Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,180 --> 00:00:02,780 What is DNS or domain name system. 2 00:00:02,880 --> 00:00:09,390 In this video I'm going to explain it in a lot of detail but before we get there Alexa N.S. look up 3 00:00:09,420 --> 00:00:10,620 Amazon.com. 4 00:00:10,610 --> 00:00:18,190 The DNS lookout for Amazon dot com is 176 dot 32 dot 103 dot 205. 5 00:00:18,270 --> 00:00:21,450 That is an example of what a DNS does. 6 00:00:21,450 --> 00:00:28,350 It's essentially resolving a name typically a domain name to an IP address. 7 00:00:40,510 --> 00:00:52,290 N S look up a Google dot com DNS look up for Google dot com is 172 dot 217 dot 164 dot 142. 8 00:00:52,420 --> 00:00:56,920 We as humans don't communicate easily using IP addresses. 9 00:00:56,920 --> 00:00:58,670 We use domain names. 10 00:00:58,870 --> 00:01:04,840 So if I told you to go to Google's IP address you probably don't even remember what the IP address was 11 00:01:05,080 --> 00:01:13,390 but you'll remember what Google dot com is so DNS essentially resolves a human readable name such as 12 00:01:13,390 --> 00:01:18,330 Google dot com or Amazon.com to a machine readable IP address. 13 00:01:18,340 --> 00:01:25,480 Machines don't use names they use IP addresses in IP version 4 we use dotted decimal notation IP addresses 14 00:01:25,480 --> 00:01:33,710 such as 1 9 2 1 6 8 wandered 1 IP 6 uses IP addresses such as 2001 colon colon 1 2 3. 15 00:01:33,730 --> 00:01:37,040 There are many IP addresses out there and many Web sites. 16 00:01:37,120 --> 00:01:44,620 It's much easier to remember a domain name once again like Facebook dot com or Amazon.com rather than 17 00:01:44,620 --> 00:01:46,900 the IP address of a server. 18 00:01:46,990 --> 00:01:53,380 And to further complicate it like in my example depending where you're on the world a domain name may 19 00:01:53,380 --> 00:01:56,600 resolve to a different IP address for load balancing. 20 00:01:56,710 --> 00:02:04,060 So if I'm in the UK and I ping Google dot com I may get a different result to you if you in the US or 21 00:02:04,060 --> 00:02:06,370 in Singapore or somewhere else in the world. 22 00:02:06,430 --> 00:02:13,090 It's much easier to remember the domain name than it is to remember an IP address but machines use IP 23 00:02:13,090 --> 00:02:18,620 addresses and traffic is routed across the Internet using IP addresses not names. 24 00:02:18,640 --> 00:02:25,390 DNS is a fundamental building block in networks today without a DNS internet wouldn't really work very 25 00:02:25,390 --> 00:02:29,380 well because very few of us are going to remember IP addresses. 26 00:02:29,380 --> 00:02:37,090 Now as an analogy DNS is like a telephone book taking a name converting it to a telephone number. 27 00:02:37,090 --> 00:02:43,540 But in this case taking a domain name and converting it to an IP address in the bad old days I'd have 28 00:02:43,540 --> 00:02:49,740 to look up someone's number in a book and then I'd have to manually dial their telephone number. 29 00:02:49,900 --> 00:02:55,810 But I don't think any of us do that these days on a phone like an iPhone today we're not going to manually 30 00:02:55,840 --> 00:03:02,230 type a number like this and then dial it we're going to go to our contacts and search for a contact 31 00:03:02,650 --> 00:03:05,920 and then just press on the contact to call the person. 32 00:03:05,920 --> 00:03:09,370 I mean a lot of us probably don't even know our own telephone numbers these days. 33 00:03:09,370 --> 00:03:14,080 We don't know the telephone numbers of other people because we simply look them up in a directory on 34 00:03:14,080 --> 00:03:14,800 our phone. 35 00:03:14,830 --> 00:03:16,610 Now this is a local directory. 