On Domain And DNS

This github page

This blog is a github page based on jekyll now and the URL as per github convention is sudipbhandari126.github.io (It’s username.github.io) unless you set up a custom domain.

As of Jan 2020, I have a custom domain setup for this at www.sudipbhandari.wtf. I had some insights into internet domains, dns and domain resolution while doing this activity.

How are domains organized?

All the internet domains are organized in a hierarchical fashion. In my case the descending order of hierarchy would be:

. : root hierarchy (every domain is suffixed with dot)

wtf : top level 

www.sudipbhandari : second level

What happens when you browse?

When you hit a domain in browser it first hits the configured dns server (usually google’s dns server at 8.8.8.8) Practically there is a lot of caching involved in local computer as well as dns server. This query is generally a UDP query (Query Response protocol) and not TCP. After a series of queries (queries traverse down the hierarchy: root->top-level->second-level….) you finally get A record (IP) [which could be preceeded by Cname (Alias for your domain)] and then the browser makes the request to the particular IP.

Testing My DNS Resolution

I used dig which is a DNS look-up utility to, quite literally, dig up my DNS information. I took google’s DNS server for this purpose which is at 8.8.8.8.

dig @8.8.8.8 +trace www.sudipbhandari.wtf
#+trace show the steps in each process of hierarchical querying

Each of the following steps is hierarchical. Step 1 gives authoratative server to which subsequent step has to be queried against until we have the IP address.

  • Step 1: It queries the root domain server
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 +trace www.sudipbhandari.wtf
; (1 server found)
;; global options: +cmd
.			298	IN	NS	m.root-servers.net.
.			298	IN	NS	b.root-servers.net.
.			298	IN	NS	c.root-servers.net.
.			298	IN	NS	d.root-servers.net.
.			298	IN	NS	e.root-servers.net.
.			298	IN	NS	f.root-servers.net.
.			298	IN	NS	g.root-servers.net.
.			298	IN	NS	h.root-servers.net.
.			298	IN	NS	a.root-servers.net.
.			298	IN	NS	i.root-servers.net.
.			298	IN	NS	j.root-servers.net.
.			298	IN	NS	k.root-servers.net.
.			298	IN	NS	l.root-servers.net.

As mentioned earlier, we can see that the root domain is dot(.)

  • Step 2: It queries for top domain (wtf in my case)
Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 163 ms

wtf.			172800	IN	NS	demand.beta.aridns.net.au.
wtf.			172800	IN	NS	demand.alpha.aridns.net.au.
wtf.			172800	IN	NS	demand.delta.aridns.net.au.
wtf.			172800	IN	NS	demand.gamma.aridns.net.au.
  • Step 3: It queries for second level domain (sudipbhandari.wtf)
;; Received 717 bytes from 192.58.128.30#53(j.root-servers.net) in 181 ms

sudipbhandari.wtf.	86400	IN	NS	ns3cqz.name.com.
sudipbhandari.wtf.	86400	IN	NS	ns1jsv.name.com.
sudipbhandari.wtf.	86400	IN	NS	ns2fln.name.com.
  • Step 3: Now it queries for FQDN (Fully qualified domain name)
www.sudipbhandari.wtf.	300	IN	CNAME	sudipbhandari126.github.io.
;; Received 90 bytes from 162.88.60.47#53(ns2fln.name.com) in 214 ms

At this step we get a C-Name record. This is because I have set up an alias for sudipbhandari126.github.io at my domain provider (name.com as of Jan 2020). (Setting alias like requires changes on both domain provider side to add entry as well as your site (where you identify yourself as such)). (Otherwise you can imagine I could set up a domain www.evil-site.com and redirect it to www.google.com)

  • Step 4: We still don’t have IP. So the finally query gets the IP (A record)
www.sudipbhandari.wtf.	299	IN	CNAME	sudipbhandari126.github.io.
sudipbhandari126.github.io. 2531 IN	A	185.199.110.153
sudipbhandari126.github.io. 2531 IN	A	185.199.111.153
sudipbhandari126.github.io. 2531 IN	A	185.199.109.153
sudipbhandari126.github.io. 2531 IN	A	185.199.108.153

(4 Different IPs at github for this github page to load balance the traffic, make fault tolerant)

We can check the domain details of any domain (which is the registrar, when does it expire, when was it last updated, etc) by querying whois directory service. Against my domain I get the following output:

 whois sudipbhandari.wtf                               sudipbhandari@sudipbhandari-Latitude-5480
Domain Name: sudipbhandari.wtf
Registry Domain ID: ae07b5b17a0e481fb88fbeec97475175-DONUTS
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2020-01-21T18:29:01Z
Creation Date: 2020-01-16T18:28:48Z
Registry Expiry Date: 2021-01-16T18:28:48Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +7.202492374
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
......

Google:

whois google.com                                      sudipbhandari@sudipbhandari-Latitude-5480
   Domain Name: GOOGLE.COM
   Registry Domain ID: 2138514_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2019-09-09T15:39:04Z
   Creation Date: 1997-09-15T04:00:00Z
   Registry Expiry Date: 2028-09-14T04:00:00Z
   Registrar: MarkMonitor Inc.
comments powered by Disqus