WEBVTT 0:00:02.780000 --> 0:00:07.800000 Hello and welcome to this video titled the domain name service. 0:00:07.800000 --> 0:00:13.200000 In this video I'm going to talk about what problem is solved by DNS, give 0:00:13.200000 --> 0:00:17.640000 you an overview of its operation and an example of its operation. 0:00:17.640000 --> 0:00:22.960000 Now the intent or purpose of this video is just to expose you to what 0:00:22.960000 --> 0:00:26.940000 DNS is. I'm assuming that you have no idea what that acronym stands for, 0:00:26.940000 --> 0:00:28.660000 you've never looked it up before. 0:00:28.660000 --> 0:00:34.300000 So this is just a real high 30,000 foot view into DNS. 0:00:34.300000 --> 0:00:37.820000 When I'm done with this video I will give you some suggestions of other 0:00:37.820000 --> 0:00:42.520000 videos we have at INE if you wish to go into a lot more detail for DNS 0:00:42.520000 --> 0:00:47.160000 because DNS does go very, very deep on many certification exams. 0:00:47.160000 --> 0:00:48.780000 You don't have to go very deep. 0:00:48.780000 --> 0:00:51.780000 So I just want to give you some exposure to it at a high level. 0:00:51.780000 --> 0:00:53.660000 So DNS, what is it? 0:00:53.660000 --> 0:00:56.180000 What problem is solved? 0:00:56.180000 --> 0:01:02.100000 Well, so we know that anytime you send a packet onto the network, regardless 0:01:02.100000 --> 0:01:06.420000 of where that packet is going or what type of service or information you're 0:01:06.420000 --> 0:01:11.280000 trying to obtain, that packet has to have a destination IP address. 0:01:11.280000 --> 0:01:16.040000 Everything connected to a network is known by its identifier, by its IP 0:01:16.040000 --> 0:01:19.220000 address, which includes websites. 0:01:19.220000 --> 0:01:22.560000 So if you're going to a website you have to create a packet going to the 0:01:22.560000 --> 0:01:24.940000 IP address of that website. 0:01:24.940000 --> 0:01:29.220000 But here's the thing, how many websites do you browse during a given day? 0:01:29.220000 --> 0:01:31.660000 Hundreds, thousands? 0:01:31.660000 --> 0:01:34.960000 Do you know what the IP addresses are of all those different servers that 0:01:34.960000 --> 0:01:37.820000 you're actually hitting to get their web material? 0:01:37.820000 --> 0:01:40.480000 Absolutely not. Nobody knows that. 0:01:40.480000 --> 0:01:45.460000 So the idea was it's a lot easier for us as human beings to know some 0:01:45.460000 --> 0:01:50.500000 human readable or human descriptive name of something that we can remember. 0:01:50.500000 --> 0:01:53.540000 We can't remember numbers all that well. 0:01:53.540000 --> 0:02:01.100000 So because of that, these names that we use like INE.com, Google.com, 0:02:01.100000 --> 0:02:06.940000 Cisco.com, ultimately they have to be resolved by something into an actual 0:02:06.940000 --> 0:02:10.780000 IP address of the server that has that information we're trying to get. 0:02:10.780000 --> 0:02:13.920000 That is the purpose of the domain name service. 0:02:13.920000 --> 0:02:18.920000 The domain name service is a protocol that takes a human readable name, 0:02:18.920000 --> 0:02:24.700000 goes to a DNS server that has a mapping of names to IP addresses. 0:02:24.700000 --> 0:02:27.940000 And then that server can respond back to us and say, here's the IP address 0:02:27.940000 --> 0:02:33.380000 you need. Because without that, we can't create an IP packet. 0:02:33.380000 --> 0:02:37.580000 Now DNS operation is pretty simple. 0:02:37.580000 --> 0:02:41.580000 And the very first thing is your laptop, your tablet, your smartphone 0:02:41.580000 --> 0:02:47.300000 needs to know in advance what the IP address is of the DNS server. 