DNS Explained – Part 2 (Tools)

In linux, there are some tools that we use to check what DNS settings that domain name are using. Most linux servers to include Redhat / CentOS / Debian use built in DNS services such as named. The named service is the built in DNS service which control panel such as Plesk and CPanel use to host their DNS settings locally.

Commands Used for DNS Queries:

  • nslookup command – Name Server Lookup Tool for finding the name servers where the zone file is located for the domain you are looking for.

 

 

 

  • dig command – Just using dig with a domain name brings back the IP Address of where the domain lives.

 

 

 

 

  • whois command – Looks for information about the domain stored at ICANN.

 

 

 

 

  • host command – The host command is used to do DNS lookups and will convert a domain name to an IP address.

 

 

 

 

—===—===—===—

—===—===—===—

 

 

Files used in DNS related queries:

 

  • /etc/resolv.conf – holds name servers used by server

 

 

 

 

  • /etc/hosts – holds all host related information. Contains domain names and IP Addresses

 

 

 

 

 —===—===—===—
—===—===—===—

 

 

Search for domains mail exchanger record:
  • nslookup -type=mx domain.com

 

 

 

 

  • dig mx google.com 

 

 

 

 

Search for domains A record:
  • nslookup -type=a domain.com

 

 

 

 

  • dig a domain.com

 

 

 

 

Search for domains Name Server record:

 

 

  • nslookup -type=ns domain.com

 

 

 

 

  • dig ns domain.com

 

 

 

 

Search for domains CNAME record:

 

 

nslookup -type=cname domain.com

 

 

 

 

 

  • dig cname domain.com

 

 

 

 

Search for domains SPF record:

 

 

  • nslookup -type=spf domain.com

 

 

 

 

  • dig spf google.com

 

 

 

 

List All records for a domain:

 

 

  • nslookup -type=any domain.com

 

 

 

 

  • dig google.com any

 

 


 

 

dig @8.8.8.8 domain.com

 

 

whois 1.2.3.4

 

 

—===—===—===—
—===—===—===—

 

 

When migrating zones from GoDaddy, make sure that everything comes across except for the GoDaddy specific entries i.e. domaincontrol.com. Double or even triple check the information to makes sure that everything needed has been added to the /var/named/domain.com.hosts file.
– Verify that all new domains that have been added have the group of named added.
chgrp named /var/named/domain.com.conf
– Verify that the named service configuration file does not have errors.
named-checkconf /etc/named.conf
Also check the domain zone files to make sure that there are no errors.
[root@dns01 named]# named-checkzone directdns.com directdns.com.hosts
zone directdns.com/IN: loaded serial 1389974311
OK
[root@dns01 named]# named-checkzone domain1.com domain1.com.hosts
zone domain1.com/IN: loaded serial 1389974311
OK
– Reload the named service configuration.
[root@dns01 named]# rndc reload
server reload successful
– Restart the named service.

[root@dns01 named]# service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
– Verify the named service status.
[root@dns01 named]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 (Not available)
CPUs found: 2
worker threads: 2
number of zones: 48
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  7264) is running…
—===—===—===—
—===—===—===—

[root@dns01 ~]# cat /var/named/domain1.com.hosts
$ttl 300
domain1.com.  IN      SOA     dns01.domain2.com. postmaster.domain2.com (
                        1389974311
                        10800
                        3600
                        604800
                        38400 )
domain1.com.  IN      NS      dns01.domain2.com.
domain1.com.  IN      NS      dns02.domain2.com.

@                               MX      10      mx.domain1.com.
@                               TXT     “v-spf1 a mx include:subdomain.domain3.com incluide:authsmtp.com ~all”
as                              A       1.2.3.4
sbam                            A       1.2.3.4
tc                              A       12.13.14.15
ald                             A       1.2.3.4
osi                             A       1.2.3.4
mx                              A       13.14.15.16
pd                              A       1.2.3.4
isi                             A       2.3.4.5
nald                            A       2.3.4.5
ldsaving                        A       1.2.3.4
quasar                          A       5.6.7.8
sat                             A       5.6.7.8
conectado                       A       2.3.4.5
nsb                             A       2.3.4.5
mlld                            A       2.3.4.5
lds                             A       1.2.3.4
ctl                             A       5.6.7.8
peak                            A       21.22.23.24
cbs                             A       1.2.3.4
lld                             A       1.2.3.4
nlds                            A       2.3.4.5
dld                             A       1.2.3.4
dp                              A       1.2.3.4
bnld                            A       2.3.4.5
bsa                             A       1.2.3.4
lda                             A       1.2.3.4
lcr                             A       2.3.4.5
ceot                            A       1.2.3.4
ftp                             CNAME   domain1.com
www                             CNAME   domain1.com

[root@dns01 ~]# cat /var/named/directdns.com.hosts
$ttl 300
directdns.com.      IN      SOA     dns01.domain2.com. postmaster.domain2.com (
                        1389974311
                        10800
                        3600
                        604800
                        38400 )
directdns.com.      IN      NS      dns01.domain2.com.
directdns.com.      IN      NS      dns02.domain2.com.


boss                          A       123.123.13.123
legent                       A       123.123.14.123
peak                          A       123.123.15.123
quasar                      A       5.6.7.8
telecircuit                A       123.123.16.123
ftp                             CNAME   directdns.com
www                         CNAME   directdns.com

—===—===—===—
—===—===—===—
A few web sites for troubleshooting

DNS Explained – Part One

During a training session yesterday, we had a presentation about DNS that made perfect since. Here are some points that came out of the training which I think everyone can use.

