109.4 Configure client side DNS
Weight: 2
Candidates should be able to configure DNS on a client host.
Key Knowledge Areas
- Query remote DNS servers.
- Configure local name resolution and use remote DNS servers.
- Modify the order in which name resolution is done.
Terms and Utilities
- /etc/hosts
- /etc/resolv.conf
- /etc/nsswitch.conf
- host
- dig
- getent
DNS
We already know a lot about Domain Name Server - A service who translates domain names (like yahoo.com) to IP addresses (like 206.190.36.45). A DNS server is used when you try to ping a server using its name. You have seen the config files for DNS and should know that the actual DNS server which is being used by the computer can be checked / changed (temporarily) from /etc/resolv.conf
:
$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 4.2.2.4
$ ping x.org
PING x.org (131.252.210.176) 56(84) bytes of data.
64 bytes from annarchy.freedesktop.org (131.252.210.176): icmp_seq=1 ttl=45 time=338 ms
64 bytes from annarchy.freedesktop.org (131.252.210.176): icmp_seq=2 ttl=45 time=333 ms
^C
--- x.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 333.088/335.612/338.136/2.524 ms
dig
The dig
tool is specificly build to query DNS. If you want to find out where x.org points to, you can do:
$ dig x.org
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> x.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7483
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;x.org. IN A
;; ANSWER SECTION:
x.org. 1625 IN A 131.252.210.176
;; Query time: 35 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 12:45:02 IRDT 2016
;; MSG SIZE rcvd: 50
As you can see, dig
did a ip lookup for x.org and told me that the IP is 131.252.210.176. The 1625
is called the TTL or Time To Live and show how many secconds before this answer expires. This command also tells us which server is used to find the answer (last 4 lines) and when and how long it took.
There is also a way to tell dig
command what server it should use as the DNS:
$ dig @8.8.8.8 google.com
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 112 IN A 173.194.32.133
google.com. 112 IN A 173.194.32.136
google.com. 112 IN A 173.194.32.132
google.com. 112 IN A 173.194.32.129
google.com. 112 IN A 173.194.32.137
google.com. 112 IN A 173.194.32.130
google.com. 112 IN A 173.194.32.134
google.com. 112 IN A 173.194.32.135
google.com. 112 IN A 173.194.32.128
google.com. 112 IN A 173.194.32.131
google.com. 112 IN A 173.194.32.142
;; Query time: 238 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 17 13:03:38 IRDT 2016
;; MSG SIZE rcvd: 215
Here I haved asked dig to use 8.8.8.8 as its DNS and query google.com. You can see that I've got more than 1 answer (actually much more than 1 answer). My computer can randomly contact any of those IPs to reach the google.com. In other words, google.com is using more than 1 server/IP and 8.8.8.8 provides all of them when queried for that domain.
/etc/hosts
This is a file containing IP addresses and their domain names - statically saved! Lets have a look:
$ head /etc/hosts
127.0.0.1 funlife localhost.localdomain localhost clickadu.com
::1 funlife localhost6.localdomain6 localhost6
10.159.32.155 nsnproxy
172.16.12.134 linuxclass wonderland
193.40.12.135 salma
87.106.233.90 gratis.vps
192.168.59.231 mass1
This file can be changed by root and will map some domain names (localhost, mass1, gratis.vps, ...) to some IP addresses. If I ping mass1 on this computer.. lets see:
$ dig mass1
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> mass1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39464
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mass1. IN A
;; AUTHORITY SECTION:
. 600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016041700 1800 900 604800 86400
;; Query time: 516 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 13:15:07 IRDT 2016
;; MSG SIZE rcvd: 109
$ ping mass1
PING mass1 (192.168.59.231) 56(84) bytes of data.
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=1 Packet filtered
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=2 Packet filtered
My computer pings 192.168.59.231 when I go for mass1 even when the DNS can not finds this name because that is defined in /etc/hosts
.
nsswitch
The /etc/nsswitch.conf
file tells the system about the priority of lookups, password checks, .... Lets have a look to make it clear:
$ cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#hosts: db files nisplus nis dns
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
On the DNS line I have hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines
. This means when the system wants to find the IP address of a name, it first go for the files
(/etc/hosts) and then for mdns4_minimal and then dns and so on. In this case if I add the facebook.com
to my /etc/hosts
like this:
127.0.0.1 facebook.com
and then point my browser to facebook.com, my computer will try to open a webserver on 127.0.0.1 instead of the real IP of facebook.
getent
The getent
command is a utility to get entries from Name Service Switch libraries (read /etc/nsswitch.conf). If you want to check what is the config of your hosts, you can do as follow.
$ getent hosts
127.0.0.1 funlife localhost.localdomain localhost clickadu.com
127.0.0.1 funlife localhost6.localdomain6 localhost6
10.159.32.155 nsnproxy
172.16.12.134 linuxclass wonderland
193.40.12.135 salma
87.106.233.90 gratisvps
192.168.59.231 mass1
192.168.59.232 mass2
192.168.59.233 mass3
192.168.59.234 mass4
192.168.59.235 mass5
192.168.59.236 mass6
192.168.59.237 mass7
192.168.59.238 mass8
192.168.59.239 mass9
127.0.0.1 frctlstartupfailure localtodoer localdeliv
127.0.0.1 frctlmeth
.
.
.
.
.
.
.
.
.