Let's dig trough DNS

in technology •  4 months ago

This will be a technically more advanced post for people who are interessted how an important part of the internet works. Its about dig and DNS.
First of all you should read about DNS censoreship in this post of mine:
https://steemit.com/censorship/@rockz/dns-censoreship-and-how-to-bypass-it

Now I show you a way how to detect censored DNS servers.

Basics

Ok, first you need to understand how the DNS is built. If you assume that there are a few servers that store the entire Domain->IP table you're wrong.
Its a more complicated tree. At the top of this tree are the root servers.

Those root servers do not have all domains mapped to an IP address. They just know who to ask next.
For example if we lookup steemit.com our Browser asks our configured DNS server: "Hey, do you know the IP of steemit.com". Maybe the DNS server has cached the IP of steemit.com but most likely not. So the server goes up the tree.
He ask one of the root servers: "Hey, I look for a domain registerd with the TDL (top level domain) .com". The rootserver answers with a server who knows the domains for the .com TDL. Then our DNS server asks the this server: "Hey, I look for steemit.com and since the DNS-root server said you know it, you have to give it to me). The .com server replys to our DNS with the ip of steemit.com which will pass the IP to our browser and we are now able to download the page.

Simple, isn't it?

Let's get into it

If you're on a UNIX like system you can follow this step by step using the comand dig.
By just "dig" whitout any params we can get a list of all DNS rootservers.
1.png

Ok, now we ask one of the one of them (a.root-servers.net) who to contact for looking up a .com domain.
dig @a.root-servers.net com
2.png

The next step is to ask one of those servers who knows everything about .com which next DNS server is responsible for steemit.com:
dig @a.gtld-servers.net steemit.com
3.png

Now we know which DNS server is responsible for steemit.com we can now query it and get the IP of steemit.com
dig @ns-394.awsdns-49.com steemit.com
4.png

Nice, there it is:
34.231.209.55

If we go vice versa we can confirm that everything went right
host steemit.com
5.png

Okay, you now know the basics....

How to detect a censored DNS server?

Now lets assume some shitty provider or government tries to censore steemit.com by using DNS censorship methods.

if you then run the command
host steemit.com
You won't get 34.231.209.55. You will get an IP address that the censored DNS server response you instead of the real one. The wrong IP address then leads you to a "This webpage is blocked" or maybe just a whit screen -page.

The command "host" uses the DNS server configured in your system or router which is by default your providers one. And there is the censoreship happening.

If you run the "host" command over your providers DNS and it returns another IP address then going trough "dig" and using and uncensored DNS server you can be sure there is something fishy.
the command dig uses the @ parameter to define a dns server you want to ask. So make sure you use a uncensored one.
A small list of uncensored DNS servers can be found here:
https://steemit.com/censorship/@rockz/dns-censoreship-and-how-to-bypass-it

Now, have fun discovering uncensored and censored DNS servers :)

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

it's showing that you did the full huge research about DNS server.

Thank you sir @rockz for the basic idea of dns server. I appreciate your great analysis about detecting a censored dns server, discovering uncensored dns server as it's enhance our knoweldge. Thanks a lot for the valuable content and eagerly waiting for next content.

Thanks for clarifying the DNS workflow ;)


Little typos:

and we are now able
There's a missing w

just a white screen -page.
There's a missing e

A thousand thanks the truth that you learn a lot here in your account, there is nothing ready to help, with simple words you can get anyone to do the homework

this one is an additional technical knowledge for me , thanks for sharing it with us @rockz , this is very useful since todays generation is so computerized. ❤️❤️❤️

This piece is really informative, educative and valuable, I believe it will be of help to steemians both minnows and newbies like myself.

Ok, first you need to understand how the DNS is built. If you assume that there are a few servers that store the entire Domain->IP table you're wrong.
Its a more complicated tree. At the top of this tree are the root servers.

This part caught my attention. I really find one or two things useful in this post. Keep the good work flowing man

thanks for share @rockz

i'm following your every post
your are great

Its fun to use dns system

You have a minor misspelling in the following sentence:

Now lets assume some shitty provider or goverment tries to censore steemit.
It should be government instead of goverment.

·

hahaha.... I allready hate you <3