WEBVTT 0:00:03.560000 --> 0:00:07.240000 In this video I want to talk a little bit about DNS. 0:00:07.240000 --> 0:00:12.100000 Introduce you to the concept of what DNS is, what it's used for, and at 0:00:12.100000 --> 0:00:17.440000 a sort of a high to intermediate level, how it does its job. 0:00:17.440000 --> 0:00:20.560000 So, DNS deals with names and numbers. 0:00:20.560000 --> 0:00:21.500000 What do I mean by that? 0:00:21.500000 --> 0:00:24.080000 Well, machines use numbers. 0:00:24.080000 --> 0:00:25.920000 Humans prefer names, right? 0:00:25.920000 --> 0:00:31.340000 Our machines, our laptops use numbers like a MAC address, 48-bit number, 0:00:31.340000 --> 0:00:37.100000 or an IP address, a 32-bit number, or in the case of IPv6, and 128-bit 0:00:37.100000 --> 0:00:40.920000 number. But there's various numbers assigned to things, port numbers, 0:00:40.920000 --> 0:00:43.720000 protocol numbers, but we use human beings. 0:00:43.720000 --> 0:00:46.340000 We don't keep track of numbers very well in our head. 0:00:46.340000 --> 0:00:57.940000 We prefer to use things that are meaningful to us like google.com or internet. 0:00:57.940000 --> 0:01:00.340000 That's from a human perspective. 0:01:00.340000 --> 0:01:03.600000 Computers, laptops, and servers don't like names. 0:01:03.600000 --> 0:01:05.800000 They prefer numbers. 0:01:05.800000 --> 0:01:08.680000 So, there has to be some sort of resolution between the two. 0:01:08.680000 --> 0:01:13.240000 There has to be some way of if I tell my system, my laptop, my tablet, 0:01:13.240000 --> 0:01:16.960000 hey, I want you to go to google.com. 0:01:16.960000 --> 0:01:20.300000 Well, if the laptop says, well, that doesn't mean no good. 0:01:20.300000 --> 0:01:24.420000 I need to know what the IP address is of google.com, so I can actually 0:01:24.420000 --> 0:01:25.400000 create a packet. 0:01:25.400000 --> 0:01:29.700000 I can't create a packet with a number in it. 0:01:29.700000 --> 0:01:30.700000 What's the number? 0:01:30.700000 --> 0:01:35.540000 Well, there has to be some protocol that can resolve that name to a number, 0:01:35.540000 --> 0:01:37.760000 and sometimes vice versa that can do the opposite. 0:01:37.760000 --> 0:01:40.600000 Resolve a number back to a name. 0:01:40.600000 --> 0:01:43.980000 And this is what the domain name service is used for. 0:01:43.980000 --> 0:01:50.340000 Also by having names mapped to numbers, it allows us to dynamically change 0:01:50.340000 --> 0:01:53.260000 the number while the name remains the same. 0:01:53.260000 --> 0:01:54.640000 What's that talking about? 0:01:54.640000 --> 0:02:00.240000 Well, for example, you've probably been on your web server, on your tablet, 0:02:00.240000 --> 0:02:05.240000 your smartphone, bringing up a browser and going to google.com forever. 0:02:05.240000 --> 0:02:08.480000 For years and years and years, you've been going to google.com. 0:02:08.480000 --> 0:02:13.500000 But what you don't know is that behind the scenes, the actual server that's 0:02:13.500000 --> 0:02:18.080000 hosting that website that's giving you the google.com web page may have 0:02:18.080000 --> 0:02:19.540000 changed locations. 0:02:19.540000 --> 0:02:21.500000 It may have changed IP addresses. 0:02:21.500000 --> 0:02:26.660000 It may have moved from one building in the google campus or maybe they 0:02:26.660000 --> 0:02:31.640000 implemented multiple servers that can all respond to google.com. 0:02:31.640000 --> 0:02:35.320000 Well, the only way that a server can move around like that is if it changes 0:02:35.320000 --> 0:02:41.380000 its IP address. Well by having this system in place that says, okay, this 0:02:41.380000 --> 0:02:46.320000 device, this server, regardless of what IP address it might have, will 0:02:46.320000 --> 0:02:49.400000 always be mapped to google.com. 0:02:49.400000 --> 0:02:56.160000 This IP address will be the same as it is. 0:02:56.160000 --> 0:03:00.860000 All I have to know is the name, google.com or INE.com. 0:03:00.860000 --> 0:03:05.220000 If I know the name and punch that into my browser, DNS in the background 0:03:05.220000 --> 0:03:10.040000 can resolve that name that I know into whatever the current IP address 0:03:10.040000 --> 0:03:14.540000 is. And if that IP address changes a week from now or a month from now, 0:03:14.540000 --> 0:03:18.000000 I don't care about that because the name hasn't changed. 0:03:18.000000 --> 0:03:19.300000 The name is all I care about. 0:03:19.300000 --> 0:03:23.080000 And as long as that mapping remains consistent that the IP address is 0:03:23.080000 --> 0:03:27.660000 updated to the name, that's all I care about. 0:03:27.660000 --> 0:03:32.940000 So these names in the world of DNS, we call them symbolic names. 