Code of the Day

HTTP, TLS, and DNS

The request-response cycle, how TLS authenticates and encrypts, and how domain names resolve to IP addresses.

Networking Fundamentals6 min read
Recommended first
By the end of this lesson you will be able to:
  • Trace an HTTP/HTTPS request from DNS resolution to response
  • Explain what TLS provides and why plain HTTP is unsafe for sensitive data

HTTP/HTTPS and the request-response cycle

is a text-based, request-response protocol at the application layer. The client sends a request (method, path, headers, optional body); the server returns a response (status code, headers, body).

GET /search?q=cache+locality HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: text/html

---

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 3421

<!DOCTYPE html>...

HTTPS is HTTP carried over a TLS (Transport Layer Security) connection. TLS adds:

  • — the server presents a certificate signed by a trusted Certificate Authority, proving it is who it claims to be.
  • — all data after the handshake is encrypted. An attacker who intercepts the packets sees only ciphertext.
  • Integrity — a MAC (message authentication code) on each record detects tampering; any altered packet is rejected.

Without TLS, any router or ISP between client and server can read your passwords, session tokens, and personal data in plaintext. With TLS, only the endpoints can read the application data.

DNS resolution

Domain names (example.com) must be translated to IP addresses before TCP can establish a connection. DNS (Domain Name System) is the distributed database that does this.

When you type example.com in a browser:

  1. The OS checks its local DNS cache. Cache hit → done.
  2. The OS queries a recursive resolver (usually your ISP's or 8.8.8.8).
  3. The resolver checks its cache. Cache hit → returns the IP.
  4. If not cached, the resolver queries a root name server for .com.
  5. The root directs it to a .com TLD name server.
  6. The TLD name server directs it to example.com's authoritative name server.
  7. The authoritative server returns the IP address (an A or AAAA record).
  8. The resolver caches the result (for the record's TTL) and returns it to the OS.

Each DNS record has a TTL (time to live) in seconds. Low TTLs (60 s) allow quick IP changes during failover; high TTLs (86400 s) reduce DNS . The resolver's and OS's caches mean most lookups skip steps 4–7.

DNS responses are not encrypted by default (DNS over UDP, port 53). Your ISP and any on-path device can see — and theoretically alter — which domains you look up. DNS over HTTPS (DoH) and DNS over TLS (DoT) solve this by encrypting DNS queries, but require explicit configuration or a browser that supports them natively.

Where to go next

The network stack terminates at the Operating Systems track — specifically the section on system calls, because every socket operation (connect, read, write, close) crosses the user/kernel boundary via a syscall. For persistent data sent across networks, the Database Internals track covers how databases ensure that the data arriving over a connection is durable and consistent.

Knowledge check

  1. 1.
    Which of the following does TLS provide when used with HTTPS?
  2. 2.
    A service needs to fail over to a new IP address within 60 seconds of an outage. What DNS TTL setting is required?
Finished reading? Mark it complete to track your progress.

TCP and UDP

Reliability vs low overhead, the three-way handshake, and when to reach for each transport protocol.

On this page

HTTP/HTTPS and the request-response cycleDNS resolutionWhere to go next