1
00:00:00,000 --> 00:00:01,680
In this lesson, we're going to talk about

2
00:00:01,680 --> 00:00:04,530
the Domain Name System, or DNS.

3
00:00:04,530 --> 00:00:07,050
The DNS protocol is used to help our network clients

4
00:00:07,050 --> 00:00:09,630
find a website using human readable host names

5
00:00:09,630 --> 00:00:11,820
instead of numeric IP addresses.

6
00:00:11,820 --> 00:00:14,430
For example, if I wanted to tell you to go to my website,

7
00:00:14,430 --> 00:00:16,980
I can simply say, go to diontraining.com,

8
00:00:16,980 --> 00:00:18,510
and that's a lot easier for you to remember

9
00:00:18,510 --> 00:00:19,860
than having to say something like,

10
00:00:19,860 --> 00:00:23,790
it's at 66.123.45.237,

11
00:00:23,790 --> 00:00:25,380
or whatever the IP address of my web server

12
00:00:25,380 --> 00:00:27,060
happens to be right now.

13
00:00:27,060 --> 00:00:29,160
After all, saying all those numbers out loud

14
00:00:29,160 --> 00:00:31,500
as part of a TV commercial isn't quite as catchy

15
00:00:31,500 --> 00:00:33,000
or memorable as telling your customer

16
00:00:33,000 --> 00:00:35,880
to visit coca-cola.com or microsoft.com,

17
00:00:35,880 --> 00:00:38,370
or diontraining.com, right?

18
00:00:38,370 --> 00:00:40,440
So how does the computer know how to find

19
00:00:40,440 --> 00:00:43,410
the web server's IP from these given domain names?

20
00:00:43,410 --> 00:00:46,410
Well, that is the entire purpose of DNS.

21
00:00:46,410 --> 00:00:48,840
The way DNS works is that when a user's computer

22
00:00:48,840 --> 00:00:50,430
is told to go to Dion Training,

23
00:00:50,430 --> 00:00:52,147
it's going to reach out to a DNS server and say,

24
00:00:52,147 --> 00:00:54,780
"Hey, do you know where I can find Dion training?"

25
00:00:54,780 --> 00:00:56,340
And then the DNS server will reply back

26
00:00:56,340 --> 00:00:59,310
and say, "Oh, yeah, I know where diontraining.com is.

27
00:00:59,310 --> 00:01:02,880
It's located at 66.blah.blah.blah."

28
00:01:02,880 --> 00:01:05,220
Then the client can get redirected to the web server

29
00:01:05,220 --> 00:01:07,320
using the router and their WAN connection.

30
00:01:07,320 --> 00:01:10,590
Since they now know the right IP to use as the destination.

31
00:01:10,590 --> 00:01:12,750
This all happens in the background for your users

32
00:01:12,750 --> 00:01:14,550
without them even having to ask

33
00:01:14,550 --> 00:01:17,040
because DNS is such an embedded part of our networks

34
00:01:17,040 --> 00:01:18,810
and our systems these days.

35
00:01:18,810 --> 00:01:21,030
Now, most of us when we're operating as a home user,

36
00:01:21,030 --> 00:01:23,160
aren't going to be running our own DNS servers,

37
00:01:23,160 --> 00:01:25,500
and instead we rely on our internet service providers

38
00:01:25,500 --> 00:01:28,530
to do this for us, but if you're running your own websites

39
00:01:28,530 --> 00:01:30,510
or you're working for a large corporate network,

40
00:01:30,510 --> 00:01:32,700
you may also want to have your own DNS server

41
00:01:32,700 --> 00:01:35,340
inside of your network, and then you'll be responsible

42
00:01:35,340 --> 00:01:37,230
for setting up your own DNS records

43
00:01:37,230 --> 00:01:39,030
that will dictate what servers are located

44
00:01:39,030 --> 00:01:40,980
at what IP addresses.

45
00:01:40,980 --> 00:01:42,720
This allows you to run your own domain name

46
00:01:42,720 --> 00:01:44,430
and host resolution, which will convert

47
00:01:44,430 --> 00:01:46,560
these domain names to IP addresses.

