S3E10: "DNS Near"

Comments 0

Previous EpisodeNext Episode
Recorded (UTC) Aired (UTC) Editor
2018-07-08 21:16:27 2018-07-15 01:08:36 "Edita"
Format SHA256 GPG Audio File
MP3 8d27fc10fe57e92b0a0725ac003e81bb75a24faf7056711d80b8de2753ee345d click click
OGG f9adce12098032fb0db2c6badeac88e34c0500952d9e790b3b1d956352abc1ba click click

It was, in fact, DNS (this time!).

We talk about some basics of DNS via a bird’s-eye-view of how it works.



Starts at 20m17s.

I was drinking water. Paden was drinking a “diet soda” (he didn’t specify which). Jthan was drinking a Miller Lite.

  • DNS (Domain Name System)
    • (I mention in a throwaway comment nmap, which we’ve talked about before, and masscan.)
    • It serves primarily as a human-friendly directory for IP addresses.
    • There are Authoritative Nameservers, Resolvers, and Root (Name)Servers
      • Authoritative serve records and their contents (e.g. “foo.bar.com is an A record for”)
      • Root servers operate with registrars and authoritative nameservers to “learn” the domains and develop a query path for resolvers to take. Resolvers (which usually cache the records they look up, and can either resolve for a specific domain or “recurse” to find other domains) then serve records to clients (browsers/workstations, etc.) — which may also perform caching of their own as well.
    • There are a multitude of DNS record types. You can find an extensive amount of RFCs for DNS here and here. It is highly recommended you read them.
    • We mention DNSSEC in passing, but there are some alternatives being discussed.
    • Jthan brings up DNS over HTTPS (currently in draft format). I mention that for one, Unbound can support DNS over TLS, which I argue is better.
    • We also talk about glue records. For an example of this, do a WHOIS (note the authoritative nameservers) and a DNS analysis on sysadministrivia.com. ;)

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (44m10s)

A betting/gambling site, BetVictor, leaked creds to its own infra … via a help article.


  • Our audio was TOTALLY off for this episode, so sorry! Paden was totally blown out (I received the recording in that condition), and Jthan was peaking a couple times (and he almost never peaks). Sorry!
    • He also had a baby on his lap, so there’s some background noise we couldn’t remove. Apologies.
  • The SRV record is no longer a draft, but is now a proposed standard.
  • It appears that Unbound does not (yet) support DNS over HTTPS, but it DOES support DNS over TLS.


Music Credits
Track Title Artist Link Copyright/License
Intro Say It Again, I'm Listening Daniel Birch click CC-BY 4.0
Outro Suddenly It Occurs To Me There's No Ocean Here Artificial Intelligence in Texas click CC-BY-SA 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)



There are currently no comments on this article.


Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.