DNS in Linux

• Let’s say we have 2 computers A (192.168.1.10) and B (192.168.1.11) connected with a common network.

  

• To check the connectivity between this two servers, we can run ping command on on computer (A) to the other using other computers IP address (B).

    $ ping 192.168.1.11                                    # running this command on computer A
    Reply from 192.168.1.11: bytes=32 time=4ms TTL=117     # output
    Reply from 192.168.1.11: bytes=32 time=4ms TTL=117
  

• Next, we decide to give a name db to computer B. So going forward, we would like to ping system B using the name db instead of its IP address.

• If we try to run ping db command, we’d get an error because system A is unaware of system B named db.

    $ ping db                     # command
    ping: unknown host db         # output
  

• To fix this, we have to tell system A that system B with IP address 192.168.1.11 has a name db. And we can do this by adding an entry in /etc/hosts file on system A like below.

    $ cat >> /etc/hosts
    192.168.1.11         db
  

• Now, if we run ping db command, it get sent to the correct IP i.e. system B.

    $ ping db
    PING db (192.168.1.11) 56 (84) bytes of data.
    64 bytes from db (192.168.1.11): icmp_seq=1 ttl=64 time=0.052ms
    64 bytes from db (192.168.1.11): icmp_seq=2 ttl=64 time=0.079ms
  

• Note:

  • We have tell system A that the IP 192.168.1.11 is having a name db and system A takes that for granted.

  • Meaning whatever we put in /etc/hosts file is the source of truth for host A but that need not be the truth.

  • Host A does not check whether host B’s actual name is db or not.

  • Meaning, if we run hostname command on host B, it reveals its name as host-2 but host A doesn’t care. It goes by what’s in the host file.

• We can have something like below:

    $ cat >> /etc/hosts
    192.168.1.11         db
    192.168.1.11         ww.google.com
  

  Host A considers that everything mentioned in its hosts file it true, because of this we can use either of db or www.google.com to ping host B.

Name Resolution

• Every time we reference another host (B) by its name from host A through ping, ssh command or through any of the applications or tools within the system, it looks into its /etc/hosts file to find out the IP address of that host.

• Translating hostname to IP address this way it known as Name Resolution.

DNS Server

• With a small network consisting of few systems, the above method of adding the entries (IP and hostname) in each of the systems /etc/hosts file is feasible and works fine.

• But as the environment grows, we will have to maintain each systems /etc/hosts file individually and if there is any new addition or change, we have to make this change in every systems hosts file which is not feasible.

• To tackle this, we move this entries at a centrally managed location/file know as DNS Server, also know as Nameserver.

• Then, we point all the systems to look up this DNS server if they need to resolve the hostname to an IP address instead of its own /etc/hosts file.

• To point the system to the DNS server (having IP 192.168.1.100), there is /etc/resolv.conf file know as DNS Configuration File present on each system.

• We just have to add an entry into this file specifying the address of the DNS server.

    $ cat >> /etc/resolv.conf
    nameserver     192.168.1.100           # dns server IP
  

• A system is able to use hostname to IP mapping the hosts file locally as well as from a remote DNS server.

• If we entries in both the files (/etc/hosts and /etc/resolv.conf), the system first looks in the local /etc/hosts file and then at the nameserver (/etc/resolv.conf).

• This order can be changed by editing the entry in /etc/nsswitch.conf file.

    $ cat >> /etc/nsswitch.conf
    hosts:    files dns             # files refers to /etc/hosts file
    ---
  

• If we try to ping a server or system that is not on either list, we get an error.

    $ ping www.facebook.com
    ping: www.facebook.com: Temporary failure in name resolution
  

• To tackle this, we can add another entry in /etc/resolv.conf file to point to a nameserver that knows Facebook. 8.8.8.8 is a public nameserver available on the internet hosted by Google that knows about almost all websites on the internet.

