- What is DNS, or Domain Name System? In this video I'm gonna
explain it in a lot of detail, but before we get there. Alexa, nslookup amazon.com. - [Alexa] The DNS lookup for
Amazon.com is 176.32.103.205. - That is an example of what DNS does. It's essentially resolving a name, typically a domain name to an IP address. Before we get started
with the technical content I'm trying something new in this video. This is a sponsored video, it's sponsored by Fasthosts.co.uk, but not only are they
sponsoring this video, they are also sponsoring
an amazing giveaway. Someone is gonna win free flights, free accommodation and free entrance to South by Southwest. What a fantastic prize to win. To win this prize you need to know the answer to this techy question. Which protocol is used
to resolve domain names, such as Fasthosts.co.uk to IP addresses? If you know the answer to
that technical question, you can enter using the link below. But please before you do that, be aware that this
competition is only open to UK residents. If you're not based in
the UK, don't worry, I've also hidden some extra
giveaways in this video, so use the hidden links in this video if you want to win some additional prizes. But the main prize is
this fantastic giveaway. Someone is gonna win free flights, free accommodation and free entrance to South by Southwest 2020. Fantastic giveaway. Now let me know what you think. Would you like more of
these sponsored videos and more of these sponsored giveaways? If I get companies to sponsor
videos and sponsor prizes that means that more of you have the opportunity to win
something really cool. So what do you think, should we continue with the sponsored videos
and sponsored giveaways? (upbeat music) ♪ Everything must end ♪ - Nslookup google.com. - [Alexa] The DNS lookup for
google.com is 172.217.164.142. - We as humans don't communicate
easily using IP addresses, we use domain names, so if I told you to go to Google's IP address you probably don't even remember
what the IP address was, but you'll remember what google.com is. So DNS essentially resolves
a human readable name, such as Amazon.com or google.com to a machine readable IP address. Machines don't use names,
they use IP addresses. In IP version 4 we use
dotted decimal notation, IP addresses such as 192.161.1.1 IPV6 uses IP addresses such as 2001::123. There are many many IP
addresses out there, and many websites. It's much easier to
remember a domain name, once again like
Facebook.com or Amazon.com, rather than the IP address of a server. And to further complicate
it, like in my example, depending on where you are in the world a domain name may resolve to a different IP address for load balancing. So if I'm in the UK and I ping google.com, I may get a different result you if you are in the US or Singapore or somewhere else in the world. It's much easier to
remember the domain name than it is to remember an IP address. But machines use IP addresses and traffic is routed across the internet using IP
addresses, not names. DNS is a fundamental building
block in networks today. Without DNS internet wouldn't
really work very well because very few of us are
gonna remember IP addresses. As an analogy DNS is like a telephone book taking a name, converting
it to a telephone number. But in this case taking a domain name and converting it to an IP address. In the bad old days I'd have to look up someone's number in a book, and then I'd have to manually
dial their telephone number, but I don't think any of
us do that these days. On a phone like an iPhone today, we're not gonna manually
type a number like this and then dial it. We're going to go to our
contacts in search for a contact and then just press on the
contact to call the person. A lot of us probably don't even know our own telephone numbers these days, we don't know the telephone
numbers of other people, because we simply look them up
in a directory on our phone. This is a local directory, we can do something very similar on a PC by using what's called the hosts file. That is the most basic
version of so-called DNS. It's not DNS but it's a local lookup. So you could create your own version of DNS locally on your PC
by editing the hosts file. Taking that a step further, companies may have a local DNS server that resolves names
within the organization. But on the public internet we
have distributed DNS systems that allow us to resolve
names such as Google, Facebook, et cetera. - [Man] Welcome to the future. Come explore and experience
the world of tomorrow, today. - If you know me, you know that
I like to give things away, however, it wouldn't be possible to give away the amount
of stuff that I giveaway without the sponsorship of companies such as Fasthosts.co.uk. So I really want to thank them
for sponsoring this video, really want to thank them for
sponsoring this amazing prize where someone is gonna win free flights, free accommodation and free
entrance to South by Southwest. To win this prize you need to know the answer to this techy question. Which protocol is used
to resolve domain names such as Fasthosts.co.uk to IP addresses? If you know the answer to
that technical question you can enter using the link below, but please before you do that be aware that this competition is
only open to UK residents. If you're in the market for domain names or dedicated servers or web hosting, or email services such as
standard email or exchange, or WordPress hosting, then Fasthosts can help
you with that requirement. They have been providing
services since 1999. They have over 1.2 million domains hosted. Over 650,000 customer mailboxes. Over 320,000 websites are
hosted by Fasthosts.co.uk. You can also partner with them if you want to resell hosting. So have a look at their website if you are interested
