Today I learned about DNS and how it works, and learned some terminology as well.
First I followed this awesome playlist.
Here is what I learned from it:
- Video 1: DNS Tree structure: DNS domains and hostnames are stored in a tree structure, with the root domain (.) at the top.
- Video 2:
- The hierarchy is composed of the root domain at the top, then top level domain (.com, .info, .us …) and fully qualified domain names (google.com, mail.google.com…).
- We got also domains, sub-domains and hosts which are real machines. BTW hostname != domain name there are domains that does not refer to real machines.
- Video 3: DNS zones are portion of the DNS space with a manager which we delegate queries to (Delegation)
- Video 4:
- DNS is a database containing information about names of ip addresses.
- DNS has nothing to do with geography, and IP routing (DNS is a tree).
- Video 5: How DNS queries work, going from a zone to another (delegated) until it reaches the wanted domain.
- Video 6: Client contacts the DNS server in the configuration (resolv.conf), who itself contacts other DNS servers (starting from a root server, containing a root zone) recursively until the DNS name is resolver.
Then I fired up wireshark
And tried to sniff some DNS packets and try to see what is inside them.
I got quickly distracted by huge amount of websites my browsers try to reach at startup. Firefox is requesting all sorts of mozilla domains, for telemetry, and setup.
Brave is connecting with less hosts, but surprisingly connecting to static.google.com, which is not a good thing for privacy for sure. (I don’t whether is it just me or all Braves do the same).
It seems like uncle Sam does and will always watch us 😂😂
I Used this simple display filter to only get dns responses coming from my own router (which is configured as my default nameserver)
dns && ip.src==192.168.1.1