Show Lecture.DNS as a slide show.
CT320 DNS
The Problem
- People use names like
www.mylittlepony.com.
- A computer would want the equivalent IP address address,
45.60.75.209.
- How to translate from one to the other?
The Solution
Solution: The Domain Name System
- Application-layer protocol to resolve names
- convert the name
www.mylittlepony.com into the IP address
45.60.75.209.
- can use either TCP or UDP packets
- Distributed database implemented in hierarchy of many name servers
- First step in nearly every networky application:
- Use DNS to convert a name into an IP address
DNS Development
$ grep '129.82.44.1[3-7][0-9]' /etc/hosts
129.82.44.130 austin.cs.colostate.edu austin
129.82.44.131 baton-rouge.cs.colostate.edu baton-rouge
129.82.44.132 bismarck.cs.colostate.edu bismarck
129.82.44.133 boise.cs.colostate.edu boise
129.82.44.134 boston.cs.colostate.edu boston
129.82.44.135 carson-city.cs.colostate.edu carson-city
129.82.44.136 charleston.cs.colostate.edu charleston
129.82.44.137 cheyenne.cs.colostate.edu cheyenne
129.82.44.138 columbia.cs.colostate.edu columbia
129.82.44.139 columbus-oh.cs.colostate.edu columbus-oh
129.82.44.140 concord.cs.colostate.edu concord
129.82.44.141 denver.cs.colostate.edu denver
129.82.44.142 des-moines.cs.colostate.edu des-moines
129.82.44.143 dover.cs.colostate.edu dover
129.82.44.144 frankfort.cs.colostate.edu frankfort
129.82.44.145 harrisburg.cs.colostate.edu harrisburg
129.82.44.146 hartford.cs.colostate.edu hartford
129.82.44.147 helena.cs.colostate.edu helena
129.82.44.148 honolulu.cs.colostate.edu honolulu
129.82.44.149 indianapolis.cs.colostate.edu indianapolis
129.82.44.150 jackson.cs.colostate.edu jackson
129.82.44.151 jefferson-city.cs.colostate.edu jefferson-city
129.82.44.152 juneau.cs.colostate.edu juneau
129.82.44.153 lansing.cs.colostate.edu lansing
129.82.44.154 lincoln.cs.colostate.edu lincoln
129.82.44.155 little-rock.cs.colostate.edu little-rock
129.82.44.156 madison.cs.colostate.edu madison
129.82.44.157 montgomery.cs.colostate.edu montgomery
129.82.44.158 montpelier.cs.colostate.edu montpelier
129.82.44.159 nashville.cs.colostate.edu nashville
129.82.44.160 oklahoma-city.cs.colostate.edu oklahoma-city
129.82.44.161 olympia.cs.colostate.edu olympia
129.82.44.162 phoenix.cs.colostate.edu phoenix
129.82.44.163 pierre.cs.colostate.edu pierre
129.82.44.164 providence.cs.colostate.edu providence
129.82.44.165 raleigh.cs.colostate.edu raleigh
129.82.44.166 richmond.cs.colostate.edu richmond
129.82.44.167 sacramento.cs.colostate.edu sacramento
129.82.44.168 saint-paul.cs.colostate.edu saint-paul
129.82.44.169 salem.cs.colostate.edu salem
129.82.44.170 salt-lake-city.cs.colostate.edu salt-lake-city
129.82.44.171 santa-fe.cs.colostate.edu santa-fe
129.82.44.172 springfield.cs.colostate.edu springfield
129.82.44.173 tallahassee.cs.colostate.edu tallahassee
129.82.44.174 topeka.cs.colostate.edu topeka
129.82.44.175 trenton.cs.colostate.edu trenton
129.82.44.176 washington-dc.cs.colostate.edu washington-dc
129.82.44.177 acorn.cs.colostate.edu acorn
129.82.44.178 almond.cs.colostate.edu almond
An Early Centralized System:
- Initially created as a “hosts.txt” file
- Each line in the file listed the hostname
and corresponding IP address
- Distant centralized database
- Need one entry for every Internet host!
