IPV6 is still a very new standard, we'll concentrate on the more common IPV4 for this article.

·         Each number in an IPV4 number is called an "octet" because it's a base-10 equivalent of an 8-digit base-2 (binary) number used in routing network traffic. For example, the octet written as 42 stands for 00101010. Each digit in the binary number is the placeholder for a certain power of two from 2⁰ to 2⁷, reading from right to left. That means that in 00101010, you have one each of 2¹, 2³ and 2⁵. So, to get the base-10 equivalent, just add 2¹ + 2³ + 2⁵ = 2 + 8 + 32 = 42. For more about how IP addresses are constructed, see our article "What is an IP address?"

·         There are only 256 possibilities for the value of each octect: the numbers 0 through 255.

·         Certain addresses and ranges are designated by the IANA as reserved a IP address, which means they have a specific job in IP. For example, the IP address 127.0.0.1 is reserved to identify the computer you're currently using. So, talking to 127.0.0.1 is just talking to yourself.

Where does your computer's IP address come from? If we're talking about your desktop or laptop computer, it probably comes from a Dynamic Host Configuration Protocol (DHCP) server on your network. The job of a DHCP server is to make sure your computer has the IP address and other network configuration it needs whenever you're online. Because this is "dynamic," the IP address for your computer will probably change from time to time, such as when you shut down your computer for a few days. As the user, you'll probably never notice all this taking place. See the sidebar on this page for hints on where to find the IP address assigned to your computer or mobile device.

Web servers and other computers that need a consistent point of contact use static IP addresses. This means that the same IP address is always assigned to that system's network interface when it's online. To make sure that interface always gets the same IP address, IP associates the address with the Media Access Control (MAC) address for that network interface. Every network interface, both wired and wireless, has a unique MAC address embedded in it by the manufacturer.

For more information on IP addresses, see the IANA, operated by the Internet Corporation for Assigned Names and Numbers (ICANN). Now, though, let's look at the other side of the DNS equation: domain names.

 

Domain Names

If we had to remember the IP addresses of all our favorite Web sites, we'd probably go nuts! Human beings are just not that good at remembering strings of numbers. We are good at remembering words, however, and that is where domain names come in. You probably have hundreds of domain names stored in your head, such as:

·         howstuffworks.com -- our favorite domain name

·         google.com -- one of the most used domain names in the world

·         mit.edu -- a popular EDU name

·         bbc.co.uk -- a three-part domain name using the country code UK

You'll recognize domain names as having strings of characters separated by dots (periods). The last word in a domain name represents a top-level domain. Thesetop-level domains are controlled by the IANA in what's called the Root Zone Database, which we'll examine more closely later. The following are some common top-level domains:

·         COM -- commercial Web sites, though open to everyone

·         NET -- network Web sites, though open to everyone

·         ORG -- non-profit organization Web sites, though open to everyone

·         EDU -- restricted to schools and educational organizations

·         MIL -- restricted to the U.S. military

·         GOV -- restricted to the U.S. government

·         US, UK, RU and other two-letter country codes -- each is assigned to a domain name authority in the respective country

In a domain name, each word and dot combination you add before a top-level domain indicates a level in the domain structure. Each level refers to a server or a group of servers that manage that domain level. For example, "howstuffworks" in our domain name is a second-level domain off the COM top-level domain. An organization may have a hierarchy of sub-domains further organizing its Internet presence, like "bbc.co.uk" which is the BBC's domain under CO, an additional level created by the domain name authority responsible for the UK country code.

The left-most word in the domain name, such as www or mail, is a host name. It specifies the name of a specific machine (with a specific IP address) in a domain, typically dedicated to a specific purpose. A given domain can potentially contain millions of host names as long as they're all unique to that domain.

Because all of the names in a given domain need to be unique, there has to be some way to control the list and makes sure no duplicates arise. That's where registrars come in. A registrar is an authority that can assign domain names directly under one or more top-level domains and register them with InterNIC, a service of ICANN, which enforces uniqueness of domain names across the Internet. Each domain registration becomes part of a central domain registration database known as the whois database. Network Solutions, Inc. (NSI) was one of the first registrars, and today companies like GoDaddy.com offer domain registration in addition to many other Web site and domain management services. [source: InterNIC]

Later, when we look at how to create a domain name, we'll see that part of registering a domain requires identifying one or more name servers (DNS servers) that have the authority to resolve the host names and sub-domains in that domain. Typically, you would do this through a hosting service, which has its own DNS servers. Next, we'll look at how these DNS servers manage your domain, and how DNS servers across the Internet work together to ensure traffic is routed properly between IP addresses.

