DNS Protocol explained

gpiechnik

Grzegorz Piechnik

Posted on November 30, 2023

DNS Protocol explained

Since the Internet is based primarily on IP addresses, it would be impractical to navigate through page after page using them. With help comes the DNS protocol, the main task of which is to convert an address that the user understands into one that the computer can understand. The DNS mechanism contains a huge database, but about that later.

How does DNS work?

To make the whole thing work properly and prevent abuse, the administration of the DNS is done by the IANA (Internet Assigned Numbers Authority) and ICANN (The Internet Corporation for Assigned Names and Numbers). They ensure the allocation of Internet domains between countries and organizations and determine their structure.

This is how .pl domains are possible to register with NASK (Scientific Academic Computer Network) or one of their intermediaries.

Let's move on to how, after accessing a given web address, our computer knows to which IP to send the request. The following steps are generalized and are just a general scheme for a more extended operation.

1) When you type in a www address, your browser sends a request to a provider, such as your ISP or a publicly available DNS like 8.8.8.8.8 from Google.
2) Since the provider does not know the IP address of the server, a query is sent to one of the 13 major DNS servers.

  1. one of the 13 main DNS servers in response sends the provider the location of the IP of the Top Level Domain server, which holds information about domains with a particular ending (as we mentioned earlier, the NASK is responsible for .pl)
  2. the Provider sends a query to the Top Level server returned by one of the 13 main servers.
  3. if the server holds the IP of the site of interest, we get it.
  4. the browser gets information from the provider about the server where the website is, with which further communication takes place.

Types of queries

Accordingly, we can divide queries into two types:

  • Recursive - forces the server to find and send domain information or error notification. If the queried server does not know the answer, it queries subsequent DNS servers.
  • Iterative - sent between DNS servers. The server returns the best information it has about the server associated with the domain (for example, that further information should be requested from the server at the given IP address).

Types of DNS records

Each domain has its own DNS zone, or database, holding the records that define its configuration. Among the most important, are:

  • A record (IPv4 address record) - maps a host's IP address to its 32-bit IPv4 address. The most common address that the browser uses in communicating with the target server.
  • AAAA record (IPv6 address record) - 128-bit IPv6 address. The target had the same task as the A record.
  • CNAME record - a record establishing an alias by which we are able to direct a domain or subdomain to another domain name.
  • MX (mail exchange) record - redirects mail and indicates the server responsible for handling it.
  • PTR record (pointer record) - maps the IPv4 and IPv6 address for a canonical name to one we can understand (e.g. www.bugspace.pl).
  • NS record (name server record) - a record that determines which servers pass domain information from the DNS system.
  • SOA record - contains authoritative information about the Internet domain, min. the main domain server, the domain administrator's email and the domain serial number.
  • SRV record - allows you to include additional information, for example, in the form of an indication of the port and type of uprotocol on which a particular service or server runs.
  • TXT record - allows you to include additional text in the DNS zone. Used, for example, to verify domain ownership or implement the Sender Policy Framework (SPF) specification.

Tools for querying DNS name servers.

Querying DNS name servers is not only used to verify and troubleshoot DNS, but also to get public information about the server. The most well-known tools are host, nslookup and dig. We will focus on the latter. If we already know why to use them, it is necessary to ask ourselves "how".

A basic DNS server query, by default querying the A record from dummy-domain.com, looks like this:

dig dummy-domain.com
Enter fullscreen mode Exit fullscreen mode

After replacing dummy-domain.com with google.co.uk, we get:

; <<>> DiG 9.16.1-Ubuntu <<>> google.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33619
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.pl.         IN  A

;; ANSWER SECTION:
google.pl.      295 IN  A   216.58.209.3

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: śro kwi 14 21:47:16 CEST 2021
;; MSG SIZE  rcvd: 54
Enter fullscreen mode Exit fullscreen mode

At first, the answer we receive may seem complicated and unreadable. The lines preceded by a semicolon should be regarded as comments. From the response we can (but don't have to, as we are about to see) get five sections of information consecutively:

  • Header (header) - the header of the DNS server response,
  • Query (question) - the query sent to the DNS server,
  • Answer (answer) - the DNS server's response to our query,
  • Authority (authority) - indicates the servers that are the final authority for queries on the indicated domain. DNS server for our query can use information held in cache. For example, the Cloudflare resolver caches information for 24 hours. To make sure we get "first-hand" messages, we should query the server indicated in the authority section.
  • Additional (additional) - holds additional information about the statistics (it also includes EDNS from the OPT pseudo-section, telling us about the EDNS version, its flags and UDP packet size).

Of course, in the query we can indicate the record we are querying. In the example, the TTL record.

dig dummy-domain.com TTL
Enter fullscreen mode Exit fullscreen mode

To display the query route described at the beginning of the article, we will use the following command.

dig dummy-domain.com +trace
Enter fullscreen mode Exit fullscreen mode

A command to display only the records in the dns zone:

dig dummy-domain.com ANY +noall +answer
Enter fullscreen mode Exit fullscreen mode

Fun fact - "IN" between the records means that the query is directed through the Internet.

Sources

https://www.cloudflare.com/learning/dns/what-is-dns/
https://pl.wikipedia.org/wiki/Domain_Name_System
https://www.rootusers.com/12-dig-command-examples-to-query-dns-in-linux/
https://neverendingsecurity.wordpress.com/2015/04/13/dig-commands-cheatsheet/
https://mansfeld.pl/webhosting/co-to-jest-dns-jak-dziala/
https://www.kylos.pl/blog/co-to-jest-dns/

💖 💪 🙅 🚩
gpiechnik
Grzegorz Piechnik

Posted on November 30, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

DNS Protocol explained
webdev DNS Protocol explained

November 30, 2023