{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_bundle","feature":"bundle","name":"LLM article bundle","what":"Paste-ready package: body + claims + sources + voxels + provenance + manifest + constitution.","contains":"body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest","slug":"oip-what-is-dns","urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle?format=markdown"},"how_to_use":"Paste into any LLM. Read §SELF first. Write back via ingest or claim endpoints in llm_manifest.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/oip-what-is-dns/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/topology"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"ingest","name":"Ingest protocol","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","urls":{"write":"https://miscsubjects.com/api/protocol/ingest"}},{"id":"claim_post","name":"Claim post protocol","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by.","urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"llm_manifest","name":"LLM manifest","what":"Machine-readable read/write contract for external LLMs.","urls":{"read":"https://miscsubjects.com/api/articles/llm-manifest"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"bundle","name":"LLM article bundle","what":"Paste-ready package: body + claims + sources + voxels + provenance + manifest + constitution.","why":"Every feature is auditable collective intelligence","how":"Paste into any LLM. Read §SELF first. Write back via ingest or claim endpoints in llm_manifest.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle?format=markdown"},"imessage":null,"router":null,"related":[{"id":"topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."},{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"ingest","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node."},{"id":"claim_post","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by."},{"id":"llm_manifest","what":"Machine-readable read/write contract for external LLMs."}],"not_medical_advice":true},"bundle_version":1,"generated_at":"2026-07-04T22:36:33.172Z","slug":"oip-what-is-dns","title":"What Is DNS: The Domain Name System Explained","url":"https://miscsubjects.com/a/oip-what-is-dns","register":"oip_protocol","tags":["oip","protocol"],"posted_at":"2026-07-04T18:30:49.768Z","updated_at":"2026-07-04T19:01:12.973Z","body":"## What It Is\n\n**The Domain Name System (DNS) is a globally distributed, hierarchical database that maps human-readable names to machine-routable addresses.** Every time you type a URL, open an app, or send an email, DNS resolves the name to the numbers the network actually needs. It is a lookup table at planetary scale, operated by no single entity and trusted by every machine on Earth.\n\n## Why It Matters\n\nWithout DNS, the internet would be a phonebook of numbers. The design decision to use symbolic names made the web accessible, memorable, and scalable. But that abstraction carries a cost: you must trust the resolver. When you ask for a name, you receive an answer from a chain of servers you do not control. If that chain lies, you are routed to a fake bank, a censored page, or a surveillance endpoint.\n\nDNS is not a convenience layer. It is a trust layer. It sits at the boundary between the user and the entire network. The architecture of DNS — distributed, recursive, and cache-heavy — determines who can see what you browse, who can block it, and who can impersonate the destination. Understanding DNS is not optional for anyone who wants to reason about security, sovereignty, or reliability on the internet.\n\n## How It Works\n\n**Step 1: The stub resolver asks the recursive resolver.** Your laptop or phone sends a query to a recursive resolver — often your ISP, your VPN, or a public resolver like 8.8.8.8. This resolver handles the hard work of chasing down the answer.\n\n**Step 2: The root hints.** The recursive resolver starts at the root nameservers. There are 13 logical root servers, each replicated hundreds of times. The root knows where the top-level domain (TLD) servers live — .com, .org, .net, .cn, .io.\n\n**Step 3: The TLD delegation.** The TLD server knows the authoritative nameservers for the second-level domain. For `example.com`, the .com TLD server points to the nameservers operated by the domain's owner or registrar.\n\n**Step 4: The authoritative answer.** The domain's authoritative nameserver returns the resource records. The most common is the A record: `example.com` maps to `93.184.216.34`. If you asked for an IPv6 address, it returns an AAAA record.