![alexandrumiu.eu ~]](https://blog.alexandrumiu.eu/wp-content/uploads/2023/12/android-chrome-64x64-1.png)
I remember getting frustrated when looking up online for information on DNS because I was getting the same result over and over again more or less: DNS translates domain names to IP addresses. Yet that doesn’t seem to be too helpful when having almost any problem where DNS in involved.
It took me quite a while to wrap my head around this concept and to get a general idea on how DNS actually works. I still hope I got it all right. And yes, it’s just a general idea on it, because it is and does so much more than you’ll read here. But at least I’ll try to give you a brief idea to get you through your day.
DNS stands for Domain Name Systems and yes, its main purpose is to translate domain names to IP addresses.
Computers communicate to one another based on a set of numbers grouped into 4 so called octets that you probably have seen before. They look something like this: 192.168.0.1. This set of numbers is called an IP. Think of it as a post code used to deliver messages to certain addresses. For the sake of simplicity I’ll not go into networking nad private/public addressing.
Now, since people are not computers, remembering such number strings isn’t that funny of an activity. That’s where DNS comes in. It is easier for people to remember google.com let’s say, rather than 142.250.186.142.
So, what’s the flow?
When you open your browser and type in google.com my understanding is that the following things happen:
- Your browser checks its local cache first (so, if you previously accessed google.com, you’ll probably get the page displayed), then it looks to see if you have any local records for google.com. What does that mean? I believe every OS has got a file somewhere called hosts or probably something similar. In Linux most probably you’ll find it in /etc/hosts. In my Windows 10 that is C:\Windows\System32\drivers\etc\hosts.
What does that file do? Well, I’ll give you an example. That’s what my hosts file looks like:
What does that mean? I’ve told my laptop to go to 10.100.100.1 whenever I access pfsense.lan for example. So that’s what it does:
For the sake of this article, I am going to add to that hosts file the following line:
10.10.100.1 washingtonpost.comAfter that, my expectation is that, when I try to access washingtonpost.com (from a new private window, because remember the browser first checks its cache and if washingtonpost.com has been accessed before you will probably get the actual page of the newspaper), I should be able to access my pfsense firewall which is what actually happens:
It doesn’t work properly as you can see, because the firewall has some security in place to prevent malicious activities which can be carried by tampering DNS records as you can imagine at this point. But the point is, my local record was the one taken into consideration first and that washingtonpost.com could have been google.com or any other domain you want.
- Your computer will ask its DNS server given into its network configuration (that can be manually set up or automatically given through a thing called DHCP by your router) who google.com is. You can see who your DNS server is by opening a Command Prompt (hit the windows key on your keyboard and search for command prompt). Once that window on a black background opens up, type in:
ipconfig /allThe output should be fairly straight forward, similar to:
As you can see my DNS server is 10.10.100.10. That’s where I made some records for my various LAN hosts (such as pfsense.lan). To avoid any potential confusion on why did I make those local records in my hosts file if I already have them made on my DNS server the answer is fairly simple: because this is my work laptop and when I work from home I connect to a VPN and that VPN gives my laptop other DNS servers (the ones i have blacked out above the yellow 10.10.100.10 in the image above) with higher priority and those servers obviously do not know anything about my home network. So that’s just a workaround for me to still have access to my local resources via their human readable names when connected from my house to a VPN.
- That DNS server will not know out of nowhere where to find various domains (considering it’s the first time when you access a certain domain), but it will use yet another DNS server in turn for querries. The bottom line is there can be a chain of DNS servers until we get to something called the Root Name Servers of the “.com” in our case (the .com from google.com) who will not know what the IP address of google.com is, but instead will know what server(s) is/are responsible for the domain google.com or in other words its authoritative name server(s).
As you can see, the Root Name Servers for “.com” (they are non-authoritative name servers in relation to google.com because they are not the ones responsible for that domain – they simply point you to who’s responsible for it) replied with a list of 4 servers and their IP addresses: ns1, ns2, ns3 and ns4.google.com.
Those are what we call authoritative name servers. To over simplify the picture, those servers are just computers that host something called a DNS zone for google.com. A DNS zone is simply put a text file which contains various lines in it in regards to a domain they represent.
- The authoritative name server will reply with the actual IP address of google.com;
Inside the DNS zone file for google.com there will be a line that links google.com to 142.250.186.142. That’s what’s called an “A record”. An A record simply points a domain or subdomain to a certain IP address.
There are various types of records besides the A records, which you can find by googling something like “dns records types” which will lead you to pages like this.
Keep in mind this is an over simplified explanation meant to just give you a better overall understanding and it barely scratches the surface on this topic. Sites and domains like google.com will never work as simple as I explained mainly due to their size. They will be using stuff like geo location (meaning that google.com will have a certain IP when accessing it from Romania and a different one when accessed from Australia let’s say) and clusters (two or more computers acting together for a main purpose) and many many other things involved.
But for small sites/domains (like mine) this will probably be the case.
There will be a part 2 on the subject so stay close. I intend to cover some commands that can help you even further.
Also, as I said before, in case you notice any flaw in my understanding, please do let me know. Most of the stuff I’ve learnt on my own, getting into Internet’s darkest corners, but we all know not all sources are reliable.