in registering a domain, or you want to host a website, you need a quick and easy
way to build a website, or you need to host your email, or if you need a dedicated
server or virtual private server. Or if you want to simply resell their hosting and start
your own web business. So once again I really
wanna thank Fasthosts for their sponsorship of this video, and the sponsorship of
this fantastic prize. Have a look at their website if you are interested once
again in registering a domain, or if you want web hosting. So let's continue with
the technical video. It's all very good and
well talking about DNS, but I want to show you
practically how it works. I'm gonna show you Wireshark captures, I'm gonna show you how to set up a DNS server on on a Cisco router, how to set it up one an Ubuntu server. I'll show you basically
how you can manipulate DNS to do anything that you want. You need to be careful that
you use trusted DNS servers. Don't just trust any DNS server out there. DNS can be intercepted
and you can manipulate the DNS servers used by PCs to get them to go to the incorrect domain. Fortunately today a lot
of browsers like Chrome have a whole list of
certificates preloaded on them, so you'll get a warning
if you end up going to an incorrect domain such
as Microsoft.com or cisco.com. So in this topology I've
got a Windows 10 computer, it's connected to a Cisco switch, which is in turn connected
to a Cisco router, which connects us to the internet. This topology is running in GNS3, I'm hosting this entire
topology on my computer, so forgive me if the fan goes a bit crazy it's all running locally on my Mac. I also have an Ubuntu PC, which will configure as a DNS server. Firstly let's have a look
at the Windows computer. Here's my Windows PC, I'll open up the CMD prompt,
make this a bit bigger. Ipconfig shows me that
this is the IP address of the PC IP version 4
default gateways 10.1.1.254, and I should at this point be able to ping my default gateway, which I can. Default gateway is this Cisco router, with IP address once again 10.1.1.254. The switch is a layer two switch, it's not really doing anything except giving connectivity in the network. So back on the PC, ipconfig /all shows us that this PC has
two DNS servers configured. 8.8.8.8. And 1.1.1.1. In other words, Google and Cloudflare are the two DNS servers
configured on the PC. So I'll start a Wireshark capture between the PC and the switch so that we can see
what's actually going on. Windows sends a lot of
traffic into the network, so as you can see here a bunch of traffic is being sent by that Windows computer out into the network, but I'm gonna filter for DNS, and then back on the PC what I'll do is ping a domain
such as davidbombal.com, and notice we get a reply
from this IP address. 217.160.0.69. Now the CPU is spiking on my PC here, the throughput through a Cisco switch and a Cisco router running
GNS3 may be a bit slow, but the point is that I am getting replies
back to that domain. And if we have a look at
the Wireshark capture, what you'll notice is that we can see that this IP address 10.1.1.1, sent a DNS request to 8.8.8.8 for domain davidbombal.com. So just to confirm on the PC once again, IP config shows us that this
is the IP address of the PC. The PC sent a request to the DNS server, notice the query is for davidbombal.com, it's an A record. A record is a domain
name and IP version 4, AAAA is a domain name and IP version 6. So the PC is asking the DNS server what the IP address is
of this domain name. Going back a step, at
layer two in the OSI model, or TCP/IP model if you prefer, we have ethernet two. That's because this
network is using ethernet. So it's an ethernet connection from the Windows PC to the ethernet switch. The source MAC address is the
PC destination MAC address is the router, basically the traffic is being switched from
the PC to the router, because that's how it
gets onto the internet. So layer two's source MAC address will be the PC destination, MAC address will be the router. But at layer three, IP
version 4 source IP address is the source IP destination,
IP address is Google. You may notice that this
is an RFC 1918 address, in other words it's a private IP address, it's non-routable on the internet. But the router is implementing Network
Address Translation or NAT. This is very typical of what
your routed home will be doing. So notice it's NATing this IP address. It is NATing it to
another ROC 1918 address, but that's because this router
is connected to a cloud, which is actually
bridging my PC physically, so this PC here onto my
physical home network, and I have an internet router that routes this onto the internet, so it's actually being
NATed multiple times. But what's important to point out here, is notice the protocol
at layer four is UDP, or User Datagram Protocol. Source port number used is 5249, that is what's called an
ephemeral or random port number. Destination port number is 53, which is the well-known
port number for DNS. When a server is configured
to host multiple services, it's got to serve a purpose, so it's a server that's acting
as let's say a file server, when you connect to that server
it's gonna give you a file. But when you connect to it using DNS it's listening on port 53 if it's being configured as a DNS server. So you send traffic to port 53, the server is listening on port 53, to running an application like, which I'll show you in a moment, dnsmasq, which is a DNS server application, and then it responds back to that request on the port number that you choose. So if you connect to a DNS
server like this PC is doing, you will use a random port number, or ephemeral port number going
to a well-known port number. And then it will reply back from that well-known port number. And we can see that here Google is replying from a source port number 53, going to the port number
