The process of DNS lookup - dns

I am a lot confused in this process of how DNS works. Every link is saying different things, which probably will be the same, but I cannot understand.
I'll try to put forward all what I know and have read. Please add on to this and correct wherever things are wrong.
Type www.example.com in your browser's address bar.
The browser sends a request to the system's OS to check in the hosts file.
The OS checks the hosts file if there exists a record having IP of example.com domain.
If the record exists, the IP address is returned to the browser. The browser then sends the request for the webpage directly to the IP address.
If the record in Step 3 doesn't exists, the browser gets a response from OS that the record is not found. The browser then asks the IP from DNS servers.
(Is this correct? Browser gets a negative response and it sends requests to DNS servers or is it OS which directly requests DNS servers for IP once it knows hosts file doesnot contain the required record).
Now, my main doubt. What exactly are DNS servers? Are they what we call name-servers? Where do they reside? Who provides us with these name-servers? Browser sends them request or OS?
This post says DNS servers are configured on our systems and OS sends a request to these servers.
Now, where do DNS resolvers come then. What are they doing. This post says DNS resolvers are computers owned by ISPs which does the translation. Then is the sequence of request like Browser -> Hosts File-> DNS resolvers -> DNS servers ? But who sends request to whom?
Please correct the above. Any help will be appreciated.

One through five in your list are correct. The browser asks your DNS resolver (your ISP's or whatever you put in your network settings). If the resolver doesn't know the answer it starts asking around.
I'll use stackoverflow.com as an example
The resolver asks the root servers and they answer with the TLD servers authoritative for com.
The resolver asks the TLD servers and they answer with the name servers configured for stackoverflow.com at the domain registrar.
The resolver asks the name servers and they respond with the A record(s)
The resolver caches the A record for a given time (either the TTL of the record or it has its own time overwriting the TTL given by the name servers) and when the resolver is asked again it returns what it has in the cache (unless the TTL has expired, then it starts asking again)
To summarize it looks like this:
Browser -> Hosts File -> DNS resolver ->(rq*) Root servers -> TLD servers -> Name servers -> NS records
rq - recursive query
The NS records are asked if you want to open www.stackoverflow.com, they are like name servers (NS actually stands for name server), but for sub domains.

Just to go into more details about DNS Lookup, here is my example:
When you type www.google.com we actually call www.google.com. The . at the end represents the Root of the Internet’s namespace.
Browser checks its own cache and if not found it asks OS for IP.
OS then checks if the IP address is in memory (cache).
If the browser and the operating system(cache) both don’t know the IP address, then the operating system is configured to ask the Resolving Name Server (RNS) for IP addresses it doesn’t know.
RNS is the main workforce for the DNS lookup. It is configured both manually and automatically within your OS.
The OS then queries the RNS for the IP. RNS may or may not have the IP in cache.
The only thing that all the RNS must know is where to find the Root Name Servers, i.e., the . that appears after every url at the end.
The Root Name Servers will reply with where to find the com name servers.
The com name servers are the Top Level Domain (TLD) name servers.
RNS then caches the info that it com from Root Name Servers and goes to TLD servers.
The TLD name servers will reply by saying the location of google.com name servers. The next set of name servers are the Authoritative Name Servers (ANS).
RNS then caches the info that it com from TLD Name Servers and goes to ANS.
ANS will now reply by saying that it knows the IP address of the URL.
RNS will now save the IP address in its cache and then gives the reply to the OS.
The OS then hands over the IP address to the browser.
Then the browser makes a connection the IP address requesting a web page for the Url.
This entire cycle takes a fraction of a sec.
Browser -> OS -> DNS Lookup -> RNS -> Root Name Server -> TLD -> ANS -> RNS -> OS -> Browser

