DNS and shit [WIP]

Forum rules
Share your brain ;)
User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

DNS and shit [WIP]

Unread post by wuxmedia » Mon Jan 25, 2016 3:32 pm

So I've been wanting to spill and share my brain about DNS as, well I have to deal with it all day.
Rusty seemed to think it was a good idea as well on IRC, so you can blame him if you want.

Hopefully this might help anyone with their hosting and overall understanding of the web, sure some of you know this already but, judging by the amount of time i have to explain things - it's hardly common knowledge.

So back in the day when there were like 5 computers in the 'internet' there was one file to rule them all, in fact this file is sort of still on your computer at /etc/hosts (we'll get back to that in a bit) lazy sysadmin quote:
wikipedia wrote: Originally, a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984,[1] automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.
Cool eh? Right DNS:
So first off one has computers with numbers as their address, other computers talk to them using numbers, to be frank domains on top are a hassle, but it's a job. Instead of 216.58.198.206 we have google.com. which is a touch easier to recall.

When you register your domain normally the registrar has the Nameserver records, this is called a 'Zone' which holds the information in a text file (these days normally kept in check by a database) that sits on a name server (NS) and looks like this:

Code: Select all

example.com.  IN  SOA   ns.example.com. username.example.com. ( 2007120710 1d 2h 4w 1h )
example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
wiki wrote:As a minimum, the zone file must specify the Start of Authority (SOA) record with the name of the authoritative master name server for the zone and the email address of someone responsible for management of the name server.


That's where the zone file is kept, only people with access to that machine can change those records, which is good.
If you change those NS and don't have a zone file (or an empty one) on the new NS, then you won't have email or a site anymore :)
Customers forget this occasionally - if you do need transfer NS then ask for a 'full zone transfer' your domains people should have access to that zone file (or the DB for that matter)

The most common DNS records are, most obvious first:
'A' record
commonly used to map hostnames to an IP address - google.com would be an A record, it is a line in a DB or bind file somewhere that looks something like this:

Code: Select all

example.com.  IN  A     192.0.2.1   


Which looks a bit like what you'd find in your /etc/hosts file. and in turn, changing stuff in your host file locally changes the DNS!
so in that case adding this to your hosts file:

Code: Select all

129.3.21.4    example.com
gives you a totally different website. Very handy for testing sites out before actually changing the DNS, also for troubleshooting.
just remember to remove it after!

So that's roughly how DNS works - when you request a site in a browser it talks to these Nameservers, finds out the IP behind it and asks the webserver for the site on that IP.
Usually your NS will be the ones with your ISP. I think there is a way of finding out what ones you are using, let me know what it is if you do :)

MX (Mail eXchanger)

is the next common one, I guess. This does mail of course. without it the site will work fine.

Code: Select all

example.com.  IN  MX    10 mail.example.com
@             IN  MX    20 mail_backup.example.com.  
Which are your mail servers. MX have to be a domain name, which is a bit of a change to the other records. "@" represents zone origin or in english the same as the domain.
added after are some numbers, which indicates priority, with zero as the highest priority, if one MX is down it will try the next one and so on.
normally these days, there is a primary and a backup, which spools mail until the primary is backup.
MS 365 mail thing usually has one, I hate putting these in, they only have a single MX though (something about 'elastic IP's' or something.

CNAME. which is pretty much an alias, this also has to be a domain name, otherwise it breaks stuff.
so I usually do:

Code: Select all

example.com.  IN  A     192.0.2.1
www.example.com IN CNAME example.com
Which refers to example.com so 192.0.2.1 in this case, which is good because - if you need to change the IP (host) you change one thing and all the other CNAMES change with it. Less useful if you need it on a different server entirely. In this case it's normally the same though.

Same with mail, if we have a mail A record:

Code: Select all

mail.example.com         IN  A     192.0.2.3
we can point the MX to it as above, so change the A record and the mail server changes.

