Tag: DNS

DNS Terminology

In this post, I am going to give few basic DNS components before going to discuss the DNS functionality in depth in technical terms.

Who invented the DNS?

Paul V. Mockapetris (born 1948 in Boston, Massachusetts, US) is an American computer scientist and Internet pioneer, who, together with Jonathan Bruce Postel (August 6, 1943 – October 16, 1998) invented the Internet Domain Name System (DNS)

DNS Inventors

Paul has dual B.S. degrees in Physics and Electrical Engineering from MIT, and a Ph.D. in Information and Computer Science from the University of California, Irvine.

Postel has done his B.S. degree, M.A in Engineering and Ph.D. in Computer Science from UCLA.

Domain Terminology:

There are many terms used when talking about domain names and DNS that aren’t used too often in other areas of computing.

Domain Name System

The domain name system, more commonly known as “DNS” is the networking system in place that allows us to resolve human-friendly names to unique addresses.

Domain Name

A domain name is a human-friendly name that we are used to associating with an internet resource. For instance, “google.com” is a domain name. Some people will say that the “google” portion is the domain, but we can generally refer to the combined form as the domain name.

The URL “google.com” is associated with the servers owned by Google Inc. The domain name system allows us to reach the Google servers when we type “google.com” into our browsers.

IP Address

An IP address is what we call a network addressable location. Each IP address must be unique within its network. When we are talking about websites, this network is the entire internet.

IPv4, the most common form of addresses, are written as four sets of numbers, each set having up to three digits, with each set separated by a dot. For example, “111.222.111.222” could be a valid IPv4 IP address. With DNS, we map a name to that address so that you do not have to remember a complicated set of numbers for each place you wish to visit on a network.

Top-Level Domain

A top-level domain, or TLD, is the most general part of the domain. The top-level domain is the furthest portion to the right (as separated by a dot). Common top-level domains are “com”, “net”, “org”, “gov”, “edu”, and “io”.

Top-level domains are at the top of the hierarchy in terms of domain names. Certain parties are given management control over top-level domains by ICANN (Internet Corporation for Assigned Names and Numbers). These parties can then distribute domain names under the TLD, usually through a domain registrar.

Hosts

Within a domain, the domain owner can define individual hosts, which refer to separate computers or services accessible through a domain. For instance, most domain owners make their web servers accessible through the bare domain (example.com) and also through the “host” definition “www” (www.example.com).

You can have other host definitions under the general domain. You could have API access through an “api” host (api.example.com) or you could have ftp access by defining a host called “ftp” or “files” (ftp.example.com or files.example.com). The hostnames can be arbitrary as long as they are unique for the domain.

SubDomain

A subject related to hosts are subdomains.

DNS works in a hierarchy. TLDs can have many domains under them. For instance, the “com” TLD has both “google.com” and “ubuntu.com” underneath it. A “subdomain” refers to any domain that is part of a larger domain. In this case, “ubuntu.com” can be said to be a subdomain of “com”. This is typically just called the domain or the “ubuntu” portion is called an SLD, which means second level domain.

Likewise, each domain can control “subdomains” that are located under it. This is usually what we mean by subdomains. For instance, you could have a subdomain for the history department of your school at “www.history.school.edu“. The “history” portion is a subdomain.

The difference between a hostname and a subdomain is that a host defines a computer or resource, while a subdomain extends the parent domain. It is a method of subdividing the domain itself.

Whether talking about subdomains or hosts, you can begin to see that the left-most portions of a domain are the most specific. This is how DNS works: from most to least specific as you read from left-to-right.

Fully Qualified Domain Name

A fully qualified domain name, often called FQDN, is what we call an absolute domain name. Domains in the DNS system can be given relative to one another, and as such, can be somewhat ambiguous. An FQDN is an absolute name that specifies its location in relation to the absolute root of the domain name system.

This means that it specifies each parent domain including the TLD. A proper FQDN ends with a dot, indicating the root of the DNS hierarchy. An example of an FQDN is “mail.google.com.”. Sometimes software that calls for FQDN does not require the ending dot, but the trailing dot is required to conform to ICANN standards.

Name Server

A name server is a computer designated to translate domain names into IP addresses. These servers do most of the work in the DNS system. Since the total number of domain translations is too much for any one server, each server may redirect the request to other name servers or delegate responsibility for a subset of subdomains they are responsible for.

Name servers can be “authoritative”, meaning that they give answers to queries about domains under their control. Otherwise, they may point to other servers, or serve cached copies of other name servers’ data.

Zone File

A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name.

Zone files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.

Records

Within a zone file, records are kept. In its simplest form, a record is basically a single mapping between a resource and a name. These can map a domain name to an IP address, define the name servers for the domain, define the mail servers for the domain, etc.

 

Source: internet hall of fame, digitaloceanwikipedia

 

What is DNS and how it works

DNS stands for Domain Name System, is the backbone that runs the Internet.

