Category Archives: Networking

More DNS Records

Leave a reply

In the last post we talked about some common DNS records.  There’s more DNS records to talk about but we’re going to only talk about the common ones.  This is a good thing, because there’s 39 of them.  We could be talking about more DNS records for quite some time.

Suppose you have a domain, let’s call it rhodey.example.com.  We know that rhodey.example.com is always going to do what the domain tonystark.example.com does.  So if we change tonystark.example.com’s IP address, we have to and change the IP address for rhodey.example.com.

Rhodey and Tony Stark at work

Rhodey and Tony Stark at work

We’re lazy though, we don’t want to have to do that every time.  Plus, fumble fingers me could get the IP address wrong for rhodey.example.com.   Instead, I’ll use the CNAME record.  That’s the record that let’s one domain say ‘hey, what that domain over there is doing, I want to do.’

There’s no rule that a CNAME record has to exist.  We can find them using:

Alpha:~ computerlamp$ host -t CNAME google.com
google.com has no CNAME record

There’s nothing there!  Well, I said there’s no rule that something had to be there, and nothing’s there.  You should try it with some of your favorite domains and see if they have a CNAME.

The next record we’re going to talk about (and the final one, for now) is the TXT record.   That’s read as ‘text’.  It was meant for human readable information to be stored in DNS, but these days it’s most often used for machine readable information.  Which is kind of boring.

Let’s try one out:

Alpha:~ computerlamp$ host -t TXT akamaihd.net
akamaihd.net descriptive text "This" "is" "not" "the" "nameserver" "you" "are" "looking" "for."

Aww, and I was looking for Artoo Detoo.

TXT records aren’t required either.  Look what happens when I try:

Alpha:~ computerlamp$ host -t TXT theavengers.com
theavengers.com has no TXT record

 

DNS Records

Leave a reply

We know what MX records are, we know what SOA records are, so now we want to learn what other records are available. Every time you query DNS for something, you’re asking for a record and according to Wikipedia there are 39 record types.  Not all of these are commonly used, so let’s talk about the common ones.

When you ask a name server for an IP address for a domain, you’re asking for an A record.  The way to make this query is:

Alpha:~ computerlamp$ host -t A www.google.com
www.google.com has address 209.85.144.105
www.google.com has address 209.85.144.103
www.google.com has address 209.85.144.147
www.google.com has address 209.85.144.106
www.google.com has address 209.85.144.99
www.google.com has address 209.85.144.104

See that -t flag?  That tells the command host to look for the record type A.

We’ve discussed name servers before too.  How do I find out the name servers for google.com?  The DNS record to query for a name server is the NS record.  That means the query looks like:

Alpha:~ computerlamp$ host -t NS www.google.com
google.com name server ns1.google.com.
google.com name server ns2.google.com.
google.com name server ns3.google.com.
google.com name server ns4.google.com.

If you can ask for an IP address for a domain, can you ask for a domain if you have an IP address?  Well, yes, you can.  That’s a PTR record.  That’s pronounced pointer record, by the way.  It’s the reverse of an A record and is known as a reverse lookup.

And once again, you can look it up with the host command:

Alpha:~ computerlamp$ host -t PTR 209.85.144.105
105.144.85.209.in-addr.arpa domain name pointer qv-in-f105.1e100.net.

There’s a couple of weird things about that response.  First of all, I used an IP address from the responses for www.google.com, but I got a different domain back.  Which is actually just fine.  One IP address can have a lot of domains with A records for it, but only one reverse record.

Second, it reversed my domain!   You see that

105.144.85.209.in-addr.arpa

response?  That looks weird, doesn’t it?  Well, it’s one of the underpinnings of DNS that makes all things work nicely.  All PTR records are in the domain in-addr.arpa.  Remember, it’s the Domain Name System, so there has to be a domain. We take that IP address, reverse it so that instead of 209.85.144.105 we get 105.144.85.209 and stick it in front of that domain.  That’s what we’re actually querying for when we make a reverse lookup.

 

Back to the SOA Record

Leave a reply

In the past two posts we talked about the SOA record.  In this post, we’ll finish it.  The last parts of the SOA record are refresh, retry, and expire.  These are all numbers that note the number of seconds.  Each one does a different thing, but they all work together.

Refresh is the number of seconds the secondary name servers wait before asking the primary name server ‘do you have any updates for me?’.  You don’t want the primary to be drowned in requests of ‘got anything got anything got anything?’.  It’s like the two year old younger brother asking you constantly.  That’s annoying.  So we set the refresh of a domain.