48
00:01:46,560 --> 00:01:47,880
And if you want to think of it this way,

49
00:01:47,880 --> 00:01:50,790
it's really similar to a contact list on your phone.

50
00:01:50,790 --> 00:01:52,290
Nowadays, how many phone numbers

51
00:01:52,290 --> 00:01:54,000
do you actually have memorized?

52
00:01:54,000 --> 00:01:56,010
Probably not a whole lot because you just pull out

53
00:01:56,010 --> 00:01:58,170
your cell phone and you scroll down to the person's name

54
00:01:58,170 --> 00:01:59,820
and then hit their name with your finger

55
00:01:59,820 --> 00:02:01,260
and it dials them up.

56
00:02:01,260 --> 00:02:03,180
For instance, if I want to call my friend up,

57
00:02:03,180 --> 00:02:04,830
I would simply scroll down to their name,

58
00:02:04,830 --> 00:02:06,060
push my finger on their face,

59
00:02:06,060 --> 00:02:07,650
and my phone on the contacts app,

60
00:02:07,650 --> 00:02:09,630
and immediately it dials their number.

61
00:02:09,630 --> 00:02:11,580
I don't have to memorize those 10 digits.

62
00:02:11,580 --> 00:02:12,930
That's because as people,

63
00:02:12,930 --> 00:02:15,930
we remember names and faces better than we do numbers.

64
00:02:15,930 --> 00:02:18,450
And so we do this face or name to number conversion

65
00:02:18,450 --> 00:02:20,160
in our phones all the time.

66
00:02:20,160 --> 00:02:21,960
Well, it's the same thing for computers,

67
00:02:21,960 --> 00:02:25,050
except computers actually like numbers better than names,

68
00:02:25,050 --> 00:02:27,660
but we as humans want names instead of numbers.

69
00:02:27,660 --> 00:02:30,240
So what we want to do is convert the domain names

70
00:02:30,240 --> 00:02:32,400
into IP addresses that are used for routing

71
00:02:32,400 --> 00:02:35,340
in our computers, and that's what DNS does for us.

72
00:02:35,340 --> 00:02:38,340
It converts names to numbers and numbers to names.

73
00:02:38,340 --> 00:02:40,500
Now, one of the key concepts that we use in DNS

74
00:02:40,500 --> 00:02:44,730
is what's known as an FQDN or a Fully Qualified Domain Name.

75
00:02:44,730 --> 00:02:47,820
This is when a domain name is under a top level provider.

76
00:02:47,820 --> 00:02:50,580
The most common top level provider is .com,

77
00:02:50,580 --> 00:02:52,717
but there's many other ones out there like .mill,

78
00:02:52,717 --> 00:02:55,350
.edu, .org, and .net.

79
00:02:55,350 --> 00:02:57,780
Let's go ahead and use the example of Dion Training.

80
00:02:57,780 --> 00:03:00,720
At Dion Training we have a lot of different servers online

81
00:03:00,720 --> 00:03:02,550
to do a lot of different functions.

82
00:03:02,550 --> 00:03:04,470
One of those servers is actually our web server

83
00:03:04,470 --> 00:03:08,310
located at www.diontraining.com.

84
00:03:08,310 --> 00:03:10,560
Now, the top level domain here is .com,

85
00:03:10,560 --> 00:03:13,290
and the domain name that I use is Dion Training.

86
00:03:13,290 --> 00:03:16,170
To be fully qualified, I'm going to add the www

87
00:03:16,170 --> 00:03:18,990
to the front of it, making it a fully qualified domain name

88
00:03:18,990 --> 00:03:22,650
of www.diontraining.com.

