DNS Explained, from beginner to master in 7 minutes or less 802 Views Saturday March 28, 2020 | Filip Kunjadić - Ćulibrk

DNS Explained, from beginner to master in 7 minutes or less

If you are a web developer or just starting out your carrier as a one you probably did hear the term 'DNS'. Before we begin let's explain what that means.

DNS - Domain Name System

The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities - Source: Wikipedia.

Well, that was helpful...

Getting started

So let's start from the beginning. There are tons of servers on the internet and every server is marked with a unique external IP address. For example, the IP address of this website is 144.76.222.69. You can use sites like IPINFO to find out the website addresses. But using the command line also works. If you are on UNIX based operating systems like LINUX or OSX you can use this command:

$ nslookup google.com
Server: 192.168.0.105
Address: 192.168.0.105#74
Non-authoritative answer:
Name: google.com
Address: 74.125.127.147

If you are on windows you can use "Command Prompt" to find out the same data:

tracert www.example.com
  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     *        *        *     Request timed out.
  3     6 ms     5 ms     6 ms  68.85.162.74
  4    13 ms     8 ms     9 ms  pos-0-3-0-0-cr01.newyork.ny.ibone.comcast.net [68.86.90.57]
  5    95 ms   100 ms    90 ms  xe-10-1-0.edge1.NewYork2.exampleISP1.net [10.1.169.45]
  6    10 ms     8 ms     9 ms  ae-33-89.car3.NewYork1.exampleISP1.net [10.2.16.133]
  7    10 ms     9 ms    10 ms  192.205.33.93
  8    84 ms    86 ms    84 ms  tbr2.n54ny.ip.exampleISP2.net [172.25.3.110]
  9    86 ms    86 ms    86 ms  cr2.n54ny.ip.exampleISP2.net [172.30.16.133]
 10    85 ms    84 ms    85 ms  cr2.wswdc.ip.exampleISP2.net [172.30.3.38]
 11    84 ms    85 ms    84 ms  cr1.attga.ip.exampleISP2.net [172.30.1.173]
 12    85 ms    86 ms    84 ms  cr2.dlstx.ip.exampleISP2.net [172.30.28.174]
 13    84 ms    84 ms    84 ms  cr2.la2ca.ip.exampleISP2.net [172.30.28.178]
 14   107 ms    84 ms    85 ms  gar5.la2ca.ip.exampleISP2.net [172.30.129.25]
 15    85 ms    85 ms    85 ms  172.30.255.74
 16    85 ms    86 ms    84 ms  mdf001c7613r03-gig-10-1.lax1.example.com [10.10.193.242]
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.

When reading this data it is important to know that all local addresses are addresses in your own Local Area Network (LAN) and once you are out of it you will get to your destination in a couple of hops.

Now you can try and copy this address into your own URL bar and visit "Google"!

74.125.127.147

When you type "facebook.com" in your URL and get Facebook to show up bar that is when the power of DNS. Here is how it works. In case you Once you type the desired URL your browser doesn't know which IP address to call. The browser now needs to find out which IP address to call and that is why it calls DNS server first.

After you call the specific IP the whole magic happens behind the curtains, you can read about how the web works here.

By default, our ISP provides us with DNS servers (this is a setting on your router). But you can modify that and set it to Google DNS which are:

# GOOGLE DNS
8.8.8.8 # PRIMARY
8.8.4.4 # SECONDARY

Now we have requested the DNS server to provide us with an IP address for a specific website.

DNS IS BASICALLY A LIST OF ALL THE DOMAINS AND THEIR CORRESPONDING IP ADDRESSES.

Once our browser finds out the IP address of a website that we have requested it goes to that IP address and loads the website over ports 80 or 443.

74.125.127.147:80 # SEGMENT AFTER : MARKS THE PORT

The port number depends on the server configuration. If a website is loaded using HTTPS protocol usually port 443 is used. But, if a website is loaded using HTTP port 80 is used.

BUT WAIT THERE IS ANOTHER THING WHEN IT COMES TO DNS...

One important thing about DNS and its tables is this. There is another field in that table. And that field is named TTL which stands for "Time To Live" and it is represented in SECONDS. This is a very important field since it lets DNS know when one of the DNS table columns will expire and when it needs to be refreshed.