The next number is the Retry.  Now suppose I ask my Mom ‘Can I have a new Xbox?’ and I don’t get a response.  How long should I wait so I don’t annoy her?  For a domain, that’s the ‘I didn’t get an answer from my primary name server, how long do I wait before asking again?’  Asking Mom repeatedly for an Xbox (especially if she doesn’t respond) is just going to make her mad.  Overloading a name server with repeated requests can do the same thing.

The Retry time must be less than the Refresh time.  Otherwise, I’m waiting longer than I should to re-ask than when I’d actually be doing my asking to begin with.

Now if my Mom doesn’t respond to me about the Xbox, how long should I wait until I give up on her ever responding?  (With my Mom, that’s infinity.  She’ll just ignore what she calls silly questions.) With domains, that’s Expire.  That tells the secondary server when to give up.  It’s usually a long time and the number has to be bigger than refresh or retry.  If it’s less than retry, then the secondary server is going to go ‘eh, why bother retrying, he’s dead Jim’.  Same with Refresh.  If it’s less than Refresh, then the secondary server is never going to bother trying.

Now for the last number, the TTL.  TTL stands for Time To Live.  This doesn’t actually anything to do with zone transferring.  Surprise!

It has to do with people querying the domain.  When I query a domain and get an IP address, the TTL tells me how long do I believe that response.  If it’s set to 300, then I believe that response for 5 minutes, at which time I have to query again.

It took us three posts, but we covered the SOA record!  In the next post, we’ll talk about other records used in DNS.

 

 

 

 

DNS and Serial Numbers

Leave a reply

In the last post we started talking about the SOA record in DNS and the serial number used in a zone file.  I promised that in this post we’d talk about why we use serial numbers.

Hint:  It’s to cut down on traffic.

Chaos in the Traffic

Chaos in the Traffic

These days it seems you can stream anything, play games, play music, and there’s always enough bandwidth to go around.  What’s bandwidth?  That’s the size of your connection to the Internet and connections within the Internet.  In the old days, the amount of bandwidth was really small.  You could sit at a terminal and type things on a connection far away and hit a key, wait for it to appear, hit the next key, wait for it to appear.

Slow typing

Slow typing

In other words, there wasn’t much bandwidth available.

People came up with tricks to reduce bandwidth usage and one of those tricks was a serial number.

An operation name servers use to share zone files amongst themselves is called a zone transfer.  You can imagine that some of these files get really big.  If there isn’t a lot of bandwidth, then constantly passing those files back and forth is a bad thing.

Instead, you have the serial number and you ask the other side ‘excuse me, has your serial number increased from the value I have here?’ and if the answer is ‘yes’, then the zone transfer occurs.  Otherwise, the zone file stays where it is.

This means that when the administrator makes any change to the zone file, he has to update the serial number in order for the transfer to happen.

Now for the obvious question:  Can everyone do zone transfers?

Well, the answer is no.  It’s a security problem if we do let everyone transfer.

Who can do transfers?  Like we said before, there’s a master name server listed in the SOA record.  We also know that most domains have more than one name server. For example, Google has four:

  • google.com name server ns3.google.com.
  • google.com name server ns1.google.com.
  • google.com name server ns2.google.com.
  • google.com name server ns4.google.com.

Imagine having to update the zone file on each one of those.  No thank you!  That’s what the master name server is for, you update that name server and then the other three can zone transfer your zone file from it, assuming the serial number has increased.  Those other three name servers are called slaves to the master name server or secondaries to the primary name server.  We’ll call them secondary or secondaries.  It’s an older term, but I like it.

DNS and SOA record

Leave a reply

We talked about DNS before and we talked about MX records and mail and DNS but now we’re going to talk about what else DNS can do.  Email uses the MX record type but there are a lot more record types for DNS out there than just mail.  In this post, we’re going to talk about one particular record, the SOA record.

Every domain has an SOA record, also known as a Start of Authority record.  Isn’t that a spiffy name?  Sounds like the delegation of authority in a business.  I shall start your authority here and here only!

I am your Start of Authority!

I am your Start of Authority!

Every domain has a zone file that’s created by the administrator.  The top of that zone file has the SOA record and the rest of the zone file has all the records for the domain.

The SOA record that defines information about the domain itself.  It includes the name for the master name server, that’s the names server that is the be-all and end-all of information for the domain. Think of it as the server that is always going to have the real and true information of the domain.

It also includes an email address for the administrator.  This looks like a domain.  Like:  hostmaster.example.com.  That doesn’t look like an email address, where’s the @ sign?  Well, the first information before the dot is the email address, everything after it is the domain where the email is sent to.  That means that hostmaster.example.com is the email address hostmaster@example.com.