36 00:03:16,720 --> 00:03:22,460 We can do something very similar on a P.C. by using what's called a hosts file. 37 00:03:22,570 --> 00:03:26,380 That is the most basic version of so-called DNS. 38 00:03:26,380 --> 00:03:32,560 No it's not DNS but it's a local lookup so you could create your own version of DNS locally on your 39 00:03:32,560 --> 00:03:35,750 P.C. by editing the hosts file. 40 00:03:35,800 --> 00:03:41,470 Taking that a step further companies may have a local DNS server that resolves and names within the 41 00:03:41,470 --> 00:03:48,790 organization but on the public Internet we have distributed DNS systems that allow us to resolve names 42 00:03:48,790 --> 00:03:51,660 such as Google Facebook etc.. 43 00:03:51,870 --> 00:03:56,920 Now it's all very good and while talking about DNS but I want to show you practically how it works I'm 44 00:03:56,920 --> 00:04:03,660 going to show you why shock captures I'm going to show you how to setup a DNS server on a Cisco rider. 45 00:04:03,730 --> 00:04:06,380 How to set it up on a country server. 46 00:04:06,430 --> 00:04:11,310 I'll show you basically how you can manipulate a DNS to do anything that you want. 47 00:04:11,380 --> 00:04:14,250 You need to be careful that you use trusted DNS servers. 48 00:04:14,260 --> 00:04:17,050 Don't just trust any DNS server out there. 49 00:04:17,050 --> 00:04:24,520 DNS can be intercepted and you can manipulate the DNS servers used by pieces to get them to go to the 50 00:04:24,520 --> 00:04:26,170 incorrect domain. 51 00:04:26,170 --> 00:04:31,810 Fortunately today a lot of browsers like Chrome have a whole list of certificates preloaded on them 52 00:04:32,140 --> 00:04:38,860 so you'll get a warning if you end up going to an incorrect domain such as Microsoft dot com or Cisco 53 00:04:38,860 --> 00:04:40,420 dot com. 54 00:04:40,470 --> 00:04:45,650 Okay so in this topology I've got a Windows 10 computer it's connected to a Cisco switch which in turn 55 00:04:45,650 --> 00:04:49,920 is connected to a Cisco rather which connects us to the Internet. 56 00:04:49,940 --> 00:04:52,430 This topology is running in Genesis 3. 57 00:04:52,520 --> 00:04:58,850 I'm hosting this entire topology on my computer so forgive me if the fan goes a bit crazy. 58 00:04:58,940 --> 00:05:01,820 It's all running locally on my Mac. 59 00:05:01,820 --> 00:05:06,960 I also have an a bunch too P.C. which will configure as a DNS server. 60 00:05:06,980 --> 00:05:09,920 Okay firstly let's have a look at the Windows computer. 61 00:05:10,010 --> 00:05:11,060 Here's my windows. 62 00:05:11,070 --> 00:05:14,480 P.S. I'll open up a seam deep prompt. 63 00:05:14,480 --> 00:05:16,120 Make this a bit bigger. 64 00:05:16,300 --> 00:05:24,590 IP config shows me that this is the IP address of the P.C. IP version 4 default gateways 10 1 1 2 5 65 00:05:24,590 --> 00:05:31,240 4 and I should at this point be able to paying my default gateway which I can default gateway. 66 00:05:31,240 --> 00:05:36,540 Is this Cisco with IP address once again 10 1 1 2 5 4. 67 00:05:36,590 --> 00:05:43,500 The switch is a lever to switch it's not really doing anything except giving connectivity in the network. 68 00:05:43,500 --> 00:05:54,300 So back on the P.C. IP config slash all shows us that the CPC has to DNS servers configured 8 8 8 8 69 00:05:54,320 --> 00:05:56,710 8 and wandered wandered wandered 1. 70 00:05:56,780 --> 00:06:04,760 In other words Google and CloudFlare are the two DNS servers configured on the P.C. so I'll start a 71 00:06:04,760 --> 00:06:11,080 wire shock capture between the P.C. and the switch so that we can see what's actually going on. 72 00:06:11,420 --> 00:06:17,510 Windows sends a lot of traffic into the network so as you can see here a bunch of traffic is being sent 73 00:06:17,570 --> 00:06:21,260 by that Windows computer out into the network. 74 00:06:21,260 --> 00:06:29,950 But I'm going to filter for DNS and then back on the P.C. what I'll do is ping a domain such as David 75 00:06:29,950 --> 00:06:31,460 Bumble dot com. 76 00:06:31,690 --> 00:06:39,170 And notice we get a reply from this IP address 2 1 7 160 0 sixty nine. 77 00:06:39,190 --> 00:06:47,140 Now the CBO spiking on my P.C. here the throughput through a Cisco switch and a Cisco broad are running 78 00:06:47,140 --> 00:06:54,460 in June 3 may be a bit slow but the point is is that I am getting replies back to that domain and if 79 00:06:54,460 --> 00:07:02,170 we have a look at the Y shock capture what you'll notice is we can see that this IP address 10 1 1 1 80 00:07:02,230 --> 00:07:10,510 cent a DNS request 2 8 8 8 8 8 for domain David Bumble dot com. 81 00:07:10,510 --> 00:07:18,460 So just to confirm on the P.C. once again IP config shows us that this is the IP address of the P.C. 82 00:07:19,500 --> 00:07:28,420 the P.C. send a request to the DNS server notice the query is for David Bumble dot com. 83 00:07:28,430 --> 00:07:37,790 It's a record a record is a domain name in IP version 4 could triple A is a domain name in IP version 84 00:07:37,790 --> 00:07:38,560 6. 