89
00:03:22,650 --> 00:03:24,300
So if you want to get to my web server,

90
00:03:24,300 --> 00:03:28,470
you'll go to your browser and type in www.diontraining.com,

91
00:03:28,470 --> 00:03:30,360
and you'll be redirected to my web server,

92
00:03:30,360 --> 00:03:33,030
because DNS knows that it should resolve the IP address

93
00:03:33,030 --> 00:03:35,017
of my web server anytime somebody asks,

94
00:03:35,017 --> 00:03:38,340
"where is www.diontraining.com?"

95
00:03:38,340 --> 00:03:40,830
Now, on the other hand, if you want to go to a file server,

96
00:03:40,830 --> 00:03:44,130
you might want to go to ftp.diontraining.com.

97
00:03:44,130 --> 00:03:45,510
If you want to go to my mail server,

98
00:03:45,510 --> 00:03:48,360
you might type in mail.diontraining.com.

99
00:03:48,360 --> 00:03:49,680
All three of these are examples

100
00:03:49,680 --> 00:03:52,770
of fully qualified domain names or FQDNs.

101
00:03:52,770 --> 00:03:56,790
Essentially, you're going to have some service, a dot, a name,

102
00:03:56,790 --> 00:03:58,860
a dot, and a top level domain.

103
00:03:58,860 --> 00:04:00,120
And this works the same way

104
00:04:00,120 --> 00:04:03,090
no matter what domain you're looking at across the internet.

105
00:04:03,090 --> 00:04:05,370
Now, DNS is set up as a hierarchy,

106
00:04:05,370 --> 00:04:06,840
and there are actually five different levels

107
00:04:06,840 --> 00:04:09,270
in this hierarchy, starting with the root level,

108
00:04:09,270 --> 00:04:11,760
the top level domain, the second level domain,

109
00:04:11,760 --> 00:04:13,920
the subdomains, and the host.

110
00:04:13,920 --> 00:04:15,480
The root level is the highest level

111
00:04:15,480 --> 00:04:18,329
in the DNS hierarchy tree, and the root name server

112
00:04:18,329 --> 00:04:20,820
is going to answer requests in the root zone.

113
00:04:20,820 --> 00:04:22,620
These servers contain the global list

114
00:04:22,620 --> 00:04:25,807
of the top level domains like .com, .net,

115
00:04:25,807 --> 00:04:28,350
.org, .mil, and many others.

116
00:04:28,350 --> 00:04:29,850
The second level down we have

117
00:04:29,850 --> 00:04:32,100
is what's known as the top level domains.

118
00:04:32,100 --> 00:04:34,320
These are broken up into two categories,

119
00:04:34,320 --> 00:04:37,440
organizational hierarchies like .com, .net, .org,

120
00:04:37,440 --> 00:04:39,540
and others, and then geographic hierarchies

121
00:04:39,540 --> 00:04:42,187
such as .uk for the United Kingdom,

122
00:04:42,187 --> 00:04:44,610
.it for Italy, .fr for France,

123
00:04:44,610 --> 00:04:46,740
and many other countries around the world.

124
00:04:46,740 --> 00:04:48,240
The third level down is what we call

125
00:04:48,240 --> 00:04:49,830
the second level domains.

126
00:04:49,830 --> 00:04:51,810
And these domains are going to tie directly

127
00:04:51,810 --> 00:04:53,700
below the top level domain.

128
00:04:53,700 --> 00:04:56,250
For example, my domain diontraining

129
00:04:56,250 --> 00:04:59,400
is a second level domain underneath the top level domain

130
00:04:59,400 --> 00:05:02,550
of .com, which is underneath the root level.

131
00:05:02,550 --> 00:05:05,790
Now, the fourth level down we have is known as a subdomain.

132
00:05:05,790 --> 00:05:07,140
Now, if I want to create a new server

133
00:05:07,140 --> 00:05:10,230
underneath my second level domain of diontraining.com,

134
00:05:10,230 --> 00:05:12,420
I can do that using a subdomain.

135
00:05:12,420 --> 00:05:14,880
In my case, I have multiple different subdomains,

136
00:05:14,880 --> 00:05:16,830
including the www subdomain

137
00:05:16,830 --> 00:05:21,150
located at www.diontraining.com for my web server.

