Understanding How DNS Works in Depth

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this movie we're going to go in-depth into how DNS works both from the client and the server side and it's amazing how easy it is to troubleshoot DNS once you understand how it works so if you want to learn more about how to set up DNS and administer it please go to IT DVDs comm DNS stands for a domain name system and we should be a little bit familiar with DNS now from our Windows Server 2016 administration training let's take a little bit deeper look on how the Windows client actually works so if I try to browse for example to the C Drive of DC 0 1 I'm typing in DC 0 1 ITV's Corp comm so it looks like I'm going to the name of DC 0 1 but behind the scenes Windows is actually translating this name into an IP address and that happens any time we use names to access resources over the network because we use IP networks the names don't actually work over the network we need the IP address and Windows client uses DNS to resolve that name to an IP address now if a DNF doesn't work or something like that or the records not found then we'll fall back to some older methods like ll MNR or NetBIOS but right now we're focusing on dns it's what is use 99% of the time hopefully in our environment so let's go step by step on what the Windows client here does when it tries to resolve a name now it's important to note that Windows client we're not just talking about desktops servers our clients as well anytime they axe try to access something over the network by a name well they're our client so step-by-step the first thing the Windows client does is it first looks and it's DNS resolver cash and that's locally on the computer and we actually can take a look at it here if I type in ipconfig space slash flush DNS it will actually clear that cache out if we want to look at it we can type in display DNS so that's going to show our resolve or cache you can see there's a record here for DC 0 1 dot Eve's Corp comm you can see the IP address there's also one for DC 0 to ITV score comm so if it's trying to resolve these names it doesn't have to go out to a DNS server it actually has that information locally and there's this time to live here this lets it know how long it can keep this record in its cache before it has to query a DNS server again to make sure that IP address doesn't change so we might have run into a problem where we are trying to troubleshoot something or maybe we changed a record in DNS and we go over to a computer and it's the name is still resolving to the old IP address well that's because it's in the DNS resolver cache so we would run a run that IP config space slash flush DNS in order to clear it out and then when we try to resolve that name it will actually hit the DNS server get that new record and then it will cache the new record locally so that way it'll have the correct IP address and this TTL time to live is in seconds so other than trying to access resources over the network there's another way that records get loaded into our DNS resolver cache and that's through something called the host file and the host file is actually very useful we can see the path to it here see windows system32 drivers and our Etsy folder here is hosts and it actually does not have an extension a file extension so it's just hosts we can open it and edit if we want to with notepad let's type in notepad if we want to edit it we do need to run notepad as administrator and I'll go ahead and go to open you can see I've already browse to the folder we need to change this to all files because again the host file did not have a file extension so I'm going to click open and here it is so all these pound signs these are these comment out these lines so basically there's nothing in this host file as far as our client is concerned because everything is commented out so now let's say I want a certain name to resolve to a certain IP address well I could certainly change the record in DNS but if we want to do it just on this computer we can use this host file so let's see an example this I'm going to ping website 1.2 use Corp comm ok coming back to the IP address 192.168.1.1 and let's check out the resolver cache and see we've got another one in here there it is so it's in the resolver cache now I'm going to change my host file here I'm going to add an entry I'm going to make it result two one nine two dot one sixty eight dot dot let's say 35 for website one dot edu score comm and I just put a tab in here so I'm going to save this and watch what happens when we say that it's immediately loaded into the DNS resolver cache so remember right now website 1 resolves to dot 101 so now I'm just going to do a display DNS I'm not going to clear it out or anything like that we can see it changed so basically whenever we save this host file it unloads the resolver cache and loads back in whatever is in it and this other record here is actually a pointer record we'll talk about that a little bit later so you can see how this is great for testing if I'm bringing up a new production server or something like that our test server and I want to test it out I can definitely use the host file in order to change a certain domain name to translate to the IP address as a new server I'm bringing up without affecting everybody else by changing it in DNS it's also important to know how it works with the DNS resolver cache so now what happens if the domain name we're trying to access is not in the DNS resolver cache well then it's going to query the DNS server and it's going to use if we go to our network connections the DNS servers that are configured on our adapter so I go to the properties so here's our preferred DNS server 192.168.0 100 and our alternate DNS server is dot 101 so that this tells it where to go if it can't resolve the name with its local DNS resolver cache and just as a quick final example I'm just going to open up my browser here and it's just going to go to what is is somewhat of a default blank page and let's take