This topic is to discuss the following lesson:
Awesome even though i knew how DNS works, seeing on wireshark is just to awesome.
the way of your teaching and explanation is awesome , and easy to understand everyone…
keep posted topics like this , looking for some security related stuffs as well…
Renjith P Mathew
Good to hear you like it! What security topics are you looking for?
Looking for CCNA security level…
I have many tutorials that describe the CCNA security topics but right now I don’t have a specific page with everything in order. Once I’m done with all the MPLS, multicast and QoS tutorials then I’ll make a complete course for it.
Hi Rene, i would likr to know why in the example of openning the Web page… the DNS request use UDP instead TCP?
DNS supports both UDP and TCP but we typically only use TCP for zone transfers.
One of the advantages of UDP is that it’s faster since it’s connectionless. A DNS server doesn’t have to establish a TCP connection with each client that does a DNS request. With UDP, it just gets a DNS request, sends a response and it’s done.
It’d be great if you can give some detailed insight on how a DNS query is resolved. Maybe an example would help.
Would you like to see a packet capture of a query/response or do you mean how the lookup is done from client to DNS server 1 > DNS server 2, etc.?
Can you explain different DNS record types and zones please.
DNS allows us to use zones. A zone stores information about the domain. When you register a domain name, you have to tell the register which DNS servers you want to use for your domain name.
On the DNS server that is responsible for your domain (zone) you can create different records.
Let me give you a short overview of the different records:
- A: the A record is used to store the IP address of a name. For example, 22.214.171.124 refers to "networklessons.com".
- AAAA: this is the same as the A record but it's used for IPv6 addresses.
- CNAME: the CNAME record is an alias for an A record. For example, I could use CNAME www.networklessons.com as an alias for networklessons.com.
- MX: the MX record is used to store the hostname for the mailserver. For example, I could use this to tell that mail.networklessons.com is the mail server for this domain name. You will need an A record for mail.networklessons.com.
Can you explain why do we need /etc/hosts file. What happens if we do not have any entries in it?
Hi Shree Kumar,
The hosts file is used for static IP to HOSTNAME mappings. Normally it is used to configure the hostname of the local computer.
For all other IP-to-HOSTNAME lookups, we use a DNS server. Any application that requires the local hostname might fail if your hosts file is empty.
Can you explain the steps a computer takes when it’s behind a switch, that’s behind a router, when it sends a request to reach http://google.com? I’m talking DNS, ARP, routing, and what order they happen? Just as much detail as possible. I am trying to figure out the order of operations.
Hi Shawn O,
In case your PC doesn’t have the MAC address of the gateway IP (which is the internal interface of the router) inside its ARP table, then It will issue an ARP request. With the ARP request, it will receive the MAC address from the router so it can start sending the packet. You can check this on the PC by going to the command line and typing the command “arp -a”
Then the packet will go to the router who in turn send it to the ISP DNS Server for the IP to domain name mapping. Once the IP of google.com is known, then the route of the packet happens to reach the web Server of google.
Hope I could answer your question.
How does this PC know that the request to reach http://google.com needs to send to the ISP DNS server instead of the local DNS server?
How does this PC know the IP address of the ISP DNS server?
On your computer, you have to configure the DNS server manually or you receive it through the DHCP server:
You could configure the DNS server of your ISP or anything else (126.96.36.199 is Google DNS).
It’s also possible that you see the IP address of your local router here. Most SOHO routers will act as a “proxy” / simple DNS server for your computers. When it receives a DNS request, it will forward it to the ISP DNS servers to figure out the IP address that belongs to the hostname. This is then returned to the computer.
Please help me to understand this !
This is a list of the DNS root servers:
The root servers answer requests for the root zone which contains all top-level domains (TLD) like .com, .net, etc.
You can take a closer look at each of these here:
Here is an example (without caching):
- From your computer, you do a lookup for networklessons.com.
- Your computer forwards the request to the ISP DNS server.
- If the ISP DNS server doesn’t have an answer, it queries one of the root servers to ask which DNS servers are responsible for the .com TLD.
- The ISP DNS server sends a request to the .com TLD name server.
- The .com TLD name server answers which authoritative server is responsible for the networklessons.com domain name.
- The ISP DNS server now asks the authoritative server for the IP address of networklessons.com and gets the IP address.
- The ISP DNS answers your computer with the IP address.
As you can see, these root servers are important. Hope this helps!