Domain information and DNS

Domain information and DNS

When we need information about a domain, for example, google.com, we can use the “nslookup” command on Linux, windows, and Mac_os

 

 

 

By executing the command

nslookup google.com

we get the following information even if not all “machines” provide the exact same answer (then we’ll see why it happens)

Server: 192.168.1.254
Address: 192.168.1.254 # 53

Non-authoritative answer:
Name: google.com
Address: 216.58.205.46

What the meaning of all those lines?
Where is this information?

Server: 192.168.1.254

192.168.1.254 is the address of the server to which our computer asks for information about the domain.
This IP address provides a service to respond to this type of queries (in a subsequent article we will see how)

Usually, if we have a home connection that is the IP address of our “router” (or what some people call “modem” inappropriately)

Address: 192.168.1.254 # 53

The IP address 192.168.1.254 of the “DNS” service which gives back the information via the port 53 “

Non-authoritative answer:

This means that our DNS on 192.168.1.254 (at the door) gives us an answer but non-authoritative, which is good anyway 🙂 the non-authoritative response is

Name: google.com
Address: 216.58.205.46

This answer should not require clarification.
All computers on the Internet can be reached not by their name but by their IP then the computer google.com and on ‘IP 216.58.205.46.

Now let’s take a small step forward and add a parameter to the nslookup command and launch

nslookup -q = ns google.com

-q = stands for query
ns stands for name server

the answer is now

Server: 188 165 200 114
Address: 188 165 200 114 # 53

Non-authoritative answer:
google.com nameserver = ns4.google.com.
google.com nameserver = ns3.google.com.
google.com nameserver = ns2.google.com.
google.com nameserver = ns1.google.com.

Authoritative answers can be found from:
ns1.google.com internet address = 216.239.32.10
ns1.google.com has AAAA address 2001: 4860: 4802: 32 :: a
ns2.google.com internet address = 216.239.34.10
ns2.google.com has AAAA address 2001: 4860: 4802: 34 :: a
ns3.google.com internet address = 216.239.36.10
ns3.google.com has AAAA address 2001: 4860: 4802: 36 :: a
ns4.google.com internet address = 216.239.38.10
ns4.google.com has AAAA address 2001: 4860: 4802: 38 :: a

now the thing is complicated apparently but it makes a fundamental thing clearer.

If you query the domain via an authoritative dsn :

You’ll get back :
Server: ns4.google.com
Address: 216.239.38.10#53
Name: google.com
Address: 216.58.205.46
The message “Non-authoritative answer:”  it’s not longer showed since ns4.google.com is an authoritative server for google.com

“Where Authoritative answers can be found from:”

How to check DNS propagation?

How to check DNS propagation?

The propagation of DNS is a progressive and non-linear phenomenon, as such, + very difficult to predict and to monitor.

There are online tools that allow us.

The propagation of DNS is a progressive and non-linear phenomenon, as such, + very difficult to predict and to monitor.

There are online tools that allow us – in broad terms – to do so, comparing the data reported on some DNS servers around the world and comparing them with those of the “root server”, or DNS authoritative servers.

The main tools that can be used for this purpose are:

  • viewdns.info/propagation/
  • host-tracker.com
  • intodns.com

Not all DNS servers update as they should!

Unfortunately, individual DNS servers are left to the discretion of their provider.

It, therefore, happens that, in some cases, they are poorly configured, and therefore do not update with the due frequency.

For example, some providers update some of their DNS servers only once a week; so users who use those DNS servers of this provider “will discover” the new configuration only after a few days … (up to seven, depending on whether you were lucky enough to do so on the eve of the update or the day after …)

HOW DNS works and is propagated

Authoritative vs. Recursive DNS Servers

Authoritative name servers provide DNS record information and usually, they are hosted by a provider or domain register.
Recursive name servers are the server deputed to connect authoritative servers and end-users because they have to “climb” the DNS tree to get the proper authoritative name server and collect the DSN information required.

Recursive servers are mainly referred to as resolving servers, and often your ISP (Internet Service Provider) or specialty resolving DNS providers.

Usually, these servers use to cache DNS record information, so a lot of queries related to some popular domains never end up reaching the authoritative name servers.

Obviously, If a domain’s record is not cached, then the resolving server will “climb” the DNS tree up to the authoritative server for the domain’s record.

The DNS Tree

a name server (DNS server) answers to the question: “Which is the IP related to this domain?” it’s a repository where the domain is mapped with an IP, but it doesn’t mean all these information is stored in a single server.

They are actually distributed worldwide. These nameservers, named the root nameservers, store only the locations of the TLD (top level domains).

