Addressing and Naming: MAC, IP, DNS
What This Concept Is
The Internet uses three very different identifier systems, one per layer of relevance:
- MAC address (link layer): a 48-bit identifier burned into a NIC, unique per interface on a local segment. Example:
aa:bb:cc:11:22:33. It only matters between directly connected hops. - IP address (network layer): a 32-bit (IPv4) or 128-bit (IPv6) identifier that is globally routable across the Internet. Example:
93.184.215.14or2606:2800:021f:cb07:6820:80da:af6b:8b2c. - DNS name (application layer): a human-readable string like
example.com. Not usable by IP directly. Must be resolved to an IP first.
Ports are a fourth identifier, specific to transport-layer demultiplexing inside one host. They live alongside IP in a 4-tuple (src IP, src port, dst IP, dst port) plus protocol.
Why It Matters Here
Every networked program implicitly traverses all three:
- User types or configures a name (
api.stripe.com). - DNS resolves it to an IP.
- The host builds IP packets for that IP.
- ARP (IPv4) or NDP (IPv6) maps the next-hop IP to a MAC.
- The frame goes out with a MAC destination on that local segment only.
At each router, the MAC is replaced (the IP is not). The IP is end-to-end; the MAC is per-hop.
Concrete Example
You open https://example.com/. Ignore TLS. A rough identifier trace:
- Name:
example.com. - DNS
Arecord:93.184.215.14. - Your machine's kernel builds a TCP SYN with destination IP
93.184.215.14, destination port443. - ARP says "next hop
192.168.1.1is MACaa:bb:cc:00:00:01." - Ethernet frame leaves with destination MAC
aa:bb:cc:00:00:01, IP destination93.184.215.14, TCP destination port443. - At the next router, Ethernet destination MAC changes to the router after that. IP destination does not change. TCP header does not change.
Common Confusion / Misconception
"My MAC address identifies me on the Internet." No. MAC only matters on the local segment. Once a router forwards the packet, a new Ethernet frame is constructed with a new MAC pair. Remote hosts never see your MAC.
"DNS is part of the OS." DNS is an application-layer protocol. The OS happens to have a resolver library, but DNS messages are just UDP (or TCP) datagrams to port 53.
How To Use It
For any packet or connection:
- What name did the user supply?
- What IP did that resolve to?
- What port identifies the server process?
- What MAC is carrying this frame on this hop?
If you cannot fill in all four, your mental model of the connection is incomplete.
Check Yourself
- Why does changing networks (Wi-Fi to cellular) usually change your IP but not your MAC?
- If DNS is down, what happens when you try to reach
example.comby name, and what happens if you try by IP directly? - What does the tuple
(src IP, src port, dst IP, dst port, protocol)identify? - Why can two DNS lookups for the same name legitimately return different IPs, and why does that not break connections?
- Why can't a server rely on
src IPalone to identify a client?
Mini Drill or Application
Using dig, nslookup, or getent hosts, resolve three domains of your choice. For each:
- Write the DNS name.
- Record the IPv4 and IPv6 address(es) returned.
- Use
ip neighorarp -nto find the MAC of your default gateway. - Explain which of these identifiers actually travel end-to-end vs hop-to-hop.
Then, given the 5-tuple (203.0.113.9, 60001, 93.184.215.14, 443, TCP), describe what uniquely identifies the connection and what would happen if a NAT box expired and recreated the mapping mid-session.
DNS Record Types Worth Knowing
DNS is not a single flat lookup. Common record types you will meet:
A-- IPv4 address for a name.AAAA-- IPv6 address.CNAME-- alias (one name points to another name).MX-- mail exchange host for this domain.TXT-- arbitrary strings; used for SPF, DKIM, domain-verification handshakes.NS-- which nameservers are authoritative for this zone.
Understanding record types is how you read a misconfiguration report: "there is no A for www, only a CNAME, which points to a name with no A" is a precise statement of a common outage.