That leads to subdomains, of which www. and mail. are, of course.
one can go quite deep with subdomains, gets a bit boring really but FYI .uk is a TLD 'top level domain' things under it are technically subdomains. .co.uk etc.

These are created by whoever has the domain's nameservers, so normally only facebook.com can make "stinky.facebook.com" and point it to where they want.
thats it for now.
maybe look at some tools to poke around in all this stuff.
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
rhowaldt
Dog
Posts: 4565
Joined: Wed Oct 17, 2012 9:01 am
Contact:

Re: DNS and shit [WIP]

Unread post by rhowaldt » Mon Jan 25, 2016 3:56 pm

wonderful, thanks for the explanation Wux :)
All statements are true in some sense, false in some sense, meaningless in some sense, true and false in some sense, true and meaningless in some sense, false and meaningless in some sense, and true and false and meaningless in some sense.

User avatar
GekkoP
Emacs Sancho Panza
Posts: 5877
Joined: Tue Sep 03, 2013 7:05 am

Re: DNS and shit [WIP]

Unread post by GekkoP » Mon Jan 25, 2016 4:41 pm

Helpful stuff, thanks Wux.

User avatar
franksinistra
Ivana Fukalot
Posts: 1093
Joined: Mon Jan 27, 2014 2:03 am
Location: 印尼国

Re: DNS and shit [WIP]

Unread post by franksinistra » Mon Jan 25, 2016 5:54 pm

Good stuff wux!
rice no more.

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Tue Jan 26, 2016 11:13 am

Thanks for the feedback, fixed a few things on the OP.
Tools to poke around:

simple one, which should be on every distro I think, is host:

Code: Select all

host google.com
google.com has address 216.58.213.174
google.com has IPv6 address 2a00:1450:4009:811::200e
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
So that tells us what the A record says for that domain, duh.
Notice it also tells us the MX records, if configured.
We can also then host that IP, which gives us the reverse lookup:

Code: Select all

host 216.58.213.174
174.213.58.216.in-addr.arpa domain name pointer lhr26s02-in-f14.1e100.net.
174.213.58.216.in-addr.arpa domain name pointer lhr26s02-in-f174.1e100.net.
Which can be handy seeing who owns stuff, relatedly whois:

Code: Select all

whois google.com
Spits out a bunch of stuff, actually with google.com it spits out a long list of other domains registered by people, god knows why.
if a normal personal website, without privacy options, it should have a few contact details on, at least a working email to renew the domain.

DIG.
install - dnsutils on debian. - gives you dig, and some older ones.

so with dig we get more control over what we see:

Code: Select all

 dig MX google.com 
[...]
;; ANSWER SECTION:
google.com.		600	IN	MX	10 aspmx.l.google.com.
google.com.		600	IN	MX	50 alt4.aspmx.l.google.com.
google.com.		600	IN	MX	20 alt1.aspmx.l.google.com.
google.com.		600	IN	MX	30 alt2.aspmx.l.google.com.
google.com.		600	IN	MX	40 alt3.aspmx.l.google.com.
[...]
Dumps a load of lines similar to the first post, here of course it's the mail records. google don't take any chances and have 5 records! One primary and 4 backups.
Other records are available of course:

Code: Select all

dig A google.com +short
216.58.213.174
+short dumps just the IP, handy for scripts.
you can shoot guesses of subdomains at dig, but you can't (or shouldn't) be able to get the full zone in one file, which is option 'axfr' (ax fo' records)

so at a guess:

Code: Select all

dig A mail.google.com +short
googlemail.l.google.com.
216.58.198.197
yup! gets us the fairly standard mail. domain for googy.

You can combine the two and whois an IP (say the above one from dig) to get a guess of who hosts it:

Code: Select all

whois 216.58.198.197
pretty obviously it's google's.