When you change DNS records on your server it usually takes between 6 and 72 hours until change is propagated.

There are multiple DNS and if propagation is completed on one server it doesn't mean that the other DNS server has updated its records.

HOW TO OVERRIDE DNS

There are certain cases when you are in need of instantly changing DNS but just for yourself. Let me give you an example. You are migrating a website and you want to make sure that it is working properly before you change the current DNS. What you actually need is to be able to visit a your migrated website before DNS is changed. You can do that by editing your HOSTS file.

vim /private/etc/hosts              # ON OSX AND LINUX
notepad C:\Windows\System32\drivers\etc\hosts # WINDOWS

Hosts file would probably look something like this:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1				localhost
255.255.255.255				broadcasthost
::1                                     localhost
fe80::1%lo0				localhost

# EXAMPLE 1
127.0.0.1      mywebsite.local 
# loopback address for local website development

# EXAMPLE 2
31.13.84.37    facebook.com  
# IP address of FAKE facebook asigned to facebook.com

# EXAMPLE 3
143.76.222.69 filipkunjadic.com 
# MIGRATING FROM 144.76.222.69 -> 143.76.222.69

IMPORTANT: The next example is explained for educational purposes only.

What do these example means?

In example 1, you can see a classic setup for local website development. This would be used typically to setup NGINX or APACHE configuration.

In example 2, you can see a classic case of phishing. Imagine publishing a website on an IP address from the example that looks exactly like the Facebook login page and it saves all usernames and passwords so that you can access them. The only thing you would need to change now is the target's hosts file by adding a line from example. Now you would have access to the victim's username and password as soon as they would try to log in.

Of course, this kind of phishing would become obvious on itself once they wouldn't be able to log in and they would probably change their password instantly through an app. That is why phishing is only one part of the hacking process and with that, I am going to leave example number 2 as explained.

In example 3 you can see how you are able to see the website like the migration has already happened. Because one you type in your website URL your browser will first look into your host's file. Once the domain is found your browser will fetch you a website from that address. So, now you can access your website on a new server and everybody else will still see it on an old server. This is a great way to test your new server configuration and I would highly recommend it.

DNS record "Type"

DNS also has another field and it is called Type. All the examples above are "A records". Besides an "A records" that are used to point the domain to an IP address other records are commonly used as well. Here are a few examples:

  • SPF (Sender Policy Framework) is used to determine how to handle your emails and which IP addresses are allowed to send them
  • DKIM (DomainKeys Identified Mail) is a signature-based record that verifies that your domain is an actual sender of an email
  • CNAME (Canonical Name record) maps one domain to another. This is commonly used for www and non-www domain connecting
  • MX (Mail Exchanger record) used in cases when you use 3rd party services (like Google) to handle your emails for example G-suit

Please keep in mind that the same rules (TTL) apply for these records as well.

INSTRUCTIONS ON MIGRATING A WEBSITE, STEP BY STEP:

And now I will try to guide you on how I do my website migrations. Here are the exact steps when it comes to this process:

  • Set the TTL for your domain to 600 (which is 10 minutes) around 3 days prior to migration
  • After 3 days have passed you should test your new server configuration by changing your local hosts' file
  • Once you are sure that server is configured correctly you can change the DNS and after 10 minutes all DNS servers should point to your new server
  • What I like to do is next: Add an HTML comment inside my index page on a new server. So when I impatiently hit refresh I can see when the page is loaded from the new server.
  • One thing not to forget: REMEMBER TO MIGRATE OTHER REQUIRED DNS RECORDS like MX records, SPF, DKIM (if you are using them of course) or you may experience problems with email deliverability and others.
  • Do not forget to set TTL back to its original value (which would be 86400 or 24 hours)

This is just a small part of DNS and I hope that this helps you understand how it actually works! This should make your life as a web developer a bit easier when it comes to migrating your or your clients' website!

If you have any questions, please do not hesitate to contact me via email or social networks I would be glad to give you a hand! And of course, as always, I'm looking forward to your opinion!

#stayHome #keepMigrating #keepCoding