\n\n**Step 5: The recursive resolver caches and returns the answer.** The resolver stores the result for the duration specified by the TTL (Time to Live) field in the record. It then hands the answer back to your device.\n\nThe entire process usually takes under 50 milliseconds. But during those milliseconds, multiple servers learned that you wanted `example.com`. The query is usually unencrypted and sent in plaintext unless DoH (DNS over HTTPS) or DoT (DNS over TLS) is enabled.\n\n## The Contract\n\n**Input:** A fully qualified domain name (FQDN) and a query type (A, AAAA, MX, TXT, NS, SOA, CNAME).\n\n**Output:** A set of resource records, each with a value, a TTL, and a class (almost always IN for internet).\n\n**Behavior:**\n- The system must resolve from root to TLD to authoritative nameserver, respecting the delegation chain.\n- Negative answers must be cached (NXDOMAIN, NODATA).\n- TTL governs cache validity. A record with TTL 3600 must not be served from cache after 3600 seconds.\n- The resolver must retry on timeout, not invent answers.\n- Authoritative servers must return the data configured in the zone file. Recursive servers must not return authoritative data unless they are also authoritative.\n\n## Real Examples\n\n**Example 1: Browser navigation.** You type `https://miscsubjects.com` into your browser. The OS stub resolver checks its cache, then asks the configured recursive resolver. The resolver queries root → .com TLD → miscsubjects.com authoritative nameserver. It returns the A record. The browser opens a TCP connection to that IP and requests the page.\n\n**Example 2: Email delivery.** An email server at `mail.sender.com` needs to send mail to `user@recipient.com`. It queries the MX record for `recipient.com`. The MX record points to `mail.recipient.com` with priority 10. The sending server then resolves `mail.recipient.com` to an IP and connects on port 25.\n\n**Example 3: CDN routing.** Cloudflare returns different A records for `cdn.example.com` depending on your geographic region. The authoritative nameserver uses anycast and latency-aware routing to return the IP of the nearest edge server. DNS is doing load balancing and geographic distribution at the name layer.\n\n**Example 4: DNS-based failover.** A company runs two datacenters. The authoritative nameserver returns two A records: one primary, one backup. The primary datacenter fails. Health-checks remove the primary record. DNS now returns only the backup. TTL is set to 60 seconds to minimize the propagation window.\n\n**Example 5: DNS-based blocklists.** A network operator can redirect `malware.example.com` to a sinkhole IP by returning a forged A record from a local resolver. This is how many enterprise and national firewalls block domains at the name layer.\n\n## Common Mistakes\n\n**Mistake 1: Believing DNS is just a lookup.** It is not. DNS is a routing mechanism, a load balancer, a failover system, and a surveillance vector. Treating it as passive infrastructure underestimates the power it holds.\n\n**Mistake 2: Ignoring TTL management.** A TTL of 86400 means a bad record propagates and persists for 24 hours. You cannot fix a DNS mistake quickly if you set your TTL too high.\n\n**Mistake 3: Assuming DNS is private.** Standard DNS queries are sent in plaintext over UDP port 53. Anyone on the path — your ISP, the Wi-Fi operator, a government tap — can see every domain you query. Using DoH or DoT is not optional if you care about privacy.\n\n**Mistake 4: CNAME at the zone apex.** A CNAME record at the root of a domain (e.g., `example.com`) is forbidden by RFC because it conflicts with the SOA and NS records required at the apex. Use ALIAS or ANAME records if your provider supports them, or a redirect at the HTTP layer.\n\n**Mistake 5: Thinking DNSSEC is too hard.** It is a signed chain of trust from the root downward. It prevents DNS spoofing by cryptographically proving that a record was signed by the legitimate authority. The complexity is real, but the alternative — blind trust — is not acceptable for critical infrastructure.\n\n## Connection to OIP\n\nThe OIP philosophy demands open, deterministic, auditable systems. DNS is the original case study in both the promise and the failure of that philosophy.\n\n**Open:** DNS is a protocol, not a product. Anyone can run a resolver, an authoritative server, or a root mirror. The zone files are public. The standards are published in RFCs. In principle, DNS is perfectly open.