WEBVTT

00:00.000 --> 00:02.790
>> Hello. We really have

00:02.790 --> 00:05.280
to appreciate what DNS
does for us because

00:05.280 --> 00:07.050
people are generally
good with remembering

00:07.050 --> 00:10.560
names but not with
remembering IP addresses.

00:10.560 --> 00:13.035
Most of us like a
user-friendly name.

00:13.035 --> 00:16.425
For example, I know how
to go to Amazon.com,

00:16.425 --> 00:19.515
but I have no clue what
the IP address is for it.

00:19.515 --> 00:21.240
But we have to
remember that when

00:21.240 --> 00:23.174
hosts are making a
network connection,

00:23.174 --> 00:25.860
one of the things they
need is an IP address.

00:25.860 --> 00:29.115
That's a layer 3 resolution
that has to happen.

00:29.115 --> 00:31.275
We go to DNS for that.

00:31.275 --> 00:33.300
Our clients are
configured to know who

00:33.300 --> 00:35.325
their local DNS server is.

00:35.325 --> 00:38.295
If there's any naming
that's used for connection,

00:38.295 --> 00:41.820
the client immediately carries
their local DNS server.

00:41.820 --> 00:44.150
As long as that local DNS server

00:44.150 --> 00:45.770
has an information stored,

00:45.770 --> 00:48.710
then it responds
with an IP address.

00:48.710 --> 00:50.990
The client is then
able to add that

00:50.990 --> 00:52.760
in the layer 3 packet header,

00:52.760 --> 00:54.535
and we can make that connection.

00:54.535 --> 00:56.480
That's assuming the local DNS

00:56.480 --> 00:58.429
>> server has an information.

00:58.429 --> 01:00.650
>> In a moment, we'll
talk about what happens

01:00.650 --> 01:03.540
when it does not
have an information.

01:03.760 --> 01:07.805
With DNS, the information
is stored in a database,

01:07.805 --> 01:10.225
and today it's a
dynamic database,

01:10.225 --> 01:12.520
where hosts are
able to update DNS

01:12.520 --> 01:14.270
perhaps if their name changes

01:14.270 --> 01:16.490
or their IP address changes.

01:16.490 --> 01:18.920
As new hosts come
onto the network,

01:18.920 --> 01:21.480
they're able to
register with DNS.

01:21.480 --> 01:24.140
DNS is a lot easier
to manage than it was

01:24.140 --> 01:25.820
years ago when we had

01:25.820 --> 01:28.805
a static host file that
included this information.

01:28.805 --> 01:31.040
As DNS has evolved and started

01:31.040 --> 01:33.170
allowing hosts to
register dynamically,

01:33.170 --> 01:35.545
it's even easier
than it used to be.

01:35.545 --> 01:37.965
But it's a really
critical service,

01:37.965 --> 01:40.080
and everything is
based on the database,

01:40.080 --> 01:43.620
and the database contains
a series of records.

01:44.290 --> 01:47.465
Take note of these
DNS record types

01:47.465 --> 01:50.050
as they come up multiple
times on the exam.

01:50.050 --> 01:52.450
The idea is for
specific queries,

01:52.450 --> 01:54.560
specific records are used.

01:54.560 --> 01:56.450
The main one that
we think about as

01:56.450 --> 01:59.000
an A record or a host record.

01:59.000 --> 02:00.620
This is the record that takes

02:00.620 --> 02:02.870
a known fully
qualified domain name,

02:02.870 --> 02:06.605
FQDN, and resolves
it to an IP address.

02:06.605 --> 02:09.380
We connect it to
Amazon.com and we

02:09.380 --> 02:12.280
get an IP address that
matches the server's name.

02:12.280 --> 02:14.715
We can do that for local usage.

02:14.715 --> 02:16.520
Or, as long as we're configured

02:16.520 --> 02:17.914
>> to the Internet servers,

02:17.914 --> 02:19.610
>> we can get name resolution to

02:19.610 --> 02:21.710
any server anywhere
in the world.

02:21.710 --> 02:23.570
That's a host record.

02:23.570 --> 02:27.875
We also have an AAAA
record or a quad A record.

02:27.875 --> 02:30.110
It's designed to provide
the resolution of

02:30.110 --> 02:34.170
an FQDN to IP
version 6 addresses.

02:34.540 --> 02:36.890
Then the PTR or

02:36.890 --> 02:38.900
Pointer Record is
actually the opposite

02:38.900 --> 02:40.084
>> of a host record.

02:40.084 --> 02:41.870
>> If you have an IP address,

02:41.870 --> 02:44.675
it will find the FQDN
it's associated with.

02:44.675 --> 02:47.240
This is something that is
used by a lot of tools in

02:47.240 --> 02:49.880
the network and anti-malware
software applications

02:49.880 --> 02:51.695
that use IP addresses.

02:51.695 --> 02:54.290
This record allows them
to do a reverse lookup on

02:54.290 --> 02:57.230
the IP address and
find the FQDN for it.

02:57.230 --> 02:59.300
As a matter of fact,
they call it a

02:59.300 --> 03:01.010
>> reverse lookup zone,

03:01.010 --> 03:02.795
>> whereas when you're
using a host record,

03:02.795 --> 03:05.100
that's a forward lookup.

03:06.100 --> 03:09.035
Now, there are a
handful of others.

03:09.035 --> 03:10.685
The start of authority or

03:10.685 --> 03:12.950
SOA record is the name server

03:12.950 --> 03:15.215
that is authoritative
for the zone.