    $ cat >> /etc/resolv.conf
    nameserver     192.168.1.100           # dns server IP
    nameserver     8.8.8.8                 # dns server hosted by Google
  

• As we already have DNS server (192.168.1.100) configured for our network, so we can move the entry into that DNS server to forward any unknown hostnames to the public nameserver on the internet.

    192.168.1.10    web
    192.168.1.11    db
    ...
    Forward All to 8.8.8.8
  

Domain Names

• A domain name is a human-readable address used to identify resources on the internet or a network, such as websites, servers, or services.

• The Domain Name System (DNS) translates domain names into IP addresses, enabling seamless communication between systems.

• For example:

  • Domain Name: www.example.com

  • IP Address: 192.168.1.1

Structure of a Domain Name

• Domain names follow a hierarchical structure, divided into multiple parts separated by dots (.).

• Example: www.example.com

  1. Top-Level Domain (TLD):

     • The last part of the domain (.com, .org, .net, .edu, .io).

     • Indicates the type or purpose of the domain.

  2. Second-Level Domain (SLD) / Domain Name:

     • The name before the TLD (example).

     • Represents the organization or entity owning the domain.

  3. Subdomain:

     • The prefix (www), often used to specify a particular service or section of a website.

Flow

• When we try to reach for example apps.google.com within our organization, the request first hits the organization’s internal DNS server.

• It doesn’t know who apps or google is, as we don’t have an entry in organization’s hosts file. It then forward the request to the internet.

• On the internet, the IP address of the server serving apps.google.com may be resolved with the help of multiple DNS servers.

• A Root DNS server look at the request and point to a DNS serving .com.

• A .com DNS server looks at the request and forwards it to Google’s DNS server.

• And finally Google’s DNS server provides the IP of the server serving applications.

Search Domain

• A search domain is a domain name that the system appends to an unqualified hostname when performing DNS lookups.

• This allows users to access resources within a specific domain without typing the full domain name.

How Search Domains Work

• When a search domain is configured, the system automatically appends it to hostnames that do not include a domain and attempts to resolve them.

• For example:

  • Search domain: example.com

  • Unqualified hostname: web

  • The system appends the search domain, making it web.example.com, and then performs the DNS query.

Configuring Search Domains

• Search domains are specified in the /etc/resolv.conf file.

• We can specify multiple search domains by listing them in the search entry.

    nameserver 8.8.8.8
    search example.com subdomain.example.com anotherdomain.com
  

  • When resolving a hostname like server1, the system will try the following in order:

    1. server1.example.com

    2. server1.subdomain.example.com

    3. server1.anotherdomain.com

Record Types

• A DNS record is an entry in the Domain Name System (DNS) Server that provides information about a domain name, such as its corresponding hostname, IP address, or other details.

• DNS records are stored in zone files on authoritative DNS servers.

• Record types refer to the various types of entries in DNS zones.

  1. A Record (Address Record)

     • Maps a domain name to an IPv4 address.

         example.com   IN   A   192.168.1.1
       

  2. AAAA Record (IPv6 Address Record)

     • Maps a domain name to an IPv6 address.

         example.com   IN   AAAA   2001:db8::1
       

  3. CNAME Record (Canonical Name Record)

     • Creates an alias for another domain name.

         www.example.com   IN   CNAME   example.com
       

Commands

• nslookup: To query a hostname from a DNS server. It does not consider the entries in the local /etc/hosts file.

    $ nslookup www.google.com        # command
    Server: 8.8.8.8                  # output
    Address: 8.8.8.8#53
    Non-authoritative answer:
    Name: www.google.com
    Address: 172.217.0.132
  

• dig: Tool to test DNS resolution (same as nslookup). It returns more details in a similar form as is stored on the server.

