1 00:00:00,005 --> 00:00:02,008 - [Instructor] The Domain Name System is what translates 2 00:00:02,008 --> 00:00:06,004 your favorite domain names into IP addresses. 3 00:00:06,004 --> 00:00:10,001 A domain name is something like gregsowell.com. 4 00:00:10,001 --> 00:00:11,002 It was first designed 5 00:00:11,002 --> 00:00:15,005 at the University of California, Irvine, in 1983. 6 00:00:15,005 --> 00:00:18,007 It's designed to be a hierarchical distributed system 7 00:00:18,007 --> 00:00:20,003 that's capable of translating 8 00:00:20,003 --> 00:00:22,009 the massive amounts of requests required by the internet 9 00:00:22,009 --> 00:00:26,001 or within a small private network. 10 00:00:26,001 --> 00:00:28,008 If a client wants to resolve gregsowell.com, 11 00:00:28,008 --> 00:00:31,007 it will first check its DNS cache. 12 00:00:31,007 --> 00:00:33,009 The DNS cache is a portion of memory 13 00:00:33,009 --> 00:00:37,006 that temporarily stores domain name to IP mappings 14 00:00:37,006 --> 00:00:39,006 that have already been queried. 15 00:00:39,006 --> 00:00:43,002 If it does have it cached, it will simply use that address. 16 00:00:43,002 --> 00:00:46,007 If it does not, it will begin the lookup process. 17 00:00:46,007 --> 00:00:50,002 To do name resolution, an admin must first specify 18 00:00:50,002 --> 00:00:53,007 which DNS servers to use on their client machines. 19 00:00:53,007 --> 00:00:55,000 When a host does a lookup, 20 00:00:55,000 --> 00:00:59,000 it will send a UDP packet to port 53 on the DNS server 21 00:00:59,000 --> 00:01:01,009 asking for resolution of a domain name. 22 00:01:01,009 --> 00:01:04,001 If the DNS server has the entry cached, 23 00:01:04,001 --> 00:01:07,004 it will send back a response containing the IP. 24 00:01:07,004 --> 00:01:10,008 If it does not, it will consult its root hints file. 25 00:01:10,008 --> 00:01:14,006 This file is a mapping of some of the root servers to IPs. 26 00:01:14,006 --> 00:01:16,008 Since I'm looking for gregsowell.com, 27 00:01:16,008 --> 00:01:20,002 my server will first make a request to a root server. 28 00:01:20,002 --> 00:01:21,009 This root server will then point me 29 00:01:21,009 --> 00:01:24,008 over to one of the top-level domain servers. 30 00:01:24,008 --> 00:01:26,003 Top-level domains will be something 31 00:01:26,003 --> 00:01:30,004 like com, net, org, and so on. 32 00:01:30,004 --> 00:01:33,001 After I'm referred to the com TLD, 33 00:01:33,001 --> 00:01:35,008 I begin my search for the start of authority. 34 00:01:35,008 --> 00:01:39,000 This is the DNS server that originates the domain. 35 00:01:39,000 --> 00:01:41,001 I will query the com TLD server 36 00:01:41,001 --> 00:01:43,001 to find out which server I should reference 37 00:01:43,001 --> 00:01:44,006 to find gregsowell.com. 38 00:01:44,006 --> 00:01:47,003 The TLD will then tell me who is authoritative 39 00:01:47,003 --> 00:01:50,005 for the gregsowell.com sub-domain. 40 00:01:50,005 --> 00:01:54,001 I'll then query that specific authoritative server. 41 00:01:54,001 --> 00:01:57,000 When the server SOA responds with the IP address, 42 00:01:57,000 --> 00:01:59,004 the querying server will cache this entry 43 00:01:59,004 --> 00:02:02,000 and send the result to the querying host. 44 00:02:02,000 --> 00:02:05,008 Each DNS host address or the ultimate record being queried 45 00:02:05,008 --> 00:02:09,000 has a finite amount of time that it can be cached for. 46 00:02:09,000 --> 00:02:11,002 This is known as the time to live. 47 00:02:11,002 --> 00:02:15,000 Generally, the lowest this can be set is about five minutes, 48 00:02:15,000 --> 00:02:18,001 though the default is usually about 24 hours. 49 00:02:18,001 --> 00:02:20,009 If an admin plans to make an adjustment to a record 50 00:02:20,009 --> 00:02:22,009 and wants it to propagate quickly, 51 00:02:22,009 --> 00:02:24,005 they can set the record low. 52 00:02:24,005 --> 00:02:27,004 There are several types of records that can be queried. 53 00:02:27,004 --> 00:02:31,002 A few of the more popular are host or A record, 54 00:02:31,002 --> 00:02:35,008 canonical name or CNAME, and mail exchanger or MX. 55 00:02:35,008 --> 00:02:39,009 An A record is the basic mapping of an IP to a host name. 56 00:02:39,009 --> 00:02:44,000 A CNAME is an alias that will point to another DNS host name 57 00:02:44,000 --> 00:02:45,007 for ultimate resolution. 58 00:02:45,007 --> 00:02:48,005 For example, 1.google.com is a CNAME 59 00:02:48,005 --> 00:02:50,008 that points you to 2.google.com, 60 00:02:50,008 --> 00:02:53,004 which is ultimately resolved to an IP. 61 00:02:53,004 --> 00:02:57,000 An MX record is the first step in sending email. 62 00:02:57,000 --> 00:02:59,002 When your email server wants to forward a message 63 00:02:59,002 --> 00:03:01,000 to the google.com domain, 64 00:03:01,000 --> 00:03:03,008 it will request google.com's MX record. 65 00:03:03,008 --> 00:03:05,004 The email will then be forwarded 66 00:03:05,004 --> 00:03:09,004 to whatever host IP was resolved by the MX record. 67 00:03:09,004 --> 00:03:11,007 There are also reverse lookups. 68 00:03:11,007 --> 00:03:15,009 This takes an IP and queries for its associated DNS name. 69 00:03:15,009 --> 00:03:19,003 These can be used when doing traceroutes to resolve each hop 70 00:03:19,003 --> 00:03:21,007 or when verifying email servers. 71 00:03:21,007 --> 00:03:24,005 If an end user's machine is infected with a virus 72 00:03:24,005 --> 00:03:26,009 that sends copious amounts of spam, 73 00:03:26,009 --> 00:03:29,001 it generally doesn't have a reverse record 74 00:03:29,001 --> 00:03:30,009 for that sending domain. 75 00:03:30,009 --> 00:03:33,007 DNS has long been indispensable, 76 00:03:33,007 --> 00:03:35,007 so the better you understand it, 77 00:03:35,007 --> 00:03:38,000 the easier it is to troubleshoot.