LinuxBBQ

So I've been wanting to spill and share my brain about DNS as, well I have to deal with it all day.
Rusty seemed to think it was a good idea as well on IRC, so you can blame him if you want.

Hopefully this might help anyone with their hosting and overall understanding of the web, sure some of you know this already but, judging by the amount of time i have to explain things - it's hardly common knowledge.

So back in the day when there were like 5 computers in the 'internet' there was one file to rule them all, in fact this file is sort of still on your computer at /etc/hosts (we'll get back to that in a bit) lazy sysadmin quote:

wikipedia wrote: Originally, a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984,[1] automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

Cool eh? Right DNS:
So first off one has computers with numbers as their address, other computers talk to them using numbers, to be frank domains on top are a hassle, but it's a job. Instead of 216.58.198.206 we have google.com. which is a touch easier to recall.

When you register your domain normally the registrar has the Nameserver records, this is called a 'Zone' which holds the information in a text file (these days normally kept in check by a database) that sits on a name server (NS) and looks like this:

wiki wrote:As a minimum, the zone file must specify the Start of Authority (SOA) record with the name of the authoritative master name server for the zone and the email address of someone responsible for management of the name server.

That's where the zone file is kept, only people with access to that machine can change those records, which is good.
If you change those NS and don't have a zone file (or an empty one) on the new NS, then you won't have email or a site anymore :)
Customers forget this occasionally - if you do need transfer NS then ask for a 'full zone transfer' your domains people should have access to that zone file (or the DB for that matter)

The most common DNS records are, most obvious first:
'A' record
commonly used to map hostnames to an IP address - google.com would be an A record, it is a line in a DB or bind file somewhere that looks something like this:

Which looks a bit like what you'd find in your /etc/hosts file. and in turn, changing stuff in your host file locally changes the DNS!
so in that case adding this to your hosts file: gives you a totally different website. Very handy for testing sites out before actually changing the DNS, also for troubleshooting.
just remember to remove it after!

So that's roughly how DNS works - when you request a site in a browser it talks to these Nameservers, finds out the IP behind it and asks the webserver for the site on that IP.
Usually your NS will be the ones with your ISP. I think there is a way of finding out what ones you are using, let me know what it is if you do :)

MX (Mail eXchanger)
is the next common one, I guess. This does mail of course. without it the site will work fine.
Which are your mail servers. MX have to be a domain name, which is a bit of a change to the other records. "@" represents zone origin or in english the same as the domain.
added after are some numbers, which indicates priority, with zero as the highest priority, if one MX is down it will try the next one and so on.
normally these days, there is a primary and a backup, which spools mail until the primary is backup.
MS 365 mail thing usually has one, I hate putting these in, they only have a single MX though (something about 'elastic IP's' or something.

CNAME. which is pretty much an alias, this also has to be a domain name, otherwise it breaks stuff.
so I usually do: Which refers to example.com so 192.0.2.1 in this case, which is good because - if you need to change the IP (host) you change one thing and all the other CNAMES change with it. Less useful if you need it on a different server entirely. In this case it's normally the same though.

Same with mail, if we have a mail A record: we can point the MX to it as above, so change the A record and the mail server changes.

That leads to subdomains, of which www. and mail. are, of course.
one can go quite deep with subdomains, gets a bit boring really but FYI .uk is a TLD 'top level domain' things under it are technically subdomains. .co.uk etc.

These are created by whoever has the domain's nameservers, so normally only facebook.com can make "stinky.facebook.com" and point it to where they want.
thats it for now.
maybe look at some tools to poke around in all this stuff.

wonderful, thanks for the explanation Wux :)

Helpful stuff, thanks Wux.

Good stuff wux!

Thanks for the feedback, fixed a few things on the OP.
Tools to poke around:

simple one, which should be on every distro I think, is host: So that tells us what the A record says for that domain, duh.
Notice it also tells us the MX records, if configured.
We can also then host that IP, which gives us the reverse lookup: Which can be handy seeing who owns stuff, relatedly whois: Spits out a bunch of stuff, actually with google.com it spits out a long list of other domains registered by people, god knows why.
if a normal personal website, without privacy options, it should have a few contact details on, at least a working email to renew the domain.

DIG.
install - dnsutils on debian. - gives you dig, and some older ones.

so with dig we get more control over what we see: Dumps a load of lines similar to the first post, here of course it's the mail records. google don't take any chances and have 5 records! One primary and 4 backups.
Other records are available of course: +short dumps just the IP, handy for scripts.
you can shoot guesses of subdomains at dig, but you can't (or shouldn't) be able to get the full zone in one file, which is option 'axfr' (ax fo' records)

so at a guess: yup! gets us the fairly standard mail. domain for googy.

You can combine the two and whois an IP (say the above one from dig) to get a guess of who hosts it: pretty obviously it's google's. So that is (just one) range google owns, how is that useful?
I hate those sneaky commies banging their nuts on my server, so I whois the attacking IP and drop that whole range - fuck'em

One thing we had touched on is the reverse in-addr.arpa thing.
this tends to be the internal name for the server. it's reversed order with in-addr.arpa on the end, I can't remember why, but it's useful. :)
Can't think of anything more.

These READMEs are very useful and a trademark of/for the grill, so thanks a lot for putting it all together.

thanks, tidied up a bit.
Gets some things clear in my head, so that's always nice.
Got one to run through tomorrow I got wrong today...

Thanks, wux! This is incredibly valuable information for someone as clueless as me... this is all pretty new.

Thanks a bunch, wux.

Great share, wux! Computer Networking has always interested me, and I appreciate you sharing your knowledge with us :)

I just realised that this hasn't really needed updating in the last 7 years.
the only thing I would add is that you can do things like this: Which is to say that you can enquire about certain records from any DNS resolver... which can be handy

also that this, client hold on a domain which a shit ton of people use is a bit bad ok?

Another thing with DNS is propagation.
I watched a long time ago a video :
https://www.youtube.com/watch?v=4ZtFk2dtqv0
which is still, while rambling, is still the best video I've ever seen about DNS.

I honestly give a lecture to anyone who will listen at work about DNS being 'pulled' and the TTL
It's not too hard once you see the picture. just need to open you mind a but to the strangeness of the picture.
I've liken it in the past to a group of mates, if one of them changes their phone number and doesn't advertise it, well that's pretty much dns.
You ask your mate "where is Jim? His number is not working any more?" they reply - oh I asked Bob and it's now this number XXX-555-XXX
now anyone you know who asks - "WTF is Jims number now" - you can answer.
Added to this is the joy of local DNS caching. it's a thing. you can flush your DNS - but it's not always assured. often you have to wait. Or reboot your router, or use a VPN to get fresher DNS records..

"Oh I see - should I change my TTLs now the domain is transferred?"
No - too late. Horse bolted and stable door not and all that, my man.

OK this one is wayy more from the bottom up:
https://www.youtube.com/watch?v=72snZctFFtA