Lesson 16: DNS
| Homepage | Content | Slides | Video |
Warning
This lesson is under construction. Use it for learning purposes at your own peril.
If you have any feedback, please fill out our General Feedback Survey.
Overview
What DNS Solves.
History Lesson
DNS Records
- A
- MX
- NS
- SOA
- CNAME
- NXDOMAIN
Root / The Thirteen
Problems DNS Solves
devopsbootcamp.osuosl.org ===(DNS)===> 140.211.15.183
Obligatory History Lesson
HOSTS.TXT circa 1977:
MIT 1
Yale 2
Harvard 3
ATT 4
...
HOSTS.TXT a few years later:
...
joeBillson 14895
susan-gill 15832
...
How DNS Works
- Computer A wants to fetch data from devopsbootcamp.osuosl.org. (notice the . at the end of the address).
- Computer A checks the local cache.
- If the address isn't in the cache, A contacts the DNS root server. (We're actually skipping a few layers of cache. Read up for more info on that.)
- One of the root nodes tells A to check the org node.
- The org node is contacted and tells A to check the osuosl node.
- The osuosl node tells it to check the devopsbootcamp node.
A DNS Request
DNS Records
| Acronym | Name |
| A, AAAA | IP Addresses |
| MX | SMTP Mail Exchangers |
| NS | Name Servers |
| SOA | DNS Zone Authority |
| PTR | Pointers for Reverse DNS Lookups |
| CNAME | Domain Name Aliases |
A Records
The A record is used to map an IP address to a domain name. This is as close to a 'regular' record as you can get.
osuosl.org. 300 IN A 140.211.15.183
MX Records
The MX record is for tracking mail servers.
osuosl.org. 3600 IN MX 5 smtp3.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp4.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp1.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp2.osuosl.org.
NS Records
Servers with a NS record are allowed to speak with authority on a domain and DNS requests.
osuosl.org. 86258 IN NS ns1.auth.osuosl.org.
osuosl.org. 86258 IN NS ns2.auth.osuosl.org.
osuosl.org. 86258 IN NS ns3.auth.osuosl.org.
SOA (Authority) Records
SOA is the record for proving authority over a site or zone.
osuosl.org. 86400 IN SOA ns1.auth.osuosl.org. ...
CNAME Records
CNAME is an record for aliasing old names to redirect to new names.
bar.example.com. 86400 IN CNAME foo.example.com
NXDOMAIN Records
Tells you there is no answer to a query:
Host something.invalid.osuosl.org not found: 3(NXDOMAIN)
Some ISPs and others never serve NXDOMAINS, instead they point you at themselves.
The Root
$ dig ns .
;; ANSWER SECTION:
. 512297 IN NS i.root-servers.net.
. 512297 IN NS e.root-servers.net.
. 512297 IN NS d.root-servers.net.
. 512297 IN NS j.root-servers.net.
. 512297 IN NS b.root-servers.net.
. 512297 IN NS a.root-servers.net.
. 512297 IN NS f.root-servers.net.
. 512297 IN NS h.root-servers.net.
. 512297 IN NS g.root-servers.net.
. 512297 IN NS c.root-servers.net.
. 512297 IN NS m.root-servers.net.
. 512297 IN NS k.root-servers.net.
. 512297 IN NS l.root-servers.net.
The Thirteen
Tool: dig
dig is a command-line tool for performing DNS lookups.
Syntax:
dig @server name type
Examples:
dig @ns1.osuosl.org osuosl.org A
Example: Recursive Request
First we query a NS record for .:
$ dig ns .
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS b.root-servers.net.
etc...
Example: Recursive Request
Next we query NS for org.:
$ dig ns com. @a.root-servers.net
;; QUESTION SECTION:
;org. IN NS
;; AUTHORITY SECTION:
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS a2.org.afilias-nst.info.
etc...
;; ADDITIONAL SECTION:
a0.org.afilias-nst.info. 172800 IN A 199.19.56.1
etc...
Example: Recursive Request
Next we query NS for osuosl.org.:
$ dig ns osuosl.org. @199.19.56.1
;; QUESTION SECTION:
;osuosl.org. IN NS
;; AUTHORITY SECTION:
osuosl.org. 86400 IN NS ns3.auth.osuosl.org.
osuosl.org. 86400 IN NS ns2.auth.osuosl.org.
osuosl.org. 86400 IN NS ns1.auth.osuosl.org.
;; ADDITIONAL SECTION:
ns1.auth.osuosl.org. 86400 IN A 140.211.166.140
ns2.auth.osuosl.org. 86400 IN A 140.211.166.141
ns3.auth.osuosl.org. 86400 IN A 216.165.191.53
Example: Recursive Request
Next we query A for osuosl.org.:
$ dig a osuosl.org. @140.211.166.140
;; QUESTION SECTION:
;osuosl.org. IN A
;; ANSWER SECTION:
osuosl.org. 300 IN A 140.211.15.183
;; AUTHORITY SECTION:
osuosl.org. 86400 IN NS ns1.auth.osuosl.org.
osuosl.org. 86400 IN NS ns2.auth.osuosl.org.
osuosl.org. 86400 IN NS ns3.auth.osuosl.org.
;; ADDITIONAL SECTION:
ns1.auth.osuosl.org. 86400 IN A 140.211.166.140
ns2.auth.osuosl.org. 86400 IN A 140.211.166.141
ns3.auth.osuosl.org. 3600 IN A 216.165.191.53
TODO: Traverse the DNS Tree with dig
Can you traverse the DNS tree to get to these websites? Give it a try!
- github.com
- web.archive.org
- en.wikipedia.org
Further Reading
- Try running dig on some of your favorite websites and see what you find.
- Read the manpage on dig and see what else you can find in the output.
- Try registering your own domain name and run a website using the Github Student Pack resources like Digital Ocean and DNSimple.