TLD’s are the three characters that you usually see at the end of a domain such as .com, .net and so on..
Every TLD has their own set of nameservers that is used to store the information that says who is authoritative for storing the DNS records for that domain.

Usually, the authoritative nameserver is the DNS provider or the DNS registrar.

AUTHORITATIVE DNS and NON-AUTHORITATIVE

We can register a domain name and purchase a hosting service separately.
We can then register the domain name with any company and choose the server that hosts our web pages at any other company.
If we want everything to work properly we need to link the domain name to the server hosting the site.
To do this you need to configure the servers dedicated to DNS.
The servers dedicated to DNS are computers that host the DNS (Domain Name System), a database created to convert the text domain name into a numerical code (IP address) that is understandable to the machines and essential for computers on the network to communicate with each other.
By setting up DNS correctly, you can link our domain name to the server that hosts our website.
When registering a domain and requesting a hosting service from the same company, we do not have to worry about DNS because it does all the service provider.
The Name Servers of company A from which we registered the domain are said to be authoritative for that domain.

The authoritative term indicates competence, not a hierarchical priority order.

DNS databases that are located within those servers are DNS authoritative.
Authoritative DNS is the DNS that contains data specific to the domain name, respond to requests for that domain and provide the related data (web, mail, FTP, etc.).
In summary, an authoritative server is the DNS server “master” DSN for a certain domain, a non-authoritative DNS can have all the information of the master and be interrogated to provide information about the domain, but changes on the DNS records must be performed on the Authoritative DNS and, subsequently, propagated to non-authoritative servers.

HOW DNS works.

To understand DNS propagation, it is crucial to first explain HOW DNS works.

For example, your domain on Iwantmyname manages its DNS through three different servers: ns1.iwantmyname.com, ns2.iwantmyname.com, ns3.iwantmyname.com
However, this does not mean that anyone visiting your site will have to refer to these three servers to know “where” to go.

On the contrary, it will almost certainly use different DNS servers (normally those of its ADSL provider).

So a user who uses (for example) AOL connectivity, to go to your site will refer to what will be pointed out by AOL’s DNS servers.

The DNS servers are connected to each other, worldwide, and make up a real network that continues to exchange and update data.
So if you make a change to DNS, it will take some time for it to propagate on all Internet DNS servers:

How much time? It depends

… it is a progressive event, which can start a few minutes after the change and end up to 48 hours later.

This time is called DNS PROPAGATION TIME and, although not in principle controllable, it is possible to do something to try to reduce it to a minimum.

DNS propagation: Time-To-Live (TTL)
The “Time-To-Live”, or TTL, is a parameter of the configuration of a DNS that becomes important when you intend to change your configuration or change the DNS server.

The TTL is the time, expressed in seconds, for which another DNS server can consider the information received valid.

That is, a small value (eg 3600, then one hour) will cause another DNS server, after receiving the DNS configuration data of your domain, to consider them valid for one hour; therefore, to any request, the arrivals in about 60 minutes will respond with the same configuration. After 60 minutes, it will take care to update the data again.

Thus, a low TTL guarantees – in principle – a greater speed of propagation of changes on the internet.

However, you should not give in to the temptation to always use low TTLs: these must be used only for modifications, while for the rest of the time high TTLs must be used.

This for a number of reasons:

a low TTL will result in the other DNS servers responding to any requests not with the cached data, but requesting an update of the same; this will then make the response of your site less fast

a TTL too low, or kept low for too long, can be ignored by some DNS servers, so even if you set a TTL of 30 minutes, it may be that after a week some DNS servers decide to ignore this information, and raise ( also significantly the value of TTL, in this way, in reality, we get the opposite of the desired result)

How to proceed then in the modification of the DNS for these to propagate with the maximum possible speed?

Two days before the change of DNS, intervene lowering the TTL appropriately

In the two following days, this information (ie “these DNS are to be verified every 30 minutes”) will be propagated through the internet

Then perform the DNS change, leaving the TTL low

Finally, 36 h after the change of DNS, intervene again only on TTL, raising them appropriately.

What are the values to set the TTL?

The rules (RFC2308) indicate a value between 3600 and 86400 (that is, between one hour and 24h)

If no changes are made to the DNS, it is preferable to set a value as high as possible, which will generally make our site more “responsive”: therefore 86400

If instead, we have to make changes, it is better to lower this value as much as possible, taking care, however, to remain within reasonable values: considering that a value too low (like 600) could also be completely ignored by many DNS servers, it is convenient to use a value of 3600