138
00:05:21,150 --> 00:05:22,830
I have another one called support,

139
00:05:22,830 --> 00:05:26,220
and the support subdomain is support.diontraining.com,

140
00:05:26,220 --> 00:05:27,660
which leads to my support portal,

141
00:05:27,660 --> 00:05:29,550
and I have many, many others.

142
00:05:29,550 --> 00:05:32,010
The fifth and final level is the host level.

143
00:05:32,010 --> 00:05:33,990
Now, this is the lowest and most detailed level

144
00:05:33,990 --> 00:05:35,700
inside the DNS hierarchy,

145
00:05:35,700 --> 00:05:37,770
and it refers to a specific machine.

146
00:05:37,770 --> 00:05:40,290
When we think of DNS though, most of us like to think

147
00:05:40,290 --> 00:05:42,180
of a fully qualified domain name,

148
00:05:42,180 --> 00:05:45,420
something like www.diontraining.com,

149
00:05:45,420 --> 00:05:48,060
which contains a subdomain, a second level domain,

150
00:05:48,060 --> 00:05:50,010
and a top level domain.

151
00:05:50,010 --> 00:05:52,020
Now, if I wanted to take this a step further,

152
00:05:52,020 --> 00:05:54,660
I can actually look at it from a URL perspective,

153
00:05:54,660 --> 00:05:57,420
which stands for a Uniform Resource Locator.

154
00:05:57,420 --> 00:05:59,370
Again, taking my web server as an example

155
00:05:59,370 --> 00:06:02,040
with www.diontraining.com,

156
00:06:02,040 --> 00:06:04,320
that was a fully qualified domain name,

157
00:06:04,320 --> 00:06:05,580
but it doesn't actually tell you

158
00:06:05,580 --> 00:06:07,410
how you're going to access it.

159
00:06:07,410 --> 00:06:10,410
Do you want to access it securely or insecurely?

160
00:06:10,410 --> 00:06:11,820
Well, if you're going to give me your username

161
00:06:11,820 --> 00:06:13,080
and password to log in,

162
00:06:13,080 --> 00:06:15,030
you probably want to do that securely.

163
00:06:15,030 --> 00:06:19,800
So you're going to add https:// to the beginning of it,

164
00:06:19,800 --> 00:06:24,800
and it becomes https://www.diontraining.com,

165
00:06:25,770 --> 00:06:28,800
which becomes a full Uniform Resource Locator,

166
00:06:28,800 --> 00:06:31,800
because it has that https at the beginning.

167
00:06:31,800 --> 00:06:34,320
If you want to access it insecurely, you could do that

168
00:06:34,320 --> 00:06:37,350
by adding http:// to the beginning.

169
00:06:37,350 --> 00:06:39,180
If you wanted to connect to my FTP server

170
00:06:39,180 --> 00:06:41,430
using the FTP protocol, you could do that

171
00:06:41,430 --> 00:06:46,430
by going to FTP://ftp.diontraining.com as the URL.

172
00:06:47,250 --> 00:06:50,490
And this is how DNS works by contacting a DNS server,

173
00:06:50,490 --> 00:06:52,140
and then asking it to convert the name,

174
00:06:52,140 --> 00:06:55,620
like ftp.diontraining.com into an IP address

175
00:06:55,620 --> 00:06:59,310
that's actually hosting the FTP service on a given server.

176
00:06:59,310 --> 00:07:01,080
Now, before we finish up this lesson,

177
00:07:01,080 --> 00:07:02,910
you may be wondering how all this was done

178
00:07:02,910 --> 00:07:05,520
before DNS was created, and the answer is

179
00:07:05,520 --> 00:07:08,130
a flat file known as the host file.

180
00:07:08,130 --> 00:07:09,900
Now, a host file on a computer system

181
00:07:09,900 --> 00:07:11,880
is like an old well thumbed address book

182
00:07:11,880 --> 00:07:14,010
nestled on your desk that's filled with all the names

183
00:07:14,010 --> 00:07:15,810
and addresses of your friends, your families,

184
00:07:15,810 --> 00:07:17,550
and your important contacts.