- When host changes IP, notify central repository
DNS Development
DNS Today
- Distributed organization
- Still provides hostname to IP address mapping
- Also provides:
- Host aliasing
- www.colostate.edu is an alias for another machine
- Mail server identification
- cs.colostate.edu mail server doesn’t handle its own mail
- Load distribution
- Phone numbers, host locations, service records, …
Examples
www.colostate.edu is just an alias:
$ host www.colostate.edu
www.colostate.EDU is an alias for 1weufa17x3uh.wpeproxy.com.
1weufa17x3uh.wpeproxy.com has address 141.193.213.21
1weufa17x3uh.wpeproxy.com has address 141.193.213.20
Similarly, cs.colostate.edu is an alias,
and it doesn’t handle its own mail:
$ host cs.colostate.edu
cs.colostate.edu has address 129.82.45.48
cs.colostate.edu mail is handled by 20 chico.cs.colostate.edu.
cs.colostate.edu mail is handled by 0 cs-colostate-edu.mail.protection.outlook.com.
Domain Name Service Data
A typical host name: “denver.cs.colostate.edu.” is a
Fully Qualified Domain Name (FQDN) made up of parts:
- “denver” = Hostname
- “cs.colostate.edu.” = domain name
- “cs.colostate.edu.” = a subdomain of “colostate.edu.”
which is a subdomain of “edu.”
- “edu.” is a Top Level Domain (TLD)
- “.” = the root of DNS data and technically all DNS
names should end in “.” but is typically left out.
Domain Name Space
A partial DNS hierarchy
root
│
┌──────────┼───────┬───────┐
│ │ │ │
edu com mil se
│ │ │ │
┌─┴────┐ │ │ │
│ │ │ │ │
colostate mit hp │ mil
│ │
┌───┼────┐ ┌─┴──┐
│ │ │ │ │
engr cs www af navy
│ │
┌───┴────┐ │
│ │ │
www denver buckley
DNS Organization
root
│
┌───────┼────┬────┐
edu com mil se
┌─┴────┐ │ │ │
colostate mit hp │ mil
┌───┼────┐ ┌─┴──┐
engr cs www af navy
┌───┴────┐ │
www denver buckley
- Data organized as tree structure.
- Each zone is authoritative for its local data.
- Each zone operates a set of name servers that contain the zone data
(in NS records).
- Change to host.cs.colostate.edu is
entered at cs.colostate.edu servers.
- Tree structure directs queries to the appropriate name server.
- Root knows how to reach edu
- Edu knows how to reach colostate.edu
DNS Query and Response
┌────────┐
│ Home │
│ laptop │
│ │
└────────┘
My laptop’s browser wants the IP address of www.colostate.edu.
Step 1
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │
│ laptop │ │ router │
│ │ │ │
└────────┘ └────────┘
My laptop doesn’t know the IP address, so it asks its smart friend,
my home router, which functions as a DNS server.
Step 2
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
│ │
│ │
│ │
│ │
│ Comcast │
│ DNS │
│ server │
│ │
│ │
│ │
│ │
└─────────────┘
The DNS server inside my router doesn’t know, either, so it asks its
smart friend, the Comcast DNS server I was told to use.
Step 3
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘ │ │
│ │
│ Comcast │
│ DNS │
│ server │
│ │
│ │
│ │
│ │
└─────────────┘
The Comcast server DNS doesn’t know, either, so it asks a random
root DNS server.
Step 4
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
│ Comcast │
│ DNS │
│ server │
│ │
│ │
│ │
│ │
└─────────────┘
The root DNS server doesn’t know the IP address, but it knows who
handles the .edu domain.
Step 5
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘ │ server │
│ │
│ │
│ │
│ │
└─────────────┘
The Comcast DNS server asks the .edu DNS server to resolve www.colostate.edu.
Step 6
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘·····“Ask dns1.colostate.edu”(6)····>│ server │
│ │
│ │
│ │
│ │
└─────────────┘
The .edu DNS server knows several authoritative DNS servers for .colostate.edu.