Code: Select all

NetRange:       216.58.192.0 - 216.58.223.255
CIDR:           216.58.192.0/19
So that is (just one) range google owns, how is that useful?
I hate those sneaky commies banging their nuts on my server, so I whois the attacking IP and drop that whole range - fuck'em

One thing we had touched on is the reverse in-addr.arpa thing.
this tends to be the internal name for the server. it's reversed order with in-addr.arpa on the end, I can't remember why, but it's useful. :)
Can't think of anything more.
"Seek, and Ye shall find"
"Github | Chooons | Site"

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: DNS and shit [WIP]

Unread post by machinebacon » Tue Jan 26, 2016 7:38 pm

These READMEs are very useful and a trademark of/for the grill, so thanks a lot for putting it all together.
..gnutella..

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Tue Jan 26, 2016 8:24 pm

thanks, tidied up a bit.
Gets some things clear in my head, so that's always nice.
Got one to run through tomorrow I got wrong today...
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
Dr_Chroot
Alfalfa
Posts: 1100
Joined: Mon Jun 09, 2014 9:49 pm
Location: among the sagebrush
Contact:

Re: DNS and shit [WIP]

Unread post by Dr_Chroot » Thu Jan 28, 2016 1:17 am

Thanks, wux! This is incredibly valuable information for someone as clueless as me... this is all pretty new.
Fight internet censorship.
EFF | Tor Project | Bitcoin

"There have been times throughout American history where what is right is not the same as what is legal. Sometimes to do the right thing you have to break the law." - Edward Snowden

User avatar
Snap
Sperminator
Posts: 189
Joined: Sun Oct 05, 2014 8:11 pm

Re: DNS and shit [WIP]

Unread post by Snap » Thu Jan 28, 2016 7:05 am

Thanks a bunch, wux.

User avatar
elixir
Weight Watcher
Posts: 357
Joined: Fri Feb 21, 2014 8:25 am

Re: DNS and shit [WIP]

Unread post by elixir » Sun Jan 31, 2016 5:23 am

Great share, wux! Computer Networking has always interested me, and I appreciate you sharing your knowledge with us :)
Out of the corner of your eye you spot him... Shia LaBeouf.

https://www.youtube.com/watch?v=o0u4M6vppCI

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Sat May 21, 2022 9:28 pm

I just realised that this hasn't really needed updating in the last 7 years.
the only thing I would add is that you can do things like this:

Code: Select all

$ dig @ns1.cloudflare.com wuxmedia.xyz +short
172.67.181.250
104.21.80.130
Which is to say that you can enquire about certain records from any DNS resolver... which can be handy
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Sat May 21, 2022 9:37 pm

also that this, client hold on a domain which a shit ton of people use is a bit bad ok?
clienthold.png
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Sat May 21, 2022 9:55 pm

Another thing with DNS is propagation.
I watched a long time ago a video :
https://www.youtube.com/watch?v=4ZtFk2dtqv0
which is still, while rambling, is still the best video I've ever seen about DNS.
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Sat May 21, 2022 10:02 pm

I honestly give a lecture to anyone who will listen at work about DNS being 'pulled' and the TTL
It's not too hard once you see the picture. just need to open you mind a but to the strangeness of the picture.
I've liken it in the past to a group of mates, if one of them changes their phone number and doesn't advertise it, well that's pretty much dns.
You ask your mate "where is Jim? His number is not working any more?" they reply - oh I asked Bob and it's now this number XXX-555-XXX
now anyone you know who asks - "WTF is Jims number now" - you can answer.
Added to this is the joy of local DNS caching. it's a thing. you can flush your DNS - but it's not always assured. often you have to wait. Or reboot your router, or use a VPN to get fresher DNS records..

"Oh I see - should I change my TTLs now the domain is transferred?"
No - too late. Horse bolted and stable door not and all that, my man.
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: DNS and shit [WIP]

Unread post by wuxmedia » Sat May 21, 2022 10:08 pm

OK this one is wayy more from the bottom up:
https://www.youtube.com/watch?v=72snZctFFtA
"Seek, and Ye shall find"
"Github | Chooons | Site"

Post Reply