Domain Name Service (DNS)
Domain Name Service
-
How to find the system we want to reach
-
Provides name-to-IP resolution
-
Allows dynamic registration
- Scenarios where you have dynamic IP addressing
- You will have to run a dynamic DNS client so that process just pull and check the IP changes regularly
-
Globally hierarchical
-
Requirement for many users and applications
-
Think "411" or operator, for the internet.
DNS Operation
- UDP used for typical operation
- All we have to do is a quick query and a quick reply
- Almost like the way that a ping works
- TCP used for zone transfers
- Records of one server being copied to the other
- Sometimes when you make a DNS statement the reply can be larger than the standard in that case DNS moves from using UDP to TCP.
- DNS provides no integrity
- If we use something called DNS SAC
- An integrity check sum to prove the destination
- If we use something called DNS SAC
- DNS provides no security
- Analysis of DNS traffic is useful as a security control.
DNS Client Operation
- Is it my name?
- Check local HOSTS file
- File that states which particular hostname goes with which particular IP.
- Can be modified
- Check DNS.
- NetBIOS
- Is what a lot of us are using to name our computers before Active directory was ever utilize
- A local way to resolve another computers just using multicast.
- You can do this using WINS.
DNS Server Operation
- A recursive lookup takes place means that if a request to for example a Local DNS does not know then it goes and continues lookin up for in other DNS servers.
- In an Iterative lookup the DNS Client does all the work to find the IP address attached to the name.
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250115132025.png)
Recursive, primary, and secondary DNS
- Recursive DNS servers are designed to resolve domain names by querying other DNS servers until they find the authoritative source for the requested domain. This process ensures that users receive accurate and up-to-date information for any domain, minimizing latency in DNS resolution by effectively navigating the DNS infrastructure.
- Secondary DNS servers replicate records from a primary DNS server for redundancy and do not independently resolve external domain names.
- Primary DNS servers manage and serve DNS records for domains they are authoritative for, but they do not query other servers to resolve external domain names.
- A caching-only DNS server serves previously cached queries but does not perform the recursive querying necessary to resolve unknown domain names.
Authoritative vs. non-authoritative DNS server
- An authoritative DNS server holds the definitive records for domain names, providing the final answer for queries about those domains. It has complete, up-to-date information for the domains it is responsible for, typically managed by the domain's owner or hosting provider.
- A non-authoritative DNS server does not have the original records for a domain but can cache results from authoritative servers. It relies on other servers to provide the answer, and the data may be outdated or cached for a limited time (TTL). These servers are often used by ISPs or local networks to speed up domain resolution.
DNS Records
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250520105410.png)
DNS Query commands (dig & nslookup)
Example using dig command:
[user@localhost ~]$ dig gmail
Output:
; <<>> DiG 9.10.6 <<>> gmail
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34934
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;gmail. IN A
;; AUTHORITY SECTION:
gmail. 745 IN SOA ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 900
;; Query time: 36 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Jun 18 17:41:50 MDT 2025
;; MSG SIZE rcvd: 132
- Note that
digprovides the DNS Record attached to the Domain Name.
Example using nslookup command:
[user@localhost ~]$ nslookup gmail.com
Output:
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: gmail.com
Address: 142.250.72.133