Understanding DNS system with examples
DNS is short for Domain Name System. It is simply a database that links meaningful names (known as hostnames), such as howtouselinux.com, to a specific IP address, such as 188.8.131.52.Each device connected to the Internet has a unique IP address. With the system of DNS, we don’t have to memorize IP addresses.
All domains are required to have at least a few essential DNS records for a user to be able to access their website using a domain name. This is the key concept of DNS.
Here are 4 commonly used DNS records.
- A record — A record is used to map a domain (e.g., howtouselinux.com) or a sub-domain (e.g., blog.howtouselinux.com) to an IP address or many ips.
- PTR record — Provides a domain name in reverse-lookups. eg. (184.108.40.206 — howtouselinux.com) check more about A record. Understanding DNS A Record with Examples
- CNAME record — also known as canonical name records, are used to create aliases that point to other names. They are commonly used to map WWW, FTP and MAIL sub-domains to a domain.
- MX record — MX (Mail Exchange) records control how incoming email is routed for your domain.
Check this post to learn more about DNS records. Understanding DNS Records — PTR MX SRV CNAME AAAA .
How to query DNS record
Each application like Chrome has its own mechanism to get the DNS record. We will explain how to use the Linux command to query DNS records.
We can use dig name + record type + @dns server to query the DNS info from a DNS server. By default, dig performs a lookup for an A record if no type argument is specified.
- server — the IP address or hostname of the name server to query. It is optional and if we don’t provide a server argument then dig uses the name server listed in /etc/resolv.conf.
- name — the name of the resource record that is to be looked up.
- record type — the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types.
check more about how to use dig command to query DNS info
Example of DNS record
We can see that google.com has 6 A records with the following example. The main purpose of this is for load balance and fault tolerance.
$ dig google.com +short
Which port does DNS use?
DNS uses both TCP and UDP port 53. The most frequently used port for DNS is UDP 53. This is used for DNS queries on the client-side. Check more info about DNS port here.
How to use tcpdump to filter DNS Query packets?
We can use this tcpdump command to filter DNS query packets.
- tcpdump -i eth0 udp port 53 We can write these packets to a file with this tcpdump command and analyze these packets with Wireshark GUI.
- tcpdump -i eth0 -w /tmp/dns.pcap udp port 53 We can read these packets from dns.pcap file to get more details about the DNS query.
- tcpdump -vvv -r /tmp/dns.pcap port 53
check more info about how to use tcpdump to capture DNS packet
Example of DNS Packet Analysis
We can get the A record for google.com with the flowing command.
dig google.com +short
This is the output of tcpdump command after we run the above dig command. Check more info about how to use dig command to query DNS records here.
20:11:00.466866 IP 10.79.98.233.54127 > 220.127.116.11.53: 60712+ [1au] A? google.com. (39)
This is the packet we get from the DNS server for this DNS query.
20:11:00.560294 IP 18.104.22.168.53 > 10.79.98.233.54127: 60712 6/4/1 A 22.214.171.124, A 126.96.36.199, A 188.8.131.52, A 184.108.40.206, A 220.127.116.11, A 18.104.22.168 (207)
By default, the dig command query the A record for that domain name with UDP protocol. Check this post to learn more about other DNS records like AAAA, MX, PTR etc.
Free DNS Servers in 2021
Flush DNS Cache with Command Quick Guide
Exploring DNS TTL with Examples
Understanding Linux Dig Command
Exploring EDNS with Examples
Best and Fastest DNS Server For PS4 PS5
Best and Fastest DNS Servers For Gaming
What is DNS? DNS Meaning
Query DNS Txt Record with Dig Command