185
00:07:17,550 --> 00:07:19,110
Stored within your operating system

186
00:07:19,110 --> 00:07:20,820
there's a simple text file that serves

187
00:07:20,820 --> 00:07:23,100
as this first point of contact when a device

188
00:07:23,100 --> 00:07:24,360
wants to seek out communication

189
00:07:24,360 --> 00:07:26,370
with other devices over the network.

190
00:07:26,370 --> 00:07:28,470
Now, whenever you attempt to access a website

191
00:07:28,470 --> 00:07:30,180
by typing in a user-friendly domain name,

192
00:07:30,180 --> 00:07:32,940
like www.diontraining.com,

193
00:07:32,940 --> 00:07:36,210
your system will first take a look into this host file.

194
00:07:36,210 --> 00:07:37,830
If there's a corresponding IP address

195
00:07:37,830 --> 00:07:40,020
for the domain name listed in that host file,

196
00:07:40,020 --> 00:07:42,330
your system will use that information directly

197
00:07:42,330 --> 00:07:43,950
and it will completely bypass the need

198
00:07:43,950 --> 00:07:45,810
for using a DNS server.

199
00:07:45,810 --> 00:07:47,640
This was what was done in early networks

200
00:07:47,640 --> 00:07:49,560
when we just had networks inside a single office,

201
00:07:49,560 --> 00:07:52,500
or building instead of going all over the world.

202
00:07:52,500 --> 00:07:54,630
Now, this traditional mechanism is now considered

203
00:07:54,630 --> 00:07:56,910
a local override for the more complex

204
00:07:56,910 --> 00:08:00,300
globally distributed system known as the Domain Name System.

205
00:08:00,300 --> 00:08:03,030
Even though DNS is the Internet's most comprehensive

206
00:08:03,030 --> 00:08:05,670
and constantly updated system it's continually storing

207
00:08:05,670 --> 00:08:07,740
and translating human friendly domain names

208
00:08:07,740 --> 00:08:09,660
into IP addresses that computers can use

209
00:08:09,660 --> 00:08:11,460
to identify each other on the network,

210
00:08:11,460 --> 00:08:13,350
every time you enter a website's name,

211
00:08:13,350 --> 00:08:15,510
your system has to first consult its host file

212
00:08:15,510 --> 00:08:17,580
to see if it already knows the IP address

213
00:08:17,580 --> 00:08:19,350
for that given domain name.

214
00:08:19,350 --> 00:08:22,620
If it does, it's going to use the host files entry instead.

215
00:08:22,620 --> 00:08:24,900
If it doesn't, then it will go out and send a query

216
00:08:24,900 --> 00:08:27,900
to the DNS instead to get the current IP address

217
00:08:27,900 --> 00:08:29,880
related to that domain name.

218
00:08:29,880 --> 00:08:32,370
Now, the relationship between the host file and DNS

219
00:08:32,370 --> 00:08:34,919
is one of precedents and proximity.

220
00:08:34,919 --> 00:08:36,840
The host file due to its local nature,

221
00:08:36,840 --> 00:08:38,640
takes priority over DNS,

222
00:08:38,640 --> 00:08:41,460
and it has a closer proximity to your computer.

223
00:08:41,460 --> 00:08:43,200
It's like choosing to use a known shortcut

224
00:08:43,200 --> 00:08:45,150
from your personal notebook before you refer

225
00:08:45,150 --> 00:08:47,280
to a citywide map for directions.

226
00:08:47,280 --> 00:08:49,560
This precedent can also be incredibly useful

227
00:08:49,560 --> 00:08:51,660
for various use cases as well.

228
00:08:51,660 --> 00:08:53,190
Network administrators, for example,

229
00:08:53,190 --> 00:08:55,050
often use the host file for testing out

230
00:08:55,050 --> 00:08:57,810
mappings of their domain names to specific IP addresses

231
00:08:57,810 --> 00:09:00,720
before the actual DNS record is set up or updated.

