DNS
In this tutorial, we are going to discuss about DNS in Linux for the absolute beginners. We will discuss the basic concepts and view some commands that will help us explore DNS configuration on hosts, specifically Linux source.
We have two computers A and B. Both part of the same network and they have been assigned with IP addresses 192.168.1.10 and 192.168.1.11.
You are able to ping one computer from the other using the other computers IP address.
$ ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11) 56(84) bytes of data.
64 bytes from 192.168.1.11: icmp_seq=1 ttl=253 time=269 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=253 time=261 ms
64 bytes from 192.168.1.11: icmp_seq=3 ttl=253 time=325 ms
64 bytes from 192.168.1.11: icmp_seq=4 ttl=253 time=347 ms
You know that system B has database services on them. So instead of having to remember the IP address of the system B, you decide to give it a name db.
Going forward you would like to ping system B using the name db instead of its IP address if you tried to ping db now, you would see that host it is unaware of a host named db.
$ ping db
ping: db: Name or service not known
So how do you fix above issue? Basically, you want to tell system A, that system B at IP address 192.168.1.11 has a name db. You want to tell system A that when I say db I mean the IP 192.18.1.11.
Hosts file
You can do this by adding an entry into the /etc/hosts file on system A. Mention the IP address and the name you want your host to see system B.
cat >> /etc/hosts
192.168.1.11 db
As we discussed previously system A that the IP at 192.168.1.11 is a host named db. Pings to db. now get sent to the correct IP and are successful.
$ ping db
PING db (192.168.1.11) 56(84) bytes of data.
64 bytes from db (192.168.1.11): icmp_seq=1 ttl=253 time=269 ms
64 bytes from db (192.168.1.11): icmp_seq=2 ttl=253 time=261 ms
64 bytes from db (192.168.1.11): icmp_seq=3 ttl=253 time=325 ms
64 bytes from db (192.168.1.11): icmp_seq=4 ttl=253 time=347 ms
Now, there is an important point to note here with all system a that the IP at 192.168.1.11 is a host named db. Host A takes that for granted.
Whatever we put in the /etc/hosts file is the source of truth for Host A But that need not be the truth. Host A does not check to make sure if system B’s actual name is db. For instance, running a hostname command on system B reveals that it is named node02.
But host A doesn’t care. It goes by what’s in the hosts file. You can even fool system A to believing that system B is Quora just an entry into the host file with an IP mapping to www.quora.com. Then ping quora and you will get a response from system B.
So we have two names pointing to the same system. One as db and another as quora. And we can use either names to reach system B. You can have as many names as you want for as many servers as you want in the etc hosts file.
Name Resolution
Every time we reference another host by its name, from Host A, through a ping command or ssh command or through any of the applications or tools within this system, it looks into its /etc/hosts file to find out the IP address of that host translating hostname to IP address. This way is known as name resolution.
Within a small network of few systems you can easily get away with the entries in the /etc/hosts file. On each system, I specify which are the other systems in the environment. And that’s how it was done in the past. Until the environment grew and these files got filled with too many entries and managing these became too hard.
DNS
If one of the servers IP changed you would need to modify the entries in all of these hosts and that’s where we decided to move all these entries into a single server who will manage it centrally. We call that our DNS server and then we point all host to look up that server if they need to resolve the hostname to an IP address instead of its own /etc/hosts files.
So how do we do that? How do we point our host to a DNS server? Our DNS server has the IP 192.168.1.100. Every host has a DNS resolution configuration file at /etc/resolv.conf.
Nameserver
You add an entry into it specifying the address of the DNS server. We say nameserver and point it to 192.168.1.100 And that should be it.
cat /etc/resolv.conf
nameserver 192.168.1.100
Once this is configured on all of your host every time a host comes up across a hostname that it does not know about it looks it up from the DNS server.
If the IP of any of the host was to change it simply update the DNS server and all host should resolve the new IP address going forward.