Step 7
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘·····“Ask dns1.colostate.edu”(6)····>│ server │
│ │
┌────────────────────┐<····“www.colostate.edu?”(7)·········│ │
│ dns1.colostate.edu │ │ │
└────────────────────┘ │ │
└─────────────┘
The Comcast DNS server asks dns1.colostate.edu to resolve the name.
Step 8
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │ │
└────────┘ └────────┘ │
▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘·····“Ask dns1.colostate.edu”(6)····>│ server │
│ │
┌────────────────────┐<····“www.colostate.edu?”(7)·········│ │
│ dns1.colostate.edu │ │ │
└────────────────────┘·····“It is 129.82.210.68”(8)·······>│ │
└─────────────┘
The dns1.colostate.edu DNS server, on the CSU campus, replies with
the IP address.
Step 9
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │ │ │<··“129.82.210.68”(9) │
└────────┘ └────────┘ △ │
│ ▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘·····“Ask dns1.colostate.edu”(6)····>│ server │
│ │
┌────────────────────┐<····“www.colostate.edu?”(7)·········│ │
│ dns1.colostate.edu │ │ │
└────────────────────┘·····“It is 129.82.210.68”(8)·······>│ │
└─────────────┘
The Comcast DNS server sends the IP address to my home router.
Step 10
┌────────┐ ┌────────┐
│ Home │··“www.colostate.edu?”(1)·>│ Home │··“www.colostate.edu?”(2)┐
│ laptop │ │ router │ │
│ │<··“129.82.210.68”(10)·····│ │<··“129.82.210.68”(9) │
└────────┘ └────────┘ △ │
│ ▽
┌─────────────┐
┌────────────────────┐<····“www.colostate.edu?”(3)·········│ │
│ j.root-servers.net │ │ │
└────────────────────┘·····“Ask c.edu-servers.net”(4)·····>│ │
│ │
┌────────────────────┐<····“www.colostate.edu?”(5)·········│ Comcast │
│ c.edu-servers.net │ │ DNS │
└────────────────────┘·····“Ask dns1.colostate.edu”(6)····>│ server │
│ │
┌────────────────────┐<····“www.colostate.edu?”(7)·········│ │
│ dns1.colostate.edu │ │ │
└────────────────────┘·····“It is 129.82.210.68”(8)·······>│ │
└─────────────┘
My home router tells my laptop the IP address.
Caching
That was the worst case. Really, caching occurs at all levels:
- my browser
- my laptop
- my router
- the Comcast DNS server
- the edu server
- the colostate.edu server
Caching
- I expect that the local Comcast DNS server will pretty much always
know the IP address for colostate.edu. It’s in Fort Collins—some
CSU student must access colostate.edu often enough to keep the address
in its cache.
- Further, once my router’s DNS server learns the IP addr,
it’ll remember it.
- Further, once my laptop learns the IP addr, it’ll remember it.
But, for how long?
Redundancy
Multiple servers for each zone in case any one server fails:
- 13 root servers
- It was, I suppose, originally 13 computers.
- Now, it’s 13 IP addresses.
Each IP address has multiple computers backing it, using IP anycast.
- 13 edu servers
- 5 colostate.edu servers
Anycast
Anycast is a network addressing/routing technology that
maps a single IP address to multiple destinations.
A router picks the best of several possible destinations,
based on distance, congestion, etc.
Various DNS servers
$ nping -q -p53 -c1 129.82.45.181 frgp.net frii.com 8.8.8.8 9.9.9.9 75.75.75.75 | grep rtt
Max rtt: 0.218ms | Min rtt: 0.218ms | Avg rtt: 0.218ms
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
| 129.82.45.181 | the CS Department DNS server |
| frgp.net | CSU’s ISP |
| frii.com | a Fort Collins ISP |
| 8.8.8.8 | Google’s DNS server |
| 9.9.9.9 | Quad9, a public malware-filtering DNS server |
| 75.75.75.75 | Comcast’s DNS server |
Querying
- Sometimes, it’s recursive
- Sometimes, it’s not
- Sometimes, it’s “ask the next smarter server”
- Sometimes, it’s not
Types of DNS Servers
- Authoritative DNS servers:
- Every DNS zone has a set of authoritative name servers (information
contained in NS record of parent zone)
- Provide authoritative records for a particular zone (e.g.,
.colostate.edu, .cisco.com, .edu, .uk, etc)
- Can be maintained by organization or service provider
- Top-level domain (TLD) servers:
- Authoritative servers responsible for .com, .org, .net, .edu,
etc, and all top-level country domains .uk, .fr, .ca, .jp.