0:03:32.940000 --> 0:03:35.080000 That's what DNS calls them. 0:03:35.080000 --> 0:03:40.300000 And there consists of letters, numbers and special characters. 0:03:40.300000 --> 0:03:43.380000 So let's talk a little bit more about DNS now. 0:03:43.380000 --> 0:03:47.900000 So that is what DNS stands for, the domain name service. 0:03:47.900000 --> 0:03:51.820000 If you care to look up the specifics of this, it was originally defined 0:03:51.820000 --> 0:03:55.640000 in RFCs 882 and 883. 0:03:55.640000 --> 0:04:00.560000 It has been updated since then, but those are the original RFCs for it. 0:04:00.560000 --> 0:04:04.060000 And it uses both UDP and TCP. 0:04:04.060000 --> 0:04:07.360000 Now both of them use the same port number, port number 53. 0:04:07.360000 --> 0:04:10.900000 And if you're studying for your Cisco CCNA, that is something you'll want 0:04:10.900000 --> 0:04:16.340000 to memorize, that DNS is mapped to well-known port number of 53. 0:04:16.340000 --> 0:04:19.880000 And that uses both UDP and TCP. 0:04:19.880000 --> 0:04:23.520000 So how does it use both of them? 0:04:23.520000 --> 0:04:29.720000 Well typically, when your laptop is invoking DNS. 0:04:29.720000 --> 0:04:33.380000 For example, if I go into my laptop, I bring up my browser or I go into 0:04:33.380000 --> 0:04:38.680000 my tablet and I bring up my browser and I type INE.com. 0:04:38.680000 --> 0:04:42.020000 That is going to invoke the services of DNS. 0:04:42.020000 --> 0:04:45.340000 Because that browser is going to say, okay, thank you for giving me a 0:04:45.340000 --> 0:04:49.920000 human readable name, but I need to know what the IP address is so I can 0:04:49.920000 --> 0:04:53.260000 create a packet going to that server. 0:04:53.260000 --> 0:04:55.780000 So I need to invoke DNS. 0:04:55.780000 --> 0:05:00.600000 So your laptop, your tablet, your smartphone will invoke UDP. 0:05:00.600000 --> 0:05:06.020000 UDP. So DNS will start DNS will use UDP and it'll try to go out to a server 0:05:06.020000 --> 0:05:11.260000 somewhere, a DNS server, and find what the IP address is of that name, 0:05:11.260000 --> 0:05:15.100000 INE.com. So most of the time what you're doing from your laptop to the 0:05:15.100000 --> 0:05:17.820000 DNS server is UDP based. 0:05:17.820000 --> 0:05:21.620000 Now when would TCP become involved with DNS? 0:05:21.620000 --> 0:05:24.460000 Well, there's a couple of scenarios. 0:05:24.460000 --> 0:05:32.820000 Sometimes remember that UDP in its design was designed to carry small 0:05:32.820000 --> 0:05:38.120000 data grams. Now TCP can create really massive TCP segments. 0:05:38.120000 --> 0:05:43.240000 It can fill up an entire IP packet, maximum size, but UDP was really designed 0:05:43.240000 --> 0:05:46.000000 for smaller things, not bigger things. 0:05:46.000000 --> 0:05:51.800000 So sometimes what can happen is when I do a DNS lookup and my laptop sends 0:05:51.800000 --> 0:05:55.600000 out a DNS request to a DNS server out there and we'll talk about, you 0:05:55.600000 --> 0:05:59.080000 know, where is that DNS server, who owns it, I'll get to that. 0:05:59.080000 --> 0:06:04.160000 But I send a UDP request to the DNS server saying, hey, give me the information 0:06:04.160000 --> 0:06:10.460000 for INE.com. Now if you're doing a website lookup, typically this wouldn't 0:06:10.460000 --> 0:06:14.620000 happen. But DNS can be used for a lot more things than just looking up 0:06:14.620000 --> 0:06:20.680000 websites. Remember anything that needs to resolve a name to a number can 0:06:20.680000 --> 0:06:22.980000 use the services of DNS. 0:06:22.980000 --> 0:06:29.840000 One particular classic example is to a number. 0:06:29.840000 --> 0:06:32.720000 For example, when we talk about email, we'll say the email can actually 0:06:32.720000 --> 0:06:37.840000 use DNS as well to resolve a name to a mail exchange server and other 0:06:37.840000 --> 0:06:42.500000 things. Well, sometimes when I send a DNS request, the DNS server via 0:06:42.500000 --> 0:06:48.600000 UDP, that DNS server might say, huh, well, to fulfill this request, I 0:06:48.600000 --> 0:07:00.060000 would actually need to send back a whole slew of stuff to the DNS UDP 0:07:00.060000 --> 0:07:04.300000 data gram that comes back to me could actually say truncated. 0:07:04.300000 --> 0:07:07.220000 It could say, here's some of the information, but this has been truncated. 0:07:07.220000 --> 0:07:10.420000 I have more information I actually need to send you. 0:07:10.420000 --> 0:07:14.860000 And if I see that, my client can actually switch over to TCP. 0:07:14.860000 --> 0:07:18.780000 And now I can do DNS via TCP with that server because TCP can handle much 0:07:18.780000 --> 0:07:22.200000 larger blocks of data than UDP can. 0:07:22.200000 --> 0:07:25.320000 So that's one example of where DNS uses TCP. 0:07:25.320000 --> 0:07:31.820000 Another example of this is, you know, a DNS server has a whole listing 0:07:31.820000 --> 0:07:35.640000 of probably thousands or tens of thousands, or maybe even hundreds of 0:07:35.640000 --> 0:07:39.860000 thousands of names to numbers, names to numbers. 