It is a database that works like a phone book for the internet, converts a domain name, such as “www.example.com,” to a machine-readable IP address, such as “22.231.113.64”.

image

The internet is built up on two namespaces. The domain namespace and the IP address namespace. The translation of one to another is the service which is provided by DNS.

Explanation about DNS in Simple Terms:

DNS is very similar to the postal or telephone addressing system most countries have, with two main components: a name, and a more detailed, numerical address. If you’re sending a letter to someone, say, Jennifer who lives in Manhattan, you’d address it such:

Jennifer Aniston,

100 5th Avenue,

New York, NY 10027

With the Internet, the “name” is called a domain, and the “numeric address” part is an IP (Internet Protocol) address. But unlike sending a letter, as a regular user on the Internet, you don’t have to know the numeric address of your site, just the domain name!

Each domain (in the form of http://www.domainname.com) has a specific IP address it corresponds to. This IP address indicates the “home” or server where the web page being requested is being hosted.

Note:  Although, these procedures appear to be lengthy; however, they can happen within a tenth of a second. It is so fast that the entire process can occur before a blink of an eye.

DNS The IP Address:

xxx.xxx.xxx.xxx – where each ‘xxx’ is a number from 0-255

If you have a dedicated IP address, there will be only one domain at your “house” address. Very few commercial hosting options offer dedicated IPs with their basic plans, and usually there are hundreds to thousands of domains being addressed to the same server. So, your address is more likely to be an apartment building instead of a single-family house.

 DNS Name Servers / Authoritative Name Server: Your Global Directory Assistance

Another important player in this DNS world is the “Name Server” which is the equivalent of your local post office. They know where you live and that when a letter arrives with your name and address, they confirm and ensure that it reaches its final destination.

Each domain has just one Name Server that is in charge of keeping that domain’s information and IP addresses. Simply, when your change your IP address or “home,” your domain’s name server passes the word on the internet (with the help of routers, which we’ll talk about later) to the rest of the internet so a request directed to your website will find you.

What Happens When You Change Web Hosting

If you were moving your physical house, you’d have to notify the local post office or city hall with your new address. With your website, since you’re moving your data from one “house” to another, you need to update your site’s address, too. Usually this will require you changing the IP address to reflect the new hosting company’s server where your information will reside. Your hosting company can provide the correct IP address for you.

  • In the DNS, you’ll delete the current “address” and then insert the new IP address of your new hosting.
  • The name server notices that the DNS for your domain has changed, and usually within 24-48 hours, the name server will notify the rest of its network, which in turn will propagate the information throughout the internet.
  • The next time someone types in http://www.domainname.com, the request will be sent to your new address!

Advanced DNS Questions

  • Can you have multiple IP addresses for a single domain? Yes, much like Lifestyles of the Rich and Famous, sites which are very popular often have multiple “houses” – and often this is done with sites that have a lot of traffic and are using multiple servers to meet the demand.
  • Can multiple domains respond to the same (IP) address? Yes, as mentioned above, many commercial hosting solutions offer low-priced hosting because they can put hundreds or thousands of sites/domains on the same server since the traffic demands are so low. Depending on the traffic that comes to your site, you’ll probably never notice.

Keep reading, Keep learning 😊

Source: whenihavetimecloudflare

 

How to change IP address using a Batch File Script on Windows?

How to change IP address using a Batch File:

Starting with Windows 2000, Microsoft has provided a powerful utility, Netsh, which lets you display and modify the network configuration of Windows computers. You can use the Netsh on the command line or in a batch file. Here’s an example of how you can create a batch file that changes the IP address of the local machine.

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.

In my environment, we don’t use DHCP. We use static IP addresses. Using static IP addresses usually doesn’t present any problems because we rarely move desktops between locations. However, the people who use laptops usually visit multiple locations. At each location, they’ve been assigned a separate IP address. Each time they change location, they look up the appropriate network settings in a .txt file, then manually change those settings. This occasionally creates problems because they have to remember the correct steps to change their network settings and sometimes they mistakenly enter wrong numbers.

I found a solution. For each location, I created a simple batch file that the laptop users can run. Whenever they want to change their IP settings, all they have to do is execute the appropriate batch file.

The batch file uses the Netsh utility and contains below given commands.

Copy the code given below in the Notepad and save it with the .bat extension.

– Run the .bat file with double click.

– In the some cases, the .bat file needs to run with administrator’s privileges. Right-click on the .bat file and choose “Run as administrator“.

@echo off
ipconfig /flushdns
ipconfig /release
netsh interface set interface "Local Area Connection" disable
netsh interface ip set dns "Local Area Connection" static
netsh interface ip set address "Local Area Connection" static
echo Wait 5 seconds...
ping -n 60 -w 1000 0.0.0.1 > nul
netsh interface set interface "Local Area Connection" enable
netsh interface ip set address "Local Area Connection" static 192.168.XXX.XX 255.255.255.0 192.168.XXX.X
netsh interface ip set dns "Local Area Connection" static 192.168.XXX.XXX

To change the IP Address to “obtain an IP address automatically” or to remove the IP Address, Copy the code given below in the Notepad and save it with the .bat extension.