- Network solutions maintains servers for .com TLD
- Educause for .edu TLD
- Caching Servers
- Accept queries for end hosts, lookup requested data,
and cache answers for later replies.
Types of Queries
Recursive query:
- Puts burden of name resolution on contacted name server
- Heavy load on the name server, but less network traffic.
- In the example above, the Comcast DNS server handles recursive queries.
Iterated query:
- Contacted server replies with name of server to contact
- “I don’t know this name, but ask this server”
- It might be that the other server really knows
- It might be that the other server is just smarter than this one
Iterated/Recursive Clerks
Typical trip to a hardware store:
Jack: “I’m looking for a Torx T8 driver.”
Clerk: “Look in aisle 6.”
Ideal trip to a hardware store:
Jack: “I’m looking for a Torx T8 driver.”
Clerk: “I’ll get one for you.”
Clerk fetches one.
Clerk: “Here you are.”
Either system works, I suppose.
DNS Caching
- Local caching name server saves results:
- Cache entries timeout (disappear) after some time
- TLD servers typically cached in local name servers
- Thus root name servers not often visited
- DNS changes are slow to propagate
DNS Record Types: SOA
The Start of Authority (SOA) record defines parameters for a “zone”:
- Time To Live (TTL): time (seconds) records may be cached.
- Primary DNS server: FQDN of an authoritative DNS server.
- Email Addr: Domain contact: dnsadmin.colostate.edu
- Serial number: Updated when data changes; used for replication.
- Refresh: Interval (seconds) a secondary tries to refresh zone data.
- Retry: Interval (seconds) between refresh attempts after failure.
- Expiry: Interval (seconds) secondary data is valid without refresh.
DNS Record Types: SOA (cont.)
DNS RFC defines a text representation for records as well as a binary or
“wire” representation. SOA records have the following text format:
; Name TTL Class RType Email
acns.colostate.edu 3600 IN SOA dnsadmin.colostate.edu. (
249427 ; sn
900 ; refresh (15 min)
600 ; retry (10 min)
86400 ; expiry (1 day)
3600 ; minTTL (1 hour)
)
DNS Record Types: NS
Name Server (NS): Defines the authoritative name
server(s) for a domain. Actually located both at
the root of the zone and at the point of delegation
in the parent zone.
The NS records for acns.colostate.edu reside in the parent zone,
“colostate.edu”, like this :
Name TTL Class RecordType Data
acns IN NS dns1.colostate.edu
acns IN NS dns2.colostate.edu
And they exist in the acns.colostate.edu zone where they look like:
Name TTL Class RecordType Data
@ IN NS dns1.colostate.edu
@ IN NS dns2.colostate.edu
DNS Record Types: A, AAAA
IPv4 Address (A): Associates a name with an IPv4 address
The A record for chico.cs.colostate.edu resides in the
“cs.colostate.edu” zone and looks like:
Name TTL Class RecordType Data
www IN A 129.82.45.30
IPv6 Address (AAAA): Associates a name with an IPv6 address
An AAAA record looks like:
Name TTL Class RecordType Data
www IN AAAA 2002:8152:e6d2::8052:f8d1
DNS Record Types: CNAME
Canonical Name (CNAME): Associates an alias with
another DNS name record.
The CNAME record for www.cs.colostate.edu looks like:
Name TTL Class RecordType Data
www IN CNAME parsons.cs.colostate.edu
According to the RFC, you may not create any other records
with the same name as a CNAME record. Recently added
exceptions for DNSSEC record types RRSIG, NSEC and KEY.
Other DNS Record Types
Others…
There are ~71 record types. The other, more common records include:
- MX — Mail Exchanger. Specify mail servers for a mail domain name.