0:07:39.860000 --> 0:07:44.260000 And so it makes sense that periodically, you're going to want to back 0:07:44.260000 --> 0:07:48.140000 up that DNS information to another DNS server. 0:07:48.140000 --> 0:07:51.240000 They actually call that a zone transfer. 0:07:51.240000 --> 0:07:55.260000 If you ever hear that term DNS zone transfer, that means one DNS server 0:07:55.260000 --> 0:07:58.060000 is back up its information to another DNS server. 0:07:58.060000 --> 0:08:01.020000 Well, that process takes place via DNS. 0:08:01.020000 --> 0:08:02.900000 And that is a TCP process. 0:08:02.900000 --> 0:08:07.400000 That is a connection oriented acknowledge process where DNS is using TCP 0:08:07.400000 --> 0:08:10.200000 to do this thing called a zone transfer. 0:08:10.200000 --> 0:08:15.640000 So in short, sort of in summary here, DNS is a protocol used for, it's 0:08:15.640000 --> 0:08:16.500000 used for a lot of stuff. 0:08:16.500000 --> 0:08:19.080000 It defines the structure of the name. 0:08:19.080000 --> 0:08:21.860000 In other words, you know, if I was to look somewhere and say, okay, well, 0:08:21.860000 --> 0:08:24.180000 what is a legitimate DNS name? 0:08:24.180000 --> 0:08:26.360000 You know, what characters can it have? 0:08:26.360000 --> 0:08:28.200000 What characters can it not have? 0:08:28.200000 --> 0:08:31.480000 Is there a minimum length, a maximum length? 0:08:31.480000 --> 0:08:35.900000 All of that stuff is specified in DNS, it actually says here's what you 0:08:35.900000 --> 0:08:38.840000 can use when it when you come up with symbolic names, what will actually 0:08:38.840000 --> 0:08:40.560000 work DNS is a protocol. 0:08:40.560000 --> 0:08:44.880000 If you look in those RFCs will also tell you how do you register a name 0:08:44.880000 --> 0:08:47.320000 with a registration authority? 0:08:47.320000 --> 0:08:50.300000 What's the process that you go through to actually register that name 0:08:50.300000 --> 0:08:52.480000 to that number? How do you do that? 0:08:52.480000 --> 0:08:54.640000 That's in the DNS specification. 0:08:54.640000 --> 0:08:58.560000 And then lastly, what's the actual method used? 0:08:58.560000 --> 0:09:04.640000 If my laptop needs to resolve a name to a number or a number to a name, 0:09:04.640000 --> 0:09:06.580000 how does that take place? 0:09:06.580000 --> 0:09:08.700000 What does the the datagram look like? 0:09:08.700000 --> 0:09:11.080000 You know, what are the fields inside that datagram? 0:09:11.080000 --> 0:09:15.160000 What specific components are in that message? 0:09:15.160000 --> 0:09:20.660000 The DNS RFCs also define that, the method of resolving this. 0:09:20.660000 --> 0:09:26.520000 So to actually accomplish this, to get this done, DNS is actually a distributed 0:09:26.520000 --> 0:09:30.380000 database of servers, we call these name servers, because that's their 0:09:30.380000 --> 0:09:33.940000 job, right? Their job is to take in a request from you for a particular 0:09:33.940000 --> 0:09:39.220000 name, maybe a name of a website, maybe a name of an email server, something 0:09:39.220000 --> 0:09:42.580000 else, and then resolve that to a number. 0:09:42.580000 --> 0:09:47.800000 And these servers are arranged in what's called a hierarchical fashion. 0:09:47.800000 --> 0:09:54.680000 So typically what would happen is that you as a client, let's just take 0:09:54.680000 --> 0:09:57.160000 you, let's just imagine you're working at home, for example, working out 0:09:57.160000 --> 0:09:58.560000 with small office. 0:09:58.560000 --> 0:10:03.200000 When your laptop or your tablet needs to perform a DNS lookup, it says, 0:10:03.200000 --> 0:10:05.840000 okay, he just typed in INE.com. 0:10:05.840000 --> 0:10:08.500000 I need to resolve that to an IP address. 0:10:08.500000 --> 0:10:12.320000 The first DNS server that's typically programmed into your laptop or your 0:10:12.320000 --> 0:10:17.800000 tablet is owned by your service provider, owned by Sprint or Time Warner 0:10:17.800000 --> 0:10:19.840000 Cable or Comcast. 0:10:19.840000 --> 0:10:24.160000 And that DNS server is most likely not going to know everything. 0:10:24.160000 --> 0:10:27.860000 It's not going to know all the millions and millions of DNS names are 0:10:27.860000 --> 0:10:29.340000 in the world right now. 0:10:29.340000 --> 0:10:33.000000 So that first line of defense, we actually have a name for that, that 0:10:33.000000 --> 0:10:37.700000 DNS server is called the recursive resolver, the recursive resolver. 