The Distributed System

Every domain has a domain name server handling its requests, and there is a person or IT team maintaining the records in that DNS server's database. No other database on the planet gets as many requests as DNS servers, and they handle all those queries while also processing data updates from millions of people every day. That's one of the most amazing parts of DNS -- it is completely distributed throughout the world on millions of machines, managed by millions of people, and yet it behaves like a single, integrated database!

Because managing DNS seems like such a big job, most people tend to leave it to the IT professionals. However, by learning a little bit about how DNS works and how DNS servers are distributed across the Internet, you can manage DNS with confidence. The first thing to know is what the purpose of a DNS server is on the network where it resides. A DNS server will have one of the following as its primary task:

·         Maintain a small database of domain names and IP addresses most often used on its own network, and delegate name resolution for all other names to other DNS servers on the Internet.

·         Pair IP addresses with all hosts and sub-domains for which that DNS server has authority.

DNS servers that perform the first task are normally managed by your Internet service provider (ISP). As mentioned earlier, the ISP's DNS server is part of the network configuration you get from DHCP as soon as you go online. These servers reside in your ISP's data centers, and they handle requests as follows:

·         If it has the domain name and IP address in its database, it resolves the name itself.

·         If it doesn't have the domain name and IP address in its database, it contacts another DNS server on the Internet. It may have to do this multiple times.

·         If it has to contact another DNS server, it caches the lookup results for a limited time so it can quickly resolve subsequent requests to the same domain name.

·         If it has no luck finding the domain name after a reasonable search, it returns an error indicating that the name is invalid or doesn't exist.

The second category of DNS servers mentioned above is typically associated with Web, mail and other Internet domain hosting services. Though some hardcore IT gurus set up and manage their own DNS servers, hosting services have made DNS management much easier for the less technical audience. A DNS server that manages a specific domain is called the start of authority (SOA) for that domain. Over time, the results from looking up hosts at the SOA will propagate to other DNS servers, which in turn propagate to other DNS servers, and so on across the Internet.

This propagation is a result of each DNS server caching the lookup result for a limited time, known as its Time To Live (TTL), ranging from a few minutes to a few days. People managing a DNS server can configure its TTL, so TTL values will vary across the Internet. So, each time you look up "www.howstuffworks.com," it's possible that the DNS server for your ISP will find the lookup results "70.42.251.42" in its own cache if you or someone else using that server looked for it before within the server's TTL.

This great web of DNS servers includes the root name servers, which start at the top of the domain hierarchy for a given top-level domain. There are hundreds of root name servers to choose from for each top-level domain. Though DNS lookups don't have to start at a root name server, they can contact a root name server as a last resort to help track down the SOA for a domain.

Now that you know how DNS servers are interconnected to improve the name resolution process, let's look at how you can configure a DNS server to be the authority for your domain.

Creating a New Domain Name

When you want to create a new domain name, you need to do the following:

·         Use the Whois database to find a unique domain name that isn't yet registered. There are several sites that offer free Whois database searches, such as Network Solutions. If the search comes up empty, you know the domain name is available.

·         Register the domain name with a registrar. There are a lot of registrars to choose from, and some offer special prices for registering the COM, NET, and ORG versions of a domain at the same time, for registering for two or more years, or for hosting the domain with the same company.

·         If you're hosting the domain at a different company than your registrar, configure the registrar to point your domain name to the correct host name or IP address for your hosting company (see information below about A records).

Using the DNS servers from your registrar or hosting company means that you have a parked domain. This means that someone else owns the computer hardware for the DNS servers, and your domain is just part of that company's larger DNS configuration. Alternatively, if you're passionate about hosting your own DNS, you can set up your own server, either as a physical or virtual machine. Whichever DNS setup you decide on, that DNS server (or group of servers) becomes the SOA for your domain, as described earlier.

Whether your SOA is somewhere else or on your own system, you can extend and modify your DNS settings to add sub-domains, redirect e-mail and control other services. This information is kept in a zone file on the DNS server [source: GoDaddy.com]. If you're running your own server, you'll probably need to manually edit the zone file in a text editor. Many registrars today have a Web interface you can use to manage DNS for your domain. Each new configuration you add is called a record, and the following are the most common types of records you can configure for your DNS server:

·         Host (A) -- This is the basic mapping of IP address to host name, the essential component for any domain name.

·         Canonical Name (CNAME) -- This is an alias for your domain. Anyone accessing that alias will be automatically directed to the server indicated in the A record.

·         Mail Exchanger (MX) -- This maps e-mail traffic to a specific server. It could indicate another host name or an IP address. For example, people who use Google for the e-mail for their domain will create an MX record that points to ghs.google.com.

·         Name Server (NS) -- This contains the name server information for the zone. If you configure this, your server will let other DNS servers know that yours is the ultimate authority (SOA) for your domain when caching lookup information on your domain from other DNS servers around the world.

