Domains on the internet is based on a system called the Domain Name System (DNS). DNS is basically a phone book that translates domain names into IP addresses (a number that uniquely identifies a computer on the internet).

When you register a domain name, you are essentially paying a company to add a record on their **DNS server** to point that domain to an IP address of your choosing. Anyone can run a DNS server, and continuing the analogy, any idiot with enough resources can publish their own phone book and deliver it to houses across the globe. But the trick is getting anyone to use your phone book when there is already a de facto “official” phone book that everyone trusts and uses.

And therein lies the problem: everyone important in the realm of computers and the internet already agreed that a group called ICANN would control the **root DNS servers** that points to the DNS servers for the **Top-Level Domains** (TLD; .com, .net etc). And in turn the trusted companies that run the TLD DNS servers allow a select group of trusted registrars to run DNS servers for **second-level domains** under the TLDs (**example**.com).

Resolving DNS is a network of trust. Operating systems trust routers, which trust ISPs, who trust domain registrars, who trust TLD registrars, who trust the ICANN. You can configure your devices to use and trust whatever DNS servers you want, but that only works to resolve domain names on devices you control. Getting everyone else on the internet to trust you is the hard part.