DNS – Domain Name System –
DNS is a very popular and well known protocol, DNS server is most critical service component of internet, without DNS service internet become paralysis. Internet organization in every country are managing Thousands of name-servers around the world operating under 13 DNS root zone servers are called authoritative name servers.
As per IANA root server are authoritative name servers that serve the DNS root zone, commonly known as the “root servers”, are a network of hundreds of servers in many countries around the world. They are configured in the DNS root zone as 13 named authorities.
Domain name system used to manage records of domain-name and IP address like google.com == 172.20.6.2. DNS server system helps to keep and maintain the records of millions of websites, portals and Apps.
If we talk in simple language – The DNS concept is like a phone book directory for the internet where every records (Domain-name == IP address) are kept and it keeps updated automatically.
In a nutshell, when a user access any website like – “http://techmusa.com”. The Browser will direct the query on DNS server of respective domain-name in order to obtain an IP address. DNS server response the query to client machine and translate it IP address of domain-name.
In technically computer use IP address (Ipv4 and Ipv6) in order to communication between two devices over the network or Internet. Even router use IP packet which contains IP information for routing the packet between networks. Each device connected to the Internet has a unique IP address which other machines use to find the device.
Every Computer is identified by the IP address over the network. But memorizing the numbers is very difficult than name, probably more likely to remember ““http://techmusa.com”. Because, IP’s are complex and also somewhere IP addresses are not static assigned therefore a mapping is required to change the domain name to IP address. So, Basically DNS maintain the records and resolve the domain-name to IP address as per request from user.
DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.121.100 (in IPv4), or more complex newer alphanumeric IP addresses such as 2002:0db8:85b3:0000:0000:8a2e:0372:7314. (in IPv6).
Domain-name propagation usually takes about 12-24 hours for the domain name servers world-wide to be updated and able to access the information.
DNS Query –
Quick Note -: A user types ‘“http://techmusa.com’ into a web browser and the query travels into the Internet and is received by a DNS server.
A DNS Query is an initiative request from a client to a DNS Server in order to access a web-site. Client machine made a request to DNS server find the IP Address of a domain-name called Fully Qualified Domain Name (FQDN).
The DNS query can be resolved by Local DNS (using cached information obtained from a previous queries). Else forward to recursive DNS (Local DNS server will contact other DNS servers on behalf of the requesting client).
DNS Response –
Quick Note -: DNS server receive DNS queries and translate the domain-name to IP address and send to client.
A DNS resolver is designed to receive DNS queries, which include a human-readable hostname such as “http://techmusa.com. A resolver is responsible for initiating and sequencing the queries that ultimately lead to a full resolution of the resource pursued, e.g., translation of a domain-name into an IP address.
DNS resolvers are categorized by a variety of query methods, such as recursive, non-recursive, and iterative. A resolution process may use a combination of these methods.
In case of a caching DNS resolver, the non-recursive query of its local DNS cache delivers a result and reduces the load on upstream DNS servers by caching DNS resource records for a period of time after an initial response from upstream DNS servers.
DNS Cache –
A DNS cache is a temporary DNS database, kept by a computer operating system, which holds records of all the recent visits and also attempted visits to websites over the internet or networks. So it doesn’t have to go through all those steps again.