·         Start of Authority (SOA) -- This is one larger record at the beginning of every zone file with the primary name server for the zone and some other information. If your registrar or hosting company is running your DNS server, you won't need to manage this. If you're managing your own DNS, Microsoft's support information has a helpful article on the structure of a DNS SOA Record.

The following is an example of what a zone file might look like for those who are editing it directly in a text editor. Note that the center column (second item on each line) includes a record type from those listed above. When you see an "@" in the left column, it means that the record applies in all cases not otherwise specified:

@ NS auth-ns1.howstuffworks.com

@ NS auth-ns2.howstuffworks.com

@ MX 10 mail

mail A 209.170.137.42

vip1 A 216.183.103.150

www CNAME vip1

Typical users will probably get the most use out of MX and CNAME records. The MX records allows you to point your mail services somewhere other than your hosting company if you choose to use something like Google Apps for your domain. The CNAME records let you point host names for your domain to various other locations. This could include setting google.example.com to redirect to google.com, or setting up a dedicated game server with its own IP address and pointing it to something like gameserver.example.com. HowStuffWorks' parent company, Discovery, does this: dsc.discovery.com is the main Web site, science.discovery.com is The Science Channel Web site, and so on.

Throughout this article, you've read about the role of domain name servers, how DNS maps domain names to IP addresses and how to choose your domain name and configure it to work within the distributed system of DNS servers around the world. Now that you're in the zone with zone files and registered for success with domain name servers, look up lots more information about DNS on the next page.

Best of both worlds round 3: mSATA SSDs

As SSDs become increasingly affordable, making the switch is increasingly tempting. However, there are very few drives with over 512GB of capacity, and those that exist are still far from affordable. One solution that works well for desktops and workstation replacement laptops is putting an SSD in one drive bay and a mechanical HDD in another. This is a bit trickier with smaller laptops though. A couple years ago, I experimented with moving the primary HDD to the optical bay, and installing an SSD to get the best of both worlds: fast performance and extra storage for bulky but less-used files.
“Ultrabook” didn’t even enter our vernacular until mid-2011, and at the time most laptops still came with a DVD drive. Now in 2013, many of the latest laptops don’t even come with DVD drives. What’s a modern laptop user to do if they want SSD performance and HDD storage?

Enter the mSATA SSD: announced in 2009, mSATA SSDs started making their way into ultrabooks as manufacturers sought smaller sized components. In recent years some manufacturers have begun putting mSATA support into mid-sized laptops that still have a normal 2.5″ hard drive bay, too. Lenovo in particular has been leading this trend, with most recent ThinkPad and IdeaPad laptops supporting an mSATA drive in addition to the primary hard drive.

The first thing to know about mSATA SSDs: they’re small. Kingston donated a 64 GB mSATA SSD for this review, and when it arrived I was shocked by just how tiny the package is. It measures a mere 50 by 30 mm. The physical connector is identical to a mini-PCI-E slot, like those used by WiFi and WWAN cards, but does require that a SATA channel be connected to the slot, so just any mini-PCI-E slot won’t do.

Installation

Installing an mSATA SSD takes a lot more time and care than installing a regular 2.5″ drive into most laptops. To install it into my ThinkPad X230 took about an hour, vs. a couple minutes to swap out the 2.5″ drive. Each computer will require different, very specific steps to install. Look up your computer’s service manual (typically available from the manufacturer’s support site) and find the instructions for installing an mSATA drive.

The mSATA SSD installation flipbook. (This isn’t meant to be a guide… just showing what the steps were for my laptop.)

Configuration

The point of an mSATA SSD is to free up that HDD slot for some big, slow spinning storage, while keeping your OS, programs, and most-used data on the fast SSD. These instructions are for Windows, but you can follow the same general principal for Linux. I’ve found that it’s almost always easier to just do a fresh install of Windows on a new SSD. Trying to image from a large disk to a smaller disk is generally a pain to do, and Windows will also automatically configure certain things differently if you have an SSD, to improve its performance.
Working from a fresh install, you’ll want to configure your user files (My Documents, My Pictures, etc.) to reside on the HDD. Instructions for this are exactly the same as with my previous SSD+HDD Caddy instructions.

Performance

In most cases, an mSATA SSD will perform just as well in a given computer as a regular 2.5″ SATA drive, if they have the same basic specs. On my X230, the mSATA drive only supports SATA II while the 2.5″ bay supports SATA III. For comparison, I used a similar Kingston SSD in the 2.5″ form factor, the SSDnow V300, which does take advantage of the SATA III connector in the full HDD slot. Note that these comparisons are just to give an idea of the relative performance in this case – with an mSATA SSD and slot that both support SATA III, you could easily see better performance from an mSATA SSD than some 2.5″ SSDs.