232
00:09:00,720 --> 00:09:02,880
It's also a favorite tool in cybersecurity,

233
00:09:02,880 --> 00:09:04,860
where undesirable websites can be redirected

234
00:09:04,860 --> 00:09:08,130
to non-existent addresses to effectively block them.

235
00:09:08,130 --> 00:09:09,930
For example, when my kids were little

236
00:09:09,930 --> 00:09:10,830
and were watching YouTube

237
00:09:10,830 --> 00:09:12,720
instead of doing their homework each afternoon,

238
00:09:12,720 --> 00:09:15,390
I actually reconfigured the host file on their laptops

239
00:09:15,390 --> 00:09:17,490
so that the domain name of youtube.com

240
00:09:17,490 --> 00:09:19,230
would be redirected to the IP address

241
00:09:19,230 --> 00:09:20,700
of their school's homepage.

242
00:09:20,700 --> 00:09:22,800
And this way, it reminded them it was time for them

243
00:09:22,800 --> 00:09:24,660
to get back to doing their homework.

244
00:09:24,660 --> 00:09:26,910
Then anytime they tried to go to youtube.com

245
00:09:26,910 --> 00:09:28,710
on their laptops, they were being greeted

246
00:09:28,710 --> 00:09:30,690
by their school's login page.

247
00:09:30,690 --> 00:09:31,920
Now, be careful though,

248
00:09:31,920 --> 00:09:33,240
when you're configuring the host file

249
00:09:33,240 --> 00:09:36,090
because it is a powerful tool that can lead to misdirection

250
00:09:36,090 --> 00:09:38,490
of your network traffic if you have the wrong entries

251
00:09:38,490 --> 00:09:40,350
added into that host file.

252
00:09:40,350 --> 00:09:42,270
For example, some malicious attackers

253
00:09:42,270 --> 00:09:43,440
have learned that they can modify

254
00:09:43,440 --> 00:09:45,570
a compromised workstation's host file

255
00:09:45,570 --> 00:09:47,370
so that every time somebody tries to go to something

256
00:09:47,370 --> 00:09:50,490
like gmail.com, they would be redirected to a website

257
00:09:50,490 --> 00:09:52,020
that's actually controlled by the attacker,

258
00:09:52,020 --> 00:09:54,210
and it looks just like gmail.com.

259
00:09:54,210 --> 00:09:57,090
But when the victim logs in into this fake site,

260
00:09:57,090 --> 00:09:58,800
their username and password is going to be collected

261
00:09:58,800 --> 00:10:01,530
and used for further attacks across the internet.

262
00:10:01,530 --> 00:10:04,200
So remember, when it comes to the Domain Name System,

263
00:10:04,200 --> 00:10:05,940
the DNS protocol is going to be used

264
00:10:05,940 --> 00:10:07,950
to help your network clients find a website

265
00:10:07,950 --> 00:10:09,450
using human readable host names

266
00:10:09,450 --> 00:10:11,610
instead of numeric IP addresses.

267
00:10:11,610 --> 00:10:14,130
DNS uses a hierarchy across five levels,

268
00:10:14,130 --> 00:10:16,500
including the root level, the top level domain,

269
00:10:16,500 --> 00:10:19,890
the second level domain, the sub-domains, and the host.

270
00:10:19,890 --> 00:10:22,620
If you do not have an accessible or working DNS system,

271
00:10:22,620 --> 00:10:24,330
you can individually configure your systems

272
00:10:24,330 --> 00:10:27,000
to use the host file instead on your network devices

273
00:10:27,000 --> 00:10:28,980
to provide this alternative to DNS.

274
00:10:28,980 --> 00:10:31,200
But this really only works with a handful of server names

275
00:10:31,200 --> 00:10:33,930
and IP addresses before the flat file becomes too large

276
00:10:33,930 --> 00:10:35,670
and complex for you to effectively use

277
00:10:35,670 --> 00:10:37,720
and update across your different systems.