Candidates should be able to configure DNS on a client host.
Key Knowledge Areas
- Query remote DNS servers.
- Configure local name resolution and use remote DNS servers.
- Modify the order in which name resolution is done.
- Debug errors related to name resolution
- Awareness of systemd-resolved
Terms and Utilities
We already know a lot about Domain Name System; A service which translates domain names (say yahoo.com) to IP addresses (say 126.96.36.199). A DNS server is used when you ping a server using its domain name. You have seen the config files for DNS and should know that the actual DNS server which is being used by the computer can be checked / changed (temporarily) from
$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.1.1 nameserver 188.8.131.52 $ ping x.org PING x.org (184.108.40.206) 56(84) bytes of data. 64 bytes from annarchy.freedesktop.org (220.127.116.11): icmp_seq=1 ttl=45 time=338 ms 64 bytes from annarchy.freedesktop.org (18.104.22.168): icmp_seq=2 ttl=45 time=333 ms ^C --- x.org ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 333.088/335.612/338.136/2.524 ms
This is a simple program to lookup DNS queries. This is a sample with no arguments:
$ host kernel.org kernel.org has address 22.214.171.124 kernel.org has IPv6 address 2604:1380:4641:c500::1 kernel.org mail is handled by 10 smtp1.kernel.org. kernel.org mail is handled by 10 smtp2.kernel.org. kernel.org mail is handled by 10 smtp3.kernel.org.
As you can see, the
host command returns all the records it can find for a specific domain. In this case it returns IPv4 (A), IPv6 (AAAA) and two Mail (MX) records.
if you want to check only a specific record, you can provide it via
-tswtich. So the
-t Awill only return back the IPv4 records.
dig tool is specifically build to query DNS servers. If you want to find out where x.org points to, you can do:
$ dig x.org ; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> x.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7483 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;x.org. IN A ;; ANSWER SECTION: x.org. 1625 IN A 126.96.36.199 ;; Query time: 35 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Apr 17 12:45:02 IRDT 2016 ;; MSG SIZE rcvd: 50
As you can see,
dig did an ip lookup for
x.org and told me that its IP is 188.8.131.52. The
1625 is called the TTL or Time To Live and show how many seconds this answer will be considered valid in cache. This command also tells us which server is used to query the answer (last 4 lines) and when and how long it took.
There is also a way to tell
dig command what server it should use as the DNS vi
$ dig @184.108.40.206 google.com ; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> @220.127.116.11 google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 112 IN A 18.104.22.168 google.com. 112 IN A 22.214.171.124 google.com. 112 IN A 126.96.36.199 google.com. 112 IN A 188.8.131.52 google.com. 112 IN A 184.108.40.206 google.com. 112 IN A 220.127.116.11 google.com. 112 IN A 18.104.22.168 google.com. 112 IN A 22.214.171.124 google.com. 112 IN A 126.96.36.199 google.com. 112 IN A 188.8.131.52 google.com. 112 IN A 184.108.40.206 ;; Query time: 238 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Sun Apr 17 13:03:38 IRDT 2016 ;; MSG SIZE rcvd: 215
Here I have asked dig to use
22.214.171.124 as its DNS and query
google.com. You can see that I've got more than one answer (actually much more than one answer). My computer can randomly contact any of those IPs to reach the
google.com. In other words, google.com is using more than one server/IP and
126.96.36.199 provides all of them when queried for that domain.
This file contains IP addresses and their correspondive names. This is kind of an static name resolution on your computer. Let's have a look:
$ head /etc/hosts 127.0.0.1 funlife localhost.localdomain localhost clickadu.com ::1 funlife localhost6.localdomain6 localhost6 10.159.32.155 nsproxy 172.16.12.134 linuxclass wonderland 188.8.131.52 salma 184.108.40.206 gratis.vps 192.168.59.231 mass1
This file can be changed by root and will map some domain names (localhost, mass1, gratis.vps, ...) to some IP addresses. If I ping mass1 on this computer.. lets see:
$ dig mass1 ; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> mass1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39464 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mass1. IN A ;; AUTHORITY SECTION: . 600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016041700 1800 900 604800 86400 ;; Query time: 516 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Apr 17 13:15:07 IRDT 2016 ;; MSG SIZE rcvd: 109 $ ping mass1 PING mass1 (192.168.59.231) 56(84) bytes of data. From 85-15-16-103.shatel.ir (220.127.116.11) icmp_seq=1 Packet filtered From 85-15-16-103.shatel.ir (18.104.22.168) icmp_seq=2 Packet filtered
My computer pings 192.168.59.231 when I go for mass1 even when the DNS can not find this name because that is defined in
/etc/nsswitch.conf file tells the system about the priority of lookups, password checks, .... Lets have a look to make it clear:
$ cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files sss shadow: files sss group: files sss #hosts: db files nisplus nis dns hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss publickey: nisplus automount: files sss aliases: files nisplus
On the DNS line I have
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines. This means when the system wants to find the IP address of a name, it first go for the
files (/etc/hosts) and then for mdns4_minimal and then dns and so on. In this case if I add the
facebook.com to my
/etc/hosts like this:
And then point my browser to facebook.com, my computer will try to connect to the webserver on 127.0.0.1 instead of the real IP of Facebook.
getent command is a utility to get entries from Name Service Switch libraries (read /etc/nsswitch.conf). If you want to check what is the config of your hosts, you can do as follow.
$ getent hosts 127.0.0.1 funlife localhost.localdomain localhost clickadu.com 127.0.0.1 funlife localhost6.localdomain6 localhost6 10.159.32.155 nsnproxy 172.16.12.134 linuxclass wonderland 22.214.171.124 salma 126.96.36.199 gratisvps 192.168.59.231 mass1 192.168.59.232 mass2 192.168.59.233 mass3 192.168.59.234 mass4 192.168.59.235 mass5 192.168.59.236 mass6 192.168.59.237 mass7 192.168.59.238 mass8 192.168.59.239 mass9 127.0.0.1 frctlstartupfailure localtodoer localdeliv 127.0.0.1 frctlmeth
It should be noted that the
systemd provides a DNS called
systemd-resolved. It listens for DNS requests on
127.0.0.53 and answers back after consulgint the
Read more Here about
|← 109.3 Basic network troubleshooting||110.1 Perform security administration tasks →|