- PTR — Pointer. Maps IPv4 addresses to names (reverse lookup).
- SRV — Service record. Defines network service information available
for zone (LDAP, Kerberos, etc.). Used heavily by Windows domains.
- TXT — Text information associated with a name. Basically a note.
Also used in Sender Policy Framework (SPF) system to validate email.
DNS Forward and Reverse Lookups
- Most common use is forward lookup (name to IP).
- Also need reverse lookup (IP to name).
This is also a tree structure, delegated in a similar fashion.
All reverse space is rooted in the special domain called “in-addr.arpa”.
.arpa is the remnant of a special domain used
in the transion from the ARPANET to domain-style naming.
For delegation to work as in the forward space, the networks are listed
most specific to least specific. Thus CSU’s IP space (129.82/16) has a
reverse DNS zone of “82.129.in-addr.arpa”
DNS Reverse Data Organization
arpa
│
in-addr
│
┌─────┼─────┐
128 129 130
│
┌─────┼─────┐
81 82 83
│
┌─────┼─────┐
44 45 46
│
┌─────┼─────┐
113 114 115
$ host www.cs.colostate.edu
www.cs.colostate.edu is an alias for beethoven.cs.colostate.edu.
beethoven.cs.colostate.edu has address 129.82.45.48
$ host 129.82.45.114
114.45.82.129.IN-ADDR.ARPA domain name pointer parsons.cs-win.colostate.edu.
114.45.82.129.IN-ADDR.ARPA domain name pointer parsons.cs.colostate.edu.
DNS servers
$ cat /etc/resolv.conf
search cs.colostate edu colostate.edu
nameserver 129.82.45.181
nameserver 129.82.103.78
nameserver 129.82.103.79
- Usually, your ISP provides a DNS server, via DHCP.
- Or, it can be hard-coded in
/etc/resolv.conf.
- Some people, fearing ISP censorship, use external DNS
servers such as Google’s 8.8.8.8 and 8.8.4.4,
or other public servers.
- Some public DNS servers censor for various reasons:
- block phishing & malware sites
- religious censorship
- use by children
- governmental censorship
- Some DNS servers anti-censor (e.g.,
.onion).
DNS Authorities
Internet Assigned Numbers Authority (IANA) and Internet Network
Information Center (InterNIC) originally established by various US
Government agencies and now run under contract by a private, non-profit
organization.
Internet Corporation for Assigned Names and Numbers (ICANN)
is responsible for:
- Coordination of DNS Root globally
- Coordination of IP space globally
- Maintaining the list of gTLDs (generic top level domains) and
ccTLDs (country code top level domains).
- Root Hints: https://www.internic.net/zones/named.root
DNS Registries and Registrars
DNS Registry — the authoritative source for a DNS domain.
DNS Registrar — entity authorized to manage registry data.
- Registrars sell domains to others and maintain that data in
the registry.
- VeriSign operates the current registry for .com and .net but
does not act as a registrar.
- Hundreds of Registrars are certified with Verisign to sell
.com domains (e.g. Tucows, GoDaddy, etc.)
- Reverse Registries run by regional entities (ARIN, LACNIC,
RIPENCC, AFRINIC, APNIC).
DNS Server Software
- BIND — originally UNIX.
- Windows 2000 move to heavy reliance on DNS
- Network traffic: UDP and TCP port 53
- Authoritative-only servers only respond to queries
for zones they host. No gossip!
- Recursive/Caching Servers: Resolve any DNS request for
clients. Store answers locally to answer other requests.
- Replication: Slave and master. Uses zone serial numbers, refresh and
retry intervals to update slaves which have a read-only copy of data.
Dynamic DNS
Dynamic DNS (DDNS) — Allows clients to update A and PTR records on the fly.
It’s handy when your ISP doesn’t guarantee a constant IP address.
- Periodically, the client contacts the registrar.
- The registrar notes the inbound IP address,
and changes the A and PTR records for the corresponding name.