a look at our DNS resolver cache now so before I just had these two records in it look at all the records it has now just from opening that page so all these domain names had to be resolved just to open up that page and of course they weren't in the result cache it hit the DNS server in order to resolve them now let's take a look at the DNS server and how it functions so let's say I'm going to web browsers here and I want to go to IT DVDs com now when I hit enter our clients going to look in its DNS resolver cache and if we take a look at it here with IP config space last displayed DNS we can see what's in the cache and ITV's comm is not in the cache so it's going to have to hit the DNS server so I hit enter it's going to have to query the DNS server in the DNS server it queries is what's configured in the network adapter these are the properties of it you can see it's going to query 192.168.0.1 hundred so that's DC zero one take a look at DC zero one here I'm just going to open up my DNS snap in go and hit enter and if we aren't connected to our DNS servers we can just right click on it connect to DNS server so DC 0 1 when it gets that query from our client its first going to look in its forward look up zone and see if it's what's called a Thor tative for that particular domain it's authoritative if it has a zone file for it and these are our zone files you can see there's not one for I two DVDs com there's just one for ITD's court comm and that's completely separate from IT DVDs comm and this would be the same process we're searching for google.com or yahoo.com or anything else so if it's authoritative for it then it sends back the response to decline with the IP address but it's not in this case the next step it's going to look in its DNS server cache and we can actually view the DNS server cache by going to view advanced and here it is cached lookups so every time this DNS server has to go out to the internet to figure out an IP address for a domain name it's going to cache it and you can see all the different domain names it cashed and it catches it for as long as the TTL specifies or time to live and remember that's in seconds this way it doesn't have to go back out to the internet and look up the same name over and over again so if I tv.com is in the cache then it's got it's going to send it back to the client and it is currently we can see here ITT DVDs com and there it is and it's cache because we just looked it up but let's say it was not cached because it wasn't cached before we looked it up the next thing it's going to do the DNS server is it's going to go out to our root name servers also called root hints and the root is actually just a dot at the end of our fully qualified domain name in fact what makes a fully qualified domain name is it actually ends in a dot we don't normally type that in but that's how it's properly done so behind the scenes windows our web browser actually adds that ending dot in and that's called the root and these root nameservers are controlled by several organizations that take care of them manage them secure them and they're all highly redundant it looks like there's you know not many here there you can see they start with a letter A and goes through em but behind this name there's many other servers that are geographically all over the place so it's it's highly redundant without these basically the internet wouldn't work very well because we wouldn't be able to use domain names so this name server will send back a response saying what name servers are responsible for the top-level domain com because we're searching for itv.com if it was net it would send back the name servers for dotnet if it was or good B org and this is actually what's called an iterative query because our DNS server sends a query to our root name server it sends back what's called a referral to the dot-com DNS server then our DNS server here sends a query to the dot-com DNS servers the.com DNS servers will know who's authoritative for the next level down which is ITV jeez and the IT DVDs nameservers will have the answer we're looking for so it will have the a record for RIT DVD calm and it will send that back to this DNS server this DNS server then has the answer it's going to cache it and send it over to the client that was requesting it so that process is the same with whatever domain we're looking at it could be WWE yahoo.com same process and one thing that's kind of interesting is we might be wondering well man who who manages these root name servers and then also who manages these comm name servers well we can actually look this up I'm going to go to route - servers org gives us some information about the the root servers and if I scroll down we can see all the different locations of them and for example the a root servers we can go to the home page we can see the operators Verisign the B the information Sciences Institute C cogent communication D University of Maryland find out a lot of educational institutions on here because they were kind of the start of the internet these various organizations the thirteen root nameservers are operated by twelve independent organizations so that's the root nameservers what about like com dot org edu well we can search that up to at I an org and we can see all these top-level domains here there are quite a few and let's take a look at calm for example calm is managed by Verisign find Verisign does a lot it was around in the beginning and without it a lot of the internet probably wouldn't work without that company it also handles the dotnet top-level domain but pretty cool to see all the top-level domains and who actually manages the DNS service for them so when we go to a domain registrar like GoDaddy calm or something like that and purchase a domain name like let's say IT DVDs comm they actually have to register that information with the DNS servers that are responsible for that top-level domain so in that case it would be Verisign Verisign charges a fee for that and of course very go daddy adds on to that fee