1
00:00:00,000 --> 00:00:19,000
Hey guys and welcome back. So now that we've learned the basic steps around the DNS process,

2
00:00:19,000 --> 00:00:24,199
what I now want to focus in on are some basic client tools and client configuration fails

3
00:00:24,199 --> 00:00:31,199
that we would actually use with respect to our DNS settings. So we actually do have a bunch of

4
00:00:31,199 --> 00:00:36,920
different tools with respect to DNS. We have one called NSLookup, we have one called Host,

5
00:00:36,920 --> 00:00:43,840
and we have one called Dig. Now what I will say is that NSLookup, this one is a deprecated command,

6
00:00:43,840 --> 00:00:48,439
it's not one that is currently recommended or used very often anymore. Like I say,

7
00:00:48,439 --> 00:00:54,159
you actually can use it, but it's generally seen to be outdated instead. More likely you are to

8
00:00:54,159 --> 00:01:01,640
use the host command or my favorite one, the dig command. But for the purposes of the examination,

9
00:01:01,640 --> 00:01:05,120
we do want to know what these commands are, how we can use them, as well as some basic

10
00:01:05,120 --> 00:01:10,120
configuration fails we have to know. So how about we dig in and talk about it then shall we?

11
00:01:10,120 --> 00:01:14,239
So what I'll do is I will clear my screen here. Okay, so the first command we're going to look at

12
00:01:14,239 --> 00:01:20,239
is the NSLookup command, we can say man NSLookup. Okay, and we can see here this is going to query

13
00:01:20,359 --> 00:01:27,039
internet name servers interactively. Sounds like something that we want to do. So our DNS servers,

14
00:01:27,039 --> 00:01:31,359
this is what we're going to query. If we go on down, we can see we have some additional options.

15
00:01:31,359 --> 00:01:36,079
Say for example, specifying the timeout, which is going to be the timeout interval as we can see

16
00:01:36,079 --> 00:01:42,679
here, i.e. how long should we actually wait for a particular reply before timing out and abandoning

17
00:01:42,679 --> 00:01:48,319
the request. And this is going to be as we can see here in seconds. Similarly, how many retries

18
00:01:48,559 --> 00:01:54,559
do we want to have. So let's say maybe we timeout, we want to retry the request, we can specify how

19
00:01:54,559 --> 00:01:59,280
many retries before we just give up and say, hey listen, we can't get the information, something

20
00:01:59,280 --> 00:02:04,079
must be wrong. Like I say, if we scroll on up, we have a whole bunch of other information,

21
00:02:04,079 --> 00:02:10,079
we can recurse, we can specify the type of request, we can see here this is something called an A

22
00:02:10,079 --> 00:02:15,359
request and a quadruple A request, we'll talk about what those are very, very shortly. And we can see

23
00:02:15,440 --> 00:02:23,120
here the port number now. Important to note here, the default value is 53. This is a well known port

24
00:02:23,120 --> 00:02:29,920
number for DNS, port number 53. Now this can operate either over UDP or depending on the

25
00:02:29,920 --> 00:02:33,840
particular request, if we're doing things like zone transfers, it would actually use something

26
00:02:33,840 --> 00:02:39,840
called TCP. But like I say, port 53 is the well known port for DNS. The reason why I'm telling you

27
00:02:39,840 --> 00:02:44,480
this is that if you happen to be dealing with your own DNS servers and you happen to have a

28
00:02:44,479 --> 00:02:50,159
firewall in place, you want to be making sure that you can allow traffic across port number 53 to

29
00:02:50,159 --> 00:02:55,039
allow those DNS server requests to go through. But like I say, if you happen to change the

30
00:02:55,039 --> 00:03:01,919
configuration so that your DNS server is not using the well known port of 53, you can actually

31
00:03:01,919 --> 00:03:09,280
send a query via a different port by changing the port value using this option right here. But like

32
00:03:09,360 --> 00:03:14,879
I say, we don't have to do this right now. Just be aware of port 53 and that we can change it if

33
00:03:14,879 --> 00:03:20,960
necessary. It is a default value, but not a mandatory value. So what we'll do here is I will

34
00:03:20,960 --> 00:03:25,680
just quit and we'll actually use this command and see what we get back. So what I'll do is I'll say

35
00:03:25,680 --> 00:03:33,520
nslookup and I will lookup youtube.com. So now we actually get our request. Now we can actually see