It also has a serial number for the domain.  Every time you make a change in the zone file, you change the serial number.  In the next post, we’ll talk about why the creators of DNS used this.

 

IP Address Origins

Leave a reply

You know how to find your IP address, right? You can just run ifconfig and it will tell you.  Now the big question: How did your computer get that IP address? It didn’t buy one at the IP store or pull one out of the closet, it had to get it somehow. Well, there’s two places it
could have come from, and in this post we’ll talk about where your IP address came from.

The first choice is called a static assignment. That means your ISP picked an IP from the collection it has and assigned it to you.

Home address

Home address

It’s like the address of your house. It isn’t going to change, it’s always going to be that address. Unless you move your house completely, then your house address will change. If you move ISPs, then your IP address would change.

This used to be the way IP addresses were assigned to everyone. Remember how I said we’re running out of IP addresses? That doesn’t work as well any more. Now we have a dynamic pool.

Dead Pool

Dead Pool

Not Dead Pool, but a dynamic pool of IP addresses. When you tell your ISP ‘Hey, I’m going online’ it takes an IP address from its pool and assigns it to you. When you turn off your computer or your router, you give that IP address back to the pool.

Swimming Pool

Swimming Pool

Well, not into the swimming pool but rather the collection of IP addresses.

This is called DHCP, or Dynamic Host Configuration Protocol. That’s quite the mouthful, so we’ll stick with DHCP.

DHCP usually comes with a timer. That means you have to renew your IP address periodically. Normally it just means you say ‘yes, I’m here, I’m still using it, go away’ but depending on how the configuration works, you might get a new IP address. In other words, your IP addresses aren’t set in stone like your house address, but are likely to change. Like if you had a houseboat and moved it often, then that house address would change.

ifconfig output

Leave a reply

In this post, I brought up the command ifconfig and I promised to talk about the output. It is rather confusing, so let’s pull it apart bit by bit so we can understand that ifconfig output.

eth0      Link encap:Ethernet  HWaddr 00:1A:2B:3C:00:00
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd91:ae3b:d5e8:aa85:0:0:0:0 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21601203 (20.6 MiB)  TX bytes:6145876 (5.8 MiB)
          Interrupt:21 Base address:0xe000

Let’s begin at the beginning! The first line says

eth0      Link encap:Ethernet  HWaddr 00:1A:2B:3C:00:00

That means that the link is an ethernet link. There is an ethernet cable attached to this computer connecting it to the Internet. The next part of the line says HWaddr and has some letters and numbers after it. We talked about IP addresses before and those can change on your computer. If you have a laptop and take it to a coffee shop, you’ll get a different IP address from the one you’ll have at home or that you would get in a library. Your computer never knows what IP address is going to show up, it isn’t like your home address which never changes.

The HWaddr is the fixed address of your computer, like your home address. It doesn’t change, no matter what. It’s also known as the MAC address. It’s set by the manufacturer of your ethernet card and never changes, no matter where you take your computer. You could take it to the Triskelion and it wouldn’t change.

Oh wait, that got destroyed in Captain America: Winter Soldier, didn’t it. You can’t take it there, but you could take it to the North Pole and it wouldn’t change.

The next line:

net addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0

Is information about your IP address and we already discussed that. Next time, we’ll talk about the line that starts with ip6. This ifconfig output is extensive, isn’t it? Lots of information that tell us all about the network interface on the computer.

 

IPv6 addresses

Leave a reply

IP addresses are formally called IPv4 addresses.  This post is to disuss the next generation of IP addresses, called IPv6 addresses.

This is kind of like Star Trek: The Next Generation, but without Data and Picard and the whole crew.

 Ok, it’s nothing like them.

In this post I said that there are 232 IP addresses, or 4,294,967,296 IP addresses.  Some of these are reserved and shouldn’t be used on the Internet, but that’s still a lot of IP addresses, right?  Enough to almost give every person in the world their very own IP address.  That leaves out companies having a whole bunch of computers on the Internet, or Universities with their computers, or even light bulbs with their IP addresses.  We’re running out of IP addresses!

The smart people that work on engineering the Internet, known as the IETF decided to solve this problem.  On a side note, they really could have come up with a better name.  Maybe Super Hardworking Internet Engineers Leading Development.  That sounds awesome, right?  They’d have to come up with their own Nick Fury though.

Nick Fury

Nick Fury

Back to the problem.   232 IP addresses aren’t enough.  The geniuses at the IETF decided not to just double that number, but to square it, and then square that number.  That gives us 2128 IP addresses, or 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses.

Have fun reading that number out loud!