\n\n**Deterministic:** A query for a given name at a given time should yield a deterministic answer. But it does not. Geographic routing, DNS hijacking, and cache poisoning all break determinism. The protocol is deterministic; the ecosystem is not.\n\n**Auditable:** Every answer in the chain could be logged, but the default is not. Most recursive resolvers do not log publicly. Most authoritative servers do not publish their query logs. The user has no audit trail of who answered what and when. DNSSEC provides cryptographic proof of origin, but it does not provide proof of the query itself, nor does it protect the privacy of the querier.\n\nFor OIP, DNS is the boundary layer. If you cannot trust the name resolution, you cannot trust anything that follows. Building on DNS without understanding its trust model is building on sand. The protocol is elegant, but the operational reality is that trust is delegated, visibility is opaque, and the user is the last to know. OIP's commitment to auditable determinism means every DNS resolution that an OIP system performs must be explicit, logged, and verifiable — not assumed, hidden, or outsourced to a black box.\n\n## Connection to the Grain Philosophy\n\nThis protocol is part of the [Open Inventory Protocol](/a/philosophy) — a living system of self-describing voxels that serves the Grain philosophy. The OIP is the interface. The philosophy is the core.\n","claims":[],"sources":[],"voxels":{"slug":"oip-what-is-dns","counts":{"voxels":0,"sources":0,"edges":0},"note":"slim bundle — full voxels at /api/articles/oip-what-is-dns/voxels"},"constitution":{"url":"https://miscsubjects.com/api/articles/constitution"},"provenance":[],"contributions":[],"topology":null,"slim":true,"ledger_totals":{"claims":0,"sources":0,"exported_claims":0,"exported_sources":0},"question_graph":{"slug":"oip-what-is-dns","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"verification":{"provenance":{"valid":true,"entries":0,"head":"genesis"},"sources":{"valid":true,"entries":0,"head":"genesis"}},"counts":{"claims":0,"sources":0,"provenance":0,"contributions":0,"questions":0,"evidence_ingests":0,"voxel_edges":0},"llm_manifest":{"version":"1","site":"https://miscsubjects.com","purpose":"Peptide evidence articles with hash-chained source ledgers, tiered claims, and a question graph. LLMs should READ bundles/URLs and WRITE back via ingest — never invent doses.","read":{"human_page":"https://miscsubjects.com/a/oip-what-is-dns","bundle_json":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/oip-what-is-dns/topology","question_graph":"https://miscsubjects.com/api/articles/oip-what-is-dns/question-graph","sources":"https://miscsubjects.com/api/articles/oip-what-is-dns/sources","provenance":"https://miscsubjects.com/api/articles/oip-what-is-dns/provenance","contributions":"https://miscsubjects.com/api/articles/oip-what-is-dns/contributions","graph_topology":"https://miscsubjects.com/api/articles/oip-what-is-dns/graph-topology?question={question}","voxels":"https://miscsubjects.com/api/articles/oip-what-is-dns/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","health":"https://miscsubjects.com/api/articles/oip-what-is-dns/health","repair":"POST https://miscsubjects.com/api/protocol/repair","list_articles":"https://miscsubjects.com/api/articles","graph_canvas":"https://miscsubjects.com/graph.html?slugs=oip-what-is-dns","graph_yield":"https://miscsubjects.com/api/graph?slugs=oip-what-is-dns&layer=yield","obsidian_vault":"https://miscsubjects.com/api/articles/obsidian-vault?slugs=oip-what-is-dns","graph_query":"https://miscsubjects.com/api/v1/query?from=oip-what-is-dns&kind=claim&where=tier=human"},"ask":{"description":"Answer only from topology; creates a question_node with gaps.","api":"POST https://miscsubjects.com/api/protocol/ask","body":{"slug":"{slug}","question":"string"},"imessage":"oip-what-is-dns|your question","router_tag":"[ARTICLE_ASK]oip-what-is-dns|question[/ARTICLE_ASK]","auth":"x-terminal-key header for API; iMessage/WhatsApp via miscsubjects build"},"ingest":{"description":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","api":"POST https://miscsubjects.com/api/protocol/ingest","body":{"slug":"{slug}","evidence":"paste text","question_node_id":"optional qn_..."