0:10:37.700000 --> 0:10:40.600000 Now, why do we call it that? 0:10:40.600000 --> 0:10:45.320000 In the terms of networking, I'm sure outside of networking as well, this 0:10:45.320000 --> 0:10:52.720000 term of recursive means that one query or one lookup causes another query 0:10:52.720000 --> 0:10:55.560000 or another lookup to be performed. 0:10:55.560000 --> 0:10:59.120000 So for example, if I send a query and I immediately get an answer back, 0:10:59.120000 --> 0:11:00.800000 that's not recursive. 0:11:00.800000 --> 0:11:03.960000 But if I send a query to something and that thing says, okay, I don't 0:11:03.960000 --> 0:11:07.980000 have an immediate answer but I know where to go to get the answer, that's 0:11:07.980000 --> 0:11:12.220000 called a recursive lookup where one look up caused another look up to 0:11:12.220000 --> 0:11:18.140000 happen. So a recursive resolver is a DNS server, like I said, typically 0:11:18.140000 --> 0:11:22.780000 owned by an ISP that says, okay, I'll try to look at my own database first. 0:11:22.780000 --> 0:11:27.680000 If I'm lucky, I can respond back to that client with the IP address or 0:11:27.680000 --> 0:11:29.180000 the number he's looking for. 0:11:29.180000 --> 0:11:32.000000 But if I don't have it, I know where to go. 0:11:32.000000 --> 0:11:34.140000 So where does it go? 0:11:34.140000 --> 0:11:39.140000 Now, a lot of times your recursive resolvers that are owned by the service 0:11:39.140000 --> 0:11:44.320000 provider actually have cached within them thousands of well-known names. 0:11:44.320000 --> 0:11:49.300000 So if you go, if you type in google.com or, you know, CNN.com or something 0:11:49.300000 --> 0:11:53.260000 that people go to all the time, chances are pretty good that that recursive 0:11:53.260000 --> 0:11:58.520000 resolver that's owned by Sprint or Time Warner Cable or Comcast probably 0:11:58.520000 --> 0:12:01.800000 already has that in it because somebody else probably already looked that 0:12:01.800000 --> 0:12:06.100000 up weeks or months or years ago and it has cached that information. 0:12:06.100000 --> 0:12:10.320000 But what if you send a request to that recursive resolver that has never 0:12:10.320000 --> 0:12:11.640000 been looked up before? 0:12:11.640000 --> 0:12:13.300000 What's it going to do? 0:12:13.300000 --> 0:12:18.540000 Well, in that case, that recursive resolver has within it a list of a 0:12:18.540000 --> 0:12:22.160000 whole bunch of DNS servers which are called root servers. 0:12:22.160000 --> 0:12:24.980000 So the root servers are at the top of the tree. 0:12:24.980000 --> 0:12:30.920000 So for example, let's say I send a request to the recursive resolver which 0:12:30.920000 --> 0:12:34.040000 is the DNS server owned by my service provider. 0:12:34.040000 --> 0:12:39.820000 And I'm looking for some weird website like redwhite123.com. 0:12:39.820000 --> 0:12:41.800000 I don't even know if that exists or not. 0:12:41.800000 --> 0:12:43.440000 Redwhite123.com. 0:12:43.440000 --> 0:12:48.340000 Well, if the recursive resolver doesn't know that, you'll say, okay, but 0:12:48.340000 --> 0:12:52.400000 there's probably some DNS server out there somewhere that has all the 0:12:52.400000 --> 0:12:57.160000 .coms. There's going to be a DNS server that knows about all the .coms. 0:12:57.160000 --> 0:12:59.720000 There's going to be another DNS server that knows about all the .nets 0:12:59.720000 --> 0:13:03.800000 and all the .org and all the .edus. 0:13:03.800000 --> 0:13:08.500000 But the recursive resolver will say, I'm not exactly sure where that is. 0:13:08.500000 --> 0:13:11.940000 Where's a server that knows all about the .coms and all about the .nets? 0:13:11.940000 --> 0:13:14.600000 In this particular case, I need to go to the .com because this person's 0:13:14.600000 --> 0:13:18.200000 asking for redyellow123.com. 0:13:18.200000 --> 0:13:23.760000 It says, well, I don't know where the closest .com DNS server is, but 0:13:23.760000 --> 0:13:27.820000 I do know where a root server is that can tell me. 0:13:27.820000 --> 0:13:32.400000 So the DNS server owned by your service provider, that recursive resolver 0:13:32.400000 --> 0:13:34.340000 is going to have a list. 0:13:34.340000 --> 0:13:37.740000 And I'll show you in just a second how it gets that list of all these 0:13:37.740000 --> 0:13:40.400000 servers throughout the world called root servers. 0:13:40.400000 --> 0:13:45.980000 And every single root server knows the location of other DNS servers that 0:13:45.980000 --> 0:13:51.460000 handle all the .coms or all the .edus or all the .orgs. 0:13:51.460000 --> 0:13:54.460000 So the first thing is we have to go to the root server. 0:13:54.460000 --> 0:14:00.940000 Then the root server in turn knows about so the next level down is, for 0:14:00.940000 --> 0:14:03.000000 example, these other servers. 