Hello friends,
I am back again with some more tutorials . The whole tutorial is going to be divided in 4 parts .
Part 1 - Basics of DNS
Part 2 - Linux and Windows Commandine Utilties to query dns
Part 3 - Advanced Tools - Dnsdict6 , Fiere , theHarvester
Part 4 - Bash Scripting to Automate DNS Queries and Security Issues in DNS
Well what is DNS ?
DNS stands for Domain Name System. It is used to resolve host name to IP Address and vice-versa.
A simple overview of its working
It is not possible to remember all the ip address of the system. DNS helps to give a hostname i.e a meaningful name for an ip address since it is easy to remember a name instead of a series of numbers. So when I want to browse any site say google.com I put that address in the address bar. After that the system using DNS query queries the dns server to resolve the ip address of google.com. Say it responds with an answer 74.125.236.41 . Now the browser will intiate a TCP connection to 74.125.236.41 at port 80.
It provides the following services
1. Host Aliasing - Say for example a complicated hostname like training.subgroup.site.com can have alias like www.site.com . Here training.subgroup.site.com is a cannonical hostname.
2. MailServer Aliasing - Example mail.school.hackerrank.com can have alias like hackerrank.com . The MX records can be used to extract the information about the various email server. We will see it in details when we will study about nslookup in details.
Port used by dns to query and resolve hostname to ip : Port 53
Type of connection used : Mostly UDP . But can use TCP if the size of payoad is greater than 512. Like if we do zone transfer.
Types of DNS Server
- Root DNS Server
- Top Level Domain
- Authoritative DNS Server
- Local DNS Server
Types of queries DNS make to resolve any ip address
- Iterative
- Recursive
Types of records
1. Type=A - Hostname to IPv4 addressing
2. Type=AAAA - Hostname to IPv6 addressing
3. Type=NS - Name server record that maps a domain name to a list of DNS Servers authorative to that domain
4. Type=MX - Mail Exchange records that maps a domain name to a list of mail sever for that domain
There are even more types of record. Please do some more research work and find about some more interesting records .
Okay so now you know how dns works ! And its time to have fun with dns ! It time for some real life demos. Check out part II . And thanks for reading :)