Going Online. A look into how domain names turn to IP addresses.

Table of content

DNS records (getting your website live)

  1. NS Records (Nameserver Records): NS Resource Records are records in the DNS database to determine which authoritative name servers are used for the domain. The DNS database is used to convert (sub)domain names to IP addresses. They work as a distributed telephone book. Records are kept in cache for a time (mostly 24 hours) that’s why it often requires at least 24 hours to change a domain. (Else the old value van still be stored somewhere in a cache. Supposedly you buy your domain from GoDaddy then by default GoDaddy will be the authoritative server pointing to your website. NS records exist SOLELY to define WHICH NAMESERVERS are responsible for a particular domain.
  2. A Records (Address Mapping records): Once your machine finds the authoritative server having the details of your website. The machine then queries for the A records for the domain. The A records contain the hostname as well as the IP address of the server where your files/website are hosted. The A records consist of the name of the record, the address of the server and the TTL (Time to live for the record), this specifies the amount of time the record is allowed to be cached by a resolver. The A records stores IPv4 addresses.
  3. AAAA Records (IP Version 6 Address record): Same functionality as A records but it saves the IPv6 records.
  4. CNAME Records (Canonical Name record): A CNAME record is used to point a domain to another domain. When a DNS client requests a record that contains a CNAME, which points to another hostname, the DNS resolution process is repeated with the new hostname.
  5. MX Records (Mail Exchange records): Specifies an SMTP email server for the domain, used to route outgoing emails to an email server.
  6. PTR Records (Reverse-lookup Pointer records): A DNS pointer record (PTR for short) provides the domain name associated with an IP address. A DNS PTR record is exactly the opposite of the ‘A’ record, which provides the IP address associated with a domain name. They are used for reverse domain lookups. Some email anti-spam filters use reverse DNS to check the domain names of email addresses and see if the associated IP addresses are likely to be used by legitimate email servers. If a domain has no PTR record, or if the PTR record contains the wrong domain, email services may block all emails from that domain.
  7. CERT Records (Certificate record): Stores encryption certificates — PKIX, SPKI, PGP, and so on. CERT records are used for generically storing certificates within DNS and are most commonly used by systems for email encryption. To create a CERT record, you must specify the certificate type, the key tag, the algorithm, and then the certificate, which is either the certificate itself, the CRL, a URL of the certificate, or fingerprint and a URL.
  8. SRV Records (Service Location records): A record that advertises a service and how to connect with it. SRV records help with service discovery. For example, SRV records are used in Internet Telephony to define where a SIP service may be found. An SRV record typically defines a symbolic name and the transport protocol used as part of the domain name. It defines the priority, weight, port, and target for the service in the record content.
  9. TXT Records: Text records were originally intended to be human-readable metadata but now they are mostly served as placing machine-readable metadata to verify domain ownership etc.

DNS Lookup

  1. A client sends a recursive query to a DNS name server to request the IP address that corresponds to the name ftp.contoso.com. A recursive query indicates that the client wants a definitive answer to its query. The response to the recursive query must be a valid address or a message indicating that the address cannot be found.
  2. Because the DNS server is not authoritative for the name and does not have the answer in its cache, the DNS server uses root hints to find the IP address of the DNS root server.
  3. The DNS name server uses an iterative query to ask the DNS root server to resolve the name ftp.contoso.com. An iterative query indicates that the server will accept a referral to another server in place of a definitive answer to the query. The query lands on one of the 13 DNS root servers. Now to clear things out, the root servers work in a cluster and are accessible to the world by only 13 IP addresses. Because the name ftp.contoso.com ends with the label com, the DNS root server returns a referral to the Com server that hosts the com zone.
  4. The DNS server uses an iterative query to ask the Com server (Top Level Domain Server for com domain)to resolve the name ftp.contoso.com. Because the name ftp.contoso.com ends with the name contoso.com, the Com server returns a referral to the Contoso server that hosts the contoso.com zone.
  5. The DNS server uses an iterative query to ask the Contoso server to resolve the name ftp.contoso.com (Authoratative Name Server). The Contoso server finds the answer in its zone data and then returns the answer to the server.
  6. The server then returns the result to the client.

OSI Model

TLS Handshake

  1. Client Hello: The client expresses their interest in connecting with the server. The client presents it’s cypher suites to the server. The server makes the decision of what cypher suite will be ultimately used for the communication based on the latest version of the suite that it can support. There are various parts to a cypher suite.
    1. Protocol: TLS 1.3, TLS 1.2, SSL V3, SSL V2
    2. Key Exchange: Diffie Helman or RSA
    3. Authentication (used to authenticate the server): RSA, Elliptic Curve Digital Signature Authentication
    4. Cipher (dictates the algorithm that will be used to encrypt the data): Advanced Encryption Standard(GCM/CBC), Camellia
    5. Message Authentication Code (dictates the method the connection will use to carry out data integrity checks.): Secure Hash Algorithm, MD5
    So a dummy cypher suite might look like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, which says that the protocol that will be used is TLS, They key exchange method will be an elliptic curve, Diffie Helman, with RSA mechanism for a handshake and AES with 128 session encryption size AES GCM version of cypher with SHA 256 digest size
  2. Server Hello: The server chooses the cypher suite that it will be using along with the certificate that contains the public key of the server that initiates the asymmetric encryption that is necessary to begin the symmetric encryption. The client then uses that public key to encrypt things it’ll be sending to the server. Also, the client then checks for the certificate validity.
    The certificate contains the following thing.

SSL Certificate Verification

  1. Root Certificate (Trust Anchor): A Root certificate is a self-signed certificate that follows the standards of the X.509 certificate.
  2. Intermediate Certificate (The Issuing CA): At least one intermediate certificate will almost always be present in an SSL certificate chain. They provide a vital link to enable the Root CA to extend its trustworthy reputation to otherwise untrustworthy end-entities. The issuing CA functions as middlemen between the secure root and server certificate. This allows the Root CA to remain securely stored offline, providing an extra level of security. Trust in the root CA is always explicit. Each operating system, 3rd party web browsers, and custom applications ship with over 100 pre-installed trusted root CA certificates. In contrast, non-root certificates are implicitly trusted and are not required to be shipped with an OS, web browser, or certificate-aware application.
  3. Server Certificate (The End Entity): The end-entity provides critical information to the issuing CA via a Certificate Signing Request form. The certificate is then signed and issued by a trusted CA, attesting that the information provided was correct at the issuance time. The SSL connection to a server will fail if the certificate has not been verified and signed.

Perfect Forward Secrecy and Diffie Helman

Extras: DNS Poisoning

Extras: How to shut down the internet and DNSSEC

  1. Big diagram of the blog
  2. Cloudflare blog
  3. Hussein Nasser
  4. F5 DevCentral

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store