85 00:07:38,660 --> 00:07:48,960 So the P.C. is asking the DNS server what the IP address is of the domain name now going back a step 86 00:07:49,380 --> 00:07:57,010 at a layer 2 in the OS model or TTP IP model if you prefer we have Ethernet to. 87 00:07:57,100 --> 00:08:02,850 That's because this network is using ethernet so it's an ethernet connection from the windows P.C. to 88 00:08:02,850 --> 00:08:09,930 the Ethernet switch the source mac addresses the P.C. destination MAC address is the broader basically 89 00:08:09,930 --> 00:08:15,060 the traffic is being switched from the P.C. to the broader because that's how it gets onto the Internet. 90 00:08:15,330 --> 00:08:21,510 So at least to source MAC address will be the P.C. destination MAC address will be the broader but at 91 00:08:21,510 --> 00:08:29,100 least three IP version 4 source IP addresses the P.C. destination IP address is Google. 92 00:08:29,110 --> 00:08:34,000 Now you may notice that this is a RF C 1918 address. 93 00:08:34,000 --> 00:08:36,790 In other words it's a private IP address it's non-refundable. 94 00:08:36,790 --> 00:08:43,040 On the internet but the router is implementing network address translation or Nat. 95 00:08:43,120 --> 00:08:48,400 This is very typical of what your right at home will be doing. 96 00:08:48,400 --> 00:08:51,100 So notice it's enacting this IP address. 97 00:08:51,160 --> 00:08:58,150 Now it is narrowing it to a another ROIC 1918 address but that's because this road is connected to a 98 00:08:58,150 --> 00:09:01,600 cloud which is actually bridging my P.C. physically. 99 00:09:01,600 --> 00:09:08,110 So this P.C. here onto my physical home network and I have an Internet router that runs this onto the 100 00:09:08,110 --> 00:09:08,860 Internet. 101 00:09:08,950 --> 00:09:11,530 So it's actually being nutted multiple times. 102 00:09:11,530 --> 00:09:19,030 But what's important to point out here is notice the protocol at least for each UDP or user data grand 103 00:09:19,060 --> 00:09:23,550 protocol source port number use this 5 2 7 4 9. 104 00:09:23,560 --> 00:09:26,980 That is what's called any femoral or random port number. 105 00:09:27,160 --> 00:09:32,160 Destination Port numbers 53 which is the well-known port number for DNS. 106 00:09:32,350 --> 00:09:38,830 When a server is configured to host multiple services it's got to serve a purpose. 107 00:09:38,830 --> 00:09:44,840 So it's a server that's acting as let's say a file server when you connect to that server it's going 108 00:09:44,840 --> 00:09:45,880 to give you a file. 109 00:09:46,000 --> 00:09:51,260 But when you connect to it using DNS it's listening on Port 53. 110 00:09:51,430 --> 00:09:57,310 If it's being configured as a DNS server so you send traffic to port 53 the server is listening on Port 111 00:09:57,310 --> 00:10:04,750 53 to running an application like which I'll show you in a moment DNS mosque which is a DNS server application 112 00:10:04,990 --> 00:10:10,300 and then it responds back to that to request on the port number that you chose. 113 00:10:10,300 --> 00:10:15,330 So if you connect to a DNS server like this piece is doing you will use a random port number or ephemeral 114 00:10:15,340 --> 00:10:20,830 port number going to a well-known port number and then it'll reply back from that well-known port number 115 00:10:21,700 --> 00:10:29,530 and we can see that here Google is replying from a source port number 53 going to the port number that 116 00:10:29,530 --> 00:10:33,420 the P.C. chose the Windows 10 piece he chose this port number. 