that the PC chose. The Windows 10 PC chose this port number, the Google DNS server replies
back to that port number. So again, it's UDP, destination port number is this,
source port number is this. Digging deeper into the DNS information, we can see domain name system, it's a query, it's a
standard query for a name. We're trying to resolve a name. The name that we're
resolving is davidbombal.com. And the DNS server replies back saying this is the answer, this domain name has this IP address. 217.160.0.69. So back on our Windows PC, that is the IP address that we see. So I could copy that IP address, go to a web browser. If I type the domain name it's
gonna browse to that server, so I'm able to connect to the
domain using the domain name, and this depends on the server. I should be able to connect to
the IP address of the server. In this example I'm getting a 404 error. Some servers will not allow you to connect directly on the IP address, that's typically because multiple domains are hosted on a single IP address. I'll stop the Wireshark capture, and what I want to show you once again is that DNS is essentially just a resolution of name to IP address. And you can do that directly
on your Windows computer. So in Windows I'll open up notepad, I'll run this as an administrator. Before I open a file if I ping router one, notice we told that that
domain name is not found. The same with router one Home.com. The ping request times out, I can't ping that domain name. But what I could do is open a file, and what I'm gonna do is go to C/Windows/system32/drivers/etc, and I'm going to open the hosts file. This is a file on the
local Windows computer, just zoom in there to
make it easier to read. And I can edit this, so I can say 10.1.1.254 is router one. And 10.1.1.254 is router one Home.com. And save that file. So I'm editing a local file that maps host names to IP addresses. So now when I ping router
one, notice that works. When I ping router one
.home.com, that also works. But if I ping router two, that fails because it's
not in the hosts file. And Google is not replying
back with that information. So if I said r2 like
this, and save that file. Now ping r2, that resolves. Name got resolved to an IP address. In this example the
network's a bit unstable, so the pings are timing out, they had succeeded, but the important part is
a domain name got resolved. That name got resolved to an IP address. If I remove these entries from
the hosts file and save it. I'll clear the screen there. When I ping r1 now, that's
gonna time out because I don't have an entry
for that domain name. That's essentially what a DNS server does. It takes a domain name and
maps it to an IP address. On this Windows computer I'm going to change the DNS server
to the Cisco router. So go to the ethernet settings, rather than using Google as
the DNS server and Cloudflare. I'm only going to specify my
local router as a DNS server. In this example I've configured the router to accept DNS
queries and answer them, and if it doesn't know the
answer to forward it to Google. This is once again a Cisco router, but your home router probably does something very, very similar. So if I type show run pipe include, which basically allows me to look for a command and search for DNS, you can see that I've
enabled IP DNS server, so the router will act like a DNS server. Show IP route shows us
that it has a default route to a router physically
in my local network, that's another Cisco router that actually physically connects
me out onto the internet. This device can ping google.com, so if I type show run pipe include name. Typically I would have IP name server, something like this, but it actually got to that because the outside interface, in other words the interface connecting this device to the internet is using DHCP. So through DHCP it learned
the default gateway, also learned the DNS server information. So once again it could ping davidbombal.com as an example. Now the PC won't be able to ping router1.home.com as an example, because the router isn't
configured with that information. On the Cisco router if I try
and ping router1.home.com, that's not gonna work because it doesn't know about that domain. Notice it's actually trying
to get to the internet router to try to find out what that domain is. But if I type IP host, and specify a host name
like router1.home.com, and then specify an IP address, of let's say 10.1.1.254, the local router. This router will be able to ping itself. It's done a name resolution locally. And the PC will also be
able to ping that domain. I'm gonna flush the DNS cache, so it doesn't have any
cached entries locally. And then in GNS3 I'll run
a Wireshark capture here, and what we'll filter for is DNS. So basically we'll see a DNS request from the PC going to the router and the router replying
if it does a DNS request. So ping R1.home.com. That works. In Wireshark we can see the
DNS request from another random or ephemeral port going to port 53, but the DNS server is 10.1.1.254,
which is the local router. It's asking for the IP
address of this domain name. And the router is replying back saying, the IP address of that domain name is 10.1.1.254. So standard query for an A record, because this is IP version 4, but in this case the
query went to the router. Now the router's gonna forward on DNS queries that it
doesn't know the answer to, and we can prove that by
running a Wireshark capture between the router and the
internet, so on this link. So we're seeing a whole bunch of traffic, because that is bridged
to my physical network. Once again what I'll do
here is filter for DNS, you can see some other DNS
queries are already taking place. On the Windows PC I'll ping