0:02:47.300000 --> 0:02:49.740000 Because that's the person who's going to be doing all the lookups for 0:02:49.740000 --> 0:02:51.700000 you, the name to address lookups. 0:02:51.700000 --> 0:02:55.140000 Typically you procure that information via DHCP. 0:02:55.140000 --> 0:02:59.300000 So when you connect to a network wireless or wired and you get a DHCP 0:02:59.300000 --> 0:03:03.420000 packet with your IP address and router information along with that will 0:03:03.420000 --> 0:03:07.180000 come at least one IP address of a functional DNS server. 0:03:07.180000 --> 0:03:09.640000 It could be a DNS server that's sitting in your company. 0:03:09.640000 --> 0:03:14.480000 It could be a publicly accessible DNS server by like Google or cloud flare 0:03:14.480000 --> 0:03:15.960000 or something like that. 0:03:15.960000 --> 0:03:22.960000 Now like so many network based operations, DNS is a client server application 0:03:22.960000 --> 0:03:27.760000 in which your laptop, your smartphone, your tablet, that would be considered 0:03:27.760000 --> 0:03:33.220000 the DNS client. And obviously the server would be the DNS server. 0:03:33.220000 --> 0:03:39.700000 So DNS operates under this exchange of DNS queries and DNS replies, also 0:03:39.700000 --> 0:03:41.600000 called DNS responses. 0:03:41.600000 --> 0:03:47.400000 It's all based on UDP, the user datagram protocol port number 53. 0:03:47.400000 --> 0:03:49.480000 So 53 was reserved for this. 0:03:49.480000 --> 0:03:57.160000 Now if I am browsing a website and I type in my browser, INE.com. 0:03:57.160000 --> 0:04:01.320000 Well the first thing that's going to happen in the background is my laptop 0:04:01.320000 --> 0:04:04.040000 or my smartphone is going to have to make it choice. 0:04:04.040000 --> 0:04:08.520000 It's going to say number one, what protocol am I running at the networking 0:04:08.520000 --> 0:04:14.460000 layer? Am I running just IP before, just IPB6 or both? 0:04:14.460000 --> 0:04:19.360000 Now chances are pretty good that at this point in time in 2019, you're 0:04:19.360000 --> 0:04:28.180000 probably running different kinds of addresses. 0:04:28.180000 --> 0:04:33.040000 With IPB6 there's an address called a link local address which every IPB6 0:04:33.040000 --> 0:04:37.860000 compatible knit card dynamically comes up with all on its own. 0:04:37.860000 --> 0:04:42.140000 Now the IPB6 link local address, not really all that useful when it comes 0:04:42.140000 --> 0:04:44.680000 to getting information from remote networks. 0:04:44.680000 --> 0:04:48.420000 In other words, even though every device out there billions of them running 0:04:48.420000 --> 0:04:53.620000 IPB6, even though they all have dynamically derived link local addresses, 0:04:53.620000 --> 0:04:59.420000 I can't send a packet to your link local address unless you're on the 0:04:59.420000 --> 0:05:01.120000 physical network as me. 0:05:01.120000 --> 0:05:03.760000 If you're on the same physical network as me, you're sitting in the same 0:05:03.760000 --> 0:05:07.680000 VLAN, the same broadcast to me and then yes, you and I can communicate 0:05:07.680000 --> 0:05:09.660000 via link local addresses. 0:05:09.660000 --> 0:05:15.100000 But let's be realistic, 99.9% of the time, who you're communicating to 0:05:15.100000 --> 0:05:18.540000 on an IP network is not on the same network as you. 0:05:18.540000 --> 0:05:19.800000 There's somewhere else. 0:05:19.800000 --> 0:05:23.260000 So in that case, you can't communicate with link local addresses. 0:05:23.260000 --> 0:05:27.600000 You have to have another kind of an IPB6 address called a global address 0:05:27.600000 --> 0:05:31.520000 called a globally unicast routable address. 0:05:31.520000 --> 0:05:37.100000 All right. So even though most devices are running both IPB6 and IPB4, 0:05:37.100000 --> 0:05:43.140000 when it comes to IPB6, most devices don't have a global address. 