36
00:03:33,520 --> 00:03:39,199
here the information comes back as a non authoritative answer. This just means that we didn't get the

37
00:03:39,199 --> 00:03:44,239
answer directly from the authoritative server. We got it somewhere else from within the chain of

38
00:03:44,239 --> 00:03:50,159
requests that happened to be made as part of this request. Now we can see here the actual domain name

39
00:03:50,159 --> 00:03:55,039
youtube.com, which is what we queried up here, quite the thing. And we can see what actually has been

40
00:03:55,039 --> 00:04:04,079
resolved is this IP address. So 142 to 5200 dot 14. This will be the IPv4 address for YouTube. Now

41
00:04:04,080 --> 00:04:09,760
we can also see below for the same domain name we have this funny looking address, but we will know

42
00:04:09,760 --> 00:04:16,080
that this is indeed the IPv6 address, which is a hexadecimal address. But now we actually do have

43
00:04:16,080 --> 00:04:21,439
the information we need to be able to reach youtube.com. In fact, let me just see if I can ping this

44
00:04:21,439 --> 00:04:29,280
server 142 to 50 200 dot 14. And there we are. I'm able to ping the YouTube server, meaning I do have

45
00:04:29,279 --> 00:04:35,759
a reachability to it. Okay, now like I said, the other command we had was the host command. This one

46
00:04:35,759 --> 00:04:42,319
here, as we can see is a DNS lookup utility very much in the same vein as NS lookup, although a

47
00:04:42,319 --> 00:04:47,359
little bit more modern. We can see here we have particular options whereby we can query certain

48
00:04:47,359 --> 00:04:54,159
things such as only query IPv4 information, or we can only query IPv6 information. We can specify

49
00:04:54,160 --> 00:04:59,920
the type of request, will it be TCP or UDP as we can see here by default, we're going to use UDP,

50
00:04:59,920 --> 00:05:07,200
but you can use dash T to initiate a TCP request, and we can control our timeouts using the dash

51
00:05:07,200 --> 00:05:13,440
w key, and that is capital W. This is going to allow us to wait a specific amount of seconds,

52
00:05:13,440 --> 00:05:18,400
just like we saw with the timeout option with respect to NS lookup. So really quite the same.

53
00:05:18,400 --> 00:05:23,840
If we press Q, we can use this one, we'll say host, let's try again, we'll say youtube.com.

54
00:05:23,839 --> 00:05:29,679
And as we can see here, we get the information back, although it is presented a little bit

55
00:05:29,679 --> 00:05:35,919
differently. In fact, the host command probably is the nicest looking format, at least in my opinion.

56
00:05:35,919 --> 00:05:41,439
We don't get any extraneous information, it just gives us this nice readable output. We can see

57
00:05:41,439 --> 00:05:49,439
youtube.com has an IP address 142, 250, 214, we know this, and we can also see the IPv6 address,

58
00:05:49,439 --> 00:05:54,560
which is what we also just saw before with the NS lookup command. And we also see that mail

59
00:05:54,560 --> 00:06:00,399
is handled by smtp.google.com. So some cool information right there. Now the next command

60
00:06:00,399 --> 00:06:06,159
we have to be aware of, like I say, is the dig command. Once again, a DNS lookup utility. We

61
00:06:06,159 --> 00:06:10,319
have a whole bunch of options, which I encourage you to scroll through. There is a lot when it

62
00:06:10,319 --> 00:06:15,439
comes to dig, and what I'll do is I'll just press Q. But in order to be able to use the dig command,

63
00:06:15,439 --> 00:06:20,480
like I say, really quite simple, we just say dig, and then specify the name of the server,

64
00:06:20,480 --> 00:06:25,040
youtube.com, like we did before. As we can see here, the information, a little bit more of our

65
00:06:25,040 --> 00:06:31,519
boss. Now what we're actually seeing here, in the answer section right here, we can see the youtube.com,

66
00:06:31,519 --> 00:06:35,360
and notice we can actually see the dot on the very end. This is what we happened to mention,

67
00:06:35,360 --> 00:06:40,240
what we talked about, the fully qualified domain name, and the previous nuggets. This value right

68
00:06:40,240 --> 00:06:45,920
here happens to be the TTL. Now you may remember, we talked about the TTL when we talked about the

69
00:06:45,920 --> 00:06:51,840
ping command and the trace root command. This was how many hops that were allowed before the ping

