Domain Name System (DNS) Information

Resources

• List of DNS record types
• Demystifying DNS Lookup Medium Article
• DNS Resolution Overview
• DNS System Explained:

Definitions

• Domain Name System
• • The Domain Name System (DNS) is a hierarchal and distributed name service that provides a naming system for computers, services, and other resources in the internet, and other Internet Protocol (IP) networks. It associates various information with domain names (identification strings) assigned to each of the associated entities.
• namespace
• • In computing, a namespace is a set of signs (names) that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified.
• address space
• • In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell, or other logical or physical entity.
• start of authority (SOA)
• • The state of authority record is a type of resource record in the Domain Name System (DNS) containing administrative information about the zone, especially regarding zone transfers.
• Resource Record
• • The Domain Name System specified a database of information elements related to network resources. The types of information elements are categorized and organized with a list of DNS record types. Each record has a type (name and number), an expiration time (time to live), a class, and type-specific data.
• IP addresses
• • Numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. Internet Protocol version 4 (IPv4) defined an IP address as a 32-bit number. However, because of the growth of the Internet and the depletion of available IPv4 addresses, a new version of IP (IPv6), using 128 bits for the IP address, was standardized in 1998. IPv6 deployment has been ongoing since the mid-2000s.
• SMTP mail exchanges
• • Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission.
• reverse DNS lookups
• • In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying of the Domain Name System (DNS) to determine the domain name associated with an IP address - the reverse of the usual "forward" DNS lookup of an IP address from a domain name.
• Canonical Name (CNAME) record
• • A Canonical Name (CNAME) record is a type of resource record in the Domain Name System (DNS) that maps one domain name (an alias) to another (the canonical name)

How your Web Browser Connects to a Website

1. The user enters a URL (Uniform Resource Locator) int your web browser's address bar
2. Your browser checks its local cache to see if it already has a recent DNS resolution for the requested domain. If there is one, it can skip the rest of the lookup process and use the cached IP address, expediting the connection.
3. Browser might then check the operating system's DNS cache. If the DNS record is present there, it is promptly returned to the browser.
4. In certain network connections there is a proxy server that is sent the DNS query instead of directly to the router or local DNS resolver. This intermediary, the proxy server, manages the connection between your browser and the DNS resolver.
5. If there is no proxy server, the request is sent to your local router or DNS resolver, often provided by your Internet Service Provider (ISP). The router may have its own cache to expedite DNS queries. If the registered information is available, it's provided directly to the browser.
6. If router cache doesn't contain the DNS record, it queries any locally configured private DNS servers within your local area network (LAN). These servers may be set up within a corporate network.
7. If the private DNS server can't resolve domain name, it forwards the request to your ISP's recursive DNS resolver. This resolver is responsible for handling DNS queries for the ISP's customers and usually maintains a substantial cache of DNS records.
8. If the ISP's DNS resolver lack the necessary information, it contacts the Root Name Server, one of the 13 authoritative root servers worldwide. The root server provides essential information about to level domains and responds by referring the query to the appropriate TLD server.
9. The TLD (Top-Level Domain) server manages requests for domains under its specific TLD, such as ".com" or ".org". It provides the IP address of the authoritative name server for the second-level domain, like "example.com"
10. The authoritative name server for the requested domain, such as "example.com" may have multiple IP addresses. These multiple IPs serve as a form of redundancy and load balancing, ensuring reliability and performance. The DNS resolver receives these IPs and selects one based on factors like proximity, availability, or load.
11. Some authoritative name servers employ GeoDNS techniques. GeoDNS provides different IP addresses based on the geographic location of the user making the DNS query. This optimizes performance and delivers geographically relevant content by directing users to the nearest data center, reducing latency and enhancing user experience.
12. The IP's recursive DNS resolver caches the IP address obtained from the authoritative name server, including multiple IP addresses if appliable. It then returns this information the private DNS server in your LAN.
13. The private DNS server caches the IP address, which may be one of the multiple IP addresses obtained earlier, and forwards it to your router.
14. The router caches the IP address and provides it to your browser.
15. Your browser receives the IP address, potential one of several, for the requested domain. It then uses this IP address (also remembering it for future references) to establish a connection to the web server associated with that domain, ultimately loading the webpage you requested.

DNS Resolution Overview

The Domain Name Service (DNS) maps IP addresses to hosts connected to either public or private internet via a process called DNS resolution, making it an essential part of an organization's infrastructure. It not only allows users to easily search for and access websites or other publicly available services, but also facilitates communication between hosts on a local network.

How does DNS Resolution Work?

• Most hosts on a network (internal or external) have both a unique IP address and a hostname. Hostnames comprise the host's local or subdomain(s), its parent domain name, and its domain extension (e.g., .com). Together, these segments provide hosts with an accessible identity for clients to interact with.

• When a client searches for a hostname - typically through a web browser - their network's DNS provider executes a multi-step resolution process via the following four servers in order to find and return the appropriate IP address:

1. DNS Recursor
2. 1. Serves as middleman between a client and other DNS servers, following a chain of referrals from each one until it locates the request host's IP address. The recursor will also cache information in order to respond faster to subsequent client requests.
2. Root Nameserver
3. 1. Receives the first request from the DNS recursor and sends back the appropriate top level domain (TLD) server, based on the queries host's domain extension.
3. TLD Server
4. 1. Maintains information for all domain names with the same domain extension. A TLD server receives the next request from the DNS recursor and responds with the appropriate authoritative nameserver.
4. Authoritative Nameserver
5. 1. Stores the DNS records that map domain names to IP addresses. The authoritative nameserver responds to a DNS recursor's final request with the queries hostname's IP address. If the IP address is not available, the nameserver will throw an error.
   2. As a final step in the DNS resolution process, the DNS recursor sends the IP address back to the client's browser, allowing it to connect to and load the appropriate website or application.

