Tag: smart dns

Command Line Utilities for Troubleshooting DNS

There are of course, many tools for configuring, installing and troubleshooting DNS issues, many can make life an awful lot easier. Anyway here’s some of the perhaps most popular ones which exist in various platforms.

nslookup

This utility is probably the oldest and most widely used DNS tool available. IT’s primary functions are to run individual and specific queries on all manner of resource records. It is even possible to perform zone transfers using this tool, which is why it’s so important.

ipconfig

This tool is often used daily to release and renew DHCP addresses. However it can also be used to perform some DNS functions, it’s certainly a useful client tool to get to grips with. There are a couple of very useful switches which supply DNS related functionality. The /displaydns switch will return the contents of the client resolver cache. It will show you the Record Name, TYpe TTL, Data Length and RR Data. It will use cache data to return these records at least until the TTL expires when it will query a name server. The /flushdns switch is used for erasing the contents of the resolver cache. In troubleshooting terms this means that cached data will not be used and a fresh request will be sent to a name server. Finally /registerdns which will refresh it’s DHCP lease and network records.

netdiag

One of the most useful general diagnostic tools you will find in a Windows environment. It performs a long list of network connectivity tests, including a specific DNS test. Using the switch /test:DNS the program will check each active network card and see whether it has a A record registered in the domain. The additional switch /DEBUG can be used in conjunction with this to produce a verbose output to the screen which is extremely helpful in troubleshooting DNS issues. It can be found in the Windows support tools directory which is on the installation disks and shares. It’s surprisingly useful when checking a DNS service or programs.

dnsdiag

This useful utility is especially useful in checking through email issues that are DNS related. A DNS misconfiguration can cause all sorts of email issues as many have experienced. It functions by simulating all the DNS related activities which would be done by an SMTP agent when delivering email There is a caveat in it’s use for this sort of diagnostic work, you’ll need to run it on a computer which has either and Exchange or SMTP agent installed locally.

Most of these tools can be used to solve a huge range of DNS related issues, so they’re worth getting to grips with. A great test is to use them with a new installation, or DNS design, perhaps run through the tools to check out that DNS is working properly.

Additional DNS Resource

DNS Messages

If you want to write programs that can utilize DNS messages then you must understand the format. So where will you find all the queries and responses that DNS uses to resolve addresses? Well the majority are mostly contained within UDP, each message will be fully contained within a UDP datagram. They can also be relayed using TCP/IP but in this instance they are prefixed with a 2 byte value which indicates the length of the query or response. The extra 2 bytes are not included in this calculation - a point which is important!

All DNS communication exists with a format simply called a message. Every different function in DNS from simple queries to Smart DNS functions will all use this very same format. The format of the message follows this basic template -

  • Header
  • Question - For the Name Server
  • Answer - Answering the Question
  • Authority - Point Towards Authority
  • Additional - Additional Information

Some sections will be missing depending on the query, however the header will always be present. This is because within the header you’ll find fields which specify which of the remaining sections are indeed present, also whether the message is a query or a response and finally if there are any specific codes present.

Each name of the sections following the header are derived from their actual use, it’s all pretty common sense stuff. The Question section is indeed a question directed at a Name Server, within this section are fields which define the question.

  • QTYPE - Query Type
  • QCLASS - Query Class
  • QNAME - Query Domain Name

Specifically if you are programming or developing any application which relies on this functionality like the best Smart DNS service for example it is important to understand these classes properly. Also programmers will need to understand the specific format of the classes. The QNAME represents the domain name being queried as a sequence of labels. Each one of these labels consists of a length octet followed by a number.

Using Smart DNS to Bypass Geo Blocks

For many years, the rather unfortunate practice of restricting access based on your location has been growing in the online world. In fact any decent web site will now heavily control what you can or can’t see depending on your location. The driver is of course profit, licenses are often granted on a per country basis allowing organisations to maximise their profits by charging different amounts in different places. Those of us who hoped that the internet would become one big global market are set for disappointment.