0:14:03.000000 --> 0:14:11.720000 So these ones here, these right here are called TLD. 0:14:11.720000 --> 0:14:20.000000 It stands for top level domain. 0:14:20.000000 --> 0:14:24.980000 So a DNS server that knows all of the entries ending with .com is a top 0:14:24.980000 --> 0:14:29.200000 level domain server or with .edu or .org. 0:14:29.200000 --> 0:14:32.160000 So I've shown you a couple of them here, .gov and .com. 0:14:32.160000 --> 0:14:39.240000 And there are dozens and hundreds of servers that service just .com. 0:14:39.240000 --> 0:14:44.060000 And there's also dozens of servers just .gov spread throughout the entire 0:14:44.060000 --> 0:14:47.240000 world. And I'll talk a little bit more about that as well. 0:14:47.240000 --> 0:14:55.060000 Now, in addition to that, so that's called a generic top level domain. 0:14:55.060000 --> 0:14:57.480000 Actually, let me put that word in here. 0:14:57.480000 --> 0:15:03.280000 Generic top level domain. 0:15:03.280000 --> 0:15:08.400000 In addition to that, you've probably seen there's some websites that end 0:15:08.400000 --> 0:15:13.560000 with a country code like .ru for Russia or . 0:15:13.560000 --> 0:15:16.700000 I think, N0 for Norway. 0:15:16.700000 --> 0:15:23.080000 So this right here is called a country code top level domain. 0:15:23.080000 --> 0:15:32.320000 Country code TLD. 0:15:32.320000 --> 0:15:37.000000 And so if you're trying to resolve a website that ends with .ru or .n0, 0:15:37.000000 --> 0:15:41.760000 the root server will know where the closest .ru is or where the closest 0:15:41.760000 --> 0:15:48.020000 .n0 is. And then there's also, now, you know, there's also, you know, 0:15:48.020000 --> 0:15:52.320000 for countries that don't deal with English, they have, for example, like 0:15:52.320000 --> 0:15:55.960000 the Asian countries, they have their own character sets for their alphabet. 0:15:55.960000 --> 0:16:03.580000 They will actually have web servers that look like this. 0:16:03.580000 --> 0:16:10.320000 And where the actual website is not in, you know, characters like ABCD 0:16:10.320000 --> 0:16:14.120000 or E, but in like, you know, these Chinese characters here or other types 0:16:14.120000 --> 0:16:19.660000 of characters. And so this type of a DNS server, if I have room here for 0:16:19.660000 --> 0:16:34.420000 it, is called an internationalized, inter-nationalized top level domain. 0:16:34.420000 --> 0:16:38.600000 So if I was actually in China and I had a keyboard in front of me, it 0:16:38.600000 --> 0:16:40.180000 would have these types of characters in it. 0:16:40.180000 --> 0:16:43.180000 So when I looked up a website, it would end with . 0:16:43.180000 --> 0:16:45.420000 something like this. 0:16:45.420000 --> 0:16:48.900000 And so an internationalized top level domain server would know what the 0:16:48.900000 --> 0:16:52.240000 address was of that. 0:16:52.240000 --> 0:16:57.640000 Okay. So I'm trying to go to, you know, yellow, red, one, two, three .com. 0:16:57.640000 --> 0:17:00.040000 My recursive resolver didn't know it. 0:17:00.040000 --> 0:17:01.580000 So it goes to the root server. 0:17:01.580000 --> 0:17:07.780000 The root server then gives me back the IP address or maybe several IP 0:17:07.780000 --> 0:17:12.080000 addresses of .com top level domain servers. 0:17:12.080000 --> 0:17:15.980000 So now I'm going to query one of them. 0:17:15.980000 --> 0:17:31.240000 And they in turn will know, okay, well, he wanted to go to .com. 0:17:31.240000 --> 0:17:35.140000 So this is the domain .com. 0:17:35.140000 --> 0:17:40.140000 And this portion of it right here is called the sub domain. 0:17:40.140000 --> 0:17:43.540000 Yellow red one, two, three is the sub domain. 0:17:43.540000 --> 0:17:48.900000 So in the next level in this tree will be our sub domain servers. 0:17:48.900000 --> 0:17:55.540000 For example, I and E .com, Google .com or mail .google.com. 0:17:55.540000 --> 0:17:59.040000 So these are, for example, the DNS servers or the servers that actually, 0:17:59.040000 --> 0:18:01.280000 so these are the sub domain servers. 0:18:01.280000 --> 0:18:06.440000 Sometimes another name for these will also be called the authoritative 0:18:06.440000 --> 0:18:11.000000 name servers. So this bottom level here is the authoritative name servers. 0:18:11.000000 --> 0:18:14.200000 So let's sort of bring this all into focus here. 0:18:14.200000 --> 0:18:20.120000 For example, here are the root servers. 0:18:20.120000 --> 0:18:23.860000 So any server is going to act as a DNS server, you know, for it's going 0:18:23.860000 --> 0:18:25.040000 to be a recursive resolver. 0:18:25.040000 --> 0:18:29.880000 For example, if you purchase the window server operating system or some 0:18:29.880000 --> 0:18:44.040000 sort of Linux server operating system or something, it's going file. 0:18:44.040000 --> 0:18:47.420000 And usually you will not have to configure this yourself. 