DNS Resolution using Linux command

DNS Resolution using Linux command

One of the question asked in my previous interview, was kinda very normal if you are sitting for the SRE Interview and it was nothing out of the box.

The question was how DNS works illustrate with the linux command?

I dove into explaining the entire DNS process, breaking down the intricate concepts of Root Level Domain (RLD), Top Level Domain (TLD), Second Level Domain (SLD), and Fully Qualified Domain Name (FQDN). The interviewer, keen on understanding the iterative flow of DNS, requested a visual representation, prompting me to use https://excalidraw.com/ for an illustrative workflow.

As I sketched out the architecture, the interviewer delved into specific DNS record types such as A, AAAA, NS, MX, CNAME, and PTR. I provided comprehensive answers, ensuring a thorough understanding of each record's purpose. The conversation seamlessly progressed to elucidating the sequential steps in a DNS query.

I described the initial phase where a request is sent to the Local DNS Server. If the desired IP address is cached, the Local DNS Server promptly responds, minimizing unnecessary overhead. However, in cases where the IP address is absent from the cache, the request journeys to the Root DNS server managed by ICANN. From there, an NS record directs the query to the Top Level Domain (TLD) server governed by IANA. This process repeats as the TLD server further points to the Sub Level Domain, culminating in obtaining the A record containing the requested IP address.

Before delivering the IP address to the user, a crucial step ensues – caching. The IP address is stored in both the Local DNS Server's cache and the client's web browser, adhering to a Time To Live (TTL) value. This strategic caching mechanism optimizes future requests, contributing to a more efficient DNS resolution process.

So any of us would answer that question quit effectively as it's one of the most asked question when it come's to the Networking. But the interviewer also wanted to test my linux knowledge perticularly in this context. So he started to ask me question like what are the Linux CLI command's which can help us to understand this entire flow so the first command which crossed my mind at that time was dig followed by traceroute.

The immediate following question the interviewer asked me is to demonstrate the entire DNS flow which I just explained to him using the dig and traceroute command. And Alhamdulillah, it was something which I just experimented few days before an interview.

Dig Command :

The dig command is a DNS lookup utility in Linux used to query DNS servers for various types of DNS records, providing information about domain names and their associated IP addresses.

So the command is:

dig +trace gatech.edu

+trace is used to trace the delegation of a domain starting from the root DNS servers and following the chain of authoritative DNS servers responsible for that domain.
The provided snapshot illustrates the operational flow of the mentioned dig command, showcasing the intricate process through which various records from different servers contribute iteratively to yield the final IP address as the ultimate response.

The DNS resolution process starts at the root servers, then moves to the TLD servers responsible for ".edu". Subsequently, it reaches the authoritative name servers for "gatech.edu", where the final IP address (3.214.16.8) is obtained.

Note : It's the output of the single command i have just divided it into the multiple segments so that it'll be more readable.

Root Level Domain (.) :

The root DNS servers (e.root-servers.net, a.root-servers.net, etc.) are the highest level in the DNS hierarchy. They provide information about Top Level Domains (TLDs) and delegate authority for specific TLDs.

Top Level Domain (edu.):

TLD servers (a.edu-servers.net, b.edu-servers.net, etc.) handle requests for domain names ending with specific TLDs, in this case, ".edu". They delegate authority to authoritative name servers for Second Level Domains (SLDs).

Sub Level Domain (gatech.edu.) :

Authoritative name servers for "gatech.edu" (dns1.gatech.edu, dns2.gatech.edu, dns3.gatech.edu) hold information about the IP addresses associated with the domain. These servers are responsible for providing the final resolution for queries related to "gatech.edu".

And those number's out there is the is the time-to-live (TTL) value for these records, indicating how long this information can be cached by other DNS servers before it needs to be refreshed.

Traceroute command:

The traceroute command is a network diagnostic tool in Linux that reveals the route and measures the response times of packets as they traverse through routers from the source to the specified destination IP address or domain.
It trace the route to the IP address associated with "gatech.edu"

Conclusion :

While sitting for the DevOps/SRE Interview we'll know that having the good hold over the networking and Linux command is must. But there are so much interdependency between these two topics. Combining the power of both Linux and Networking can surely give you an added benefit in the interview process. Your theoretical knowledge on CS fundamentals back by the real Illustration using Linux is like cherry on cake.