It was probably to be expected companies have done this for years, charging top dollar in the richer countries whilst lowering their prices in less affluent areas. In fact this forms the very basic laws of economics, check out price discrimination for more reading about this topic. Fortunately though, the technology to apply these restrictions is not very sophisticated at the moment. Basically the website looks up your IP address when you connects and then looks up it’s location, this is used to determine what you can see. For example Hulu holds the US rights to lots of programmes and you can access the whole catalogue if you connect via a US IP address. Connect from anywhere else and you’ll get little more than adverts and a few clips to enjoy.

This was fairly easy to bypass though, just a little research or investment - you could buy proxy servers from a supplier and use it to hide your real address. Slowly this became harder though with companies like Hulu blocking all but the well set up and configured proxies or VPN servers. But there was another problem, changing your connection and using proxies worked great on a computer but nowadays many of us are surfing the web through a host of other devices like games consoles, phones and media streamers like the Roku.

In theory this should work ok too, but suspiciously many hardware manufacturers are putting less access to basic network connectivity on these devices. It’s very hard to get a PS3 or Xbox to use a proxy or shared VPN (although it is possible), and some hardware like the Roku or ADSL routers simply don’t supply access to these sort of configuration options. Which is partly responsible for the next generation of anti-geoblock technology - namely Smart DNS.

This goes a step further than using proxies, or possibly a step backwards in that only part of the connection is redirected (the bit that checks your location), when you start to stream video for example it goes straight from the web server to your PC. This means that obviously the security element of the connection is pretty much non existent. However the video streaming is much quicker as the majority of the traffic doesn’t need to be router through a third party which happens when using a proxy or VPN server.

Read more here:

 

 

The Basics of the Domain Name System

So what is the Domain Name System or as it’s more commonly known as DNS? Well, very simply it is a huge distributed database which contains the domain names and addresses of all devices on the network. This structure is crucial to the way DNS functions, it allows local control of specific segments - and means that somebody doesn’t control it (or effectively the internet!). Yet data in each of these local segments is available to anyone across the entire database. It’s not the most efficient system, but reasonable levels of performance are produced by replicating the local segments and caching these for quicker resolution.

The database is operated on a client/server configuration, the important part served by Name servers. These Name servers contain information on addresses on specific segments and make that information available to clients and other servers - a process called resolving. Resolvers are often just simple library routines, they create queries on demand and forward them to name servers across a network.

The structure of a DNS database is very similar to the directory tree of any filesystem. It’s easiest to think of these as an inverted tree, at the very top is the root node. Each subsequent node is displayed with a text label which identifies it’s relationship with it’s parent. The second tier of the database contains domain extensions such as com, edu, gov and mil. At the top of the tree the node has a ’null’ label, although in practice and configuration it is written as a single dot - ..

Every domain in this tree has a unique name, it’s name helps identify it’s location in the database. The name is made up of the series of nodes that distinguish it’s location in the database. For example if I establish a new domain called mybesttelly.co.uk - I would be responsible for that small segment - mybesttelly.co.uk and any devices such as computer1.mybesttelly.co.uk, www.mybesttellt.co.uk and mail.mybesttelly.co.uk. I can control nodes below my DNS name but nothing above, although I can delegate authority or redirect my resolution requirements to other servers.

But the underlying requirement of course, is to resolve the domain names with specific IP address (and vice versa). In the early days of networking this resolution was done by a text file called the hosts file, which was replicated across the network. In larger networks and specifically the internet - this is clearly not possible. The sheer size of the file would be enormous and replicating changes throughout the world would be completely impossible. There is much more to this technology of course, DNS lies at the heart of the internet and making it function. Name resolution helps any specific client find the server it is looking for. It is open to abuse and there have been many attacks on the infrastructure and localised DNS poisioning and spooofing attacks. DNS is being improved and developed all the time - you can see some of the advances in things like Dynamic DNS or the Smart DNS applied to devices to make them region free - see here for information.

Without DNS we’d be left with huge lists of IP addresses of our favorite sites, it would be rather hard work. As it is, controlling our client IP addresses is more likely to be an issue as I discovered when I tried to watch Canadian TV in the USA last week but was blocked because I had an American IP address.

For a more thorough introduction you could do a lot worse than the excellent primer on this site - http://www.tcpipguide.com/free/t_TCPIPDomainNameSystemDNS.htm.