DNS

Suppose there are two hosts in the same network one with 192.168.1. 100 and the other with 192.168.1.200. Consider Host B has db service in it. When properly configured from host1 we can ping 192.168.1.200

Suppose we dont want to enter the ip address instead we name Host B as db. When we try to ping

ping db —> unknown host db.

Basically we need to tell that db is nothing but 192.168.1.200. So we put that entry in /etc/hosts entry as 192.168.1.200 db

then if we try to ping db then ping db would be successful.

Whatever we put in /etc/hosts file in Host A . Host A considers it as source of truth.

When we do ping, ssh,curl command with the host name the host name first changed to ip address by looking at the /etc/hosts file/. This conversion of name of the host to the ip address is called Name Resolution

So if the network is small we add each entry of the hosts name along with the ip address of the host. This has been done in the early days of computer network

Now the hosts in the network are being increased exponentially.So managing these hosts entries in /etc/hosts file is becoming hard.

So we decided to move all the entries in /etc/hosts file to a single centralised location called DNS server. So now all hosts look at the entry in dns server whenever we want to ping,ssh and curl commands using the host name. So that name resolution will happen(converting name of the host/server to its ip address)

So now one might get a doubt how do you point dns server from the host?

The answer is in linux system we configure dns server in /etc/resolv.conf

Suppose the dns server ip address is 192.168.1.20 then we add entry in the /etc/resolv.conf by saying

nameserver 192.168.1.20

So once this updation in the entry of /etc/resolv.conf is done. Then whenever we ping or ssh using the name of the server it looks at the dns server and converts to the ip address.

Suppose if we have entry in both /etc/hosts file and in the dns server; then where does host search the ip address?

First the host name is checked in the /etc/hosts if it doesnot find then it looks at dns server.

If we want to change the the order of searching the corresponding ip adress we can change it in /etc/nsswitch.conf

The default configuration is hosts: files dns .

files means entries in /etc/hosts and dns means /etc/resolv.conf

Suppose if you want to ping www.google.com. The requests first hits the organisational dns server. If the request is not seen in organisational dns server, it is sent to the internet. The root dns server looks at the www.google.com. The root dns sends this requests to .com name server.

From .com name server it sends requests to google name servers and in the google name servers it sees www sub domain name server. After this it responses the ip address to the request.

For some cases ping is not correct tool for checking name conversion. In order to check whether the dns server is working we can use nslookup.

nslookup only looks at dns server but not at the /etc/hosts file

Reference:

https://ine.com/blog/2009-03-01-ccent-host-to-host-network-addressing-example