Weight: 2

Candidates should be able to configure DNS on a client host.

Key Knowledge Areas

  • Query remote DNS servers.
  • Configure local name resolution and use remote DNS servers.
  • Modify the order in which name resolution is done.
  • Debug errors related to name resolution
  • Awareness of systemd-resolved

Terms and Utilities

  • /etc/hosts
  • /etc/resolv.conf
  • /etc/nsswitch.conf
  • host
  • dig
  • getent

DNS

We already know a lot about Domain Name System; A service which translates domain names (say yahoo.com) to IP addresses (say 206.190.36.45). A DNS server is used when you ping a server using its domain name. You have seen the config files for DNS and should know that the actual DNS server which is being used by the computer can be checked / changed (temporarily) from /etc/resolv.conf:

$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 4.2.2.4

$ ping x.org
PING x.org (131.252.210.176) 56(84) bytes of data.
64 bytes from annarchy.freedesktop.org (131.252.210.176): icmp_seq=1 ttl=45 time=338 ms
64 bytes from  annarchy.freedesktop.org (131.252.210.176): icmp_seq=2 ttl=45 time=333 ms
^C
--- x.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 333.088/335.612/338.136/2.524 ms

host

This is a simple program to lookup DNS queries. This is a sample with no arguments:

$ host kernel.org
kernel.org has address 139.178.84.217
kernel.org has IPv6 address 2604:1380:4641:c500::1
kernel.org mail is handled by 10 smtp1.kernel.org.
kernel.org mail is handled by 10 smtp2.kernel.org.
kernel.org mail is handled by 10 smtp3.kernel.org.

As you can see, the host command returns all the records it can find for a specific domain. In this case it returns IPv4 (A), IPv6 (AAAA) and two Mail (MX) records.

if you want to check only a specific record, you can provide it via -t swtich. So the -t A will only return back the IPv4 records.

dig

The dig tool is specifically build to query DNS servers. If you want to find out where x.org points to, you can do:

$ dig x.org

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> x.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7483
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;x.org.                IN    A

;; ANSWER SECTION:
x.org.            1625    IN    A    131.252.210.176

;; Query time: 35 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 12:45:02 IRDT 2016
;; MSG SIZE  rcvd: 50

As you can see, dig did an ip lookup for x.org and told me that its IP is 131.252.210.176. The 1625 is called the TTL or Time To Live and show how many seconds this answer will be considered valid in cache. This command also tells us which server is used to query the answer (last 4 lines) and when and how long it took.

There is also a way to tell dig command what server it should use as the DNS vi @<DNS-SERVER>:

$ dig @8.8.8.8 google.com

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        112    IN    A    173.194.32.133
google.com.        112    IN    A    173.194.32.136
google.com.        112    IN    A    173.194.32.132
google.com.        112    IN    A    173.194.32.129
google.com.        112    IN    A    173.194.32.137
google.com.        112    IN    A    173.194.32.130
google.com.        112    IN    A    173.194.32.134
google.com.        112    IN    A    173.194.32.135
google.com.        112    IN    A    173.194.32.128
google.com.        112    IN    A    173.194.32.131
google.com.        112    IN    A    173.194.32.142

;; Query time: 238 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 17 13:03:38 IRDT 2016
;; MSG SIZE  rcvd: 215

Here I have asked dig to use 8.8.8.8 as its DNS and query google.com. You can see that I've got more than one answer (actually much more than one answer). My computer can randomly contact any of those IPs to reach the google.com. In other words, google.com is using more than one server/IP and 8.8.8.8 provides all of them when queried for that domain.

/etc/hosts

This file contains IP addresses and their correspondive names. This is kind of an static name resolution on your computer. Let's have a look:

$ head /etc/hosts
127.0.0.1    funlife localhost.localdomain    localhost clickadu.com
::1    funlife localhost6.localdomain6    localhost6

10.159.32.155 nsproxy
172.16.12.134 linuxclass wonderland
193.40.12.135 salma

87.106.233.90 gratis.vps

192.168.59.231 mass1

This file can be changed by root and will map some domain names (localhost, mass1, gratis.vps, ...) to some IP addresses. If I ping mass1 on this computer.. lets see:

$ dig mass1

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> mass1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39464
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mass1.                IN    A

;; AUTHORITY SECTION:
.            600    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016041700 1800 900 604800 86400

;; Query time: 516 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 13:15:07 IRDT 2016
;; MSG SIZE  rcvd: 109

$ ping mass1
PING mass1 (192.168.59.231) 56(84) bytes of data.
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=1 Packet filtered
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=2 Packet filtered

My computer pings 192.168.59.231 when I go for mass1 even when the DNS can not find this name because that is defined in /etc/hosts.

nsswitch

The /etc/nsswitch.conf file tells the system about the priority of lookups, password checks, .... Lets have a look to make it clear:

$ cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#    nisplus            Use NIS+ (NIS version 3)
#    nis            Use NIS (NIS version 2), also called YP
#    dns            Use DNS (Domain Name Service)
#    files            Use the local files
#    db            Use the local database (.db) files
#    compat            Use NIS on compat mode
#    hesiod            Use Hesiod for user lookups
#    [NOTFOUND=return]    Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss

#hosts:     db files nisplus nis dns
hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files sss
aliases:    files nisplus

On the DNS line I have hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines. This means when the system wants to find the IP address of a name, it first go for the files (/etc/hosts) and then for mdns4_minimal and then dns and so on. In this case if I add the facebook.com to my /etc/hosts like this:

127.0.0.1 facebook.com

And then point my browser to facebook.com, my computer will try to connect to the webserver on 127.0.0.1 instead of the real IP of Facebook.

getent

The getent command is a utility to get entries from Name Service Switch libraries (read /etc/nsswitch.conf). If you want to check what is the config of your hosts, you can do as follow.

$ getent hosts
127.0.0.1       funlife localhost.localdomain localhost clickadu.com
127.0.0.1       funlife localhost6.localdomain6 localhost6
10.159.32.155   nsnproxy
172.16.12.134   linuxclass wonderland
193.40.12.135   salma
87.106.233.90   gratisvps
192.168.59.231  mass1
192.168.59.232  mass2
192.168.59.233  mass3
192.168.59.234  mass4
192.168.59.235  mass5
192.168.59.236  mass6
192.168.59.237  mass7
192.168.59.238  mass8
192.168.59.239  mass9
127.0.0.1       frctlstartupfailure localtodoer localdeliv
127.0.0.1       frctlmeth

systemd-resolved

It should be noted that the systemd provides a DNS called systemd-resolved. It listens for DNS requests on 127.0.0.53 and answers back after consulgint the /etc/systemd/resolv.conf or /etc/resolv.conf.

Read more Here about systemd-resolved.


← 109.3 Basic network troubleshooting
Chapter List
110.1 Perform security administration tasks →

Category

LPIC1

Tags

Contact