@echo off

ipconfig /flushdns

ipconfig /release

netsh interface set interface "Local Area Connection" disable

netsh interface ip set dns "Local Area Connection" dhcp

netsh interface ip set address "Local Area Connection" dhcp

echo Wait 5 seconds...

ping -n 60 -w 1000 0.0.0.1 > nul

netsh interface set interface "Local Area Connection" enable

Now, whenever the users want to change their IP settings, all they have to do is run the batch file.

 Note: This entire process (IP Address change process) will take max 60 to 80 seconds.

Source: windowsitpro, sevenforums

 

SECURITY+ Acronyms

Acronym

Stands for

3DES Triple Data Encryption Standard
AAA Authentication, Authorization and Accounting
ACL Access Control List
AES Advanced Encryption Standard
AES 256 Advanced Encryption Standards, 256-bit
AH Authentication Header
ARP Address Resolution Protocol
AUP Acceptable Use Policy
BCP Business Continuity Planning
BIOS Basic Input/Output System
BOTS Network Robots
CA Certificate Authority
CCTV Closed-Circuit Television
CERT Computer Emergency Response Team
CHAP Challenge Handshake Authentication Protocol
CIRT Computer Incident Response Team
CRL Certification Revocation List
DAC Discretionary Access Control
DDOS Distributed Denial of Service
DEP Data Execution Prevention
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DLL Dynamic Link Library
DLP Data Loss Prevention
DMZ Demilitarized Zone
DNS Domain Name Service
DOS Denial Of Service
DRP Disaster Recovery Plan
DSA Digital Signature Algorithm
EAP Extensible Authentication Protocol
ECC Elliptic Curve Cryptography
EFS Encrypted File System
EMI Electromagnetic Interference
ESP Encapsulated Security Payload
FTP File Transfer Protocol
GPU Graphic Processing Unit
GRE Generic Routing Encapsulation
HDD Hard Disk Drive
HIDS Host-Based Intrusion Detection System
HIPS Host-Based Intrusion Prevention System
HMAC Hashed Message Authentication Code
HSM Hardware Security Module
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol over SSL
HVAC Heating, Ventilation, Air Conditioning
IaaS Infrastructure as a Service
ICMP Internet Control Message Protocol
ID Identification
IKE Internet Key Exchange
IM Internet Messaging
IMAP4 Internet Message Access Protocol v4
IP Internet Protocol
IPSEC Internet Protocol Security
IRC Internet Relay Chat
ISP Internet Service Provider
KDC Key Distribution Center
L2TP Layer 2 Tunneling Protocol
LANMAN Local Area Network Manager
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
MAC Mandatory Access Control / Media Access Control
MAC Message Authentication Code
MBR Master Boot Record
MDS Message Digest 5
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MTU Maximum Transmission Unit
NAC Network Access Control
NAT Network Address Translation
NIDS Network-Based Intrusion Detection System
NIPS Network-Based Intrusion Prevention System
NOS Network Operating System
NTFS New Technology File System
NTLM New Technology LANMAN
NTP Network Time Protocol
OS Operating System
OVAL Open Vulnerability Assessment Language
PAP Password Authentication Protocol
PAT Port Address Translation
PEAP Protected Extensible Authentication Protocol
PGP Pretty Good Privacy
PKI Public Key Infrastructure
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
PSK Pre-Shared Key
RA Recovery Agent
RADIUS Remote Authentication Dial-in User Server
RAID Redundant Array of Inexpensive Disks
RAS Remote Access Server
RBAC Role Based Access Control
RSA Rivest, Shamir & Adleman
RTP Real-Time Transport Protocol
S/MIME Secure/Multipurpose Internet Mail Extension
SaaS Software as a Service
SCAP Security Content Automation Protocol
SCSi Small Computer System Interface
SDLC Software Development Life Cycle
SDLM Software Development Life Cycle Methodology
SHA Secure Hashing Algorithm
SHTTP Secure Hypertext Transfer Protocol
SIM Subscriber Identity Module
SLA Service Level Agreement
SLE Single Loss Expectancy
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
SSL Secure Sockets Layer
SSO Single Sign-On
TACACS Terminal Access Controller Access Control System
TCP/IP Transmission Control Protocol/Internet Protocol
TLS Transport Layer Security
TPM Trusted Platform Module
UAT User Acceptance Testing
UPS Uninterrupted Power Supply
URL Universal Resource Locator
USB Universal Serial Bus
UTP Unshielded Twisted Pair
VLAN Virtual Local Area Network
VoIP Voice Over IP
VPN Virtual Private Network
VTC Video Teleconferencing
WAF Web Application Firewall
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion detection System
WIPS Wireless Intrusion Prevention System
WPA Wireless Protected Access
XSRF Cross-Site request Forgery
XSS Cross-Site Scripting