CyberSecurity,  Network,  wireshark

DNS

August 16, 2017 / 0 Comments

Domain Name System. It is used to resolve  host name (e.g., www.example.com) to an IP addresses (e.g., 205.60.368.111).

It works at the Application Layer which uses UDP and TCP.
A single UDP for request and get reply between client and server, primarily on port number 53 to serve request.
TCP is used when the response data size is more then 512 bytes or we have to perform Zone transfer.

Example:
Let us suppose, we can enter either  http://27.230.168.43/ or http://example.com/ in browser search bar to get us the results. But using a name instead of their IP is seems more easy way to remember. Here, DNS do that easy job for us.

However, IP address and DNS is not same. Here’s why:
IP address is an identifier for a device on a TCP/IP network which is unique for individual device. Whereas, DNS, is to identify that IP address.

How DNS Works: 

1) DNS Query Request 
This is how a DNS Request query look wireshark.

2) DNS query Response 
This is how a DNS Response query look wireshark


1) DNS looks for the the request:
1) Local Machine
2) DNS Cache
3) DNS Server Service

When DNS response are not found locally then, 
1) Root Hints
2) Authoritative and Non Authoritative Response

DNS Cache:
It’s recent memory of the DNS lookups that is stored in our system’s operating system that it can quickly refer to when it is tying to figure out how to load a website.
This the first step a DNS do when a client issue a request.

Root Hints:
It contains the host information that is needed to resolve the name outside the authoritative DNS domains. It contains the name and the IP addresses of the root DNS servers.

2) Authoritative and Non Authoritative Response:
Authoritative Response are the response we get from the DNS, if the file we are searching for are on the same DNS zone.
Whereas, Non Authoritative Response, is when we get the IP address coming from the global server which is not our own.

Below are the step a DNS follows to get request response.

Step 1: Search Host File
When we issue an request “www.example.com“, browser first search it in user system. Basically, it is all stored inside users windows file in their system. If it did not able to find, it’ll ask the Router.

Step 2: Search Router
Router has cache to store recent DNS look ups, that our system can quickly refer to when it is trying to figure out how to load a website. If router, did not able to find the request it will ask ISP to look for it.

Step 3: Ask ISP
ISP or Internet Service Provider, look for that request location in it’s DNS Cache. If it did not found, ISP will ask the IP to the Root DNS.

Step 4: Ask Root DNS
Root DNS will run a query to look for that request location in it’s DNS Cache and if it did not find then, it will then give IP address of TLD to ISP.

Step 5: Ask TLD
Top Level Domain or TLD contains all the top level domains, e.g., .com or .org. It will search for that requested location. If it did not get the result it will IP address of Name server to ISP.

Step 6: Ask Name Server
ISP will then ask Name server, or Google name server for the IP address of the  www.example.com website. Name Server will have the IP location and it will retrieve that result to the ISP.

Step 7: ISP 
After getting the result, ISP will give IP address location to the Router.

Step 8: Router
Router will have the IP and it will give the IP to the browser and now browser will open the website for the user in their system.

You May Also Like

Prompt Injection: The Emerging Threat in LLM Systems

October 5, 2024

Supply Chain Vulnerabilities in LLMs

October 5, 2024

How to build python package and keep your sanity

April 18, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *