# DNS in Detail

## What is DNS?

[<mark style="color:green;">DNS</mark>](#user-content-fn-1)[^1] <mark style="color:green;">provides a simple way for us to communicate with devices on the internet without remembering complex numbers.</mark> Much like every house has a unique address for sending mail directly to it, every computer on the internet has its own IP address. When you want to visit a website, it's not exactly convenient to remember this complicated set of numbers, and that's where DNS can help. So instead of remembering 104.26.10.229, you can remember tryhackme.com instead.

***

## Domain Hierarchy

### TLDs

<mark style="color:green;">A</mark> [<mark style="color:green;">TLD</mark>](#user-content-fn-2)[^2] <mark style="color:green;">is the most righthand part of a domain name.</mark> There are two types of TLD, [<mark style="color:green;">gTLD</mark>](#user-content-fn-3)[^3] and [<mark style="color:green;">ccTLD</mark>](#user-content-fn-4)[^4].&#x20;

Example 1 : A gTLD (such as .com / .org) would be for a specific purpose (such as commercial or an organisation). <mark style="color:yellow;">Due to demand, new gTLDs are being used</mark> (e.g. .online / .club).

Example 2: A ccTLD would be for country codes (such as .ar / .co.uk).

A Second-Level Domain is restricted to 63 characters, can only use (a-z, 0-9) and hyphens. <mark style="color:yellow;">The maximum length of a domain name is 253 characters.</mark>

### Subdomains

A subdomain sits on the left-hand side of the Second-Level Domain using a period to separate it. A subdomain name has <mark style="color:yellow;">the same creation restrictions as a Second-Level Domain</mark>. You <mark style="color:yellow;">can use multiple subdomains</mark> split with periods to create longer names. There is <mark style="color:yellow;">no limit to the number of subdomains</mark> you can create for your domain name.

Example: [<mark style="color:yellow;">admin</mark>](#user-content-fn-5)[^5]<mark style="color:yellow;">.</mark>[<mark style="color:yellow;">platform</mark>](#user-content-fn-5)[^5]<mark style="color:yellow;">.</mark>[<mark style="color:yellow;">tryhackme</mark>](#user-content-fn-6)[^6]<mark style="color:yellow;">.</mark>[<mark style="color:yellow;">com</mark>](#user-content-fn-7)[^7]

***

## DNS Record Types

### A Record

These records <mark style="color:green;">resolve to IPv4 addresses</mark>, for example 104.26.10.229

### AAAA Record

These records <mark style="color:green;">resolve to IPv6 addresses</mark>, for example 2606:4700:20:15:681a:be5

### CNAME Record

These records <mark style="color:green;">resolve to another domain name</mark>, for example, tryhackme's online shop has the subdomain name <mark style="color:yellow;">store.tryhackme.com which returns a CNAME record shops.shopify.com</mark>. Another DNS request would then be made to shops.shopify.com to work out the IP address.

### MX Record

These records <mark style="color:green;">resolve to the address of the servers that handle the email for the domain you are querying</mark>, for example an MX record response for tryhackme.com would look something like alt1.aspmx.l.google.com. These records also come with a priority flag. <mark style="color:yellow;">This tells the client in which order to try the servers, this is perfect for if the main server goes down and email needs to be sent to a backup server.</mark>

### TXT Record

TXT records are <mark style="color:green;">free text fields where any text-based data can be stored</mark>. TXT records have multiple uses, but some common ones can be to <mark style="color:yellow;">list servers that have the authority to send an email on behalf of the domain</mark> (this can help in the battle against spam and spoofed email). They can also be used to <mark style="color:yellow;">verify ownership of the domain name</mark> when signing up for third party services.

***

## The Steps for a DNS Request

1. When you request a domain name, your computer first checks its local cache to see if you've previously looked up the address recently; if not, <mark style="color:yellow;">a request to your Recursive DNS Server will be made</mark>.
2. <mark style="color:yellow;">A Recursive DNS Server is usually provided by your ISP, but you can also choose your own.</mark> This server also has a local cache of recently looked up domain names. If a result is found locally, this is sent back to your computer, and your request ends here (this is common for popular and heavily requested services such as Google, Facebook, Twitter). If the request cannot be found locally, a journey begins to find the correct answer, <mark style="color:yellow;">starting with the internet's root DNS servers.</mark>
3. <mark style="color:yellow;">The root servers act as the DNS backbone of the internet; their job is to redirect you to the correct Top Level Domain Server, depending on your request.</mark> If, for example, you request [www.tryhackme.com](http://www.tryhackme.com) the root server will recognise the Top Level Domain of .com and refer you to the correct TLD server that deals with .com addresses.
4. <mark style="color:yellow;">The TLD server holds records for where to find the authoritative server to answer the DNS request. The authoritative server is often also known as the nameserver for the domain.</mark> For example, the name server for tryhackme.com is kip.ns.cloudflare.com and uma.ns.cloudflare.com. You'll often <mark style="color:yellow;">find multiple nameservers for a domain name</mark> to act as a backup in case one goes down.
5. <mark style="color:yellow;">An authoritative DNS server is the server that is responsible for storing the DNS records for a particular domain name and where any updates to your domain name DNS records would be made.</mark> Depending on the record type, the DNS record is then sent back to the Recursive DNS Server, where a local copy will be cached for future requests and then relayed back to the original client that made the request. <mark style="color:yellow;">DNS records all come with a TTL (Time To Live) value.</mark> This value is a number represented in seconds that the response should be saved for locally until you have to look it up again. <mark style="color:yellow;">Caching saves on having to make a DNS request every time you communicate with a server.</mark>

***

## Run DNS Queries

Command examples:

```bash
nslookup website.com
```

```bash
nslookup --type=CNAME shop.website.com
```

```bash
nslookup --type=TXT website.com
```

```bash
nslookup --type=MX website.com
```

```bash
nslookup --type=A website.com
```

***

## Answers

### Task 1

> What does DNS stand for?\
> Domain Name System

### Task 2

> What is the maximum length of a subdomain?\
> 63

> Which of the following characters cannot be used in a subdomain ( 3 b \_ — )?\
> \_ (the third option)

> What is the maximum length of a domain name?\
> 253

> What type of TLD is .co.uk?\
> ccTLD

### Task 3

> What type of record would be used to advise where to send email?\
> MX

> What type of record handles IPv6 addresses?\
> AAAA

### Task 4

> What field specifies how long a DNS record should be cached for?\
> TTL

> What type of DNS Server is usually provided by your ISP?\
> Recursive

> What type of server holds all the records for a domain?\
> Authoritative

### Task 5

> What is the CNAME of shop.website.thm?\
> shops.myshopify.com

> What is the value of the TXT record of website.thm?\
> THM{7012BBA60997F35A9516C2E16D2944FF}

> What is the numerical priority value for the MX record?\
> 30

> What is the IP address for the A record of [www.website.thm?\\](http://www.website.thm?\\)
> 10.10.10.10

***

[^1]: Domain Name System

[^2]: Top-Level Domain

[^3]: Generic Top Level Domain

[^4]: Country Code Top Level Domain

[^5]: Subdomain

[^6]: Second-Level Domain

[^7]: TLD (Top-Level Domain)