0:05:43.140000 --> 0:05:45.040000 All they have is a link local address. 0:05:45.040000 --> 0:05:50.880000 There's nobody out there, no DHCP V6 server which has given them a global 0:05:50.880000 --> 0:05:56.260000 address. Now, if you do happen to have a device that's got both an IPB4 0:05:56.260000 --> 0:06:03.020000 address that's globally routable and an IPB6 address that's globally routable, 0:06:03.020000 --> 0:06:06.740000 most operating systems will prefer IPB6. 0:06:06.740000 --> 0:06:10.600000 So in that particular case, you'd also need to know the IPB6 global address 0:06:10.600000 --> 0:06:12.680000 of a DNS server. 0:06:12.680000 --> 0:06:16.860000 And then you send your query to that IPB6 DNS server. 0:06:16.860000 --> 0:06:18.700000 But most of the time, that won't happen. 0:06:18.700000 --> 0:06:21.000000 Most of the time, you don't have a global address. 0:06:21.000000 --> 0:06:25.480000 So that means your operating system will fall back to using IPB4 and you'll 0:06:25.480000 --> 0:06:30.840000 send a query to the IPB4 address of your DNS server, which you learned 0:06:30.840000 --> 0:06:38.460000 via DHCP. So that type of a query that's sent to an IPB4 server is called 0:06:38.460000 --> 0:06:40.440000 an A record lookup. 0:06:40.440000 --> 0:06:42.540000 A as in address. 0:06:42.540000 --> 0:06:45.900000 I'm looking up the address of this name. 0:06:45.900000 --> 0:06:47.120000 The name could be a website. 0:06:47.120000 --> 0:06:49.300000 It could be a device with that name. 0:06:49.300000 --> 0:06:50.480000 It could be anything. 0:06:50.480000 --> 0:06:54.080000 So an A record lookup is when you've got a name and you're trying to find 0:06:54.080000 --> 0:06:58.740000 out, you're trying to query what the IPB4 address is corresponding to 0:06:58.740000 --> 0:07:03.960000 that name. Now, if you're sending it to an IPB6 DNS server, that's called 0:07:03.960000 --> 0:07:06.560000 a quad A lookup. 0:07:06.560000 --> 0:07:07.740000 And why do they call it that? 0:07:07.740000 --> 0:07:15.320000 Well, because an IPB6 address is four times as large as an IPB4 address. 0:07:15.320000 --> 0:07:20.080000 IPB4 address is 32 bits long, IPB6 address, 128 bits long. 0:07:20.080000 --> 0:07:22.760000 So they said, all right, since it's four times as big, we'll just make 0:07:22.760000 --> 0:07:25.420000 it a quad A lookup. 0:07:25.420000 --> 0:07:28.560000 So if you're ever doing a sniffer trace or anything and you see a DNS 0:07:28.560000 --> 0:07:34.120000 message and in there you see either A record or quad A record, now you 0:07:34.120000 --> 0:07:38.520000 know. That's either an IPB4 or an IPB6 lookup. 0:07:38.520000 --> 0:07:45.120000 Now, you might read that DNS can use both TCP and UDP. 0:07:45.120000 --> 0:07:47.400000 And so far, I've only mentioned UDP. 0:07:47.400000 --> 0:07:54.460000 So vast majority of what DNS does is UDP based between the client and 0:07:54.460000 --> 0:07:59.580000 the server. But there are many, many, many DNS servers out there. 0:07:59.580000 --> 0:08:01.160000 As a matter of fact, there's not just one. 0:08:01.160000 --> 0:08:05.140000 There's a whole cascading hierarchy of DNS servers. 0:08:05.140000 --> 0:08:10.220000 Most of the time, the DNS server you very first go to might not even know 0:08:10.220000 --> 0:08:13.740000 the answer to your question, in which case it will do like what's called 0:08:13.740000 --> 0:08:18.500000 a recursive lookup where it will query another DNS server to see if that 0:08:18.500000 --> 0:08:23.220000 one knows the name to address mappings of what you're looking for. 0:08:23.220000 --> 0:08:27.200000 That's where DNS gets really, really complicated as far as these hierarchies 0:08:27.200000 --> 0:08:31.740000 and levels of DNS and who controls each level and what each hierarchy 0:08:31.740000 --> 0:08:33.460000 or level is called. 