Related

Nslookup question about the command "root" when in nslookup mode in Windows 10

I have been recently exploring the DNS service and how things work. From my understanding if the browser does not know a certain URL that is typed by the user (ex. maps.google.com) then the DNS flow will be the following:
Browser checks its cache => Browser checks with the OS resolver software on the device (possibly checks the host.txt file that exists on the machine if it is Windows) => Operating system contacts the ISP DNS server => ISP DNS server checks cache and then resolver software from ISP DNS server reaches a DNS Root server IP address directly (root server IPs are hard-coded in the ISP resolver) => Root server directs resolver to TLD servers (.com in our example) => TLD servers sent the resolver to Authoritative servers for the domain we asked (google.com) => Authoritative server gives us the Ip address we look for (maps.google.com)
I am experimenting with the nslookup command in Windows 10. I do the following:
C:\Users\me>nslookup
Default Server: UnKnown
Address: "Here I get an Ip6 address"
>root
Default Server: A.ROOT-SERVERS.NET
Addresses: 2001:503:ba3e::2:30
198.41.0.4
Above we can see one of the root DNS servers of Verizon which is used to provide the DNS service to the users on the Internet.
My questions is:
The information returned from the root comamnd in the nslookup mode, where are they coming from?
Are these information from the cache of my PC or they are information that are saved on the DNS server that my pc is contacting to get the DNS service?
Ok, well the 13 root a servers are the master controllers of the entire web. They are too busy to be bothered with every request so they have replicators--hundreds of other servers that have already asked and answered your question--and got a resolved website. They then get to answer the question on behalf of the 13 root servers--for a set amount of time.

How DNS resolves an incorrect specified TLD

I've been reading up a lot about DNS lately and have even searched on stack overflow for information, but I can't seem to find this. Please correct me if there's mistake along the way.
Assuming that I want to go to example.com. The way I understand how DNS works is that
It looks on the local client machine for a cached record. If the cache has the record, everything's good. If it doesn't, it moves to step 2.
Makes a request for the domain name to DNS resolver provided by Internet Service Provider (ISP).
If DNS resolver has the domain name record cache, the IP Address is returned and all is well. If it doesn't, it moves to step 4.
DNS resolver uses the DNS Root server hints file to request Root Servers to resolve the appropriate nameserver for Top Level Domain (TLD) (ie: .com, .net, .io).
The request then gets passed down to the TLD server, in this case, responsible for .com. TLD servers have records of nameservers that could resolve "example" called authoritative servers.
The authoritative server then has a record of "example" and returns the IP address to the ISP DNS resolver, who caches that record and returns it to the client who will also cache that record.
My question is lets assume I am typing in "example.ca", but the actual name should be example.com/ca since example.ca does not exist, how does DNS figure out that example.com/ca is the correct entry assuming that neither the local machine nor the ISP DNS resolver has this record cached?
There is no black magic, and it does not have anything to do with DNS: there is a webserver running on http(s)://netflix.ca, and all it does is serve a redirect to https://netflix.com/ca

Setting up domain with WAMP / XAMPP

I was wondering about security with setting up a domain for WAMP / XAMPP.
Lets say that I want to publish website hosted on my PC with WAMP or XAMPP.
So, I have to register a domain.. and set it in WAMP / XAMPP. But, what would happen, if I set some already used domain in WAMP? For example if I set stackoverflow.com, which is already registered. What would happen? I guess that people will not see my website, but this one (stackoverflow), but how does WAMP or XAMPP recongnise that it is my website?
I am begginer with this matter, so please, dont be angry if its something obious :)
I think you are forgetting about DNS Servers and what they do.
When your browser see's any domain name you enter in the address bar, it goes to a DNS Server and asks, "Please give me the IP address for this domain name". Domain names are only there for us humans as its easier to remember stackoverflow.com than it is to remember an ip address, and that gets even more difficult for us to remember if it is on the IPV6 network.
So unless you can get all the DNS Servers in the universe changed to point the domain name stackoverflow.com to your routers external IP you wont effect anything by setting WAMP or XAMPP to use any existing domain name.
But lets say you do set WAMP/XAMPP to use an existing domain name. You would amend your HOSTS file to tell the Browser where to find that domain like this
127.0.0.1 localhost
127.0.0.1 stackoverflow.com
::1 localhost
::1 stackoverflow.com
This has the effect of seeding the local machines DNS Cache with these addresses. Now the browser will always check the DNS Cache before committing to the expence of asking a DNS Server to get the ip address, so your browser thinks that stackoverflow.com lives on your PC i.e. for IPV4 127.0.0.1 or for IPV6 ::1
All this will do is stop you getting to the real stackoverflow.com because the browser will attempt to connect to 127.0.0.1 every time you use stackoverflow.com as a domain name in the browser address bar instead of going to the real ip address for SO.
Reply to your comment
When you register a domain, you normally get access to an admin panel of some sort, where you set the ip address to use for this domain. This will set the DNS Server of who you purchased the domain from and this is then automatically propergated to all top level DNS Servers.
At that point you would set this to the External IP/WAN IP address of your router.
But be aware, if your ISP allocates IP addresses to you dynamically i.e. not a Static IP address you cannot do this, as your ISP Allocated IP Address is liable to change over time.
As a final note
WAMPServer and XAMPP are designed to be single seat developer tools and not LIVE Servers. That is not to say that the Apache in them is somehow less capable but that there is so much more to securing a web site than first meats the eye.
Also, you may not realise, but a Windows desktop OS is not a good target to run a live web server on. They are configured to be clients and as such have various limitations, mainly that a desptop OS can only manage around 20-30 external connections MAX. So if your site actually takes off, you are going to have a lot of complaints about the speed and accessibility of your site.
This destop limitation cannot be reconfigured.

