Friday, February 28, 2014

8:00 AM
1
DNS stands for Domain Name Server although you may hear it referred to as Domain Name System. DNS servers are used to associate a name instead of IP's for websites, they use DNS so that a client can lookup the name eg. facebook.com instead of numeric ip '173.252.110.27'.

Basically, a DNS server is a computer which is running a nameserver daemon listening on UDP port 53. When a new domain is setup from a domain name service. The DNS service then tells its clients who has authority over the domains registered with it.

Example a client ip with 1.2.3.4 wanted to resolve the address test.com and 1.2.3.4 nameserver is on 1.3.3.7  Now 1.2.3.4 would ask 1.3.3.7 what is the IP of test.com. The nameserver 1.3.3.7 then ask the dns service who had authority over test.com and the dns service might reply with ns.test.com. After that, 1.3.3.7 would ask what is the numeric ip for ns.test.com; supposed it has 3.1.1.3

After 1.3.3.7 resolve the numeric ip of ns.test.com, it will then tell 1.2.3.4 (the client) that the ip of test.com is 3.1.1.3 and the name would be resolved.

DNS servers also cache addresses that are looked up by it s clients. So if the client again ask what the address of anothersite.com it will not ask dns service again, instead it would take the IP that it had previously been resolved. It basically tells the client what was told earlier point and caches it in the same way. As you can see DNS server doesn't do alot of checking when another nameserver replies to its query. And this can lead to DNS spoofing if you have root access to a nameserver.


If you are using modern UNIX and Linux variants, you will have a built in command line utility `whois` to resolve data from whois.networksolutions.com for NIC handles and whois.arin.net for IPv4 addresses and network names. The usage always requires at least one argument, usually an IP address or domain name you're going to resolve. Here's an example on how to use this:

$ whois blogger.com


Lastly, if your box doesn't have whois utility you can alternative use
$ telnet whois.arin.net 43 
then input the IP of the domain you want to resolve.

telnet



1 comments:

  1. Hopefully your DNS Server is listening on TCP and UDP port 53. Most queries and responses go across UDP, but if the response in particular is too large, it truncates and sends via TCP.

    ReplyDelete