1
00:00:00,000 --> 00:00:14,640
Hey guys and welcome back.

2
00:00:14,640 --> 00:00:19,359
So what we're going to do in this skill right here, we're going to focus in on some very

3
00:00:19,359 --> 00:00:22,440
basic DNS settings.

4
00:00:22,440 --> 00:00:25,440
Now DNS is the domain name system.

5
00:00:25,440 --> 00:00:30,880
So let's talk a little bit about what DNS does for us and how it actually operates before

6
00:00:30,880 --> 00:00:36,200
later on going through the actual configuration of setting up our own DNS server.

7
00:00:36,200 --> 00:00:38,359
Okay so check this out.

8
00:00:38,359 --> 00:00:45,320
When you want to go to a website such as youtube.com, how do you actually get to this website?

9
00:00:45,320 --> 00:00:50,280
Well the reality is you just open up like say your web browser, you go to the address

10
00:00:50,280 --> 00:00:57,160
bar and you just type in youtube.com and then just like magic you end up on that page.

11
00:00:57,160 --> 00:00:59,600
Okay so here is a question.

12
00:00:59,600 --> 00:01:05,799
If on the internet the way we actually get to particular locations, i.e. particular

13
00:01:05,799 --> 00:01:11,439
servers such as the youtube server, the way we get there is via IP addresses.

14
00:01:11,439 --> 00:01:17,480
Now think about this, when you go to your browser, you just type in youtube.com, how

15
00:01:17,560 --> 00:01:22,880
on earth then did we get to that website without specifying an IP address?

16
00:01:22,880 --> 00:01:28,560
Well here is the very basic explanation is that as you will imagine that we actually

17
00:01:28,560 --> 00:01:32,079
are indeed using these IP addresses.

18
00:01:32,079 --> 00:01:38,359
The difference is is that the process has been abstracted away and ultimately hidden

19
00:01:38,359 --> 00:01:39,359
from us.

20
00:01:39,359 --> 00:01:40,599
We can think about this.

21
00:01:40,599 --> 00:01:50,480
If you had to go to let's say google.com and the IP address was 201.84.11.123 whatever

22
00:01:50,480 --> 00:01:55,079
that may be and this is just a random IP address I've drawn, this is not Google's address.

23
00:01:55,079 --> 00:01:59,799
How do you think you would fare having to remember all of this information?

24
00:01:59,799 --> 00:02:08,120
Okay so maybe Google happens to be your favourite website so you could indeed remember 201.84.11.123

25
00:02:08,879 --> 00:02:14,599
let's say you also happen to like, I don't know, a site like Reddit and Reddit like Google

26
00:02:14,599 --> 00:02:23,599
had some rather unmemorable IP address, you know maybe say 13, 2, 4, 15, I don't know,

27
00:02:23,599 --> 00:02:28,080
101 whatever it may be, again this is not Reddit's IP address, I'm just spitting random

28
00:02:28,080 --> 00:02:30,240
numbers here off the top of my head.

29
00:02:30,240 --> 00:02:36,200
Think how clunky this would be and how unmanageable this would be for you to be able to go to every

30
00:02:36,199 --> 00:02:43,399
single web page and you would have to manually remember all of these particular IP addresses

31
00:02:43,399 --> 00:02:50,039
and map the IP address, in this case here, the IP, to the actual website that you want

32
00:02:50,039 --> 00:02:51,039
to go to.

33
00:02:51,039 --> 00:02:55,599
Clearly we can see a problem here, this is not manageable, it's certainly not scalable,

34
00:02:55,599 --> 00:03:00,039
this would not make for a very good and enjoyable internet.

35
00:03:00,039 --> 00:03:06,159
So luckily we had some smart people and they decided that this problem had to be fixed and

36
00:03:06,159 --> 00:03:08,799
the solution to this is DNS.

37
00:03:08,799 --> 00:03:12,680
So really when we're talking about DNS, what we're going to be able to do is we're going

38
00:03:12,680 --> 00:03:19,359
to be able to resolve particular domain names like I say, such as Google.com and translate

39
00:03:19,359 --> 00:03:25,240
that to a particular IP address, i.e. the IP address of Google.com.

40
00:03:25,240 --> 00:03:30,939
So now all you would have to do is the end user is just memorize your favorite human

41
00:03:30,939 --> 00:03:38,800
readable domain names such as CBTNuggets.com or wikipedia.org or google.com so on and so

42
00:03:38,800 --> 00:03:46,379
forth and you can easily get to those websites also due to the fact that they are human readable.

