Wednesday, June 27, 2012

How does DNS work?

  • explain how DNS works briefly when user types www.google.com on the browser. the user's computer is connected to local network. there is a local dns server in the local network.
ChatGPT

When a user on a local network types "www.google.com" in a web browser, and there is a local DNS server in the network, here's how DNS resolution works:

  1. User's Request: The user's computer sends a DNS query to the local DNS server, requesting the IP address for "www.google.com."

  2. Local DNS Server Check: The local DNS server checks its cache to see if it already knows the IP address for "www.google.com." If the information is cached and valid, it responds to the request immediately. If not, it proceeds with the resolution.

  3. Local DNS Server Query: The local DNS server becomes a DNS client and queries a series of DNS servers in a recursive process. Here's a simplified version of the steps it follows:

    a. Root DNS Server: The local DNS server starts by querying a root DNS server, asking for information about the root domain (".").

    b. Top-Level Domain (TLD) DNS Server: The root DNS server responds with a referral to the TLD DNS server responsible for the "com" domain.

    c. Authoritative DNS Server for "google.com": The TLD DNS server provides a referral to the authoritative DNS server for "google.com."

    d. Authoritative DNS Server for "www.google.com": The authoritative DNS server for "google.com" finally provides the IP address for "www.google.com."

  4. Response to the Local DNS Server: The local DNS server receives the IP address for "www.google.com" from the authoritative DNS server.

  5. Response to User's Computer: The local DNS server now has the IP address and responds to the user's computer with the IP address.

  6. Browser Connects to the Website: With the IP address, the user's web browser establishes a connection to the web server associated with "www.google.com." This allows the user to access the Google website.

The local DNS server plays a crucial role in the network by efficiently managing DNS queries and caching resolved domain information. It helps reduce the load on external DNS servers and speeds up DNS resolution for devices on the local network

  • How the DNS works


How Does DNS Works : Resolving DNS

Components of DNS
-domain name space
-zones
-name servers(zone databases)

FQDN(fully qualified domain name)
DNS use FQDN to map a hostname to an ip address

name resolution process
to locate the ip address of requested domain name

forward lookup query
to map a name to an ip address

DNS is a distributed database with a hierarchical structure
that can serve as the foundation
for name resolution in a TCP/IP network


Understanding How DNS Works in Depth
windows client first looks into dns resolver cache

ipconfig /flushdns #clears dns resolver cache 
troubleshooting, could have old IP address in its cache, dns name is resolving old IP address 

ipconfig /displaydns # shows dns resolver cache
if windows client needs to resolve a dns it does not go out to a dns server,because it has it in its local cache 


time to live #how long it can keep this record in its cache before it has to query a dns server again
to make sure IP address does not change 


hosts file # records are loaded into local dns resolver cache 
any change causes to unload local dns resolver cache and load records in the hosts file 

if it can not find dns record in local dns resolver cache
it goes to query dns servers defined TCP/IPv properties, local dns server in the local network
it first look into forward look zones to see if it is authoritative for this domain
if it is authoritative for this domain it has zone files then.
it sends back the response to the client with IP address

How the DNS works
  • Domain Name System

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide.
http://en.wikipedia.org/wiki/Domain_Name_System


  • A Record : A record stands for Address record. The ‘A’ record specifies the IP address (IPv4) of a host. Whenever DNS server get a query to resolve domain-name, it will refer the A record to answer the IP address.

AAA Record : The ‘AAA’ record specifies the IP address (IPv6) of a host.
NS Record : NS Record stands for Name Server record. NS Records maps a domain name to a list of authoritative DNS servers.
MX Record : MX Record stands for mail exchange record. MX Records maps a domain name to a list of mail exchange servers.
PTR Record : PTR record stands for Reverse lookup record or Pointer record. A PTR record maps the IP address to a specific host.
CNAME Record : CNAME Record stands for Canonical Name. CNAME record is used to create aliases that point to other names such as WWW, FTP, MAIL & subdomains to a domain name. Example : a CNAME record can associate the subdomain www.2daygeek.com with 2daygeek.com
SOA Record : SOA record stands for Start of Authority records. SOA records contain information about a DNS zone such as Primary nameserver, Hostmaster E-mail address, zone file seriel number, zone transfer interval and zone expiry details.
TXT Record : TXT Record stands for text record. A TXT record is a type of DNS record that provides text information to sources outside your domain. The text can be either human-or machine-readable and can be used for a variety of purposes.
SPF Record : SPF Record stands for Sender Policy Framework. SPF is an extension to the SMTP mail protocol which is used for e-mail authentication. SPF record used to verifies that the message came from an authorized mail server or not. SPF is designed to detect SPAM & PHISHING mail sender’s, IP address which was included in e-mail header
DKIM Record : DKIM record stands for Domain Keys Identified Mail. DKIM is an email validation system designed to detect email spoofing by providing encryption authentication to receiving mail exchangers. It will check whether the incoming mail domain is authorized by the domain’s administrators and that the email (including attachments) has not been modified during transport. A digital signature included with the message can be validated by the recipient using the signer’s public key published in the DNS.
https://www.2daygeek.com/check-find-dns-records-of-domain-in-linux-terminal/#

resolver server
root server
TLD - Top Level Domain Server
Authoritative Server
Checks Browser and Operating System cache
DNS Resolver - ISP
Check DNS Resolver cache
Root Nameservers -13 different servers
TDL Namservers
Authoritative Nameserver - zone files
DNS Recursive Resolver - ISP
3rd party DNS Resolver- Google DNS / Internal resolver
Root Name Server
Top Level Domaın Nameserver - TLD
Authoritative Nameserver






  • It is also used to troubleshoot DNS related problems

network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or any other specific DNS record.
nslookup can operate on both “Interactive mode” and “Non-Interactive mode”. Interactive mode allows the user to query the DNS-Server about various host, and domains. Non-Interactive mode allows the user to query the information for a host or domain.