So you no longer need any entries in the /etc/hosts file in any of the hosts. But that does not mean you can’t have entries in host file. You still can. For example say you were to provision a test server for your own needs. You don’t think others would need to resolve the server by its name so it need not be added to the DNS server.
In that case you can add an entry into your host /etc/host file to resolve the server. You can now resolve the server however no other system will be able to do that.
So a system is able to use hostname to IP mapping from the /etc/hosts file locally as well as from a remote DNS server.
What if you have an entry in both places? One in your /etc/hosts file and another in DNS? I have an entry in my local file set to 192.168.1.115 and someone added an entry for the same host name (in this case test) to 192.168.1.116 on the DNS server.
cat /etc/hosts
192.168.1.115 test
In DNS server
192.168.1.60 db
192.168.1.61 nfs
192.168.1.62 redis
192.168.1.63 web
192.168.1.116 test
DNS Resolution order
In above case, the host first looks in the local /etc/hosts file and then looks at the nameserver. So if it finds the entry in the local /etc/hosts file it uses that, if not it looks for that host in the DNS server.
To change the order of DNS resolution, we need to do changes into the /etc/nsswitch.conf
file.
$ cat /etc/nsswitch.conf
hosts: files dns
networks: files
The line with the host entry as you can see the order is first files and then followed by DNS files refers to the host file and DNS refers to the DNS server.
So for every hostname the host first looks into the /etc/hosts file and if it cannot find it there it then looks at the DNS server.
What if you tried to ping a server that is not in either list. For example, I try and ping www.waytoeasylearn.com. I don’t have waytoeasylearn.com in my /etc/hosts file and then I don’t have it in my DNS server either. So in this case it will fail.
You can add another entry into a /etc/resolv.conf file to point to a name server that knows Waytoeasylearn. For example a 8.8.8.8 is a common well known public nameserver available on the internet hosted by google that knows about all Web sites on the Internet.
$ cat /etc/resolv.conf
nameserver 192.168.1.100
nameserver 8.8.8.8
You can have multiple name servers like this configured on your host but then you will have to configure that on all your hosts in your network.
So you already have a name server within your network configured on all the hosts. So in that case you can configure the DNS server itself to forward any unknown host names to the public name server on the Internet.
cat /etc/resolv.conf
nameserver 192.168.1.100
192.168.1.60 db
192.168.1.61 nfs
192.168.1.62 redis
192.168.1.63 web
192.168.1.116 test
Forward all to 8.8.8.8
You should not be able to ping external sites such as waytoeasylearn.com.
Domain Names
Until now we’ve been just trying to reach systems with their names like nfs, db, nfs etc. But we just try to ping www.waytoeasylearn.com. What is this name with a www and .com at the end. It is called a domain name and it is how IP is translate to names that we can remember on the public internet. Just like how we did for our hosts.
Now the reason they’re in this format separated by dots is to group like things together. The last portion of the domain name .com, .net, .edu, .org, .io etc. are the top level domains that represent the intent of the website.
The “com” in the .com domain name indicates a “commercial” site. This can cover business websites, websites that want to make money online, personal websites, blogs, portfolios, and more.
“net” in the .net domain name extension stands for “network”. It was designed for the internet, networking, and email service providers.
The “org” in the .org, that stands for “organization” and was originally intended for use by nonprofit organizations.
Let’s look at one in particular. In Google’s case the . is the route that’s where everything starts .com is a top level domain Google is the domain name assigned to Google and www is a subdomain.
Subdomain
The subdomains help in further grouping things together under Google. For example, Google’s map service is available at maps.google.com. So maps is a subdomain. Google’s storage service is available at drive.google.com. So drive is a subdomain. Mobile apps are available at apps.google.com. So apps is a subdomain. Google’s email service are available at mail.google.com. So mail is a subdomain.
You can further divide each of these into as many subdomains based on your needs. So you begin to see a tree structure forming.