 

-What does DNS stand for? Depending on who you Goggle or ask it usually will be Domain Name Service

 

-What does DNS do? DNS connects the domain name to an IP Address

 

-DNS is like the phone book of the internet. When a query is made on a domain name, the search is trying to find the IP Address associated with the domain name. This is similar to your cell phone contacts list. You see a list a contact which point to a phone number to make contact.

 

-ICANN is the master DNS system – They run how the DNS works

 

-The reason for needing access to DNS when hosting a web site or application is that there is a possibility that your IP Address may change and you need to make sure that there is no downtime, or the least amount of downtime possible,

 

-What is a URL? A URL has a protocol such as http, https, ftp. These tell what type of communications that you are trying to accomplish such as http – unsecure web traffic, https – secure web traffic, ftp – file transfer.

 

-What is a Subdomain? A subdomain can be broken down into smaller parts for the parent domain name. If you look in a DNS control panel, you will see designations such as www, mail, store, docs, etc. These are considered subdomains as they point to other sections or pages of the parent domain.

 

-What is a Top Level Domain (TLD)? The top level domain information is basically the last part of the domain name. For example, .edu, .com, .net, and .org. These represent what type of site that you have created.

 

Examples:
-http://www.google.com/search = URL
-http://search.google.com = subdomain
-.edu, .com, .net, .org = tld (Top Level Domain)

 

-What are DNS resolvers? DNS resolvers do the phone book lookup which takes the domain name and locates the IP Address that is assigned to that domain name.

 

-What are name servers? The name servers are used to do the queries to locate the IP Address of the website. Name servers use zone files which include the IPAddress and where it needs to go.

 

-What are some of the DNS Record types used?

 

An A-record (address record) maps a hostname to an IP Address.

 

 

An AAAA-record (address record) maps a hostname to an IPv6 Address.

 

 

A CNAME (canonical name) record maps a host name to another hostname or FQDN.

-**A CNAME is NOT a redirect. It is an alias**

-**Do Not CNAME a parent domain. You will break the zone file.**

 

 

A MX record is the mail exchanger record which maps the domain to a particular address with a priority. The lower the priority number, i.e. 10, 20, 30, etc. the higher the priority that the exchanger has.

 

 

A TXT (text) record is used to hold some text information. You can put virtually any free text you want within a TXT record. A TXT record has a hostname so that you can assign the free text to a particular hostname/zone. The most common use for TXT records is to store SPF (sender policy framework) records and to prevent emails being faked to appear to have been sent from you.

 

 

An NS (name server) record allows you to delegate a subdomain of your domain to another name server.

 

 

An SPF record is a Sender Policy Framework record. An SPF record is actually a specific type of TXT record.

 

 

An SPF record is used to stop people receiving forged email. By adding an SPF record into your DNS configuration any mail servers receiving email, that is allegedly from you, will check that the email has come from a trusted source. The trusted sources are provided by the SPF record that you set up.

 

—===—===—===—

 

Use dig with a DNS server IP. In the example I used Google 8.8.8.8 to do a search.

 

 

—===—===—===—

—===—===—===—

 

Below is a quick how to on how DNS moves its information from the browser to the hosting server:

 

-1. Type domain name into browser
-2. Browser does not know IP of domain name so it looks at the resolver for information
-3. Resolver talks to a bunch of NAME Servers until it finds the one that has a ZONE FILE for the domain name.
-4. The resolver reads the ZONE FILE to learn the IP ADDRESS of the domain name
-5. The RESOLVER then tells my computer/browser the IP ADDRESS for the domain name
-6. Apache is read and the content is sent back to the local browser.

 

So basically, it was explained very simply with the following:

When you go to a web site, the domain name needs to be registered. Once registered, there will need to be name server entries added at the registrar showing where the domain lives.

 

Registrar  –>  Name Servers  –>  Zone File  –>  IP Address

 

—===—===—===—

—===—===—===—

 

TTL – Time To Live:

The TTL tells the browser how long it must keep the web site information until it goes back out for new web site content. The TTL can be set from 5 min to 24 hours depending on the provider and if you need a change to go quickly, set that level to the lowest it can go. By setting the lower you can also see a greater load on the DNS side. The TTL change is done within the zone file.

Domain Name Registrar:

The domain name registrar is used to store and retrieve information about a domain name such as contact information about the owner and when the domain name will expire. This information is pulled and sent to ICANN as well.

 

—===—===—===—

—===—===—===—

Here is a brief description on the DNS Resolution process:

– Each domain name has a name server attached in order for internet browsers to find the correct location of the domain.

– Each domain contains an IP Address which is given at the server side that the web service lives on.

– At the registrar of the domain, the name servers are added as ns, ns1, ns2 etc while the domain name to IP address is added as an A record.

– When an application needs to resolve the domain name, it looks at the name servers to be able to resolve the information. For example, in linux, the nslookup command is used to resolve the name and IP address.

– Basically from the client side, you type in a browser, the domain name you are wanting to visit. The browser will check the local or client resolver which will be cached data. The local cached data may come from a local hosts file or bind services.

– If the client side does not get anything back, the client will question a preferred DNS server which will include the ns.domain.com, ns2.domain.com, etc. When the DNS server gets a query, it will check its local zone files to see if it can give an answer back. If it can not find the information needed in the local zone files, it will go to the local cached data to see what it can find. If the DNS servers can not complete the query, it will try to do a recursive search to fully resolve the domain name.