AS SSD Benchmark

mSATA SSD on left, 2.5″ SSD on right

Crystal Disk Mark Benchmark

CrystalDiskMark benchmarks. mSATA SSD on left, 2.5″ SSD on right

Making sure you have what you need

If you’re interested in pursuing an mSATA SSD solution, the first thing to do is make sure your laptop supports it! Most Lenovo laptops (both ThinkPads and IdeaPads) since about 2010 have mSATA slots. Some other manufacturers have them too, although less consistently. If you already have the laptop, try finding the specific service manual for your computer, and look for information about the mSATA drive, or search for “<laptop name> mSATA” online. If you haven’t purchased a laptop yet, try to find this information before buying!
Once you have the laptop taken care of, you’ll need to select an SSD. I’m hesitant to make any specific suggestions here, because new SSDs are released almost constantly. Almost all of the major SSD manufacturers have mSATA drives available now. One of the best resources on the web for finding up-to-date reviews and listings is The SSD Review. The Tom’s Hardware SSD Hierarchy Chart is also a good resource, and is typically updated monthly.

What to Do After Buying a New Laptop

Buying a new laptop can be a difficult venture. You must decide which one is right for you. Depending on what your needs are, there are tons of things to consider like hard drive space, graphics cards, and general ease of use.
But once you find your dream computer, there are a few things that you must do. Here are some tips to follow after you purchase your laptop to make your computing experience a pleasurable one.

Register and Update Windows

Image via Flickr by Microsoft Sweden
An important part of purchasing your computer is actually registering (and successfully activating) Windows. It activates all the perks of having Windows as an operating system, such as Windows Media Player, and it also enables desktop personalization.
Next you’ll want to download all system updates and service packs. You’ll want a really fast internet connection for this, because these can be huge files and take a while to download. However, they’re vital to making your computer safer and run much smoother. These updates patch up any bugs or glitches that were newly found, and they streamline the performance of the operating system as well as add new features.  To answer super user “Hennes” question, it doesn’t matter which variation of Windows 7 you have, Pro or Home, it will run, performance wise, the same, if you’re worried about performance issues think about either adding more RAM or upgrading to Windows 8, which for the for the most part is a more streamlined and smoother operating system.

Rid your Computer from Unwanted “Bloatware”

When you purchase a computer, you’d imagine that you’re starting with a clean slate. However, this couldn’t be further from the truth. Most computers are loaded with unwanted games and software (referred to as bloatware, since it bulks up what should be a clean slate). The most efficient way to truly free up your computer is to install a brand-new, store-bought copy of Windows onto your hard drive.  This will wipe out everything that was on the hard drive (so make sure you save everything you wanted to keep on an external drive or disc) and leave a clean and smoothly operating system, free of unwanted, useless bloatware.
If you don’t feel like doing this, or don’t want to buy a new copy of Windows, you can try manually uninstalling the offending software, by going to Start > Control Panel > Programs and Features. From here you can go to each program you don’t want and click uninstall. For programs that are more deeply rooted, like anti-virus software, you can go to the developers website and search for the “complete uninstall” procedure and follow their steps to completely eradicate it from your system.

Anti-virus and Security Software

While many computers come with standard anti-virus software, it’s important to make sure you have the right program to deal with potential intruders. That being said, you may want to consider forking out a few dollars for an all-encompassing anti-virus program, such as Norton Antivirus software, or save some money and get basic protection, with something like AVG Anti-Virus software.
Going together with anti-virus software is security scanning software. What you’re looking for are programs such as malware that will make your computer run at a turtle’s pace. By running a security scan, you can remove all the unwanted unintentionally downloaded programs off your hard drive before you get into computing that would release sensitive information.
Schedule a security scan for about once a week (you can set it to automatically begin when you want, in whatever increment you choose) to keep your computer free from malicious programs. Keep this software running in the background, and it will detect and quarantine any questionable and infected files that you may have just unintentionally downloaded and it will also warn you and deter you away from possibly unsafe sites.

Back Up Software and Recovery

Any computer with Windows will have system recovery loaded to it. Recovery restores your computer to a pre-existing state if the worst should happen.
If you drop your computer or it suddenly fails due to a power surge or something else, recovery will make your computer work again if possible. Backing up, on the other hand, is basically insurance for your computer. You can take all the files that you never want to lose, and you can put them on an external hard drive. Or if you don’t want to buy one of those, you can copy the files on to a DVD or CD and keep them in a safe place. These measures ensure that you will never have to fret over lost work.
Physical back-ups aren’t your only option – there are plenty of ways to back up your info using an online cloud service, doing this will automatically back up your files as you make them, and no matter what happens to your computer, or backup drives, your files will be downloadable from their hard drives on their servers.