03:15.215 --> 03:16.850
Your start of authority is

03:16.850 --> 03:18.230
the first DNS server that

03:18.230 --> 03:20.480
has a name resolution
for that zone.

03:20.480 --> 03:23.600
We may have other name
servers for redundancy.

03:23.600 --> 03:26.260
That's what the NS
records are for.

03:26.260 --> 03:29.675
NS records list name
service for the zone.

03:29.675 --> 03:33.560
The SRV or service records
are really important because

03:33.560 --> 03:35.585
they list out the
critical network services

03:35.585 --> 03:37.600
and their IP addresses.

03:37.600 --> 03:40.520
For instance, if a host
needs to know where

03:40.520 --> 03:43.880
a domain controller
is, it asks DNS.

03:43.880 --> 03:46.220
The DNS uses the service record

03:46.220 --> 03:48.670
and provides the
IP address for it.

03:48.670 --> 03:50.270
The service records have

03:50.270 --> 03:53.405
all the services and which
servers are running them.

03:53.405 --> 03:55.670
There's also a record
type called the

03:55.670 --> 03:59.015
CNAME or ALIAS record.

03:59.015 --> 04:00.980
If you want clients
to connect to

04:00.980 --> 04:02.810
a specific co-host and
you need it to have

04:02.810 --> 04:05.450
a professional name but
on the back-end you

04:05.450 --> 04:06.890
want to name it
after some Star Trek

04:06.890 --> 04:08.305
character for the fun of it,

04:08.305 --> 04:10.275
you can create an ALIAS for it.

04:10.275 --> 04:12.305
The professional
sounding web address

04:12.305 --> 04:14.600
will point to your
Star Trek name server,

04:14.600 --> 04:16.970
or there may be other times
where you need to use

04:16.970 --> 04:18.050
an ALIAS to point out

04:18.050 --> 04:20.940
a new name to an old
name, for example.

04:21.020 --> 04:24.305
The last type of record
is an MX record.

04:24.305 --> 04:27.410
This is going to indicate
where the mail servers are.

04:27.410 --> 04:30.860
These records are really
the heart and soul of DNS.

04:30.860 --> 04:32.930
These are the records
that are used anytime

04:32.930 --> 04:35.730
you make a query
to the DNS server.

04:35.870 --> 04:38.780
Now, the way DNS works is

04:38.780 --> 04:41.090
that it uses a
hierarchical database.

04:41.090 --> 04:43.250
For example, let's
see that I'm trying

04:43.250 --> 04:45.800
to get to www.google.com.

04:45.800 --> 04:47.615
When I type that
into my browser,

04:47.615 --> 04:50.945
I'm sending a DNS query
to my local DNS server.

04:50.945 --> 04:53.425
It's called a DNS resolver.

04:53.425 --> 04:56.150
Now, because
google.com domain is

04:56.150 --> 04:58.600
not managed by my
local DNS server,

04:58.600 --> 05:00.110
my DNS server sends out

05:00.110 --> 05:01.220
some queries to learn where

05:01.220 --> 05:03.540
the server is I'm looking for.

05:04.610 --> 05:06.950
The first thing my DNS server

05:06.950 --> 05:08.980
does is contact of root server.

05:08.980 --> 05:11.720
There are multiple root
servers on the Internet.

05:11.720 --> 05:13.790
The root server is like
the ultimate point

05:13.790 --> 05:15.520
of origin for DNS.

05:15.520 --> 05:17.570
The DNS server says, hey,

05:17.570 --> 05:20.720
root, do you happen to
know where google.com is?

05:20.720 --> 05:22.205
The root says, no,

05:22.205 --> 05:24.765
but I do know where
the.com server is.

05:24.765 --> 05:26.270
My DNS server goes to

05:26.270 --> 05:29.105
the top-level domain,.com
in this case,

05:29.105 --> 05:31.685
and asks where the
google.com is.

05:31.685 --> 05:33.515
The.com server says,

05:33.515 --> 05:36.950
no, but I do know where
the Google name server is.

05:36.950 --> 05:38.960
Then my DNS server
sends a query to

05:38.960 --> 05:40.490
the Google name server and

05:40.490 --> 05:43.180
asks if it knows
where google.com.

05:43.180 --> 05:45.840
The Google name
servers says yes,

05:45.840 --> 05:48.645
and here is the IP address
for our web server.

05:48.645 --> 05:52.670
My local DNS server passes
it back to me as the client,

05:52.670 --> 05:54.050
and now I'm able to connect to

05:54.050 --> 05:56.285
the Google's web server by IP.

05:56.285 --> 05:57.890
Now, there are other ways to

05:57.890 --> 06:00.139
>> expedite this, like caching.

06:00.139 --> 06:02.300
>> But just in and of itself,

06:02.300 --> 06:04.250
this is the hierarchy that DNS

06:04.250 --> 06:07.000
uses to provide name resolution.

06:07.000 --> 06:09.770
Don't forget, the
DNS is critical in

06:09.770 --> 06:12.425
a network because in
addition to name resolution,

06:12.425 --> 06:14.690
it also tracks
critical services,

06:14.690 --> 06:16.730
like where your
mail services are,

06:16.730 --> 06:19.195
and it's needed for
troubleshooting utilities.

06:19.195 --> 06:21.330
DNS is really important,

06:21.330 --> 06:23.630
and it's a
hierarchical database,

06:23.630 --> 06:26.600
starting out with the root
and the top-level domain,

06:26.600 --> 06:29.160
and then secondary levels.