With One Domain Name, There Can Be Many Associated Protocols. How These Records are Routed, Resolved and Peering Happening Can Be Analyzed. Normally, we only analyze certain parameters, but from a broader aspect, Internet Exchange Points (IXPs), Peering – all play a big role for resolving a domain. The control over the router on Ingress and Egress Policies can give many details. Root Servers/Domain Root Servers plays a big role. ICANN BASED operating mode involved daily synchronization in Open Root Server Network’s root. There is another mode, the INDEPENDENT mode, there is no automatic synchronization and activated whenever the political situation of the world or a downtime of the ICANN root zone does not work. ICANN and several IXPs are indirectly under control of various Governmental agencies. Open Root Server Network model again started working in mid 2013 after the spyware activities were documented to be revealed by Edward Snowden.
DNS Records and Analysis
A Record
An A record gives us the IP address/es of a domain. When the users try to go to thecustomizewindows.com will point to the right IP address. A record or Address Record maps a hostname to a 32-bit IPv4 address. An A Record is written in this format:
1 2 | Name TTL TYPE DATA thecustomizewindows.com. 4320000 A 15.0.0.01 |
We need a DNS Server to resolve this. Without this entry, IP will not point to Domain name. Domain name has other importance than making it memorable. DNS server is usually a different set of servers which already resolved themselves and has established peering. Example DNS Server can be of Rackspace Dedicated :
1 2 | ns.rackspace.com ns2.rackspace.com |
Most DNS Servers use some server side software which adds the record when we add it in some way or the other via Web GUI. We add this DNS Server set with Domain Register’s Web GUI. That changes the record of ICANN. It basically does not matter which Domain Register we are using, they have an API based backend which changes the records at Root Server Level.
AAAA Record
Does the same work like A Record but is optional and related to IPV6.
CNAME
CNAME Record is used to define an alias name. A CNAME record is written in this format:
1 | www.thecustomizewindows.com IN CNAME thecustomizewindows.net |
www.thecustomizewindows.com is same as an alias for the host whose canonical (standard) name is thecustomizewindows.net.
These are enough to resolve a domain name or subdomain name. The www part has been discussed as a well known copy-paste based error. Do not add WWW before your new domain, root domain pointing is the right way and WWW creates too much complexity with HSTS. Servers will handle it as a subdomain.
MX Record
Mail Exchange Record maps on an IPv4 address to the canonical name for that host.
SOA Record (Start of Authority Record)
Specifies the DNS server providing authoritative information about the domain including the domain serial number, and several timers relating to refreshing the ZONE.
TXT Record
TXT Record allows to insert text into a DNS record for Sender Policy Framework to very simple works related to verification. Except Sender Policy Framework, it is an overhead.
PTR Record
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. This appears in this way :
1 | 15.0.0.01.in-addr.arpa. IN PTR thecustomizewindows.com |
NS Record
NS record are listed in the Zone records of the Authoritative Name Server. These records are called as the Authoritative Records. Today, this is automatically added by the good host-DNS system. The NS records found on the Parent Server will match the NS records on the Authoritative Serve else, they will become Stealth Name Server.
If Google System promoted “Bad Neighborhood” exists, this is the only place of concern. The IP addresses are basically not important for Google Search. Google is NSA’s public agency for data theft, they will distort the technical part to the common peoples.
We have a bunch of IP address, which none used ever with any website since 1986. That actually does not make higher SERP. It is very costly matter to rent a range of IP. There are marketplace for IP like Domain names. The peoples associated with the systems are not quite good in real life. Who will take a headache of these odd works? None except the employees. This things should be hammered in the readers mind to make you a bit curious to search about the details.
Advertisement---
Tools For Testing DNS Records
There are lot of Tools on command line to test the above records. As you also have a DNS, IP as you are using an IP from the ISP, your testing will use the DNS you are using. Do not replace your ISP’s DNS with a Public DNS – it is a potentially dangerous way to open your computer to the outsiders. There can be DNS Spoofing with your IP. If you run :
1 | nslookup thecustomizewindows.com |
You will get the set of your localhost’s DNS. If you run :
1 | traceroute -a thecustomizewindows.com |
(hit Control + C on Mac to stop)
You’ll get the idea, of how your ISP is resolving the IP. Use any online tool, even WebPageTest to check the initial setup. Run cat /etc/resolv.conf to get your ISP associated name servers.
host, dig, nslookup, ping are commonly used networking tools. You can run man host, man dig, man nslookup, man ping to read the manuals. You are getting confused with traceroute result, the next subheader is for that reason. You can use an online tool like viewdns.info to test your stuffs. You can see, only our 3 ports are open :
1 | http://viewdns.info/portscan/?host=thecustomizewindows.com |
You have to hack via port 22. But we have Port Knocking installed. Your only way to hack is to use SQL injection. Unfortunately, we have no form plus you do not know exactly what our ingress-egress policies are. If you hack, you’ll think you have successfully hacked, but HP has excellent guys. They might change your computer’s DNS. In the mean time, the IP will be changed, new instance will be added. Because, we have real router, then subnet, subnet mask etc.