117 00:10:33,430 --> 00:10:41,790 The Google DNS server replies back to that port number so again it's UDP destination port number as 118 00:10:41,790 --> 00:10:43,620 a source port number as this. 119 00:10:43,620 --> 00:10:47,370 Digging deeper into the DNS information we can see. 120 00:10:47,370 --> 00:10:48,440 Domain Name System. 121 00:10:48,450 --> 00:10:49,680 It's a query. 122 00:10:49,680 --> 00:10:53,060 It's a standard query for a name. 123 00:10:53,070 --> 00:10:57,690 We're trying to resolve a name the name that we resolving. 124 00:10:57,690 --> 00:11:05,300 Is David Bumble dot com and the DNS server replies back saying this is the answer. 125 00:11:05,370 --> 00:11:12,290 This domain name has this IP address 2 1 7 160 0 69. 126 00:11:12,300 --> 00:11:17,120 So back on our windows P.S. That is the IP address that we see. 127 00:11:17,850 --> 00:11:22,820 So I could copy that IP address go to a web browser. 128 00:11:23,100 --> 00:11:29,160 If I type the domain name it's going to browse to that server. 129 00:11:29,440 --> 00:11:33,250 So I'm able to connect to the domain using the domain name. 130 00:11:33,600 --> 00:11:40,780 And this depends on the server I should be able to connect to the IP address of the server. 131 00:11:40,890 --> 00:11:43,380 In this example I'm getting a form for error. 132 00:11:43,380 --> 00:11:48,060 Now some servers will not allow you to connect directly on the IP address. 133 00:11:48,060 --> 00:11:55,180 That's typically because multiple domains are hosted on a single IP address Okay I'll stop the Y shock 134 00:11:55,240 --> 00:12:02,350 capture and what I want to show you once again is that DNS is essentially just a resolution of name 135 00:12:02,350 --> 00:12:08,540 to IP address and you can do that directly on your Windows computer. 136 00:12:08,670 --> 00:12:11,760 So in windows I'll open up notepad. 137 00:12:11,760 --> 00:12:13,520 I'll run this as an administrator 138 00:12:17,510 --> 00:12:28,060 before I open a file if I pinged brought a 1 notice we told that that domain name is not found the same 139 00:12:28,060 --> 00:12:31,780 with right of one whom dot com the ping request times out. 140 00:12:31,780 --> 00:12:41,820 I can't ping that domain name but what I could do is open a file and what I'm going to do is go to see 141 00:12:41,820 --> 00:12:49,620 Windows system 32 driver's Etsy and I'm going to open the hosts file. 142 00:12:49,620 --> 00:12:53,490 This is a file on the local Windows computer. 143 00:12:53,670 --> 00:13:02,440 Just zoom in there to make it easier to read and I can edit this so I could say 10 1 1 2 5 4 is right 144 00:13:02,460 --> 00:13:09,790 1 and 10 1 1 1 2 5 4 was write a one whom dot com and save that file. 145 00:13:09,790 --> 00:13:14,860 So I'm editing a local file that maps whose names to IP addresses. 146 00:13:14,860 --> 00:13:23,500 So now when I ping wrote a one notice that works when I ping write a one dot home dot com that also 147 00:13:23,500 --> 00:13:24,350 works. 148 00:13:24,350 --> 00:13:33,190 But if I ping wrote it to that fails because it's not in the hosts file and Google is not replying back 149 00:13:33,190 --> 00:13:34,850 with that information. 150 00:13:34,930 --> 00:13:47,550 So if I said or two like this and save that file now ping or two that resolves name got resolved to 151 00:13:47,550 --> 00:13:48,330 an IP address. 152 00:13:48,330 --> 00:13:55,380 Now in this example the networks a bit unstable sort of pings a timing out they had succeeded. 153 00:13:55,380 --> 00:13:59,500 But the important part is the domain name got resolved. 154 00:13:59,580 --> 00:14:03,150 That name got resolved to an IP address. 155 00:14:03,180 --> 00:14:09,780 If I remove these entries from the hosts file and save it 156 00:14:14,490 --> 00:14:15,870 I'll clear the screen there. 157 00:14:16,080 --> 00:14:28,250 When I ping are one now that's going to timeout because I don't have an entry for that domain name. 158 00:14:28,260 --> 00:14:31,630 That's essentially what a DNS server does. 159 00:14:31,770 --> 00:14:36,360 It takes a domain name and maps it to an IP address. 17363