0

I'm trying to get a deeper understanding of what exactly the dig command does in terms of different computing levels (OS level, network level, and dns functionality)

I'm looking for some feedback and help making my understanding as detailed as possible, currently this is what I think the dig google.com command does:

  • [OS level] I type dig google.com into console and hit enter
  • [OS level] By default since no other flags or command line args are specified, dig will perform an DNS query for "." (the root) (google.com.)
  • [OS level] The dig command request packet is created
  • [Network level] My dig request packet is sent out my computer to the wifi network I'm connected to
  • [Network level] My dig request packet goes from my wifi network to the DNS servers (?)
  • [DNS level] Once the DNS servers receieve my dig request packet, it is interpreted and my request for a DNS query to google.com. is understood
  • [DNS level] A DNS query for google.com. begins, getting info on which IP address / server the domain name is directed to
  • [DNS level] This info is then compiled into a response packet, including its destination ip address (my computer where I originally made the dig request)
  • [DNS level] The dns servers send the response packet to me
  • [OS level] My computer receives the dig response packet, opens it and displays the results of my original dig command to my terminal.

Is my above understanding correct? When I run a dig command am i making a request to "the DNS servers" as like a single entity / organization? Or is it all computed locally? Thanks

Martin
  • 1,336
  • 4
  • 32
  • 69
  • your question is offtopic here as not related to programming. But your second point is wrong. Dig just creates the DNS packet with the name you give it to it and pass it to the locally configured recursive nameserver (if you do not use the `@` option). All the job is then done by this recursive nameserver and whatever it replies back will be output on the screen by dig. If you use `+trace` instead then dig will do multiple queries in a row, starting with the root. – Patrick Mevzek Jan 17 '20 at 21:10
  • I suggest you have a deeper look first on how the DNS works and specifically the critical understanding of the differences between authoritative and recursive nameservers. This can probably help as a start: https://en.wikipedia.org/wiki/Domain_Name_System#Operation – Patrick Mevzek Jan 17 '20 at 21:12
  • thanks, ive been doing some research on DNS, is ```dig google.com``` baisically the same as typing google.com in my browser? The same dns lookup process? – Martin Jan 17 '20 at 21:22
  • dig sends DNS packets, it is a DNS client. Your browser can be a DNS client itself also (which comes more and more true, with things like DNS over HTTPS or DNS over TLS), or just let the OS do the name resolution on its behalf (the expected standard behavior specifically before DOH/DOT but Chrome for example was doing DNS itself far before). So the methods and actors can be different but at some point the DNS part of the resolution will indeed be the same, no matter who/what asks for a given name. – Patrick Mevzek Jan 17 '20 at 21:42

0 Answers0