},"imessage":"ingest oip-what-is-dns|q:{node_id}|paste evidence","router_tag":"[ARTICLE_INGEST]oip-what-is-dns|evidence[/ARTICLE_INGEST]","tiers":["human","preclinical","anecdotal","mechanistic","speculative"]},"claim":{"description":"Prompt-injection style POST — one claim voxel with who_claims + posted_by provenance.","api":"POST https://miscsubjects.com/api/protocol/claim","body":{"slug":"{slug}","text":"one assertion","tier":"human|preclinical|anecdotal|mechanistic|speculative","who_claims":"study author, platform, or model id","source_ids":"optional [s1]"},"imessage":"claim oip-what-is-dns|tier|assertion — who claims it?","router_tag":"[ARTICLE_CLAIM]oip-what-is-dns|tier|assertion[/ARTICLE_CLAIM]","slots":["what_it_is","who_claims_what","what_is_known","what_is_unknown","mechanism","limitations","disclaimer"]},"tiers":{"human":0.8,"preclinical":0.5,"anecdotal":0.3,"mechanistic":0.3,"speculative":0.1},"invariants":["Self-explaining — every API JSON has _self; every paste widget has §SELF; root index at /api/articles/system-map","Append-only — revisions preserved at ?rev=n","Source chain verifies integrity, not truth","Answers must cite claim ids and source ids from topology","Not medical advice"],"constitution":{"version":1,"principle":"Articles are voxel graphs of claims — not prose blobs. Every assertion is a claim atom with tier, weight, source_ids, and posted_by provenance.","slots":[{"id":"what_it_is","required":true,"answers":"What is this peptide/stack/condition?"},{"id":"who_claims_what","required":true,"answers":"Who claims what — study authors, platforms, n=?"},{"id":"what_is_known","required":true,"answers":"What is known with tier labels (human/preclinical/anecdotal)"},{"id":"what_is_unknown","required":true,"answers":"What is NOT known — explicit gaps"},{"id":"mechanism","required":false,"answers":"Proposed mechanism (mechanistic tier only)"},{"id":"limitations","required":true,"answers":"Limits of evidence — no dose advice"},{"id":"disclaimer","required":true,"answers":"Not medical advice"}],"claim_rules":["One claim = one falsifiable assertion. No compound claims.","Every claim must declare tier: human|preclinical|anecdotal|mechanistic|speculative|system.","system tier = architecture/design axioms (not biological mechanism). Use for protocol self-definition.","Sourced claims must cite source_ids from the hash-chained ledger.","Unsourced claims must set source_status: unsourced and why_material.","posted_by is mandatory on every new claim (model id, human, or channel).","No medical advice, no doses, no 'you should take'.","Bad information is retracted (status:retracted), never deleted — retraction event stays on ledger.","Adversary challenges link via challenges[] / challenged_by[] — target may be downweighted.","Leaked secrets are scrubbed to [REDACTED:secret-leak] with scrub_events tombstone — honest audit trail."],"source_rules":["Every source is a voxel edge: type, url, exact quote, summary, found_by, accessed_at.","Sources hash-chain — prev/hash on append.","Anecdotal sources must name platform (reddit|x|youtube|imessage|user_entry)."],"ontology_rules":["Peptide articles (bpc-157, tb-500) are tree roots.","Condition articles (bpc-157-glp1-gut-damage) branch from peptides.","Stack articles (wolverine-stack-glp1) compose peptides — never duplicate peptide mechanism prose.","If an article has no parent embeds and is not a root peptide → sprawl candidate.","Misstep = duplicate scope with another slug; merge or reparent via embeds."],"post_protocol":{"claim":"POST /api/protocol/claim","source":"POST /api/protocol/sources","ingest":"POST /api/protocol/ingest","webhook":"POST /api/articles/<slug>/webhook {kind:claim|source}","imessage_claim":"claim {slug}|{tier}|your assertion — who claims it, source?","imessage_ingest":"ingest {slug}|evidence paste"}},"this_article":{"slug":"oip-what-is-dns","url":"https://miscsubjects.com/a/oip-what-is-dns","bundle_url":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle?format=markdown"}},"api_urls":{"bundle":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/oip-what-is-dns/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/oip-what-is-dns/topology","voxels":"https://miscsubjects.com/api/articles/oip-what-is-dns/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","question_graph":"https://miscsubjects.com/api/articles/oip-what-is-dns/question-graph","ask":"https://miscsubjects.com/api/protocol/ask","ingest":"https://miscsubjects.com/api/protocol/ingest","claim":"https://miscsubjects.com/api/protocol/claim","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown"}}