Why is DNS important?

• DNS has become more important than ever today due to the internet's highly distributed and dynamic infrastructure. This article recommends Amazon Route 53 for DNS service.

Challenges with DNS

• DNS resolution issues are often the root cause of network outages. As modern infrastructure creates more complex and interconnected networks, a misconfiguration in a single DNS server, such as a missing or mistypes IP address in an authoritative server, can lead to cascading failures for all of the services that communicate with it.
• Because of their central role in supporting both internal and external communication for a vast majority of organizations, DNS providers are primary targets for DDoS and cache poisoning attacks. In these cases, organizations are limited in their ability to mitigate an outage, especially if they rely on a single provider.

Traceroute Explained

• The internet is a global network of routers that allow computers and servers the ability to communicate with each other from all over the world. These routers or servers communicate with each other so that they can route their data packets to the intended destination.
• The traceroute utility is just a tool that is used to find out the exact path the data packet has taken from the sender to the destination.
• Can help you find problems like bottlenecks, where connection from client to server might be lagging, or if you are curious about the paths that data packets take from their clients to the destination.
• traceroute vs ping
• • ping sends out 4 data packets from your computer to the destination, and once it reaches a destination, it'll send the data packets back to your computer.
  • • Actually, when I ran it, it sent out data packets continuously until being stopped.
  • If you received all or some data packets back to your computer, then that tells us that there is general connectivity between your computer and the destination.
  • ping also tells us how long the trip took for the data packets to go to and from the destination, which is measured in milliseconds.
  • traceroute not only pings the final destination, but it also pings each router on its way to the destination. And it measures the round trip time that the data packs took from each router to the destination.
  • Microsoft Windows uses tracert whereas the Linux command is tracepath, and in macOS I guess it is traceroute (but I think they all have the same functionality)

$ ping frankmbrown # ping <hostname>, the X's below are in place of IP addresses
PING frankmbrown (143.244.220.150) 56(84) bytes of data.
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=1 ttl=46 time=45.3 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=2 ttl=46 time=35.5 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=3 ttl=46 time=35.5 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=4 ttl=46 time=36.1 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=5 ttl=46 time=33.5 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=6 ttl=46 time=42.0 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=7 ttl=46 time=36.9 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=8 ttl=46 time=34.9 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=9 ttl=46 time=38.4 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=10 ttl=46 time=32.5 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=11 ttl=46 time=47.2 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=12 ttl=46 time=31.7 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=13 ttl=46 time=38.6 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=14 ttl=46 time=34.2 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=15 ttl=46 time=37.2 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=16 ttl=46 time=35.4 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=17 ttl=46 time=34.0 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=18 ttl=46 time=43.5 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=19 ttl=46 time=33.7 ms
64 bytes from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): icmp_seq=20 ttl=46 time=52.9 ms
64 bytes from XXX.XXX.XXX.XXX (143.244.220.150): icmp_seq=21 ttl=46 time=36.6 ms
--- frankmbrown ping statistics ---
22 packets transmitted, 22 received, 0% packet loss, time 22455ms
rtt min/avg/max/mdev = 31.674/39.195/66.594/7.886 ms

> tracert frankmbrown.net
Tracing route to frankmbrown.net [XXX.XXX.XX.XX]
over a maximum of 30 hops:

  1    11 ms     2 ms     4 ms  10.0.0.1
  2     3 ms     3 ms     4 ms  <parent domain>.<domain extension> [XXX.XXX.XXX.XXXX]
  3     7 ms     9 ms    11 ms  <parent domain>.<domain extension> [XXX.XXX.XXX.XXXX]
  4    30 ms    23 ms     8 ms  XXX.XXX.XXX.XXXX
  5     *        *        *     Request timed out.
  6    11 ms    14 ms    10 ms  XXX.XXX.XXX.XXXX
  7    11 ms    11 ms    19 ms  XXX.XXX.XXX.XXXX
  8    18 ms    14 ms    10 ms  XXX.XXX.XXX.XXXX
  9    12 ms    12 ms    13 ms  XXX.XXX.XXX.XXXX
 10    11 ms    18 ms    10 ms  <parent domain>.<domain extension [XXX.XXX.XXX.XXXX]

Trace complete.

Analyzing tracert Output

• The first column tells us the number of hops or steps that the route took to the destination, which was a total of 10 hops. The next three columns shows us the round trip time each data packet took to each point and back to your computer.
• The last column tells us the IP addresses of each router and the final destination and it'll also tell us the domain name if it's available.
• One of the main things you want to look at when you're doing a traceroute are consistent round trip times.
• One of the benefits of traceroute is that it can tell you where the problem lies / which route is slowing down connection.
• Seeing a high round trip time doesn't always indicate a problem. It could just indicate that the routers are very far apart physically. It could also indicate that the router is working fine but it wasn't configured to return traceroute replies but the router still passed on the data packets to the next router.
• Don't worry if one data packet roundtrip time is high while the others aren't - it could indicate that something strange has happened to that one data packet.
• There is another value in traceroute called TTL or time to live. TTL is a given value to the data packets on how long they can live before they are discarded. You can set the TTL to a custom value using the -h option.

> tracert -h 4 # When the data reaches the fourth hop, the data packet is dropped and won't continue on

• We have a TTL so that the data packet does not continuously go around the internet looking for its destination.
• • If certain routers on the internet are misconfigured, then this could happen.