Power Saving

Make sure that, after registering Windows, you go into your personalization and check your power saving scheme. Here, you can configure your Windows 8 power plan settings and options. Choose how long until your computer turns off after it’s idle, as well as setting a screen saver. Both of these things will save you on your energy bill and keep your computer running longer.
No matter what laptop you choose to buy, following a few simple steps for your new laptop will go a long way. Although you shouldn’t expect problems on a brand new machine, it’s all about peace of mind. You can use the computer at your leisure and not be worried about the problems that can compound over time.

Better Know your Wireless Router

Almost everyone these days has a small box with antennae somewhere in their house. It may look innocent, but while it’s killing your babies it’s also applying multiple filters and rulesets to the thousands of packets coming in and out of your network every day.  Wireless routers are ubiquitous today, but there’s a lot of people (even those very competent with computers) that aren’t quite sure how their router should be set up. In this tall post, I’ll show you through the common options and settings on a home router and explain what each does and how you might want to set them, along with some tips for a fast and secure network.

Let’s start out by looking at the big feature you probably bought your router for: WiFi wireless networking.

WiFi

WiFi is a standard that allows for computers to form a local area network wirelessly. WiFi itself is defined by IEEE standard 802.11, and has been in development for some time and comes in several different “flavors.” The common versions are 802.11a, b, g, and n.

WiFi Versions

When you buy a router, you’ll be presented with different options for WiFi version and different supposed benefits for each. When you set up your router, you’ll probably also need to choose a “mixed” or “g-only” option, or choose from a whole different set of standards the router supports.

The WiFi versions were developed in alphabetical order, so ‘a’ is the oldest and ‘n’ is the newest. You’re probably aware of the speed difference (n is fastest, with g second, and b and then a coming up behind). There is another significant difference that most people are not aware of, which explains why the versions are often grouped with ‘a’ and ‘n’ together and ‘b’ and ‘g’ together: ‘b’ and ‘g’ operate in the 2.4GHz band, while ‘a’ operates in the 5GHz band. ‘n’ can operate in either bands, but 2.4GHz support is only for backward compatibility, 5GHz is preferred. “802.11bg” (supporting both ‘b’ and ‘g’ standards) equipment is common, because since the frequency is the same one physical radio can support both. 802.11a devices require a different physical radio.

In general, 5GHz is better. This is because the 5GHz band is wider, allowing for more wireless networks in a small area without interference (this is important, because interference between WiFi networks is increasingly becoming a problem in dense areas), and because WiFi shares the 5GHz band with fewer other devices (many non-WiFi devices operate at 2.4GHz as well, and will interfere with WiFi networks. Baby monitors and older cordless phones are a common example). N is a clear winner, then, because it’s fastest and 5GHz, right?

Unfortunately, the issue of bands and radios becomes somewhat confusing with 802.11n, because both bands are supported. Most 802.11n devices on the market right now are actually 2.4GHz only. Some devices are selectable band, meaning that they can operate at 2.4GHz or 5GHz. Some devices are simultaneous dual-band, so that they can operate on both bands at the same time. 

• A 2.4GHz-only device will support G and N, but will not support N at 5GHz (this limits the benefit you well recieve from N).
• A selectable band device forces you to make a choice: either have 802.11g support as well and be limited to 2.4GHz for n, or have 5GHz 802.11n and lose 802.11g compatibility.
• A dual-band device is the best of both worlds, allowing for 802.11g and 802.11n 5GHz at the same time. They are the most expensive, though.

This can make choosing a new router tricky if price is an issue. Simultaneous dual-band is definitely the best, but such routers often run near $200, with 2.4GHz-only models costing half as much. It comes down to a personal decision. 2.4GHz will work fine, but 5GHz is better.

Of course, a bigger issue is if 802.11n is a concern at all: it’s new enough that existing devices may not support it, so you may just be sticking to 802.11g.

So, to sum it up: n is fastest, but many devices only support g right now. n will operate in two bands, 2.4GHz and 5GHz. 5GHz is best, but unless you buy a simultaneous dual-band device you’ll be giving up 802.11g support to use 5GHz. On cheaper devices, 5GHz may not be an option at all. Most routers will allow you to “mix” standards, allowing different devices supporting different standards to connect at the same time. There’s generally no reason not to do this.

Hopefully you understand the standards a little better now. Once you’ve set the WiFi standard to be used, you may be asked to set the channel. So let’s talk a little about channels.

Channels

Within the bands used by WiFi, there are different channels available. These channels specify the frequency that the router will operate on. For 2.4GHz routers, there are 14 channels spaced 5MHz apart. 802.11g ranges transmissions across 20MHz, so we’re effectively spacing 20MHz channels every 5MHz, resulting in overlap. The exception is channel 14, which is spaced farther away than the rest. Channels 1, 6, 11, and 14 do not overlap with each other, but that doesn’t mean that these are the “best” channels. In general, you just want to choose a channel that is as far away as possible from other nearby networks, preferably 5 channels away to prevent overlap. This may not always be possible; just look for the area with the fewest networks. A WiFi survey tool like NetStumbler will help you with this by showing all the networks in the area and the channels they operate on.

