1. Overview
Just like Noah from Wall Street or Elsa from Pennsylvania Avenue, machines also possess names and addresses for networking. These addresses are always numeric and would be enigmatic for a human to decipher. This paved the way for the concept of DNS mapping.
This tutorial will expound on the DNS lookups, configuration, and prioritization.
Now let’s get into the nitty-gritty of it.
2. DNS Lookups
DNS stands for Domain Name System, which is a telephone directory of internet addresses. As the name suggests, analogous to telephone number mapping, DNS servers have names mapped to the IP address. The DNS process helps machines convert the user-friendly hostname (www.baeldung.com) into a computer-friendly IP address (104.26.12.74).
We can validate the above explanation using the ping command:
server# ping -c 1 www.baeldung.com
PING www.baeldung.com (104.26.12.74) 56(84) bytes of data.
64 bytes from 104.26.12.74 (104.26.12.74): icmp_seq=1 ttl=58 time=47.3 ms
--- www.baeldung.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 47.318/47.318/47.318/0.000 ms
Usually, when we type www.baeldung.com, the computer will translate it into a valid IP address for further communication and talk to public or private DNS servers configured in the local machine.
In our case, for the sake of demonstration, we’ll configure Google Public DNS Servers, i.e. 8.8.8.8 (dns.google.domain). Now let’s do a byte-level analysis using the tcpdump command:
server# sudo tcpdump -i enp0s8
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
19:26:43.509890 IP REMOTE-SERVER.57760
> dns.google.domain: 63513+ [1au] A? www.baeldung.com. (45)
19:26:43.511320 IP REMOTE-SERVER.47910
> dns.google.domain: 13515+ [1au] PTR? 8.8.8.8.in-addr.arpa. (49)
19:26:43.511368 IP REMOTE-SERVER.57760
> dns.google.domain: 33324+ [1au] AAAA? www.baeldung.com. (45)
19:26:43.525408 IP dns.google.domain
> REMOTE-SERVER.47910: 13515 1/0/1 PTR dns.google. (73)
19:26:43.555246 IP dns.google.domain
> REMOTE-SERVER.57760: 63513 3/0/1 A 104.26.13.74, A 172.67.72.45, A 104.26.12.74 (93)
19:26:43.559284 IP dns.google.domain
> REMOTE-SERVER.57760: 33324 3/0/1 AAAA 2606:4700:20::ac43:482d, AAAA 2606:4700:20::681a:c4a, AAAA 2606:4700:20::681a:d4a (129)
19:26:43.560398 IP REMOTE-SERVER
> 104.26.13.74: ICMP echo request, id 1910, seq 1, length 64
19:26:43.594618 IP 104.26.13.74
> REMOTE-SERVER: ICMP echo reply, id 1910, seq 1, length 64
First, the system talks to a configured DNS server through the default port 53 to get the A and AAAA records. These are the address mapping records that return IPv4 and IPv6 addresses mapped with www.baeldung.com.
In the case of dual-stack configurations, the IPv6 interface is preferred over IPv4, owing to better performance.
In our illustration, the first and third lines are DNS requests for A and AAAA records, whilst the fifth and sixth lines are DNS host responses with IPV4 and IPv6 addresses. Here, the PTR record is the reverse resolution, where IP addresses resolve to domain names.
Finally, the system initiates the ICMP echo requests to the DNS resolved IP address, and gets the subsequent responses from the remote machine, as illustrated in the last two lines.
Moreover, we can also get the IPv4/IPv6 mapping records using the dig command. As discussed in the previous section, a record provides IPv4 addresses, whilst AAAA records resolve to IPv6 addresses. The +short option helps to showcase only the answer section of the detailed dig output:
server# dig A +short www.baeldung.com
104.26.13.74
...
server# dig AAAA +short www.baeldung.com
2606:4700:20::681a:c4a
...
On the other hand, the host command also provides the domain to IP address mapping information:
server# host www.baeldung.com
www.baeldung.com has address 104.26.12.74
...
www.baeldung.com has IPv6 address 2606:4700:20::681a:d4a
...
3. DNS Configuration
Typically, the DNS Server information is defined in the /etc/resolv.conf in Linux systems. It contains the DNS server IP address using the nameserver tag, where we can have multiple DNS servers on every new line.
The order of the nameserver within the file defines the priority. The syntax is the same for both IPv4 and IPv6 nameservers:
server# grep "nameserver" /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Alternatively, we also have /etc/hosts files in Linux systems that do a hostname to an IP address mapping locally within the system. Without any further ado, let’s have a look at the /etc/hosts file:
server# more /etc/hosts
127.0.0.1 localhost
127.0.1.1 REMOTE-SERVER
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
...
Now let’s add a line that maps www.baeldung.com to the loopback IP address, and we’ll see what happens on the ping response:
server# grep "baeldung" /etc/hosts
192.168.56.103 www.baeldung.com
server# ping -c 1 www.baeldung.com
PING www.baeldung.com (192.168.56.103) 56(84) bytes of data.
64 bytes from www.baeldung.com (192.168.56.103): icmp_seq=1 ttl=64 time=0.163 ms
--- www.baeldung.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.163/0.163/0.163/0.000 ms
Interestingly, the ping command resolves to the loopback instead of the actual Public IP address. It all boils down to the system priority in referring to the resolver. The execution priority of the /etc/hosts file is higher when compared to the /etc/resolv.conf file.
We can define and review these under /etc/nsswitch.conf as shown below:
server# cat /etc/nsswitch.conf | grep "hosts"
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
4. Conclusion
In this article, we cited a detailed byte-level workflow for the DNS lookups to resolve the hostname. DNS address mapping records can be quickly extracted through the host or dig commands. Additionally, we explored the hosts file, and how the lookups are prioritized using the nsswitch.