They also changed the notation for the IP addresses.  They don’t look like IPv4 addresses, they use : instead of . to separate numbers.  They also use base 16 instead of base 10 for the addresses.  Bet you didn’t think there would be math in this blog, did ya.

Here’s an example of an IPv6 address:

2601:547:902:cba7:4b8:ff43:f419:cd01

That’s a mouthful to remember.  I have an easier time remembering 192.168.0.1.

The IPv6 protocol that the SHIELD, okay, IETF engineers designed does a lot more than just creating the IP addresses, but that’s all we’re concerned with for right now.

Now remember that ifconfig output?

eth0      Link encap:Ethernet  HWaddr 00:1A:2B:3C:00:00
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd91:ae3b:d5e8:aa85:0:0:0:0 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21601203 (20.6 MiB)  TX bytes:6145876 (5.8 MiB)
          Interrupt:21 Base address:0xe000

The third line is the IPv6 address of the system.  A system can have both kinds on one interface.  Neat, huh.

More ifconfig!

Leave a reply

We’ve talked about IPv6, we’ve talked about broadcast and other parts of the ifconfig output, but there’s more ifconfig output to look at.   The rest of the story, as it were.  So we have this output:

eth0      Link encap:Ethernet  HWaddr 00:1A:2B:3C:00:00
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd91:ae3b:d5e8:aa85:0:0:0:0 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21601203 (20.6 MiB)  TX bytes:6145876 (5.8 MiB)
          Interrupt:21 Base address:0xe000

eth0 is the interface for your computer to the internet.  That thing that all the traffic goes through.  That means that there’s Internet traffic going through that device.   ifconfig shows us more information than just the IP address.

Network Card 2 clip art

Let’s skip to these two lines:

          RX packets:41620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40231 errors:0 dropped:0 overruns:0 carrier:0

The Internet breaks all traffic up into packages called packets.  Think of it like a really really long text.   Every 160 characters in your text, your phone will send along the message and wait for the next bit.  (That 160 characters depends on your phone.  It could be more, it could be less.)  Your computer does the same thing.  It takes your messages and breaks them into chunks and sends it through the Interface.  It can also receive things through the interface.

The RX packets packages string in the ifconfig output is the number of packets your computer received and the TX packets is the number of packets your computer transmits.

Now these lines:

RX bytes:21601203 (20.6 MiB)  TX bytes:6145876 (5.8 MiB)

Are the total amount of traffic that went through all those pipes.  We received 20.6 megabytes of data and we sent out 5.8 megabytes of data.  We were busy surfing the web and pulled down the fun stuff.

The last bit of the output that we’re going to talk about is this line:

collisions:0

A collision occurs when two devices on the same network try to transmit at the same time.  ifconfig keeps track of this because it usually means that there’s something wrong with the network and it should be looked at.

Now we’ve discussed all the important parts of the network interface!  If you want more information, read this site.

 

Interface

Leave a reply

I talked about ports and services and now I’ll talk about the interface.  The interface is the actual network connection that has all that traffic to the ports come through it.  It’s that ethernet cable attached to your computer.

Ethernet Cable

Ethernet Cable

Or it’s that connection to the wireless network.  It’s the pipe (not a real pipe!) that connects your computer to the Internet.  Your computer has one, since you’re reading this blog post on the Internet.  Since we’re using Linux® there’s a way to see what interfaces you have.  It’s called ifconfig.

If you try to run ifconfig at the commandline, you’ll see:

Alpha:~ computerlamp$ ifconfig
-bash: ifconfig: command not found

That means it isn’t in your path.  (We’ll talk more about that later).  It just means that you have to give the full command line to see the output:

 

Alpha:~ computerlamp$ /sbin/ifconfig
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 b)  TX bytes:480 (480.0 b)

eth0      Link encap:Ethernet  HWaddr 00:1A:2B:3C:00:00
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd91:ae3b:d5e8:aa85:0:0:0:0 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21601203 (20.6 MiB)  TX bytes:6145876 (5.8 MiB)
          Interrupt:21 Base address:0xe000

You have at least two interfaces on your system, the first one is your local link.  That’s the interface that your computer talks to itself on.  It isn’t a real interface, you don’t plug a cable into it, but it’s the basic ‘I’m talking to myself!’  interface that every computer has.  The second interface is eth0, or ethernet 0.  If you have two ethernet interfaces (meaning you plug two ethernet cables into your computer) you’ll see eth0 and eth1.  And then things can get weirder.

Wireless interfaces don’t have a standard.  They can be named all sorts of things.

Next time, we’ll talk about what the actual output from ifconfig means.