43
00:03:46,379 --> 00:03:51,639
It's a little bit harder although certainly not impossible to trick a user into going

44
00:03:51,639 --> 00:03:52,639
to the wrong address.

45
00:03:52,639 --> 00:03:58,699
Say for example, if you happen to be sent a link for facebook.com, you may notice in

46
00:03:58,699 --> 00:04:04,519
the spelling that this is not the correct URL so you may be a little bit more wary of

47
00:04:04,519 --> 00:04:05,719
clicking this link.

48
00:04:05,719 --> 00:04:14,679
Whereas if the IP address was 201.99.12.144, if someone may be changed this to maybe say

49
00:04:14,679 --> 00:04:18,139
.98 perhaps you may actually miss that.

50
00:04:18,139 --> 00:04:23,159
Whereas with the human readable domain names, much much easier to spot although like I say

51
00:04:23,159 --> 00:04:28,459
still can be a problem such as what you get when someone performs a phishing attack.

52
00:04:28,959 --> 00:04:33,839
Now let's actually look a little bit under the hood and see how this process actually

53
00:04:33,839 --> 00:04:39,299
happens because there is a particular method, a particular chain of events should I say

54
00:04:39,299 --> 00:04:45,000
that actually goes into making this process happen and there are some particular phrases

55
00:04:45,000 --> 00:04:50,399
that we have to be aware of that is particular technical terminology for the purposes of

56
00:04:50,399 --> 00:04:51,959
the LPIC2 examination.

57
00:04:51,959 --> 00:04:55,279
So let's talk about the actual process then shall we?

58
00:04:55,279 --> 00:04:59,739
So here we are right here, this can be our little local computer.

59
00:04:59,739 --> 00:05:04,379
Now this local computer wants to speak to a particular website here out on the internet.

60
00:05:04,379 --> 00:05:06,500
It can be this server up here.

61
00:05:06,500 --> 00:05:09,099
Let's just imagine this was google.com.

62
00:05:09,099 --> 00:05:13,779
Now let's talk about the process of how we're going to get from here all the way up to here

63
00:05:13,779 --> 00:05:14,779
then.

64
00:05:14,779 --> 00:05:22,339
Now locally on your computer, you can actually configure some local DNS settings i.e. you

65
00:05:22,359 --> 00:05:26,759
can perform your own mappings yourself within particular configuration files and we'll get

66
00:05:26,759 --> 00:05:29,279
to see what that looks like very very shortly.

67
00:05:29,279 --> 00:05:33,239
So that would mean that you maybe happen to have a particular configuration file that

68
00:05:33,239 --> 00:05:38,599
just happens to lay out you know if you want to go to google.com the IP address is so and

69
00:05:38,599 --> 00:05:41,599
so like 8.8.8.8 whatever it may be.

70
00:05:41,599 --> 00:05:47,919
So if you happen to have this local configuration file then you can successfully map the IP

71
00:05:47,939 --> 00:05:52,699
address for google.com and you can therefore visit this website.

72
00:05:52,699 --> 00:05:53,699
No problem at all there.

73
00:05:53,699 --> 00:06:00,780
Now this might be fun and useful for a few sites but you can imagine as a network administrator

74
00:06:00,780 --> 00:06:03,300
this may become quite un-really.

75
00:06:03,300 --> 00:06:10,939
So if the local computer does not have access to this information via a local configuration

76
00:06:10,939 --> 00:06:15,420
file say for example, what is going to happen is that this local computer is going to send

77
00:06:15,439 --> 00:06:19,600
a query to an external DNS resolver.

78
00:06:19,600 --> 00:06:22,840
So we would have this DNS server right here.

79
00:06:22,840 --> 00:06:29,040
Now this DNS server this could actually be your local ISP you could use them to resolve

80
00:06:29,040 --> 00:06:34,480
all those IP addresses basically whenever you don't locally know the information here

81
00:06:34,480 --> 00:06:40,840
you send the DNS request directly to your ISP IE I want to go to google.com and the

82
00:06:40,840 --> 00:06:44,080
DNS can be resolved via the ISP.

83
00:06:44,079 --> 00:06:48,219
Now that sounds all very well and this is how this would actually work but it doesn't

84
00:06:48,219 --> 00:06:54,099
actually tell us how does the ISP get this information right now it sounds like a bit

85
00:06:54,099 --> 00:06:57,939
of magic like the ISP just magically knows this information.

