What is DNS?
If all network locations are reachable via an IP address, then how do we, using web browsers, reach any given website using only its name (and an extension like .com or .net)? The simple answer: DNS!
Why DNS?
DNS is used to resolve human-readable names, for instance facebook.com, google.com, or downloadmoreram.com, to IP addresses. Machines can’t actually make sense of these URLs on their own, they need an IP address to know where to send/request data to/from. However, we use these names because they are much easier for humans to read and remember. For instance, most everyone knows about youtube.com, but how many people have YouTube’s IP address(es) memorized? Not many.
How DNS?
When you try to access a website using its name, your computer will first send that name to a DNS server and request its associated IP address. These DNS servers can be manually configured or learned via DHCP.
Info
Normally, DNS runs in the background and the user never actually sees a website’s address. However, if you wanted to know a website’s IP address, for whatever reason, there are a couple easy ways to get it using DNS:
- First you can use a simple
ping {website-url}. You’re likely already familiar with this command — it’s used to test a connection between two nodes on a network — though you may only have used it with an IP address. It works with a URL as well, using DNS. It also happens to list the destination’s IP address while doing so. However, this only shows the IP address your computer is ultimately using to reach the destination: major websites often have multiple IP addresses that can reach them. To see all addresses the DNS server has for a website, use the following command:- Second, use
nslookup {website-url}. This will show multiple IP addresses for the destination network.
Info
In Noteworthy Port Numbers you’ll note that DNS uses both UDP and TCP ports. This is a bit beyond the scope of what I’ll cover here (for now…) but in short: DNS queries & responses usually use UDP, but if the message is longer the 512 bytes it will switch to TCP. In either case, port 53 is used.
Responses from the DNS server are saved on the device’s local DNS cache so they don’t have to query the server every single time you want to access a particular website.
Public DNS Servers
Below are some publicly accessible DNS servers that anyone can use. There are many others, these are just a few popular ones.
| Server IP | Operated by |
|---|---|
| Primary: 8.8.8.8 Secondary: 8.8.1.1 | |
| Primary: 9.9.9.9 Secondary: 149.112.112.112 | Quad9 |
| Primary: 1.1.1.1 Secondary: 1.0.0.1 | Cloudflare |
Warning
As a matter of security, you should always use DNS servers operated by trustworthy people/organizations. The DNS operator can choose to log lookups from your address, and thereby track what websites you’re accessing.
Client-Side Verification & Configuration
There are a number of commands for verifying and configuring DNS on clients. Mostly, this will mean interacting with platform-specific GUIs or platform-specific CLIs. For more info, check Verifying & Configuring IP Parameters On Clients
DNS in Cisco IOS
Hosts in a network can usually use DNS without any specific configuration of devices in the network. DNS servers are usually located outside the LAN, and are reachable over the Internet. Therefore, DNS traffic is forwarded like any other Internet traffic.
In the event that an internal DNS server is used, it’s typically run on an end host, usually a Windows or Linux server.
All that said, Cisco routers can be configured as DNS serves, although it is rare. They can also be configured as DNS clients, which allows the router to ping names instead of IP addresses.
Configuration
(config)#ip dns server- Configure a router as a DNS server.
(config)#ip host hostname ip-address- Configure a hostname/IP address mapping, similar to a host file on Windows/Linux
(config)#ip name-server ip-address- Configure a DNS server for Host Names that aren’t in the host table.
(config)#ip domain lookup- Enable the router to perform DNS queries.
- Enabled by default
- There’s an older version of the command,
ip domain-lookup, that may be used by older routers.
show hosts- Display all known hostnames -those manually configured and those learned via DNS.