0:18:47.420000 --> 0:18:51.480000 If you purchase an operating system that is a server version of an operating 0:18:51.480000 --> 0:18:56.600000 system that supports DNS server, it should have this file already in it. 0:18:56.600000 --> 0:18:59.480000 And this is an example of what that file would look like. 0:18:59.480000 --> 0:19:04.220000 So for example, you can see here that the root servers, there are a total 0:19:04.220000 --> 0:19:09.220000 of 13 of them, designated by letters, the A root server, the D root server, 0:19:09.220000 --> 0:19:10.400000 the M root server. 0:19:10.400000 --> 0:19:13.060000 And these are all operated by different companies. 0:19:13.060000 --> 0:19:16.440000 You can see that Veracine actually operates two of them. 0:19:16.440000 --> 0:19:20.420000 All these other companies operate a single root server. 0:19:20.420000 --> 0:19:23.860000 And these are scattered throughout the world. 0:19:23.860000 --> 0:19:29.160000 So if I have, you know, if I'm a service provider, if I'm time Warner 0:19:29.160000 --> 0:19:33.280000 Cable or maybe some smaller service provider, and I'm going to have a 0:19:33.280000 --> 0:19:36.640000 server, and I'm going to tell all my customers, hey, when you need to 0:19:36.640000 --> 0:19:41.900000 do DNS lookups, point to my server, my server needs to have this file 0:19:41.900000 --> 0:19:46.340000 inside of it. And so now if my server doesn't have cached information 0:19:46.340000 --> 0:19:51.580000 of what they're looking for, it will then go to one or more of these root 0:19:51.580000 --> 0:19:54.220000 servers and start the process. 0:19:54.220000 --> 0:19:59.780000 And what's sort of interesting is that most of these addresses, for example, 0:19:59.780000 --> 0:20:03.880000 let's just take the one from Veracine as an example. 0:20:03.880000 --> 0:20:11.500000 So we can see here that Veracine, which operates the A root servers, as 0:20:11.500000 --> 0:20:15.540000 well as the J root servers, well, you might think, okay, so you're telling 0:20:15.540000 --> 0:20:18.780000 me that Veracine then only has two servers. 0:20:18.780000 --> 0:20:26.880000 They've got one server at 198 41 0.4, and another one at 192 58 128 dot 0:20:26.880000 --> 0:20:29.380000 30. That's not true. 0:20:29.380000 --> 0:20:35.160000 They actually have, throughout the world, root servers all over the place 0:20:35.160000 --> 0:20:38.200000 that are sharing these IP addresses. 0:20:38.200000 --> 0:20:42.120000 For example, if you go to the Veracine website, you can see where are 0:20:42.120000 --> 0:20:43.520000 Veracine's root servers. 0:20:43.520000 --> 0:20:44.600000 This is a great example. 0:20:44.600000 --> 0:20:47.040000 I'll go ahead and expand this a little bit right here. 0:20:47.040000 --> 0:20:53.300000 So all of these dots represent the Veracine root first, either the A root 0:20:53.300000 --> 0:20:56.360000 server or the J root server. 0:20:56.360000 --> 0:21:02.080000 And even though we can see here that there's dozens of these dots, all 0:21:02.080000 --> 0:21:05.700000 these dots resolve to one of those two IP addresses. 0:21:05.700000 --> 0:21:17.720000 So for example, if I am, let's see here 198 41 0 4, 198 41 0 4, 198 41 0:21:17.720000 --> 0:21:21.640000 0 4, 198 41 0 0 dot 4, okay. 0:21:21.640000 --> 0:21:30.600000 So if I am a service provider, let's say located right here in Australia, 0:21:30.600000 --> 0:21:36.080000 and one of my customers tries to resolve a website, and as a service provider, 0:21:36.080000 --> 0:21:38.920000 they're using me as their DNS. 0:21:38.920000 --> 0:21:42.980000 But my DNS server, my recursive resolver doesn't have it. 0:21:42.980000 --> 0:21:46.060000 I'm going to say, okay, my recursive resolver is going to say, I'm going 0:21:46.060000 --> 0:21:48.600000 to need to go to the root then and try to find it. 0:21:48.600000 --> 0:21:53.180000 Well, I'm going to say, well, let me try this root first, 198 41 dot 0 0:21:53.180000 --> 0:21:59.120000 dot 4. I will actually probably end up hitting this server right here, 0:21:59.120000 --> 0:22:02.720000 because in the same country as me. 0:22:02.720000 --> 0:22:06.820000 But for example, if I was in the United States, let's say over here in 0:22:06.820000 --> 0:22:10.820000 California, another service provider, and I went to that same address 0:22:10.820000 --> 0:22:16.040000 198 41 0 dot 4, it might resolve to this one right here. 0:22:16.040000 --> 0:22:18.740000 That might be the root server that I hit. 0:22:18.740000 --> 0:22:21.140000 So this is what's called anycast. 0:22:21.140000 --> 0:22:25.680000 Anycast is this idea that there are multiple devices, all with the exact 0:22:25.680000 --> 0:22:31.240000 same information, and they're sharing an IP address. 