(Graphic from wikipedia)

For 5GHz networks, the numbers are different but the idea is the same. There are quite a few more channels in the 5GHz band, spaced again every 5MHz. Note that 802.11n uses a 40MHz range, though, so there is more overlap. Many routers show only non-overlapping channels by default, though. Once again, just choose a channel that doesn’t have too many other networks near it.

Encryption

Security is a big concern whenever we talk about sending our data through the air, and there are a few encryption technologies supported by most WiFi devices: WEP, WPA, and WPA2. The choice is simple: always use WPA2. It is by far the most secure, and very few devices today lack WPA2 support.

Your router may ask you whether to use TKIP or AES encryption with WPA2. It should actually say TKIP or AES/CCMP, and these refer to the “key management” protocols that will be used to negotiate the internally used encryption key. AES/CCMP is more secure, but some devices might not support it. Go ahead and give AES/CCMP (usually displayed as AES in error) a try. The worst that will happen is you’ll have to change it back to TKIP when something won’t connect.

WPA2 shared keys can be of arbitrary length and contain any keyboard character, and you should take advantage of that. Treat WPA2 shared keys like passwords, making them long and random, containing characters from all categories.

Beaconing

Your computer lists “available networks” by listening for beacons. A beacon is a small unencrypted packet your router regularly sends to advertise its presence. Most routers allow you to turn off beaconing. If you turn it off, you’ll have to enter all the information on your network manually, and recent Windows does not make this convenient. There’s really no reason to disable it; some advertise it as a security measure, but it provides no real security, as it’s trivial to detect unadvertised networks and determine their SSID by listening to packets sent by computers already connected.

Miscellaneous Options

Here’s a few other settings you might see and a brief explanation.

• Group key renewal: WPA2 networks generate a random key that is actually used internally. This random key is only for temporary use, making it more difficult for attackers to use it if they do succesfully determine it. The renewal period sets how long each key will be used before a new one is generated. One hour is a sensible default. Setting this lower may improve security but will reduce performance, as the network becomes temporarily unavailable during key renewal.
• Wireless Mode: If your router has such a setting (most don’t), you’ll want to set it to Access Point. The other options are primarily for using the router to bridge wired devices to a wireless network broadcast by a different router.

That about wraps up the WiFi connections. While we’re on the topic of security, though, let’s look at another security feature that most routers offer.

MAC Filtering

Each network interface manufactured has a unique MAC address. This is a hardware ID that generally never changes (although it is possible to change it). Most routers provide a MAC Filter that allows you to specify a list of MAC addresses that are allowed to connect. Computers with MAC addresses not on the list will be blocked. This is a good security precaution, because although MAC addresses can be faked, it would be difficult for an attacker to find a valid MAC address without physical access to an authorized computer. It is inconvenient, though, because each new computer that wishes to connect will need to manually be added to the list. Most people today do not use a MAC filter. It’s up to you whether or not you want the security at the cost of convenience.

Once a computer connects to the network, it needs a “name” by which other computers can refer to it. You are probably familiar with IP addresses and the fact that each computer on the network must have a unique one, but how does a computer find out what its IP address should be? IP addresses are usually assigned by the router using DHCP.

DHCP and Address Assignment

Whenever a computer connects to your network, it sends a DHCP request. Your router, which acts as a DHCP server, then responds, sending the computer an IP address that it should use, along with the IP address of the router itself (the Gateway), the range of addresses used on the internal network (the Netmask), and addresses for servers that should be referred to when the connecting computer needs to   find a domain name (the DNS servers). Your router will use an IANA “Private” address, an address in a range that has been specifically assigned for use inside of private networks (the 10.* range and the 192.168.* range, generally). This usually works transparently without you having to worry about it, but there are a few settings you should be aware of.

It may be desirable to have computers on your network always use the same IP address (for example, they might host game or media servers). You can set the operating system on those computers to always use the same IP rather than requesting one from the DHCP server. The DHCP server is not aware of these computers, though, so what if it reassigns their addresses? DHCP ranges avoid this problem. You can tell the DHCP server to assign addresses within a certain range, by default on most routers 192.168.1.100 and up. This way you can set your computers with static IPs to addresses below 100, and you know that the DHCP server will not interfere.

DHCP assignments are temporary, and computers must renew their address from time to time. The amount of time for which each address is assigned the DHCP Lease Time. It usually defaults to one day. You can set it longer if you want IPs to change less, but know that a long lease time can result in the router actually running out of IP to assign, since old leases will take up the available address space.

