0

I'm a Cloud Engineer and currently diving into networking and stuff. I have a question, I have the understanding that whenever I go to a site the first thing is DNS. So a DNS request gets sent to a recursive DNS server and I get a response back. Then, my computer will initiate a connection with that IP address. Thing is I've tried to do an nslookup to Facebook.com and I get a different IP than when I go to the site (When I capture the traffic with wireshark I can see that the first request it is indeed to a facebook's owned public ip but it is different than what I get in the dns lookup).

So I was wondering what could be the reason for this. Sorry if the explanation was a little bit ambiguous

Thanks yall who read me in advance:)

FMaj7
  • 1
  • 3
    "I'm a Cloud Engineer"... sorry to be blunt, but if you don't know the basics about networking you are definitely not. – Massimo Jul 04 '22 at 20:51
  • `So I was wondering what could be the reason for this.` Facebook is huge, with many servers and many IP addresses. You get one of them at random each time. Kind of. – tkausl Jul 04 '22 at 21:34
  • Sorry I'm a Cloud Engineer Jr, I only have 4 months experience. I've taken networking classes and I understand the big picture, my question was specifically about Facebook – FMaj7 Jul 05 '22 at 03:42
  • It made me curious because sometimes I don't see the IP set on the A/AAAA records as the first connection to Facebook servers. It's different when I analyze traffic to smaller sites, so I'm curious about what changes here – FMaj7 Jul 05 '22 at 03:46
  • Try to make more than just one query with `nslookup`, see for yourself — each answer might be different. It is easy to see e.g. for `microsoft.com`. – Nikita Kipriyanov Jul 05 '22 at 09:30

1 Answers1

0

This is natural and may have lots of reasons i will mention a few:

1 - Load Balancing --> The general and easy way of providing HA and Load Balancing is through defining multiple A records so that DNS server can answer with a random ip ( Round Robin ) this way our load is distributed across multiple servers.

2 - Quick Access --> You can make DNS server to be smart in a way that when a user asks for the ip it will look at source ip to see which server is closer to you ( according to your country ) and gives you the closet server ip address.

3 - Split-Brain --> This is rare scenario when you want your dns server to answer differently to some users. it is usually used in local networks so that your local users will be given a private ip on the same local network whereas internet users will be given a public ip to access service.

Salar
  • 142
  • 8