When you try to reach any of these domain names say apps.google.com from within your organization, your request first hits your organization’s internal DNS server. It doesn’t know who apps.google is. So it forwards your request to the Internet.
On the Internet the IP address of the server serving apps.google.com may be resolved with the help of multiple DNS servers and root DNS server looks at your request and points you to a DNS server serving .coms.
A .com DNS server looks at your request and forwards you to Google and Google’s DNS server provides you the IP of the server serving the app’s applications.
In order to speed up all future results, the organization’s DNS server may choose to cache this IP for a period of time typically a few seconds to a few minutes. That way it doesn’t have to go through the whole process again each time. So that was out in the public. What about your organization?
Your organization can have a similar structure too. For example your organization could be called as mycomputer.com and have multiple subdomains for each purpose.
The www for external facing web site mail.mycompany.com for accessing your organization’s mail. drive for accessing storage, pay for accessing payroll application, hr for accessing hr application etc. All of these are configured in your organization’s internal DNS server.
Search Domain
The reason we discussed all of these is to understand another entry in the /etc/resolv.conf file. Remember this is the file where we configured the DNS server to be used for our host. With that we were able to resolve servers in your organization with just their names like web.
We have now introduced more standard domain names like web.mycompany.com or db.mycompany.com etc. Now when you ping web you can no longer get a response. Of course this is because we are trying to ping web but there is no record for by the name web on my DNS server. Instead it is web.mycompany.com. So you have to use web.mycompany.com.
Now I can understand if someone outside or company wants to access our Web server. He would have to use web.mycompany.com. But within our company your own company you want to simply address the web server by its first name web. Just like how you address other members in your family simply by their first names which is not the case when someone outside your family addresses them using their full names.
So what do you do to configure web to resolve my web.mycompany.com. You want to say when I say web I mean web.mycompany.com. For that you make an entry into your hosts /etc/resolve.conf file called Search and specify the domain name you want to append.
192.168.1.10 web.mycompany.com
192.168.1.11 db.mycompany.com
192.168.1.12 nfs.mycompany.com
192.168.1.13 sql.mycompany.com
192.168.1.14 redis.mycompany.com
cat /etc/resolv.conf
nameserver 192.168.1.100
search mycompany.com
Next time you try to ping web you will see it actually tries web.mycompany.com. Now your host is intelligent enough to exclude the search domain if you specified a domain in your query.
You may also provide additional search domains like this so it would mean when I say web I mean web.mycompany.com or web.prod.mycompany.com.
So your host would try searching all of these domain name when you look for a hostname.
cat /etc/resolv.conf
nameserver 192.168.1.100
search mycompany.com prod.mycompany.com
Record Types
So how are the records stored in the DNS server? We know that it stores IP to host names that’s known as A records storing IPV 6 to host names is known as quad A record (AAAA record). Mapping one name to another name is called CNAME records.
For example you may have multiple aliases for the same application like a food delivery service may also be reached at eat or hungry. That’s where a CNAME records use name to name mapping. There are many more but that’s all we’re going to discuss at for now.
nslookup
Ping may not always be the right tool to test DNS resolution. There are a few other tools as well such as nslookup. You can use nslookup to query a hostname from a DNS server.
$ nslookup www.google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.google.com
Address: 142.250.195.68
Name: www.google.com
Address: 2404:6800:4002:804::2004
But remember nslookup does not consider the entries in the local /etc/hosts file. So if you add an entry into the local /etc/hosts file for your web application and if you tried to do an as lookup for that Web application it is not going to find it.
The entry for your web application has to be present in your DNS server and its lookup only queries the DNS server. The same goes with dig tool.
dig
dig is another useful tool to test DNS name resolution. It returns more details in a similar form as is stored on the server.
$ dig www.google.com
; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52924
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 194 IN A 142.250.193.100
;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May 06 16:03:48 IST 2021
;; MSG SIZE rcvd: 59