70
00:06:51,840 --> 00:06:57,920
request would ultimately die. In this case, the TTL is a little bit different. It's not based on

71
00:06:57,920 --> 00:07:03,360
hops. This is not 101 hops. What we're talking about here is an actual time. So in this case,

72
00:07:03,360 --> 00:07:11,280
right here, this is meaning that this information will be cached for 101 seconds. And we can see

73
00:07:11,280 --> 00:07:16,560
here the actual results here. In fact, let me just not draw over the results. We can see this is

74
00:07:16,560 --> 00:07:22,240
the correct result as we saw with the host command and the NSLookup command. And we can actually see

75
00:07:22,240 --> 00:07:27,280
the type of record. We got back an A record, and we'll talk about that very, very shortly. So cool,

76
00:07:27,280 --> 00:07:32,000
we have all this information right here, as well as a whole bunch of other stuff. We can see the

77
00:07:32,079 --> 00:07:37,199
message size. But again, you don't have to be too concerned about all the details within DIC. This is

78
00:07:37,199 --> 00:07:42,480
a very expansive and very verbose tool. But now that we understand these basic commands, let's look

79
00:07:42,480 --> 00:07:48,000
at some of the configuration files that we can use with respect to our DNS configuration locally.

80
00:07:48,000 --> 00:07:54,319
So check this out then. The first place that I'm going to go to is whereabouts my DNS

81
00:07:54,319 --> 00:08:00,319
servers happen to be. Now this is going to be in the Etsy directory, and it's going to be in a file

82
00:08:00,319 --> 00:08:06,480
called resolve.conf. So if I do an LS, in fact, let me just grab for that. Now we can see here

83
00:08:06,480 --> 00:08:11,680
resolve.conf, and I always try to emphasize that this is resolve without an E in the end.

84
00:08:11,680 --> 00:08:17,279
This file right here is where we can specify where our nameservers actually will be. So I will say

85
00:08:17,279 --> 00:08:22,639
sudo nano because again, we're in the system-wide Etsy directory, so we need super user privileges

86
00:08:22,639 --> 00:08:28,800
if we wanted to modify this file. And I'll go into resolve.conf. So type in my password right here,

87
00:08:28,879 --> 00:08:35,600
and check this out. So what we can see here is the name server right here. This happens to be a

88
00:08:35,600 --> 00:08:41,360
local configuration. But what I could do is I could actually change the name server. So right now,

89
00:08:41,360 --> 00:08:50,960
what I could see here is I could change this to 8.8.8.8 or maybe 8.8.4.4. 8.8.8.8 and 8.8.4.4

90
00:08:50,960 --> 00:08:57,600
are two well-known public Google DNS servers. These are servers operated by Google that the public

91
00:08:57,600 --> 00:09:04,240
can use. So check this out now that I've changed this particular file when I go to make my particular

92
00:09:04,240 --> 00:09:11,279
request, say for example pinggoogle.com. The actual resolution of that request to get this,

93
00:09:11,279 --> 00:09:15,840
let me just stop this just now, to get this actual IP address will actually be coming

94
00:09:15,840 --> 00:09:22,000
from Google's public DNS server. Similarly, if I happen to ping, let's maybe say wikipedia.org,

95
00:09:22,000 --> 00:09:28,799
the actual resolution here to get this IP address is being queried via Google's public DNS server,

96
00:09:28,799 --> 00:09:32,960
as opposed to let's maybe say my own ISP or something, you know. So that would mean that if we

97
00:09:32,960 --> 00:09:38,879
happen to have a server on our local network, how could we actually tell this particular host to

98
00:09:38,879 --> 00:09:44,080
use that server? Well, we know that answer. We would just modify it to resolve.conf and then

99
00:09:44,080 --> 00:09:48,720
put in the name server that happens to be on our local network, whether it may be, I'll just maybe

100
00:09:48,800 --> 00:09:56,560
say it was 192.1680.67 or something. And then our DNS request would go to that particular server.