Analysis of How a Domain is Routed
Now, with Traceroute, you got entry like :
1 | [AS15412] so-7-0-0.0.ejr03.sin001.flagtel.com (62.216.128.73) 310.231 ms |
What these [AS15412], so-7-0-0.0.ejr03.sin001 Aircraft looking stuffs are? There 3 alphabets are of Airport :
1 | http://en.wikipedia.org/wiki/List_of_airports_by_IATA_code:_A |
These are Internet Exchange Points (IXPs) for peering. AS15412 is an entry which has a record against their router. This most of you do not know, there is a nice tool :
1 | https://www.robtex.com/as/as18101.html |
You will get terrified if you are not related to networking, go to the Graph :
1 | https://www.robtex.com/dns/thecustomizewindows.com.html#result |
This is our full delegation :
If you are hosting on US, you will get faster testing result with US servers. With webpagetest.org, you’ll get live screenshot too. Best way to see if you have setup the stuffs rightly during the initial setup.
There is another protocol named BGP, you can actually telnet to the Public Root Server :
1 | http://routeserver.org/ |
You’ll see that the dots are blinking…tewtewtew. Click one on your Mac / Linux and accept the prompts, you’ll get something like this :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | Trying 216.191.167.134... Connected to route-server.central.bb.allstream.net. Escape character is '^]'. CCCCCCCCC ************ route-server.central.allstream.com ************** ********* MTS Allstream IPv6 and IPv4 Backbone Route Monitor ******* This router maintains IPv6 and IPv4 peering with the following key routers in the MTS Allstream IP Backbone: GATEWAY-1, Toronto, ON, Canada Gateway-2, Toronto ON, Canada GATEWAY-1, Chicago, IL, USA GATEWAY-2, Chicago, IL, USA This device should NOT be the only way to gauge performance on the MTS-Allstream IP Backbone due to its potential high CPU utilization This route-server may NOT be used with ANY automated scripts unless proper authorization has been given to you by MTS Allstream This router supports the cisco "| [begin,exclude,include]" command format. MTS Allstream maintains the following router-servers: Route-server.western.allstream.com Vancouver, BC, Canada Route-server.central.allstream.com Toronto, ON, Canada Route-server.eastern.allstream.com Montreal, QC, Canada For questions, send email to routing@mtsallstream.com ****** username "rserv" and no password is required ***************** User Access Verification Username: rserv route-server.central> route-server.central>show ip bgp 15.125.77.166 BGP routing table entry for 15.125.0.0/16, version 8549358 Paths: (4 available, best #4, table default) Not advertised to any peer 15290 3356 6301 199.212.162.73 from 199.212.162.73 (199.212.162.73) Origin IGP, localpref 100, valid, external Community: 15290:3356 15290:64995 15290:65030 15290:65506 15290 3356 6301 199.212.162.70 from 199.212.162.70 (199.212.162.70) Origin IGP, localpref 100, valid, external Community: 15290:3356 15290:64995 15290:65030 15290:65506 15290 3356 6301 199.212.162.72 from 199.212.162.72 (199.212.162.72) Origin IGP, localpref 100, valid, external Community: 15290:3356 15290:64995 15290:65030 15290:65506 15290 3356 6301 199.212.162.71 from 199.212.162.71 (199.212.162.71) Origin IGP, localpref 100, valid, external, best Community: 15290:3356 15290:64995 15290:65030 15290:65506 route-server.central>exit |
There are tools viable on GitHub to test your server’s real availability. Be careful, do not run scripts. That is why no Cloud IaaS allows to run unlimited instances. If you have 150K instances and you test them every 2 minutes, 100 such usage can bring a mini Ddos. Thats everything about Domain, DNS, delegation a webmaster need to know. Matt Cutts told you? No. He will tell you Sci-Fi stories.