DNS Commands
| Command | Purpose |
|---|
ping | Ping and incidentally reveal IP address |
nslookup | Show DNS record info |
dig | Get DNS record info |
host | Get DNS record info |
whois | Get contact information |
ping example
$ ping -c2 localhost
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.027 ms
--- localhost ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1063ms
rtt min/avg/max/mdev = 0.014/0.020/0.027/0.007 ms
nslookup example
$ nslookup whitehouse.gov
Server: 129.82.45.181
Address: 129.82.45.181#53
Non-authoritative answer:
Name: whitehouse.gov
Address: 192.0.66.168
Name: whitehouse.gov
Address: 2a04:fa87:fffd::c000:42a8
- There are several IP addresses there—which one is it?
- What’s the
#53 mean?
dig example
$ dig www.frii.com
; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.2 <<>> www.frii.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12544
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 23af1c622b6d2dfea00354636741cbd8ca0935cdaa6b7d09 (good)
;; QUESTION SECTION:
;www.frii.com. IN A
;; ANSWER SECTION:
www.frii.com. 14400 IN CNAME frii.com.
frii.com. 14392 IN A 204.144.128.57
;; AUTHORITY SECTION:
frii.com. 34116 IN NS ns1.cpanel.frii.com.
frii.com. 34116 IN NS ns2.cpanel.frii.com.
;; ADDITIONAL SECTION:
ns1.cpanel.frii.com. 34116 IN A 204.144.128.56
ns2.cpanel.frii.com. 34116 IN A 204.144.128.55
;; Query time: 10 msec
;; SERVER: 129.82.45.181#53(129.82.45.181)
;; WHEN: Sat Nov 23 05:34:32 MST 2024
;; MSG SIZE rcvd: 174
dig produces a straightforward dump of the actual DNS query.
- Comments start with semicolons.
- What are these “sections”?
host example
$ host cnn.com
cnn.com has address 151.101.131.5
cnn.com has address 151.101.3.5
cnn.com has address 151.101.67.5
cnn.com has address 151.101.195.5
cnn.com has IPv6 address 2a04:4e42:400::773
cnn.com has IPv6 address 2a04:4e42:e00::773
cnn.com has IPv6 address 2a04:4e42:a00::773
cnn.com has IPv6 address 2a04:4e42:c00::773
cnn.com has IPv6 address 2a04:4e42:200::773
cnn.com has IPv6 address 2a04:4e42:600::773
cnn.com has IPv6 address 2a04:4e42::773
cnn.com has IPv6 address 2a04:4e42:800::773
cnn.com mail is handled by 10 mxa-00241e02.gslb.pphosted.com.
cnn.com mail is handled by 10 mxb-00241e02.gslb.pphosted.com.
- How many different IP addresses‽
- What’s this about mail?
whois example
$ whois mit.edu | grep -A99 '^Domain'
Domain Name: MIT.EDU
Registrant:
Massachusetts Institute of Technology
77 Massachusetts Ave
Cambridge, MA 02139
USA
Administrative Contact:
Mark Silis
Massachusetts Institute of Technology
MIT Room W92-167, 77 Massachusetts Avenue
Cambridge, MA 02139-4307
USA
+1.6173245900
mark@mit.edu
Technical Contact:
MIT Network Operations
Massachusetts Institute of Technology
MIT Room W92-167, 77 Massachusetts Avenue
Cambridge, MA 02139-4307
USA
+1.6172538400
noc@mit.edu
Name Servers:
EUR5.AKAM.NET
USW2.AKAM.NET
ASIA1.AKAM.NET
USE5.AKAM.NET
USE2.AKAM.NET
ASIA2.AKAM.NET
NS1-173.AKAM.NET
NS1-37.AKAM.NET
Domain record activated: 23-May-1985
Domain record last updated: 15-Nov-2024
Domain expires: 31-Jul-2025
Web sites
These websites can look up things for you:
Not covered
DNS, like nearly every other part of the Internet,
was developed back when we figured that plain-text communication
over the internet wasn’t a problem. Hence, it’s susceptible to
man-in-the-middle attacks.
There are further developments in DNS:
- DNSSEC
- cryptographic authentication of DNS data
- DoH
- DNS over HTTPS, which sends DNS data using HTTPS protocol