    $ dig www.google.com                                                        # command
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com                             # output
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28065
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;www.google.com. IN A
    ;; ANSWER SECTION:
    www.google.com. 245 IN A 64.233.177.103
    www.google.com. 245 IN A 64.233.177.105
    www.google.com. 245 IN A 64.233.177.147
    www.google.com. 245 IN A 64.233.177.106
    www.google.com. 245 IN A 64.233.177.104
    www.google.com. 245 IN A 64.233.177.99
    ;; Query time: 5 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sun Mar 24 04:34:33 UTC 2019
    ;; MSG SIZE rcvd: 139
  

---

Switching and Routing

Switching

• We have 2 computers, A and B. We connect them to a switch so that they system A can reach system B and vice-versa.

• The switch create a network containing this 2 systems (A and B).

• To connect the systems to a switch, there is a need of an interface of each system, physical or virtual depending of the type of host.

• To see the interfaces on the host, we can make use of ip link command.

    $ ip link  
    eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode
    DEFAULT group default qlen 1000
  

• Assume that the network is having the IP address 192.168.1.0, we then assign the systems with IP addresses on the same network using ip addr add <ip/range> dev <interface> command.

• To connect to the switch we use ip addr add command.

    $ ip addr add 192.168.1.10/24 dev eth0
  

• After this, the systems can now communicate with each other through the switch.

• Switching helps to connect the interface within same network.

  

Routing

• Assume we have another network (192.168.2.0) containing systems C and D.

• The switch will not be able to help to reach the system (B) in one network to the system (C) other network.

• This is where router is use to connect the two separate networks together. It is just like an another server with many network ports.

• Since it connects to the two separate networks, it gets two IPs assigned, one on each network.

  

Gateway or Route

• When system B tries to send a packet to system C, it does not know the location of the router on the network to send the packet through.

• To tackle this issue, we configure the systems with a gateway or a route.

• To see the existing routing table configuration (on system B) run the route command. It displays the Kernel’s routing table.

    $ route
  
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
  

• To configure a gateway on system B to reach the systems on another network (192.168.2.0), we have ip route add <network-ip> via <router-ip> command.

    $ ip route add 192.168.2.0/24 via 192.168.1.1
  

    $ route
  
    Kernel IP routing table
    Destination   Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    192.168.2.0   192.168.1.1   255.255.255.0   UG      0        0     0     eth0
  

• This needs to be configured on all systems. For ex, if system C wants to send a packet to system B, for that also we need to add a route on system C’s routing table like above.

    $ ip route add 192.168.1.0/24 via 192.168.2.1
  

    $ route
  
    Kernel IP routing table
    Destination   Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    192.168.1.0   192.168.2.1   255.255.255.0   UG      0        0     0     eth0
  

  

Default Gateway

• Suppose the systems need access of a website with IP 172.217.194.0 hosted on the internet.

• So firstly, we connect the router to the internet and then add a new route in the system’s routing table to route all traffic to the network 192.217.194.0 through the router.

    $ ip route add 172.217.194.0/24 via 192.168.2.1
  

    $ route
  
    Kernel IP routing table
    Destination     Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    192.168.1.0     192.168.2.1   255.255.255.0   UG      0        0     0     eth0
    172.217.194.0   192.168.2.1   255.255.255.0   UG      0        0     0     eth0
  

• Instead of adding a routing table entry with the same routers IP address for each of those networks, we can add an entry for any network that we are not aware of where to route to, use this router as the default gateway.

  

• This way, any request to any network outside of the existing network goes to this particular router.

    $ ip route add default via 192.168.2.1
  

  We can use 0.0.0.0 instead of default.

    $ route
  
    Kernel IP routing table
    Destination   Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    192.168.1.0   192.168.2.1   255.255.255.0   UG      0        0     0     eth0
    0.0.0.0       192.168.2.1   255.255.255.0   UG      0        0     0     eth0
  

• 0.0.0.0 entry in the Gateway field, indicates that there is no need of a gateway.

