How DNS Works - Computerphile
HTML-код
- Опубликовано: 27 сен 2024
- How do websites marry up to their IP addresses? Dr Mike Pound explains the Domain Name System - DNS.
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottsco...
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
The nameserver be like: "I know a guy that knows a guy that can help you."
unless the nameserver is set to recursive
Imagine dns over tor:
i know a guy that knows a guy that knows a guy.... thar will tell you about the guy
DNS is no laughing matter! Why once, I met this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy, who knew this guy's cousin...!
Can we trust this guy?
- I don’t know for sure, he works for NASA though...
DNS is no doubt 'SaulGoodMan
From the look of the thumbnail, i tought Mike would say "Dunno" and the video would end.
☺ More like "The F*K If I Know!?"
Made my day
This is a wonderful comment
It's a blackbox and you don't really need to know.
Genius 😂
This channel is singlehandedly helping me pass my Network+ exam
I love this man's explanations, Clean & Simple. So easy to understand and it helps me out alot!
Was going to say something similar, and also the energy and humor he uses to convey the message is great.
When recommendations are faster than sub box
Lmau
RUclips is definitely not fundamentally broken in many ways.......
Or how to make people forget that RUclips exists. :)
I hate this change
Am I the only one who confused substitution boxes with sub box? Maybe I've studied cryptography too much
Subscribe to me to get a sub (:
I see Dr. Michael Pound, I click like.
You mean Sir Dr Michael Pound, CBE
you pound the like button
title: how something works.
thumbnail: who tf knows really!?
You should do a video on DNS records like MX, A, CNAME, TXT, etc.
Yeah, I was first learning the DNS server farms out around and basic DNS servers are set up with text like data and they feed update each other until recent better security has been implemented because DNS can be hacked rerouted.
And the Address and Routing Parameter Area where PTR records live... ;)
@@klyanadkmorr yep, DNSSEC. Cryptographically signs replies so it can't be faked, unless you have managed to compromise the signing keys...usually very, very unlikely.
I love how ambiguous the record names are lol. It's impossible to infer anything from them aside from CNAME. I mean that's gotta be name for something.
But... A?
@@-dash They are completely fine abbreviations. A is an address and AAAA is an address that is four times as big as the one with a single A. Mail exchangers can be abbreviated with -ME- MX, because eXchange begins with X. ;)
Watched this video 2 years ago, didn't get much.
After recent studying, it all makes sense. Great video, this channels is a very helpful reference for top level explanations.
Finally a new video from Dr. Mike
Dr Mike on the mic, check 1 - 2.
This guy is always interesting, i love his encryption videos :D
What a coincidence!
I was looking for information about DNS the whole day, I love computerphile.
You should get something better. This video is full of errors.
@@maflones what
Would be cool if you could do i video on how DNS is changing, DoH : DNS Over HTTPS and DNS over TLS. How unencypted DNS queries are typically stored by ISP to build internet connection records ICRs
Yes. This.
Zazzy I’d rather watch YOUR video. You seem quite knowledgeable.
@@robertholtz Ha thanks, i studied computer science at UoN Mike and Julie are great lecturers for cyber security and comp sci things in general! Just wish UoN had more investment in cyber security and digital forensics modules while I was there.
THIS
There are ways to thwart secured DNS. If your records have a very short time to live, all queries will end up going to an authoritative nameserver. This request can be used to enable Web service temporarily, only to the IP address ultimately asking for its one. So only queries made in the clear will be answered.
Videos with Mike are always really interesting. I really appreciate this guy!
I used to explain it as like making a (land line) phone call to somebody in another town. You look up the town where the other person lives, dial the STD code for that place and then their number. The same code might cover several towns, just as several websites might be served from the same IP address. The name server does the same job as the code pages in the back of the phone book.
0:33 just bogo search through ips
I really love the idea of the waking up in the morning and going "OH NO is Google where I left it???"
he's by far my favorite on this format
Well I'll be damned, I always thought DNS stood for Domain name server, not domain name system. Thanks!
Or domain name service
I like the awkward humor of this man. Would be nice to hang out with this dude for a bit.
Pleasantly surprised about the amount of information in an 8 min vid. Couldn't have explained it much better myself without going into Radix trees, resolvers, DDNS, BIND views & ACLs and DNSSEC. BTW, not sure there are many (if any) DNS implementations left that aren't patched against Cache poisoning since Dan Kaminsky released the research ~9 years ago.