86
00:06:57,939 --> 00:07:03,819
Well the reality is there is a DNS process beyond this once again so let's look at it

87
00:07:03,819 --> 00:07:06,299
from the point of view of the ISP now.

88
00:07:06,299 --> 00:07:14,060
So the ISP the first thing the ISP would do it would check its local cache IE has any

89
00:07:14,060 --> 00:07:20,199
other user requested this information prior because if they have I will have already gotten

90
00:07:20,199 --> 00:07:25,199
that information and if I already have that information I can store it and as opposed

91
00:07:25,199 --> 00:07:31,720
to having to send any additional requests elsewhere I could just look at my local information

92
00:07:31,720 --> 00:07:33,240
much much more efficient.

93
00:07:33,240 --> 00:07:39,639
Now if in fact the DNS server does not have this information in the cache it's going to

94
00:07:40,139 --> 00:07:45,139
have to go through this type of recursive process meaning that it's going to have to contact

95
00:07:45,139 --> 00:07:49,180
a chain of particular DNS servers out in the internet.

96
00:07:49,180 --> 00:07:53,300
So let's talk about what this process would actually look like then and what I'll do is

97
00:07:53,300 --> 00:07:57,339
I'll just clear my screen a little bit to give me a little bit more real estate so the

98
00:07:57,339 --> 00:08:03,740
first query the DNS would then go to would be something called a root server.

99
00:08:03,740 --> 00:08:09,219
Now to understand what a root server actually does we have to understand the general structure

100
00:08:09,280 --> 00:08:20,280
of a DNS request so let's say you went to www.cbtnuggets.com or if you went to wikipedia.org

101
00:08:21,880 --> 00:08:27,880
what I want you to focus in on is this part right here.com.org and again this could be

102
00:08:27,880 --> 00:08:34,320
like say .edu for educational websites like universities but this very end extension here

103
00:08:34,540 --> 00:08:39,420
this is the first thing that we have to figure out or the root server has to figure out so

104
00:08:39,420 --> 00:08:45,580
if a request for google.com right here is not in the local cache we send that query

105
00:08:45,580 --> 00:08:51,420
to the root server and the root server sees that we have a request for a .com as opposed

106
00:08:51,420 --> 00:08:57,580
to a .org or a .edu or a .net whatever it may be so now that we have deduced that we

107
00:08:57,580 --> 00:09:04,580
have a .com the root server now this is going to make its own request to another type of

108
00:09:04,580 --> 00:09:11,580
server and this server is going to be what is called a TLD a top level domain server

109
00:09:11,580 --> 00:09:16,600
so now we have these top level domain servers a whole bunch of them so we want to go to

110
00:09:16,600 --> 00:09:22,960
one that deals with .com requests so now the request comes in to this top level domain

111
00:09:22,960 --> 00:09:29,379
server for .com now this top level domain server doesn't give us absolutely everything

112
00:09:29,379 --> 00:09:36,379
that we need it again passes us down the chain and it passes us to something called an authoritative

113
00:09:37,220 --> 00:09:43,900
name server now it is this particular server that is going to hold the original records

114
00:09:43,900 --> 00:09:49,660
for that particular website so say for example google.com this would be an authoritative server

115
00:09:49,719 --> 00:09:55,719
so now what happens is is that this IP address for this particular server is given all the

116
00:09:55,719 --> 00:10:01,439
way back to the original request which would be the ISP that did not have the information

117
00:10:01,439 --> 00:10:06,759
cached locally so now our ISP and this can be our little local computer and again we

118
00:10:06,759 --> 00:10:12,079
have got google up here now our ISP has been fed information via the root server the top

119
00:10:12,079 --> 00:10:17,919
level domain and then finally the authoritative server for google.com so now this ISP knows

120
00:10:18,099 --> 00:10:23,219
where about this authoritative server is for google and this server is going to hold the

121
00:10:23,219 --> 00:10:29,019
IP information for the domains that they happen to serve and that means that that authoritative

122
00:10:29,019 --> 00:10:34,899
server can actually send back to us the IP information which we need to be able to resolve

123
00:10:34,899 --> 00:10:40,860
our web request so then our ISP can throw it back to our local computer and now suddenly

124
00:10:40,860 --> 00:10:47,059
we have the information the IP addressing information that is so now you may notice that