0:22:31.240000 --> 0:22:35.680000 So whichever device is closest to you is the one that you go to. 0:22:35.680000 --> 0:22:41.020000 So these are all the root servers here, just by Veracine. 0:22:41.020000 --> 0:22:43.640000 So these are the A and the J root servers. 0:22:43.640000 --> 0:22:47.800000 This isn't even showing us the B root servers and the C root servers and 0:22:47.800000 --> 0:22:49.260000 everything else. 0:22:49.260000 --> 0:22:53.480000 So you can see there's tons of root servers all over the world to respond 0:22:53.480000 --> 0:22:57.380000 to these requests. 0:22:57.380000 --> 0:23:02.700000 Okay, so what about those top level domain servers? 0:23:02.700000 --> 0:23:04.300000 I was sort of curious. 0:23:04.300000 --> 0:23:07.260000 I did a little bit of research and I wondered, how would I find the IP 0:23:07.260000 --> 0:23:10.440000 address of the top level domain servers? 0:23:10.440000 --> 0:23:15.780000 So I stumbled across this website right here, which is kind of interesting. 0:23:15.780000 --> 0:23:18.640000 And if you go to that website, you can pause this video right now if you 0:23:18.640000 --> 0:23:19.900000 want to and go there. 0:23:19.900000 --> 0:23:22.880000 You'll first take you to a page that looks like this. 0:23:22.880000 --> 0:23:26.600000 And you'll see there's actually a lot more top level domains than you 0:23:26.600000 --> 0:23:31.620000 would think. There's not just dot com dot edu dot gov dot org and dot 0:23:31.620000 --> 0:23:37.680000 net. There's dozens and dozens of them dot a a that's a top level domain 0:23:37.680000 --> 0:23:41.040000 dot able. That's a top level domain. 0:23:41.040000 --> 0:23:42.040000 There's tons of them. 0:23:42.040000 --> 0:23:45.400000 Well, if you scroll through this list, eventually you'll get to one that 0:23:45.400000 --> 0:23:50.300000 you recognize. For example, dot com, right, you'll see that in here. 0:23:50.300000 --> 0:23:58.960000 And if you click on that, that will then in turn take you to the company 0:23:58.960000 --> 0:24:03.620000 that's responsible for all of the top level domain servers that know about 0:24:03.620000 --> 0:24:06.960000 the dot coms. So in this case, it's varicine. 0:24:06.960000 --> 0:24:10.800000 We can see that varicine is responsible for knowing the domain name every 0:24:10.800000 --> 0:24:15.740000 single domain name in the world that ends with dot com and knowing what 0:24:15.740000 --> 0:24:18.140000 the IP address is for that. 0:24:18.140000 --> 0:24:22.580000 And if you scroll down through that, you'll see here it is. 0:24:22.580000 --> 0:24:25.160000 So now these are all now these are not the root servers. 0:24:25.160000 --> 0:24:31.860000 This is a whole different set of DNS servers that varicine is in charge 0:24:31.860000 --> 0:24:35.960000 of. These are all the DNS servers that know about dot com. 0:24:35.960000 --> 0:24:42.500000 These are all the dot com top level domain name servers. 0:24:42.500000 --> 0:24:45.220000 I'm going to pause here for just a second. 0:24:45.220000 --> 0:24:48.720000 I just got a message here from one of my learners saying that he can't 0:24:48.720000 --> 0:24:50.340000 hear me correctly. 0:24:50.340000 --> 0:24:54.320000 Is anybody else listening to the live stream having issues with the audio 0:24:54.320000 --> 0:24:59.300000 right now? Anybody else having issues with the audio? 0:24:59.300000 --> 0:25:04.440000 Okay, Frank is okay. 0:25:04.440000 --> 0:25:08.680000 So Ritin Kumar, it might just be something that's geographically based 0:25:08.680000 --> 0:25:10.140000 wherever you happen to be. 0:25:10.140000 --> 0:25:14.460000 There might be some congestion or something in the network between where 0:25:14.460000 --> 0:25:16.400000 you are and where I am. 0:25:16.400000 --> 0:25:23.640000 Sorry about that, but hopefully it will work itself out here pretty quickly. 0:25:23.640000 --> 0:25:26.900000 So just I sort of verbally describe this process, but let's just go through 0:25:26.900000 --> 0:25:29.940000 it one more time. 0:25:29.940000 --> 0:25:34.260000 Okay, so here you are at your house. 0:25:34.260000 --> 0:25:39.940000 And step number one, your machine, you do something on your machine like 0:25:39.940000 --> 0:25:45.900000 bring up web browser, bring up email, something that requires a name to 0:25:45.900000 --> 0:25:48.120000 be resolved to an address. 0:25:48.120000 --> 0:25:51.740000 So this invokes the DNS process in your machine. 0:25:51.740000 --> 0:25:58.140000 Now in this particular case, in DNS terminology, your machine is called 0:25:58.140000 --> 0:26:00.480000 the DNS resolver. 0:26:00.480000 --> 0:26:10.040000 So if I use that term DNS resolver, that is your machine right here. 0:26:10.040000 --> 0:26:15.800000 So then your machine sends a DNS request to what's called the caching 0:26:15.800000 --> 0:26:22.880000 server, also called the recursive resolver. 