Oh there 100% are. The internet is a wild place.
amaena Then they deserve what they get. >:-)
@@PrimitiveFuturologist_YTC absolutely :) we did a scan of all the nameservers in one of the tld zones, and tried to fingerprint them. There were windows nt nameservers out there. It was scary! I mean, I'm impressed they are still up, but wow.
amaena What’s the betting 389 is open on some of ‘em?
Would love to see Dr. Mike Pound do a video on JSON Web Tokens!!
I'm so happy we finally got to see who lives in that vivarium!
Brilliant video, and straight to the point, thank you guys! This has been bugging me for a while....
Unless google servers are inside your local network, that IP will probably not belong to google :D
ZombieBest someone in your network could have set up a proxy server to google
@@whythosenames Ah but then they would also have to have set up a local DNS to point to that!
RFC1918 block does not "belong", It can not by design, because it is not unique. It is like a local variable that means nothing in global scope.
Incredibly well explained! Thank you!!!!
One drawback with DNS A records, in particular, is that they only give you an IP address, not a port number. So they are not sufficient to identify a service, only a machine which might provide that service. This was remedied later with the introduction of SRV records, but they are not heavily used.
IPv6 ftw?
IPv4 or IPv6 makes no difference.
7:20: there are PI times 100,000 views. is that a numberphile video?
miniro it is actually pi * 1,000,000
Great video and explanation as usual! Now I need the DNS poisoning video!
do u do any security vids
good introductory video, hopefully to be followed up with more technical deep dives into the morass of dns
Just set up my website, this stuff is really fun to code for :D
Please, don't stop on making videos, you really inspire me :)
I see mike Pound, I click the video.
I click the video, I see Mike Pound
every once in awhile, i forgot that Computerphile is a double entendre and i get re-excited when i notice it again, lol. computerphile/computer_phile. [brain bMyBrain[] = Mind.Blown();
Very Well Explained !!! Thanks to Dr Mike Pound.
MORE MIKE POUND!!!
Now what happens if there is a cached IP address that is out of date? Does your computer try to go there and simply fail? I've never seen that so it seems unlikely. Does it try to go there, fail, and send another query indicating the IP address is out of date? Does it do something else altogether?
It goes there and fails.
Anyone who is going to change their IP should reduce the TTL for their records in advance so the change is picked up quickly, Or have both IP's working for the transition period.
Can you please come to my university and teach computer networks for the new first semestlers? Damn I needed this channel and especially you back then... Thank you for this video, great work. Enjoying your way of describing things very much. ;)
Google's name server is 8.8.8.8. I hard coded it.
The backup is 8.8.4.4
Your computer will query its host file before making a query to the computers default gateway. The host file was the method of resolving IP address to domain names before the existence of the Domain Name System. It sill exist so that small networks can be setup a way to resolve host names on their networks without setting up and administrating a domain name server. I use mine as an add blocker by resolving domain that host advertising to 127.0.0.1 .
"I use mine as an add blocker by resolving domain that host advertising to 127.0.0.1 . - "Same (but for blocking unwanted autoupdates)
For Windows it's "%windir%\System32\drivers\etc" and you will have to open "hosts"
@@igorthelight Syntax error, I've used it on both Windows and Linux. I dumped using Windows 3 years ago so auto updates is not an issue.
Yup. And in fact, the dnsmasq name server, which is designed for small setups like a home office, serves up exactly the contents of your /etc/hosts file, it doesn’t need (or understand) complex zone files like bind does.
This is actually quite useful since I'm in the process of creating my first own website
Have wired and wireless communication exam on monday, what a coincidence! :,)
Hope you've got DORA, TDM and CSMA/CA down. ;-)
Mike just can't stop fixing his sleeve 🤣 🤣
Great video thanks.
You didn't talk much about cache invalidation, you just mention a TTL (how is it define, what happen if the IP changes before TTL expire, ...).
And when the IP is resolved, how route name server are updated to be able to redirect faster/closer the next time a computer asks?
Thanks a lot for your videos
any source you can suggest dealing with topics you mention?
I didn't think that computerphile.website was a real working URL, but it is. It redirects to this RUclips channel.
I was waiting for this for so long...
It's probably worth mentioning the hosts file as a potential first point of resolution before DNS
I'm ready for the DNS cache poisoning video!
That's some really quality content
Oh a video about cache poisoning would be super cool. I know it is sometimes used for redirecting to login pages and the like but of course it is more often used as an attack vector.
Amazing explanation, thank you!
Thumbnail = perfection
Ill try to give you a day in the life of a DNS query to better understand the technical lifecycle of DNS.
DNS starts with your computer becoming aware of a DNS name server which is typically done through DHCP and is given by your ISP or sometimes is overriden on your router or computer to something like OpenDNS.