0:08:33.460000 --> 0:08:36.440000 We're not going to get into that in this particular video, but I do want 0:08:36.440000 --> 0:08:39.480000 to make you aware it gets much more complex with that. 0:08:39.480000 --> 0:08:41.700000 So why am I bringing that up? 0:08:41.700000 --> 0:08:45.940000 Well, these DNS servers have to have the same information. 0:08:45.940000 --> 0:08:53.240000 So DNS does use TCP when one server is updating another server. 0:08:53.240000 --> 0:08:58.620000 So TCP is not used between you, the client and the DNS server. 0:08:58.620000 --> 0:09:00.540000 That's all UDP based. 0:09:00.540000 --> 0:09:03.640000 But if you've got two or three or four DNS servers and they're in the 0:09:03.640000 --> 0:09:06.660000 process of updating each other and copying their records back and forth, 0:09:06.660000 --> 0:09:10.980000 that uses TCP for that process. 0:09:10.980000 --> 0:09:14.900000 So last thing I want to show you was just a sniffer trace here and you 0:09:14.900000 --> 0:09:19.560000 can see it of a typical DNS lookup. 0:09:19.560000 --> 0:09:24.460000 So if you bring up a wire shark, if you're not familiar with wire shark, 0:09:24.460000 --> 0:09:28.160000 it's a free application you can download. 0:09:28.160000 --> 0:09:33.720000 You just go to, let's see if I can find it right here. 0:09:33.720000 --> 0:09:41.520000 You can just go to wire shark dot org, wire shark dot org, and then download 0:09:41.520000 --> 0:09:45.000000 it for whatever your platform is. 0:09:45.000000 --> 0:09:53.160000 And when you start up wire shark, you'll put like a little shark fin icon 0:09:53.160000 --> 0:09:55.800000 on your computer. 0:09:55.800000 --> 0:10:01.520000 When you start that up, first thing is you'll have to select the various, 0:10:01.520000 --> 0:10:06.420000 the interface on your laptop or PC or tablet that's operating. 0:10:06.420000 --> 0:10:09.040000 So just look here and look for the chart, the graphs, right? 0:10:09.040000 --> 0:10:12.360000 So you can see here if I zoom in a little bit, most of these are just 0:10:12.360000 --> 0:10:14.640000 flat lined, which means they're not doing anything. 0:10:14.640000 --> 0:10:18.420000 But down here my USB, my LAN, Ethernet 10, that's clearly doing something 0:10:18.420000 --> 0:10:20.580000 because he's making a graph. 0:10:20.580000 --> 0:10:26.420000 So if you just click on that or whatever yours happens to be, you can 0:10:26.420000 --> 0:10:31.140000 click on it or double click on it. 0:10:31.140000 --> 0:10:35.600000 It starts capturing every single packet that it sees. 0:10:35.600000 --> 0:10:39.220000 And if you just watch this for a while and then if you stop it, if you 0:10:39.220000 --> 0:10:48.300000 go to protocol, you can just click protocol and it'll sort it alphabetically. 0:10:48.300000 --> 0:10:51.400000 And then you can just scroll through here and look for any, now don't 0:10:51.400000 --> 0:10:54.820000 look for MDNS, that's something different. 0:10:54.820000 --> 0:10:59.640000 We just want to look for regular DNS and there might not even be any in 0:10:59.640000 --> 0:11:04.620000 here right now. We see ARP, don't see any regular DNS requests. 0:11:04.620000 --> 0:11:11.660000 But if you did see a DNS request, what it would look like would be this. 0:11:11.660000 --> 0:11:17.560000 So here we see a DNS request. 0:11:17.560000 --> 0:11:23.880000 We can see the source is whoever 10, 7, 1.40 is, destination. 0:11:23.880000 --> 0:11:27.500000 So this would be the DNS server or whoever your DNS server happens to 0:11:27.500000 --> 0:11:30.780000 be. And notice it says protocol is DNS. 0:11:30.780000 --> 0:11:33.020000 This is a standard query. 