If you have a computer that you want to always have the same IP on your network but that you also connect to other networks (other networks will probably not work properly if you have a static IP set for your network), you may be able to take advantage of Static DHCP Assignment. In such a system you can tell your router the MAC address of the computer and what IP it should use. Whenever a computer with the MAC address you set sends a DHCP request, the router will assign it the IP you specify. It’s a great way to make sure you know the IPs of the computers on your network, but not all routers offer this feature.

As I mentioned, your router also specifies the netmask and DNS servers that a computer should use. The netmask is a binary mask that tells a computer which other addresses are in a local network with it. For most networks, the netmask will be 255.255.255.0, which includes all computers with the first three octets (sections) the same. You will virtually never use a different mask on a home network. The DNS servers that your router provide are how your computer turns a domain name (like www.google.com) in to an IP address (like 74.125.79.104). By default the DNS fields in your router’s configuration interface may be blank. This is because your router also uses DHCP to get some information from your ISP, and that includes the DNS servers. If you’d like, you can manually specify servers for a third-party service here, such as Google Public DNS (8.8.8.8 and 8.8.4.4) and OpenDNS(208.67.222.222 and 208.67.220.220).

In addition to the internal addresses used for computers inside a network to communicate amongst themselves, your router also has an external IP address that it uses to communicate with the internet. Computers inside the network cannot directly communicate with the internet, because they have the wrong kind of address and no direct connection. Instead, they must use the router as a “gateway”, which forwards requests from one network to another and then appropriately routes the responses.

Routing

Routing is perhaps the main function a router performs, thus its name. Computers connected to the router are not physically connected to the network, so they must follow a route through your router in order to connect. Your router has in its memory a “routing table”, which is a list of ranges and where to find them. It knows that 192.168.1.* addresses (or whatever range it uses) are inside the network, so packets asking for these addresses it will send back in. It knows that other addresses are outside of your network, so packets addressed to addresses outside of the 192.168.1.* range should be sent to the internet. Your router will probably have a section where it allows you to enter your own routing rules. This is outside the scope of this article, but know that you can use it to build more complex network configurations using multiple routers.

There’s a problem with routing as I’ve explained it, though: the “from” address on packets generated by computers inside the network going to the internet will be internal addresses. But computers on the internet don’t use your router as a gateway (a good thing, because it wouldn’t be able to handle that many requests), and besides that there are many different networks all using the same private IPs. So how do computers on the internet reply to computers inside your network?

Your router preforms Network Address Translation to resolve this problem.

Network Address Translation

(This section partially quoted from the community wiki answer on this topic.)

NAT is the process through which addresses inside your network (private addresses) are translated to the public (internet) IP of your router. As packets leave your network, the “from” address is changed to the internet address of your router, so that responses will come back to the router. The router then keeps a list of all connections that have been made so that it knows which computer a reply packet should go to. This works fine when a computer inside your network starts the connection, but what if a computer outside tries to start a connection? The router won’t know which internal computer to forward the packet to, so it will simply reject it. Your router will have a section that allows you to configure “port forwarding”, which is how your router chooses how to direct incoming packets. There are a few things you can set up here:

• Faux-DMZ: a lot of routers have a feature called DMZ. This stands for Demilitarized Zone, which is a kind of network security configuration. The DMZ on home routers is often referred to as faux-DMZ because it lacks the features of an actual DMZ. What it does do is the simplest kind of incoming connection handling: all incoming connection requests will be sent to one specified inside your network. It’s dead simple – you type an IP address in to your routers configuration, and all incoming connections go there.

• Port forwarding: All network connection requests include a “port”. The port is just a number, and its part of how a computer knows what the packet is. IANA has specified that Port 80 is used for HTTP. This means that an incoming packet that says port number 80 must be a request intended for a web server. Port forwarding on your router allows you to enter a port number (or possibly a range or combination of numbers, depending on the router) and an IP address. All incoming connections with a matching port number will be forwarded to the internal computer with that address.
• UPnP port forwards: UPnP forwarding works the exact same way as port forwarding, but instead of you setting it up, software on a computer inside the network automatically sets the router to forward traffic on a given port to it. Your router will likely have an option to turn UPnP support on and off.

You will start out with an empty port forwarding table, and this is fine for a lot of people. Over time, you may need to add a few things. Here are some common applications of port forwarding:

• Video game servers. If you wish to host multiplayer video games, outside players will need to be able to connect in.
• P2P protocols. Outside peers will need to be able to connect to your computer for peer-to-peer file transfers. This will usually involve a large range of ports to facilitate multiple connections at once.
• Home file/web servers. You’ll need to be able to connect from outside your network to get to your files, so you’ll need to forward the involved ports to your server.