muliple subdomains dns levels working

In this moment, I am learning how the DNS and domains resolutions work and I have a question.
Let's take a.test.com for example.
As I understand it, first of all, the intermediary ISP DNS server is called. If it has the domain IP in cache, it returns it. Otherwise, it does consecutively these following tasks :
It calls a root DNS server which returns a com DNS server IP
It calls that top level DNS server which returns the test.com DNS server IP
It calls that DNS server to finally get a.test.com's IP
Is it correct ?
And now what does it happen when we resolve a.b.c.test.com ?
Does it call another DNS server or does the c.test.com's DNS server contain the a.b.c.test.com's IP ?
Thanks
Yes, you are pretty much correct. Nothing different will happen in next steps: c.test.com will respond with a referral to more authoritative server (the one for b.c.test.com), or if itself is authoritative then it will respond with an answer.

Why can't I spoof Facebook with my own DNS server?

Reading a lot about servers, load balancing and similar topics, a question came to mind.
DNS servers are servers which gives you the IP for a given domain name. Is there a "dictator" knowing all the valid DNS servers in the world? If I want to make a DNS server, and someone requests a website it doesn't have. How would it know which other DNS to redirect the request to? What if I tell facebook.com to have a spoof IP, and everyone getting the IP from my DNS server would be communicating with a spoof facebook server? Obviously, this isn't how it works (at least not at a big degree), because then someone would have done it already to attack hundreds of people.
When one registers a domain, one has to specify the name server for that domain. What happens during this process? Is a request sent to this DNS server to notify it there is a new domain to save in the database? If so, how can anyone own the top domains like .com? And why cannot I for example make my own top domain name if I can make my own DNS server?
After looking at nginx as a load balancing system, I'm starting to wonder a bit. Is it so that a request to http://www.google.com/ works like this? The computer asks a DNS server for the IP address for google.com, and then requests it? This will only be one IP, and all requests to Google ends up at this one server? And then this IP will be connected to a nginx server, or a more basic hardware unit to route the request internally to other servers? So all requests go to one server before it redirects the request to a data center?
After looking up google.com, it says the name servers are ns1.google.com etc.. But what is the point of them, if you need a different name server to get to ns1.google.com in the first place?
Obviously what I've written doesn't make sense, because if it were true, the web as a whole would be unusable because of people exploiting the possibilities for malicious causes. And I can't imagine how ONE server could handle ALL the requests thrown at google.com.
I've tried searching Google, but all I get is theoretical explanations that led me to where I am now. It would have been great if someone would point me to some articles that explain this thoroughly, and hopefully a lot of other people will find this question useful.
Anyone can run a DNS server, but the challenge is getting someone to use it. Normally the DNS server IP is provided as a DHCP option or is statically assigned. If you can get someone to use your server, you can return any IP for any hostname, including creating new top-level domains (subject to any filtering at the client, of course. Web browsers might have difficulty with a new TLD, for example). Note that with DNSSEC, this will eventually change, as the name record will be digitally signed and your server won't be able to fake the signature exactly.
DNS servers operate in a tree. When one server receives a request for a domain it does not control, it forwards the request on to another DNS server. The other DNS server may be the one which returns the IP (this is called the authoritative server), or it may return a NS record which points to another server which then must be queried. The DNS root servers provide for resolving TLDs.
A DNS server does not need to always return the same IP for a given name. It may choose to return a different IP based on region, client IP, or even per-request. This is the most typical way to load balance. Multiple DNS servers can also load balance the DNS requests by using anycast routing, where many servers share the same public IP and traffic is routed to them randomly by publishing multiple routes for the same IP.

Resources