davidbombal.com once again, you don't have to use ping,
you could use nslookup. So let me show you that as well. But notice it did get resolved, and it looks like it didn't get forwarded. So let's do an nslookup
for a different domain, let's say Cisco.com. Resolution is this IP address. So notice there we go, we've done an nslookup, notice in this case it's a DNS query for both the IP version 4 address. So we've got a query for
the A record, Cisco.com. And then we've also got a query for the IP version 6 IP address. So in this case the reply came back saying this is the IP address
of Cisco IP version 4. And this is the IP version 6 address. And we can see that here. IP version 6 and IP version
4 in our Wireshark capture notice that the source IP
address is 192.168.1.67, which is actually the router. Show IP interface brief shows us that that is the IP address of the router. So the router is querying
another device for the IP address information because it doesn't know it locally. So that's the whole idea with DNS, if the local DNS server
doesn't know the answer, It forwards that query to a
more authoritative DNS server. And in this case we're getting both the IP version 4 IP address, as well as the IP version 6 IP address because I used NS lookup. You need to make sure that
the DNS server you query is giving you good information. As an example on this
router I could create a host name for Cisco.com and simply point it to another IP address, let's say the local router. On the PC I'll flush the DNS cache, so flush DNS, and then I'll ping Cisco.com. Notice the IP address
resolve is 10.1.1.254 it's not the actual IP address of Cisco. So if you're DNS entries are manipulated, or you're connecting to a false DNS server you could end up going
to the incorrect server. You may think you're going to
Cisco.com or another domain, but actually you're being
redirected somewhere else. So hackers will often target DNS servers, have rogue DNS servers which allow them to push your traffic where they want to. Again fortunately, because their certificates are
preloaded on browsers today, you may be warned if you
go to the wrong server. Typically you're not going to use your Cisco router as a DNS server, you might use it to
forward DNS request onto a DNS server on the internet, but you wouldn't want to configure your local
router as the DNS server. You may in some cases, but typically not. What you typically want
to use is a Linux server to be the DNS server. So in this example I'm gonna show you how to set up a DNS server
on a Ubuntu computer. This is a Ubuntu desktop, typically you'd run this on a
server rather than a desktop. But the same principle applies. So ipconfig shows us the
IP address of the server, can we ping google.com? Yes we can, so we're getting
a resolution of that to me. Now to set up this Ubuntu
PC as a DNS server, I need to disable systemd resolved, because there is a conflict on port 53. You cannot have two services
listening on port 53. I want to set up dnsmasq, so
I want to disable this process so that dnsmasq can listen
on that port number. So I'm gonna disable systemd resolved, and then I'm gonna stop it. I'll put all these
commands below this video if you want to access this
yourself and see the commands. Next thing I'm gonna do is edit, I'm just gonna use nano
for that to keep it simple, resolve.conf. Name server set to this at the moment, I'm gonna set the name server to Google. Then I'm gonna do sudo apt
update to update references, it might be a bit slow here because I'm going
through the GNS3 network, going through Cisco devices like this in GNS3 is very slow, so I'll speed the video up if necessary. So the references have been updated, so what I'm gonna do is install dnsmasq. And that's now been installed. Now my Mac is going crazy, there seems to be an issue
with VMware Fusion and the Mac where the CPU starts acting like mad, so I'm sorry if there's a
lot of background noise. But hopefully you can
hear what I'm saying. Now to edit dnsmasq,
it's not that difficult. I am gonna edit etc dnsmasq.conf. Now there's quite a few options
that you can change here, but I'm just gonna change
some of the basics. Set the port to 53, that is the default. For housekeeping and to
be a better net citizen I'm going to uncomment
domain needed and bogus priv, so we'll never forward
plain domain names onto the internet and
non-routable address space. And then essentially all I
need to do is uncomment this, because I don't want to use etc resolve, I'm going to put domain
names directly here. So what I could do is simply add domain
names like r1.home.com, and the IP address. And whatever other domain
names I want to enter. So let's say my router
home.com, same IP address. And then all I need to
do is save that file, and then restart the service. So sudo systemctl restart dnsmasq. I can look at the status of I want to. You can see that this lightweight DHCP and caching DNS server is running, so now in my Windows
PC to prove the point, let's configure the DNS
server to the Ubuntu PC. So I'm gonna set the
DNS server here to 200, which is my Ubuntu PC and click okay. So let's flush the DNS, DNS has been flushed, do that again. So can I ping r1.home.com? Yes I can, because that's been resolved by the Ubuntu server. That was quite a long video, but hopefully you've learned something. I've shown you how to capture DNS queries and responses using Wireshark. I've showed you the source
and destination port numbers. I showed you how you can configure a Cisco router as a DNS server, and how to configure an
Ubuntu PC is a DNS server, and then we tested the queries and make sure that it worked properly. I'm David Bombal, and I want to wish you all the very best. (upbeat music) ♪ Everything must end ♪