101
00:09:56,560 --> 00:10:00,960
For now, what I'll do is I'll just put it back to what it was and just save you. Similarly,

102
00:10:00,960 --> 00:10:06,720
remember when I talked about in the very first nugget that we don't actually have to make a

103
00:10:06,720 --> 00:10:12,080
particular request, we can actually map the bindings manually ourselves. Well, we can do this

104
00:10:12,080 --> 00:10:17,759
within our once again, the Etsy directory, but it's going to be in a file called hosts. In fact,

105
00:10:17,759 --> 00:10:23,039
I should actually grip for hosts. So this one right here, let's go into this. So I'll say nano

106
00:10:23,039 --> 00:10:28,799
etsy host. And we can see here, if I happen to just ping local host, i.e. the name local host,

107
00:10:28,799 --> 00:10:34,879
it will actually ping this IP address. If I happen to ping IP six, hyphen local net, it will ping this

108
00:10:34,879 --> 00:10:40,480
IPv6 address. So what I could do is I could actually type in any configuration right here.

109
00:10:40,560 --> 00:10:46,240
I'll just say eight dot eight dot eight dot eight should be resolved to the name random blah,

110
00:10:46,240 --> 00:10:52,960
john IPv0, just some gibberish. Okay. Now, if I save this, in fact, I should actually need to use my

111
00:10:52,960 --> 00:10:57,279
super user privileges, just realized that should have actually been aware of that, of course,

112
00:10:57,279 --> 00:11:01,680
so to do nano, let's try that again. So let's just say I don't know, let's just keep it even simpler,

113
00:11:01,680 --> 00:11:10,240
IPv0, CBTN, whatever it may be, if I save this, so if I just happen to ping IPv0, CBTN,

114
00:11:10,240 --> 00:11:14,960
and hit enter, notice we're actually pinging eight dot eight dot eight dot eight, which happens to be,

115
00:11:14,960 --> 00:11:20,080
like I say, Google's own server. But I've actually changed the mapping right here. Now, of course,

116
00:11:20,080 --> 00:11:26,240
you don't want to do this, i.e. you don't want to be making erroneous mappings mapping the wrong IP

117
00:11:26,240 --> 00:11:32,320
address to the wrong domain name. But if you happen to want to have some static configuration,

118
00:11:32,320 --> 00:11:37,039
i.e you happen to know an IP address, maybe it's an IP address you happen to own yourself,

119
00:11:37,120 --> 00:11:42,079
and you want to map it to a particular domain, saving you from having to do any type of DNS

120
00:11:42,079 --> 00:11:47,519
lookups externally by reaching DNS servers remotely over a network, you can just get that

121
00:11:47,519 --> 00:11:54,959
information directly from this Etsy host configuration file. Now, one thing I will say

122
00:11:54,959 --> 00:12:00,559
is that what we've been doing so far is what is called a forward lookup, a forward DNS lookup.

123
00:12:00,559 --> 00:12:08,399
So like I say, I go and get the IP address of Wikipedia.org, we can see this is the IP address

124
00:12:08,399 --> 00:12:13,839
right here. But let's say we were doing some type of network forensics, for example, and we're doing

125
00:12:13,839 --> 00:12:19,519
packet captures, maybe we're using TCP dump or a tool called Wireshark, and we see a lot of traffic

126
00:12:19,519 --> 00:12:23,599
maybe destined for this particular IP address. And we want to find out maybe a little bit more

127
00:12:23,599 --> 00:12:30,000
information about what this IP address actually is, what it's tied to. Okay, so we can find out the IP

128
00:12:30,080 --> 00:12:37,759
address from the domain name using a forward DNS lookup. But these tools can also do a reverse

129
00:12:37,759 --> 00:12:45,039
DNS lookup IE, we can supply the IP address, and we can get information relating to the domain itself.

130
00:12:45,039 --> 00:12:50,240
So check this out. If I say host, and I take the Wikipedia information right here, like I say,

131
00:12:50,240 --> 00:12:55,360
let's just imagine we happen to see a whole bunch of information destined for this IP address within

132
00:12:55,360 --> 00:13:01,680
the IP packets we are capturing. If I do a reverse DNS lookup, I enter, we can actually get this

133
00:13:01,680 --> 00:13:07,919
pointer information relating back to the domain itself. So understand that we do have these particular

134
00:13:07,919 --> 00:13:13,919
configuration files that we can use to configure our own local DNS settings. And we also have these

135
00:13:13,919 --> 00:13:20,000
tools which we can locally use to find out DNS information as well as troubleshoot DNS information.

136
00:13:20,000 --> 00:13:26,720
And remember we can do a forward DNS lookup as well as a reverse DNS lookup. Okay,

137
00:13:26,720 --> 00:13:35,919
Doc, so I hope this has been informative for you. I'd like to thank you for viewing.