0:26:22.880000 --> 0:26:28.200000 Which like I said is typically owned and operated by your ISP, the recursive 0:26:28.200000 --> 0:26:32.480000 resolver, the caching server is exactly the same thing. 0:26:32.480000 --> 0:26:38.640000 So the request here, the format of the request will vary based on what 0:26:38.640000 --> 0:26:40.440000 it is you're trying to look up. 0:26:40.440000 --> 0:26:44.640000 So for example, it's going to be a DNS query. 0:26:44.640000 --> 0:26:51.480000 If you're trying to look up an IP address of a website, if it's an IP 0:26:51.480000 --> 0:26:54.580000 before address, what you'll be doing is what's sending a query for an 0:26:54.580000 --> 0:27:03.720000 a record. So an a record means I need to know what the IP before address 0:27:03.720000 --> 0:27:07.320000 is of a website. 0:27:07.320000 --> 0:27:12.540000 If I need to know what the IPB6 address was of a website, that would be 0:27:12.540000 --> 0:27:14.260000 another type of a record. 0:27:14.260000 --> 0:27:21.100000 That would be what's called a quad A or an AA record. 0:27:21.100000 --> 0:27:25.460000 If I had the name of a web server, and I was trying to think not a web 0:27:25.460000 --> 0:27:28.900000 server, an email server, and I was trying to figure out what the IP address 0:27:28.900000 --> 0:27:30.420000 was of that email server. 0:27:30.420000 --> 0:27:34.740000 Like for example, maybe I'm sending an email to kbogart at iany.com and 0:27:34.740000 --> 0:27:39.740000 wherever you are, your laptop says, okay, I need to know what the IP address 0:27:39.740000 --> 0:27:43.300000 is of the mail exchange server for iany.com. 0:27:43.300000 --> 0:27:46.540000 Well, that would be called an MX record. 0:27:46.540000 --> 0:27:47.900000 And there's others. 0:27:47.900000 --> 0:27:53.460000 So the record type indicates what you're looking for. 0:27:53.460000 --> 0:27:58.140000 Am I looking for the IP address of a mail server, of a website, something 0:27:58.140000 --> 0:28:01.260000 else? So that's right here in step number one. 0:28:01.260000 --> 0:28:06.480000 Now, hopefully, the recursive resolver, the caching server has already 0:28:06.480000 --> 0:28:10.300000 cached that information because somebody else looked it up before and 0:28:10.300000 --> 0:28:11.740000 it responds right back to you. 0:28:11.740000 --> 0:28:13.240000 So that's step number two. 0:28:13.240000 --> 0:28:16.320000 Most of the time, that will be the case. 0:28:16.320000 --> 0:28:21.740000 But let's say you're trying to send an email to somebody that you've never 0:28:21.740000 --> 0:28:25.180000 sent to before, or maybe the caching server doesn't know about it. 0:28:25.180000 --> 0:28:28.340000 Well, that's where all these other servers get into play. 0:28:28.340000 --> 0:28:33.640000 So step number one, you'll send your query to the caching server, the 0:28:33.640000 --> 0:28:35.140000 recursive resolver. 0:28:35.140000 --> 0:28:39.220000 If it doesn't have that information, it will send its own request upstream 0:28:39.220000 --> 0:28:41.440000 to the root server. 0:28:41.440000 --> 0:28:45.580000 Remember, you'll get that from that root hints file that's pre-configured 0:28:45.580000 --> 0:28:48.620000 in that caching server. 0:28:48.620000 --> 0:28:53.860000 The root server will then respond back with one or more IP addresses of 0:28:53.860000 --> 0:28:56.620000 a top level domain server. 0:28:56.620000 --> 0:29:02.800000 So for example, if I was sending an a request to iany.com, the root server 0:29:02.800000 --> 0:29:06.640000 would spawn back saying, okay, here's a variety of IP addresses of all 0:29:06.640000 --> 0:29:12.440000 the .com top level domain servers, one of which is, you know, 1111. 0:29:12.440000 --> 0:29:14.540000 I just made that up. 0:29:14.540000 --> 0:29:19.100000 And now the recursive resolver, the caching server owned by the service 0:29:19.100000 --> 0:29:25.620000 provider, sends another request to one of those top level domain web servers. 0:29:25.620000 --> 0:29:29.660000 In this case, the one that's responsible for all the .coms, and then hopefully 0:29:29.660000 --> 0:29:35.720000 it gets a response back and then can it send that response back to me. 0:29:35.720000 --> 0:29:41.720000 So that is the whole process of how DNS works. 0:29:41.720000 --> 0:29:44.240000 And that's going to wrap up this video. 0:29:44.240000 --> 0:29:48.180000 And the next video, I'm going to sort of take a step away from protocols. 0:29:48.180000 --> 0:29:51.780000 We're going to sort of look at the categories and types of applications 0:29:51.780000 --> 0:29:56.420000 so we can recognize at a high level how they are different from each other.