You will interact with a name server called a cached resolver that might use recursuve lookups or distribute large chunks of updated records around.
Those servers will follow up a hierarchy first through resolvers then up through domain levels up to the domain root TLDs. However when they do that they arent looking for an awnser to the DNS query like its IP instead its searching for the start of authority.
At this point the query will be given a name server that can provide an authorative awnser to the query. This will be the domain registrars name servers and these servers generally are not recursive so they can only awnser for specific domain names. Among these servers arecones that actually store the original and most upbto date record which will be reference in the Start of Authority record.
With that said queries will generally not go this deep ever. Instead youll be relying on a cache or mirror of a name server.
Time to live vs time to live ... how come it is usually set in minutes? Surely it lives longer than that, or is this a setting that tells it how long it will take at the most to go live?
Three seconds in and he's giving us the finger. Noice way to treat your audience mate.
Paylastiginiz icin bu faydalı bilgiler icin tesekkürler zil açık 👉🔔👉👏👍🏾
I love your videos ❤️ wished I've done my bachelor degree in nottingham :)
Love these videos!
Can't wait for the DNS cache hacking video! It should be pretty fun!
What's that video with the snake on the left at the end?
ICANN and its nominated delegates are responsible DNS on the Internet.
“Internet Corporation of Assigned Names and Numbers”
It's a bit weird, when you think about it. Ultimately, there are like 20 organisations which are responsible for the internet properly working.
3:36 - "it hasn't got the foggiest idea", cloud pun? fog -> cloud -> internet? (I know it's a British saying)
The link at the end of Mikes Snake cannot be clicked on. Is there a link to that?
seeing
dr Pound's snake was pretty unexpected
@@epsi Which video? Did he say he had a snake or was it visible?
For those wondering, google.com's IP address is 8.8.8.8
“...if you live at home...” where the f should I live ?? lololol 😇
2:05 it could also be in /etc/hosts if you use linux right?
Ooh, looking forward to the video on DNS cache poisoning!
Thanks Mike
Ayyyy they kept the from bacc
How about the software that runs the DNS servers? Is it open-source or proprietary?
Lovely Andrew Marr impression here!!
I dare you to count how many times he says right.... right
Can you explain dll injection?
Cool topic!
I love the thumbnail.
Root servers are not hard coded. You can down load an updated list any time
wow,incredible video,explained it like an absloute pro.
How about an extras on DNSSEC?
Waiting for the video about dns poisoning now!
Computerphile feat. Cornsnake video confirmed?
If you've ever wanted to listen to an Estuarian talk about computers, here's your man.
Dear Computerphile team, would you please enable auto subtitles and auto translation to all your youtube videos? This way We'll be able to recommend your videos to non-english speaking students.
Can you make a video on bonjour / zero config network
There are 13 root name servers, operated by 12 different organizations (VeriSign has 2):
A VeriSign Global Registry Services
B University of Southern California, Information Sciences Institute
C Cogent Communications
D University of Maryland
E NASA Ames Research Center
F Internet Systems Consortium, Inc.
G US DoD Network Information Center
H US Army Research Lab
I Netnod
J VeriSign Global Registry Services
K RIPE NCC
L ICANN
M WIDE Project
you forgot to include the part about critical vulnerabilities in some implementations
Can you please make a video on what happens after the IP is recieved from the DNS server on how that IP is found on the internet
His accent is British! So wonderful!
DNS is the Saul Goodman of the internet.
Cloudflare: Hold my beer...
It would be interesting to know what happens if the domain name doesn't exist. Is it number of bounces related, timeout related? Also what if the server IP does change. How does it work so this domain name is updated, or do you have to wait say 24 hours till the cache in all DNS servers get invalidated?
"Is Your Mama a Llama," adapted for computer folks... By Dr. Pound.
So, is that similar to how google search works?
This morning I’ve just read about DNS. Now, RUclips recommend me this video.
Mike for president!!!
"IP addresses to domain names" hmm
In fact, it does both - IP to dname and vice-versa
PTR record
@ Lookup and resolving is two different things. A DNS server resolves domain names into an IP, and it looks up any records connected to an IP.
@@maflones I mean, they're not. You're just being semantic.
@@KieranDevvs Your beliefs are not interesting.
I wonder how DNS domain name invalidation works. Cloudflare, for instance, can change the mapping instantly, but my country's record takes hours (registro.br)
I know less about DNS than I knew before watching this...
What happens when an IP address changes for a given domain name? Is there some cascading update for all the dns caches? Seems a bit inefficient unless there's some clever way that the caches are updated.
nope. you have to wait sometimes a couple of hours for the propagation to happen.