Wireshark DNS Capture – DNS Query/Response
No. Protocol Time Source Destination Length Info 171 DNS 7 192.168.0.184 192.168.0.1 72 Standard query A techmusa.com No. Protocol Time Source Destination Length Info 172 DNS 7 192.168.0.1 192.168.0.184 168 Standard query response A 94.23.164.129 No. Protocol Time Source Destination Length Info 171 DNS 7 192.168.0.184 192.168.0.1 72 Standard query A techmusa.com Frame 171: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) Ethernet II, Src: Intel_ea:62:30 (64:80:99:ea:62:30), Dst: 50:c7:bf:17:3e:2d (50:c7:bf:17:3e:2d) Internet Protocol Version 4, Src: 192.168.0.184 (192.168.0.184), Dst: 192.168.0.1 (192.168.0.1) User Datagram Protocol, Src Port: 50799 (50799), Dst Port: domain (53) Domain Name System (query) [Response In: 172] Transaction ID: 0xb7c0 Flags: 0x0100 (Standard query) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries techmusa.com: type A, class IN Name: techmusa.com Type: A (Host address) Class: IN (0x0001) ============================ No. Protocol Time Source Destination Length Info 172 DNS 7 192.168.0.1 192.168.0.184 168 Standard query response A 94.23.164.129 Frame 172: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits) Ethernet II, Src: 50:c7:bf:17:3e:2d (50:c7:bf:17:3e:2d), Dst: Intel_ea:62:30 (64:80:99:ea:62:30) Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.184 (192.168.0.184) User Datagram Protocol, Src Port: domain (53), Dst Port: 50799 (50799) Domain Name System (response) [Request In: 171] [Time: 0.003002000 seconds] Transaction ID: 0xb7c0 Flags: 0x8180 (Standard query response, No error) Questions: 1 Answer RRs: 1 Authority RRs: 2 Additional RRs: 2 Queries techmusa.com: type A, class IN Name: techmusa.com Type: A (Host address) Class: IN (0x0001) Answers techmusa.com: type A, class IN, addr 94.23.164.129 Name: techmusa.com Type: A (Host address) Class: IN (0x0001) Time to live: 8 minutes, 24 seconds Data length: 4 Addr: 94.23.164.129 (94.23.164.129) Authoritative nameservers techmusa.com: type NS, class IN, ns ns42.ncrdns.net
DNS Resolution Process –
➡ So when you type in www.techmusa.com in your web browser and if your web browser or operating system can’t find the IP address in its own cache memory, it will send the query to the next level to what is called the resolver server.
➡ Resolver is basically your ISP DNS server. When the resolver receives the query, it will check its own cache memory to find an IP address for www.techmusa.com, and if it can’t fine it. It will send the query to the next level which is root server.
➡ The root server are the top or root of a DNS hierarchy. There are 13 sets of these root servers and that are strategically placed around the world. The root servers are operated by 12 different organizations and each set of these root server has their own unique IP address. So when the root server receives the query for the address for www.techmusa.com.
➡ The root server is not going to know what the IP address is, but the root server does know where to send the resolver to help it find the IP address.
➡ The Root server will direct the resolver to the TLD or Top Level Domain server for the do-com domain.so the resolver will now ask the TLD server for the IP address for www.techmusa.com.
➡ The Top Level Domain server store the address information for Top-level Domain such as .com and .net so on. The particular TLD server manages the dot-com domain which www.techmusa.com is part of.
➡ When a TLD server receives the query for the IP address for www.techmusa.com, the TDP server is not going to know what the IP address for www.techmusa.com.
➡ So the TLD will direct the resolver to the next and final level, which are the authoritative name server.
➡ Once again the resolver will now ask the authoritative name server for the IP address for www.techmusa.com.
➡ The authoritative name server or servers are responsible for knowing everything about the domain which includes the IP address.
➡ The Authoritative name server are final authority. So when the authoritative name server receives the query from the resolver, the name server will respond with the IP address for www.techmusa.com.
➡ Finally the resolver will tell your computer the IP address for www.techmusa.com and then your computer can now retrieve the yahoo web page.
It’s important to note that once the resolver receives the IP address, it will store it in its cache memory in case it receives another query for www.techmusa.com. So it doesn’t have to go through all those steps again.
Public DNS Server List – https://public-dns.info/
Best DNS Servers (Free and Public) –
- Google – 4.2.2.2, 8.8.8.8, 8.8.4.4
- Cloudflare – 1.1.1.1, 1.0.0.1
- OpenDNS – 208.67.222.222, 208.67.220.220
- Comodo Secure DNS- 8.26.56.26, 8.20.247.20
- Quad9 DNS – 9.9.9.9
- DNS.Watch – 84.200.69.80, 84.200.70.40
- Verisign – 64.6.64.6, 64.6.65.6
DNS Knowledgebase –
- FQDN – Fully Qualified Domain Name – www.techmusa.com
- DNS Port – UDP/TCP – 53
- Total DNS root Zone in the world – 13 servers
- DNS work on application layer in OSI Model.
- DNS UDP message size can be up to 512 bytes
- nslookup command – to know domain-name resolution.
- Top Level Domain (TLD) – .com , .gov,.edu,.org,.in,.net etc.
- A Record – For example, 72.21.206.6 to amazon.com.
- ISP – Internet service Provider.
- Name Server – Name server is a Database of domain-names and IP addresses.