willem.com

Dig for dummies

Explaining an highly useful network tool

May 24, 2019 -

When you're building websites, apps or email services you may run into domain names and their configurations. When everything is working as it should, most of this is invisible. But when troubleshooting a domain name configuration, it may be necessary to dig a little deeper... read along to learn how!

Domain Name System (DNS)

The internet works using numerical internet protocol (IP) addresses as means to locate and to identify online computers, (cloud)services and devices. Instead of memorising all these IP-addresses, the domain name system has become the essential world wide directory service, linking names to numbers.

You're reading this on willem.com, but in reality this domain name is simply a pointer for a physical machine, connected to the internet (with wires, really!). One of those wires is linked to IP-address 87.253.135.162. It's the responsibility of the DNS server to keep the correct (IP-address) numbers matching to the (domain) names.

The Domain Name System (DNS) links domain names to IP-addresses, which in turn are routed through cables. You're reading this - seriously! - through the cable connected to the server shown on this photo!
The Domain Name System (DNS) links domain names to IP-addresses, which in turn are routed through cables. You're reading this - seriously! - through the cable connected to the server shown on this photo!

Distributed and decentralised

When the Americans designed their ARPANET in the early seventies, one of their military design requirements was that the network would survive attacks (by enemies). They accomplished this by implementing packet switching, a way to share and reuse network cables by multiple people in multiple ways. If one part of the network gets damaged, packets of information are rerouted over other parts of the network.

A map of the ARPANET in 1973... imaging mapping the internet today!  (Public domain)
A map of the ARPANET in 1973... imaging mapping the internet today! (Public domain)

To achieve maximum survivability, there is no single root DNS server. Instead, the domain name system delegates responsibility of assigning domain names and mappings to those names by designating an authoritative name server for each domain name.

This is why there are many different DNS-servers and configurations. With so many ways and places that things can go wrong, you need a tool to dig around.

dig (domain information groper)

The 'dig'-command is a tool for questioning DNS nameservers for information about IP-addresses, hostnames, mail servers and other kinds of network settings. The dig-command is available on Unix, macOS, GNU/Linux and Windows.

Using dig to query domain name servers

You can use dig to get information about a given domain name by simply typing: 'dig willem.com'. See the following screenshot with explanation:

Using dig to get information about a domain name, willem.com
Using dig to get information about a domain name, willem.com

Sender Policy Framework (SPF)

To detected forged sender addresses in emails (so called email spoofing), the SPF standard was defined in 2004. Originally called "Sender Permitted From", SPF is a way to check if somebody is allowed to send email on behalf of a given domain name. SPF allows the owner of a domain name to specify which computers are authorised to send email with FROM addresses of that domain.

If a domain name owner publishes a SPF-record, spammers and phishers are less likely to (ab)use the domain name to send forged emails, pretending to be from that domain. An SPF-protected domain is therefore less likely to be blacklisted by spam filters, making it more likely to allow legitimate email from the domain to get through. A misconfigured SPF-record can however disrupt email delivery.

Using dig to query SPF-records

Using the dig-command you can query a SPF-record and see what the exact sender policy is. See the following screenshot with explanation:

Using dig to get information about the SPF-records for a domain name, google.com
Using dig to get information about the SPF-records for a domain name, google.com

IP blocks explained

The easiest way to understand IP-address block notation is by the following examples:

Where you'll see '0' in the addresses above, other values are included. So, for instance, the 173.194.0.0/16 actually means "all the addresses starting with '173.194' ". Given 255 possible positions on each octet, that is 255x255=65025 different addresses!

Conclusion

To solve problems you need to know where the problem is. Using the dig-command you can learn about a given network and domain configuration.

Answers from one command to another, enable you to dig deep into the innards of the amazing interwebs. Good luck!

Did you enjoy this post?

If you found this content useful,
consider showing your appreciation
by buying me a coffee ❤️😋:

Reach out to me on :

@wlmiddelkoop

Latest Stories

all CloudCyber SecurityDataFree SoftwareNetworkingProgrammingServerWork

Articles (147)