    $ route
  
    Kernel IP routing table
    Destination   Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    0.0.0.0       192.168.2.1   255.255.255.0   UG      0        0     0     eth0
    192.168.2.0   0.0.0.0       255.255.255.0   UG      0        0     0     eth0
  

  For ex, for system C to access any device in the network 192.168.2.0, it doesn’t need a gateway because it is in its own network.

• If we have multiple routers in our network, one for the internet and another for the internal private networks, then will need to have two separate entries for each network.

    $ route
  
    Kernel IP routing table
    Destination   Gateway       Genmask         Flags   Metric   Ref   Use   Iface
    default       192.168.2.1   255.255.255.0   UG      0        0     0     eth0
    192.168.1.0   192.168.2.2   255.255.255.0   UG      0        0     0     eth0
  

  

Commands

Changes made using these commands are only valid till a system restart. To persist these changes, set them in /etc/network/interfaces file.

• ip link: To list and modify interfaces on the host.

• ip addr: To see the IP addresses assigned to the interfaces.

• ip addr add: To set IP addresses on the interfaces.

• ip route or route: To view the routing table.

• ip route add: To add entries into the routing table.

• ip route del <route>: To delete entry in routing table.

• ip link set dev <interface> up: To bring up the interface.

---

Troubleshooting Networking

• If we have a server hosted somewhere like (example.com) and get error like ‘The site can’t be reached’ or something else, this can happen because of variety of reasons.

  1. The system’s (from which we are trying to access the site) local interface not being connected to the network.

  2. The host not resolving the IP address of the hostname (issue with name resolution).

  3. The missing route entry in routing table.

  4. The DNS server is not reachable or having connectivity issue.

  5. The application is not up.

Summary of Troubleshooting Steps

1. Verify network interfaces (both local machine and server hosting the application):

   • List available network interfaces:

       $ ip link show
     

     • Alternatively, use ifconfig:

         $ ifconfig
       

   • Verify if the interface is up: Look for UP in the output. If the interface is down, bring it up with:

       sudo ip link set <interface> up
     

2. Verify/Check DNS Configuration and resolution:

   • Check DNS settings: Verify the /etc/resolv.conf file contains the correct DNS server addresses:

       $ cat /etc/resolv.conf
     

   • Test DNS resolution: Use dig or nslookup to check if DNS is resolving correctly:

       $ nslookup example-repo
     
       Server:     192.168.1.100             # dns server IP
       Address:    192.168.1.100
       Non-authoritative answer:
       Name: example-repo
       Address: 192.168.2.5                  # IP address of hostname (example-repo)
     

   • If DNS is not working, you can set it manually: Edit /etc/resolv.conf or configure DNS servers using your network manager.

3. Perform ping and connectivity tests:

    ping example-repo
   

4. Check route:

   • View the number of hops or devices between the source (local machine and repo server): Use traceroute command.

       $ traceroute 192.168.2.5
     
       Tracing route to example-repo [192.168.2.5] over a maximom of 30 hops:
       1    <1 ms    <1 ms    <1 ms    192.168.1.1
       2    <2 ms    <1 ms    <1 ms    192.168.2.1
       3      *        *        *      Request timed out.
     

     Output shows there are 2 routers. The request timeout out between the second router and the server ( issue persist here).

5. Check routing table and correct routes:

   • Verify the routing table:
     Use the following to check if routing rules are correct:

       $ ip route show
     

   • If there's a routing issue (e.g., missing routes), add necessary routes:

       $ sudo ip route add <destination_network> via <gateway_ip>
     

6. Check Application Services:

   • Checks if the HTTP/HTTPS process is running on specific port or not (here 80).

   • netstat: Use to print the information of network connections, routing tables and several other network statistics.

       $ netstat -an | grep 80 | grep -i LISTEN
     
       tcp6    0    0 :::80    :::*    LISTEN
     

7. Ensure correct gateway settings.

8. Test network interface link status.

9. Check routing table and correct routes.

---