MX Mail Exchange ) record maps a domain name to a list of mail exchange servers for that domain.
The MX record tells that all the mails sent to “@redhat.com” should be routed to the Mail server in that domain.

nslookup -query=mx redhat.com

we have 2 MX records for the domain “redhat.com”. The number 5, 10 ), associated with the MX records tells the preference of mail server. Lower the number, higher the preference. So when a mail is sent to “@redhat.com”, first preference will be “mx1.redhat.com”, then mx2.redhat.com


Any answer that originates from the DNS Server which has the complete zone file information available for the domain is said to be authoritative answer.


NS Name Server ) record maps a domain name to a list of DNS servers authoritative for that domain. It will output the name serves which are associated with the given domain.

SOA record start of authority ), provides the authoritative information about the domain, the e-mail address of the domain admin, the domain serial number,
nslookup -type=soa redhat.com

http://www.thegeekstuff.com/2012/07/nslookup-examples/?utm_source=tuicool



DIG: look up DNS domain IP address information
http://www.kloth.net/services/dig.php


  • DNS Checker

https://tools.keycdn.com/dig

  • Common DNS Records

A: Indicates the IP address of the domain.
AAAA: IPV6 address record.
CNAME: Canonical name, used for making a domain alias.
NS: Name server, indicates which name server is authoritative for the domain.
MX: Mail exchange, a list of mail exchange servers used for the domain.
TXT: Administrator record use for domain facts and verifications.
SRV: Service, defines the TCP service the domain operates on.
PTR: Pointer record, maps an IPv4 address to CNAME.
SOA: State of authority, stores information about when domain was updated.
https://tools.keycdn.com/dig


  • If you're a small business owner or WordPress blogger, you've probably been told to configure your A and CNAME records. 

Or, that time you tried to move your email, you were told to change your MX record.
Or, a cool web service asked you to set up a TXT record before it would work with you


A Records
If a web user types in jeffreifman.com, the request will be passed off to a directory which will look for a DNS record that corresponds to my root domain. By root, I mean no prefix, no www, i.e. no sub-domain, just http://jeffreifman.com. For example, the root-level A record of your domain might point to 107.164.32.96. That will tell the Internet to which IP address to send your browsing request.

Subdomain Records
You can also configure A records for a variety of sub-domains. For example, if you want www.yourwebsite.com to go to the same address, you can set up an identical A record for the sub-domain www, i.e. the root domain, and the www domain would have identical IP addresses.

Wildcard Entries
DNS records also allow wildcard entries (using an asterisk *) that make it easy to route all sub-domain traffic to one IP address. For example, if I want any city request for Flee the Jungle to be hosted by one server,

CNAME records. These are helpful in a number of ways and can be especially helpful in simplifying the management of your IP addresses and future migrations from one server to another.
CNAME Records
CNAMEs are essentially domain and sub-domain text aliases to map traffic to. For example, if you've ever set up a blog through a service such as WordPress or Tumblr, they may ask you to map your domain name to a CNAME rather than with an A record to an IP address.

When a user requests misc.jeffreifman.com in their browser, the DNS points them to domains.tumblr.com which it will then recursively look up the IP address for, which will be 66.6.44.4.
One advantage of CNAMEs is that if Tumblr ever changes the IP address of their inbound server, I might not need to ever change my CNAME record. It could stay the same and Tumblr can manage the IP change by changing the A record for domains.tumblr.com.

If I need to change hosts and change the IP address of my web server, I can change one sub-domain A record for the CNAME I used, rather than changing one hundred A records for each domain name.

Another scenario you'll use CNAMEs with is CDN services
I set up four cloud subdomains named c1, c2, c3, c4, all pointing to KeyCDN's content mirror at jr-faf.kxcdn.com.

https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704



  • ChatGPT
rDNS (Reverse DNS) is a type of DNS (Domain Name System) record that maps an IP address to a domain name. While regular DNS maps domain names to IP addresses, rDNS maps IP addresses to domain names.

rDNS is often used to check the legitimacy of an incoming email message. This is because spammers and scammers often use fake email addresses that claim to be from legitimate domains. By checking the rDNS record, the email server can verify if the IP address is associated with the claimed domain.

rDNS can also be used for network troubleshooting and debugging. By checking the rDNS record, you can verify if the IP address is associated with the correct domain and identify any DNS misconfiguration

To set up an rDNS record, the owner of the IP address must contact the ISP (Internet Service Provider) or hosting provider that owns the IP address block. The ISP or hosting provider will then create a PTR (Pointer) record in their DNS server that maps the IP address to a domain name. The PTR record is the rDNS record


For example, if the IP address is 192.0.2.1 and the domain name is example.com, the rDNS record would be:

1.2.0.192.in-addr.arpa. IN PTR example.com.

The in-addr.arpa domain is a special domain used for rDNS. The IP address is reversed and appended to the in-addr.arpa domain to create the domain name for the PTR record.

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)