125
00:10:47,079 --> 00:10:52,679
was a lot of steps there and quite honestly it does happen very very quickly of course

126
00:10:52,679 --> 00:10:57,599
the internet allows data communication to travel very very quickly however if you can

127
00:10:57,599 --> 00:11:03,239
imagine if every time say for example a customer of the ISP happened to go through this you

128
00:11:03,239 --> 00:11:08,159
can imagine that all these servers are quickly going to become really overloaded having to

129
00:11:08,159 --> 00:11:12,199
continually fetch the same information over and over and over again think how many people

130
00:11:12,220 --> 00:11:19,220
say for example that are connected to a particular ISP want to visit google.com so like I say

131
00:11:19,220 --> 00:11:24,980
once the ISP gets that information the ISP will simply cache it so now let's say another

132
00:11:24,980 --> 00:11:30,460
customer let's just call customer local computer too also wants to go to google the information

133
00:11:30,460 --> 00:11:36,379
now is saved within the server and the ISP can just immediately feed that information back

134
00:11:36,379 --> 00:11:41,420
to the next customer without having to send any queries further out into the internet

135
00:11:41,439 --> 00:11:46,799
to these root servers or TLDS or authoritative servers now one thing to note here is that

136
00:11:46,799 --> 00:11:52,319
this process is also true for something called sub-domains so you know how you maybe want

137
00:11:52,319 --> 00:11:58,319
to go to say for example google drive the actual request you would send would be to drive.google.com

138
00:11:58,319 --> 00:12:06,039
now this drive part here separated by the period sign right here this denotes that this

139
00:12:06,059 --> 00:12:12,299
is a sub-domain of google and again if we happen to need this information about a particular

140
00:12:12,299 --> 00:12:18,299
sub-domain we can get this from the authoritative server following the same process now it's

141
00:12:18,299 --> 00:12:25,059
worth noting for the purposes of the examination we have to understand what an FQDN is this

142
00:12:25,059 --> 00:12:32,059
is a fully qualified domain name so if I happen to show you this request right here www.drive.google.com

143
00:12:32,059 --> 00:12:39,059
dot now I deliberately added this dot on the end because quite honestly most people don't

144
00:12:40,699 --> 00:12:47,139
actually realize that it is here this is actually a part of the FQDN now when you happen to type

145
00:12:47,139 --> 00:12:51,779
in web requests into your browser you don't have to add this but strictly speaking this

146
00:12:51,779 --> 00:12:57,179
is still part of the fully qualified domain name now this dot here denotes the root think

147
00:12:57,179 --> 00:13:01,859
about what we talked about with the root server so we have the root server and then within

148
00:13:01,860 --> 00:13:09,379
here we have our top level domain a dot com or a dot edu or a dot net okay and then we

149
00:13:09,379 --> 00:13:14,180
have our domain name whereby we can get this information from the authoritative server

150
00:13:14,180 --> 00:13:19,480
and then we could see our sub-domain and if we happen to be strict that would actually

151
00:13:19,480 --> 00:13:25,259
also include right here HTTPS colon slash slash and this part would tell us the protocol

152
00:13:25,259 --> 00:13:32,259
in use ie are we using HTTP or are we using secure HTTP with encryption so actually known

153
00:13:33,580 --> 00:13:38,700
this FQDN can actually allows you to see the path like I say if we don't know what the

154
00:13:38,700 --> 00:13:44,259
request is we go to the root server and then we just walk the way back until we reach a

155
00:13:44,259 --> 00:13:49,620
server which has all the information that we need and like I say one of the big caveats

156
00:13:49,740 --> 00:13:55,940
to DNS is been able to utilize this caching mechanism so that we don't have to continually

157
00:13:55,940 --> 00:14:00,980
go through this rather long and laborious process for every request we may happen to

158
00:14:00,980 --> 00:14:06,379
make so that is us for our introduction into DNS I do know this was a lot to take in all

159
00:14:06,379 --> 00:14:11,620
at once as always I do recommend that you rewatch the video if need be and take notes

160
00:14:11,620 --> 00:14:16,460
but understanding these concepts is going to be crucial to you when understanding how

161
00:14:16,500 --> 00:14:22,500
to correctly implement our own DNS server. Okay doctor that is us for our introduction

162
00:14:22,500 --> 00:14:25,900
I hope this has been informative for you and I'd like to thank you for viewing.