To set up a port forward, you need to find out which ports you need. This should be in the documentation for the software you’re trying to set up, or it might be configurable. Go to your router’s interface and enter the port number (or possible a range), the protocol (TCP or UDP, this should also be specified where you found the port numbet), and the internal address that it should be sent to. You may also be able to specify an external address or range; this just limits forwarding to packets from a specific destination (which can be a good idea for security reasons). Finally, you might have an option to specify a different internal port. This would allow you to actually change the port number of a packet when it goes through the router, which might be useful if you have multiple computers inside the network running something on the same port and you would like to access them via different ports from the internet (not a common situation). Here’s an example of a port forwarding table:

You can see that TCP ports 80, 22, and 8080 will be forwarded to 192.168.1.5. TCP Port 3389 will be forwarded to 192.168.1.5 only if it comes from an address in the 129.138.* range (specified using CIDR notation, which you can read about here).

Some routers may also support Port Triggering. Port triggering is a less-used feature where a range of incoming ports will be forwarded to a computer after that computer initiates an outgoing connection in another range of ports. You can think of this as port forwarding that is automatically turned on and off. Let’s say we set up the ports 5000-6000 to trigger on the ports 4000-5000. If a computer inside your network opens a connection to a computer on the internet on a port between 4000 and 6000, then ports 5000-6000 will automatically be forwarded to that internal computer for a period of time. Port triggering is generally only used for peer-to-peer file transfer protocols, where the “trigger connection” is used to detect that a computer is running a P2P client, and the forwarded ports allow other computers in the cloud to connect in. By using this triggered technique, port forwarding will automatically be set up for client computers without having to create a rule for each one. Of course, only one computer can connect this way at a time.

If you’re setting up some kind of home server and need to be able to connect in, it might be annoying to remember your router’s internet IP address, especially since it will likely change from time to time. A Dynamic DNS Service can assign a domain name to your home router, even as its internet IP changes.

Dynamic DNS

A dynamic DNS service will assign a domain name to your router’s current IP address, and then will change the IP the domain points to each time your router’s IP changes. In order for this to work, your router will need to inform the dynamic DNS service each time it gets a new external address. Most routers have this functionality built-in. Exactly how it’s set up depends on the service provider, but usually you just need to create an account with a dynamic DNS service and then give your router the username and password for that account. DynDNS and dns.afraid.org are both popular dynamic DNS services.

Since your router (and, through port forwarding, devices behind it) is exposed to the internet, security is important. All routers have security features built in, and some have more advanced security controls available.

Firewall

By restricting incoming connections to just those that you have specifically authorized, NAT provides a level of built-in security, acting as an implicit static firewall. Only incoming connections matching the rules you specify will be permitted. Most routers also have a few other security settings.

• ICMP Ping: you can set your router not to respond to ICMP Ping requests, often used to determine if there is a machine online at an address. Disabling this provides a bit of extra security but not much, since there are other ways to determine if a machine is online.
• Allow Multicast: Multicast packets are packets that are set to be delivered to all computers in a network. Most routers will ignore multicast packets from the internet by default. This is a sensible setting to avoid attacks.
• NAT loopback: If NAT loopback is enabled, NAT will be performed for internal connections as well (the source address will be changed to the router’s internal address). This is rarely necessary and should be left off.

These basic settings rarely need to be changed from their default. There is a firewall function of your router that, if you choose to enable it, requires quite a bit of configuration: Quality of Service.

Quality of Service (QoS)

Quality of Service systems prioritize traffic by type, moving some packets faster at the cost of moving less important packets more slowly. QoS is fairly complicated to set up, but I’ll explain the basic concept. First, you must “classify” your packets. This means setting up rules based on addresses, port numbers, and other header values that put packets into different classes (usually lettered as Class A, Class B, etc). You can then Prioritize these classes, specifying that certain classes should be given more bandwidth than others. A typical application of QoS is to prioritize VoIP or video game traffic over traffic that is not as latency-sensitive. Virtually all routers support QoS but ship with it disabled, and for most users it’s not worth the time involved in configuration.

Finally, most routers allow you to set up some simple restrictions on when and how your network can be used.

Access Restrictions

Your router may have either or both scheduled restrictions and content restrictions. Scheduled restrictions allow you to specify that certain computers (typically identified by their MAC addres) should only be able to access the internet during certain scheduled periods. Content restrictions allow you to specify that certain computers or all of the network should not be able to access certain websites, typically specified by domain. This functions as a very lightweight (and thus easy to circumvent) content filter. You can use these settings for rough parental control, if you’d like, but know that they’re easy to get around with common tools.

Hopefully you know more about your home router now. I tried to be pretty inclusive in this list, but I’m certain there are things I’ve left out. Most of those things would probably make good SuperUser questions, so feel free to ask away!