How to Master DNS in 10 Minutes
DNS isn't complicated. Let's break it down...
Today I will cover all you need to know about DNS…for entry level IT :^)
It would be difficult to cover everything in one article, but we can certainly hit the 30k foot view.
I am still getting into the swing of how this newsletter will be laid out. The ultimate goal is to get you the information you need to lead a successful IT career.
My idea was to share knowledge on common IT concepts while having an accompanying series to get hands on practice. That’s what the home lab series was intended to do.
The home lab series will take what you learn from articles like this and use them in a practical sense. Then you have something to talk about in interviews and can create a banger portfolio.
I’m always looking for comments on suggestions that will better help your learning.
Let me know.
What is DNS
DNS stands for Domain Name System. It is one of the many acronyms you’ll run into on a regular basis in IT.
The purpose of DNS is to resolve IP addresses based off of fully qualified domain names. A fully qualified domain name is something like https://www.twitter.com/.
Data is routed in a network using IP addresses. Your computer doesn’t know what twitter.com is. It has to go ask a DNS server if it has an IP address for twitter.com.
This is a great technology for us humans. We communicate ideas using words, not IP addresses. Think about how many unique websites you visit in a week.
2-3?
3-10?
20+?
Imagine if you had to remember the IP address for each of those websites. That would be an absolute nightmare.
Oh shoot was Twitter 52.16.83.124…or was it 52.16.83.188. No that was Facebook?
Thank you DNS. <3
You could make the analogy that DNS is like the contact list in your cell phone. A cell phone maps a name to a number for you. You no longer have to remember your mom’s phone number. With DNS, you don’t have to remember IPs.
Where’s my DNS Server?
I mentioned the words “DNS server” earlier.
“Tanuki, I have never set up a DNS server in my house. Do I have one?”
You probably do. Let’s revisit the DHCP article for a minute:
You know that box that your internet service provider (ISP) gave you that’s sitting on a table somewhere in your house? Maybe its in a closet? Yeah that’s running a DHCP server…and handles DNS queries…and routes traffic…and…I’ll stop there.
The box from your ISP is doing all kinds of things for you. The DHCP server on that box is setup to tell your network devices to use that same box for DNS queries.
It’s telling your devices, “If you need to get an IP address from a domain name, you come to me first!”
There’s nothing stopping you from changing what DNS server your devices choose to use. You can set up your own DNS server within your LAN or use a public DNS server like Google’s hosted at 8.8.8.8. It’s common for businesses to use the DNS server running on a Windows server as their primary DNS.
Once you have a different DNS server you can configure your DHCP server settings and have it tell devices the location of this new DNS server. Optionally you can even change the primary DNS server for just one device.
Changing your machine’s primary DNS server
Go to Control Panel > Network and Internet > Network and Sharing Center > Change Adapter settings.
Right click on the active adapter and select properties.
Left click on the “internet Protocol Version 4 (TCP/IPv4) text. Don’t uncheck the box.
Click the “Properties” button.
Click the “Use the following DNS server addresses” radio button to configure your machines DNS server.
Make sure you set it to a valid DNS server or you won’t be able resolve domain names anymore.
There’s still a missing piece though. How the heck can that box from our ISP know the IP address about the bajillion websites that are out on the open web? The thing is…it actually doesn’t.
Whenever we go to a domain name, like twitter.com, for the first time our local DNS server doesn’t know anything about it. So what it’ll do is it’ll query it’s own DNS server which is called a Root DNS server.
If the Root DNS server doesn’t have our answer, then it will forward us to a top level domain (TLD) DNS server. A top level domain is something like .com, .net, or .org. The TLD DNS server will then send us on our way to the twitter.com authority server.
The authority DNS server stores a list of domain names and their associated IP addresses. It will respond to a recursive DNS server about the IP address for a domain name.
This entire process may lead to some confusion. Here’s the order:
You type twitter.com in your browser and hit enter.
Your computer asks your local DNS server for the IP of twitter.com
Your local DNS server asks its configured Root DNS server if it knows.
The root DNS server doesn’t know. It goes to a .com DNS server.
The .com DNS server sends us to the authority server for twitter.com
The IP address is sent to our local DNS server and it sends it to your computer.
Our computer is finally returned the IP address. It keeps it in a cache for later.
This process happens in just a few seconds. If we were to view this process in a diagram it would be hierarchical.