so that they can make money too in the process of purchasing a domain name so let's see a diagram of what we just talked about here laptop zero one here is trying to go to ITV be calm again let's see the same fist google.com yahoo.com any domain name so it checks its local resolver cache here looking local DNS resolver cache doesn't have it sends request to its configured DNS server which in our case is DC 0 1 DC 0 1 is going to check its zones and its DNS cache to see if it has the information for IT duties calm if it doesn't and we're going to go to number 4 here it sends an iterative query to root hints DNS servers so it's going to go out to the internet and go down query the root hints DNS server that DNS server is going to say ok I know where the dot-com DNS server is that's your next step so it's going to send that information back as a referral down to DC 0 1 so that's step 5 step 6 it's going to send another query or another query this is all part of the iterative iterative process another query to the dot-com DNS server that the root server let us know about dot-com server is going to say ok I know where the itv.com DNS server is it's going to send that information back to DC 0 1 DC 0 1 is then going to query the itv.com DNS server itv.com dns server is going to be authoritative for the itv.com zone so it's going to have information on ITV's comm as well as things like WWE TV calm maybe ns1 itd be calm it's going to have all those records so it sends back the a record for ITV comm to DC 0 1 DC 0 1 is going to cache it and send the information back to laptop 0 1 so now laptop 0 1 has the IP address for ITV calm and now the browser can connect to the web server with that IP address so we talked about it queries where this DNS server where is it another DNS server it gets referral then it queries another DNS server gets another referral then it queries another DNS server it might get another referral or the answer iterative there's also something called a recursive query we're going to talk about this more when we talk about forwarders a recursive query is sent to another DNS server and then that other DNS server does all the work it performs all the iterative queries in order to get the answer and then it sends that answer back to in our case would be DC 0 1 so recursive query in our case is actually coming from laptop 0 1 it's sending our recursive query to DC 0 1 so DC 0 1 does all the work and sends back the answer but again DNS server could also send a recursive query to another DNS server than that other DNS server has to do all the work another thing that's really important to understand is that when we send a query to a DNS server it needs to be for a fully qualified domain name so a fully qualified domain name is going to have a dot in it and technically it's going to end in a dot but again normally we don't type in that ending dot so if I just type in DC 0 2 for example that's not a fully qualified domain name but DC 0 2 GB use Corp com is a fully qualified domain name of course there should be that dot at the end but again normally we don't type that in whatever application we're using normally adds that in for us so then the question comes up if I open up explore here how come I can go to like just DC 0 - backslash C dollar sign so I just use the name that's not a fully qualified domain name but what happens behind the scenes is windows actually appends DNS suffixes and if we take a look at our network connections here go to the right right click on it go to properties let's go to the properties let's go to advanced let's go to DNS you can see there's an option to append primary and connection specific DNS suffixes it's going to append parent suffixes of the primary DNS suffix so even though I've typed in just DC 0 2 it's going to upend the primary DNS suffix and that is let's go to our system now let's go to advanced system settings computer name let's go to change let's go to more you can see the primary DNS suffix for this computer is ITV's Corp comm so it appends that to DC 0 2 and that what MIT that's what makes it the fully qualified domain name so that all happens behind the scenes and let's go back to our network settings here let's say we have others we want to add we can actually add others as well so if there's other domains in our environment like Corp comm I could add that one I could add let's say test comm is another one so now when I type in DC 0 2 it's going to try DC 0 2 Corp comm and DC 0 to test comm as well to try to resolve a name but as you can see this could cause some problems what if there is a DC 0 2 Corp comm na DC 0 0 to test comm well it's going to get the first one in the list so maybe I meant DC 0 to test comm so that's why it's called being ambiguous so that's why in general we want to type in a fully qualified domain name then there's no ambiguity and our DNS client here doesn't have to try to append other suffixes to it to figure out what we actually mean
Info
Channel: ITdvds
Views: 230,081
Rating: 4.9122086 out of 5
Keywords: DNS Explained, DNS Functions, DNS Queries, DNS Training, DNS CBT, Understanding DNS
Id: T-eghY-9WdE
Channel Id: undefined
Length: 19min 17sec (1157 seconds)
Published: Fri Aug 11 2017
Related Videos
DNS Essentials - Understanding & Working With DNS
ittaster
126K
Understanding DNS in Azure
John Savill
25K
DNS Records for Newbies - How To Manage Website Records
OffsproutTV
35K
Windows Server Administration for Beginners - Full Course
IT & Software
2.9M
What is DNS ? How dns exactly works | Why DNS is the backbone of the internet? [2021]
IT k Funde
136K
DNS Record Types - CompTIA Network+ N10-007 - 1.8
Professor Messer
99K
Network Troubleshooting using PING, TRACERT, IPCONFIG, NSLOOKUP COMMANDS
sakitech
3.5M
Installing Active Directory, DNS and DHCP to Create a Windows Server 2012 Domain Controller
Eli the Computer Guy
2.4M
DNS Explained | Domain Name System | Cisco CCNA 200-301
CertBros
28K
TCP/IP and Subnet Masking
Eli the Computer Guy
3.5M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.