0:11:33.020000 --> 0:11:40.240000 A. So this is an A record lookup and IPB4 lookup for time.com. 0:11:40.240000 --> 0:11:48.540000 And then we get back from that guy, our response, standard query response. 0:11:48.540000 --> 0:11:50.220000 He says here it is. 0:11:50.220000 --> 0:11:52.500000 As a matter of fact, you might get more than one IP address. 0:11:52.500000 --> 0:11:58.060000 Most websites, public websites are actually hosted on more than one server 0:11:58.060000 --> 0:12:02.420000 for redundancy and location services and things of that nature. 0:12:02.420000 --> 0:12:04.720000 So here we see standard query response. 0:12:04.720000 --> 0:12:06.280000 Here's the name I looked up. 0:12:06.280000 --> 0:12:11.340000 A record. In this case, here's two IP addresses that are serving up that 0:12:11.340000 --> 0:12:13.240000 particular website. 0:12:13.240000 --> 0:12:20.520000 So that concludes this section on an introduction to DNS. 0:12:20.520000 --> 0:12:24.060000 I do, however, before this video closes out, I do want to give you some 0:12:24.060000 --> 0:12:29.240000 resources that are in the event that you want to get more information 0:12:29.240000 --> 0:12:35.100000 about DNS. So I had mentioned that DNS is very complex in how it works. 0:12:35.100000 --> 0:12:38.280000 Here at INE, we've got lots of videos on DNS. 0:12:38.280000 --> 0:12:41.520000 There's two in particular I want to draw your attention to just to go 0:12:41.520000 --> 0:12:45.240000 a bit more information if you're curious, if you want to. 0:12:45.240000 --> 0:12:48.060000 So go to our website as of the time of this recording. 0:12:48.060000 --> 0:12:51.640000 Our website is at my.ione.com. 0:12:51.640000 --> 0:12:56.080000 So there you go, my.ione.com. 0:12:56.080000 --> 0:13:00.100000 And two courses I can recommend, one, up here in the upper right where 0:13:00.100000 --> 0:13:06.600000 you enter your search query, you can enter in the search for understanding 0:13:06.600000 --> 0:13:14.680000 common. And right here, this is what you want, understanding common network 0:13:14.680000 --> 0:13:18.920000 applications. If you click on that course, understanding common network 0:13:18.920000 --> 0:13:25.560000 applications, I do have a video in here, right here on DNS. 0:13:25.560000 --> 0:13:27.880000 And that goes into a little bit more detail. 0:13:27.880000 --> 0:13:33.200000 And then if you want even more detail than that, we have another instructor, 0:13:33.200000 --> 0:13:38.220000 Peter, at our location here, who created a course which is called Cisco 0:13:38.220000 --> 0:13:45.940000 iOS infrastructure services. 0:13:45.940000 --> 0:13:49.600000 So this is the one we want here, Cisco iOS infrastructure services. 0:13:49.600000 --> 0:13:55.200000 And if you click on his course and you go down to the bottom, he also 0:13:55.200000 --> 0:13:59.020000 has an additional 20 minutes on the DNS protocol. 0:13:59.020000 --> 0:14:00.600000 And we have others as well. 0:14:00.600000 --> 0:14:06.180000 You can feel free in the search category to just search on the acronym 0:14:06.180000 --> 0:14:10.360000 DNS. And when you do that, we don't actually have any courses that have 0:14:10.360000 --> 0:14:12.400000 DNS in the title. 0:14:12.400000 --> 0:14:15.540000 But over here on the left where it says refine search, you can click on 0:14:15.540000 --> 0:14:20.780000 videos. And this will show you every video we have that has DNS in the 0:14:20.780000 --> 0:14:23.000000 title of that video. 0:14:23.000000 --> 0:14:26.720000 And you can see there are quite a few of them. 0:14:26.720000 --> 0:14:32.720000 So that concludes this video on an introduction to DNS. 0:14:32.720000 --> 0:14:33.500000 Thank you for watching.