Debugging DNS
There’s a famous IT haiku that is often repeated:
Many times in your career you’ll spend an unreasonable amount of time resolving an issue just to discover it was DNS. Sometimes you’re not even clear on how DNS caused the issue, but it did.
DNS is tightly integrated into Active Directory Domain Services (AD DS). DNS name resolution makes it possible for clients to locate domain controllers. DNS acting up can cause weird AD issues.
Debugging DNS, and other network issues, could be its own article but there are helpful commands we can learn about now.
The first command we have is nslookup. nslookup is a tool for querying a DNS server to get an ip and domain name mapping. I encourage you to run it right now for any domain name. Open a Windows command prompt or Linux terminal and type:
nslookup <domain name>I ran it for substack.com:
Pretty easy right?
Just like that you can query a DNS server straight from a Windows command prompt or Linux terminal. Let’s look at another one.
Now let’s look at the Domain Information Groper command or dig. I don’t know why, but the term groping in any context always feels…weird.
The dig command let’s us query a DNS server just like nslookup. Here’s an example of me running it on Ubuntu 20:
The output looks different, but take a look at the ANSWER SECTION. We got the exact same IPv4 addresses. Sweet.
Next we have a web tool. Open a web browser and head over to mxtoolbox.com/DNSLookup.aspx. Type in a domain name and hit the button and take a look at the results. We get additional information.
It looks like substack.com is using Cloudfare as their DNS hosting provider, the time to live on the A record type is 5 minutes, and either IP address points to the substack.com server.
The last tool I want to show you is also a web tool. Make your way to dnsdumpster.com. DNS Dumpster is a great tool for doing open source intelligence or OSINT.
My favorite feature of it is it will build out a map of the domain name’s DNS records. Type in substack.com, click the button, and give it a few seconds to load. Then scroll to the bottom until you see a massive DNS map.
Here’s just a portion of it:
We can see the DNS servers, mail exchange (MX) servers, and A records (goes off the screen) in a laid out map for us. You might use this tool in a legitimate penetration test on a clients network when looking for possible weak points.
Understanding DNS Record Types
We know that DNS is responsible for Domain name to IP mappings.
We know that we query DNS servers and those servers will query other ones until they get the required response.
We know how to query a DNS server through command line and use web tools.
There’s one last core part I feel you should know. That last part is the different DNS record types and how they are configured.
A DNS server can be configured with the following types:
Let’s cover the most used types.
The most common record type is probably the A record. “A” records map a domain name to an IP address. Look back at the MXToolbox output. We saw that an A record existed that mapped 172.64.154.11 to substack.com.
The opposite of an A record would be a PTR record. A PTR record allows DNS clients to do reverse lookups. A reverse lookup is when we get a domain name from an IP address. We go in reverse.
TXT records gives us the ability to associate text with a domain name. The main uses for TXT records are for email spam prevention and proving domain ownership.
TXT records prevent email spam by allowing administrators to configure SPF records, DKIM records, and DMARC records. To prove domain ownership an administrator may configure a specific string of text in a domain record and then a third party can check if that specific string exists for the domain.
The MX, or mail exchange, record specifies the mail server that will accept email messages for that domain name. If my domain name is connected to G Suite then I would put something like aspmx.l.google.com. as my MX record.
Wikipedia has a great article on the rest of the DNS record types. Check it out here.
Wrapping Up
This was your introduction to DNS. I hope it made sense.
The main thing you should take away is DNS is used to resolve IP addresses from domain names. If I got that hammered in then that’s fine for now.
Future labs in the home lab series will have us messing with a DNS server on a Windows Server 2019. This will help tie a lot of the pieces together. I’m excited to continue that series and show you all the cool stuff you can do within a home network.
Post questions in the comments or reach out to me over DMs.
FAQs
Question: What port does DNS work over?
Answer: 53. It is designed to use both TCP and UDP with UDP being the defaul.
Question: What’s the difference between recursive and iterative DNS queries?
Answer: A DNS client will send a recursive query and expect the DNS server to do the work with contacting other DNS servers on its behalf. It’s up to the DNS server if it honors this or not. An iterative query is when the DNS server responds with where to check next. For example, if we ask for substack.com then the DNS server will respond with the .com DNS server we need to check with.
Question: Do I need to know all the DNS record types?
Answer: Probably not. When configuring DNS I use A, AAAA, and CNAME the most. I’ll sometimes use TXT records for setting up SPF and DMARC for email.
Thank you for the concise and well thought out information!