TryHackMe – DNS in Detail – Complete Walkthrough
This room covers essential topics about the Domain Name System. It includes an introduction to what DNS does, how it works, and types of DNS records. The final task includes an interactive simulation that uses the nslookup command to find a variety of DNS records.
This room can be found at: https://tryhackme.com/room
Walkthrough
Task 1 – What is DNS?
Domain Name System (DNS) converts IP addresses into names.
Imagine if we had to remember IP addresses for our favorite websites? DNS is what allows us to use names instead of IP addresses.
For example, when we want to use Google, we just type google.com into our browser. But ‘google.com’ is not a location that can be referenced using Internet Protocol (IP); for that, we need an IP address.
DNS is a system for allowing our computer to determine Google’s IP address when we tell our browser to access Google.com.
Question 1
What does DNS stand for?
Walkthrough:
The answer is given in the Task description above.
Answer:
(Highlight below to find the answer):
Domain Name System
Task 2 – Domain Hierarchy
Not only does DNS help us translate domain names into IP addresses, it also establishes a hierarchy for domain names.
Let’s take our website electronicsreference.com. There are two levels of domain separated by a period “.” indicating the separation.
TLD – Top Level Domain
For this website, the top level domain, or TLD, is .com. Other TLDs include .edu, .gov, and .eu. The two categories of TLD are generic (gTLD) and country code (ccTLD). Chance are you’ve seen both of these in action.
Second Level Domain
The other domain level, electronicsreference, is the second level domain (SLD or 2LD). This is the part of the domain name that we are most familiar with. It’s the ‘google’ in google.com.
There are rules for SLDs; they can’t be longer than 63 characters and can only use letters, numbers, and hyphens.
Importantly, SLDs are the part of the domain name that is registered with DNS. Once you own a registered domain, you are free to add subdomains as well.
Subdomains
Anything before the SLD is a subdomain. For example, if we had a store here at electronicsreference.com, we might add a subdomain at store.electronicsreference.com.
Like SLDs, subdomains have rules. In addition to being limited to 63 characters and only using letters, numbers, and hyphens, the total length of the domain name must be 253 characters or less.
Question 1
What is the maximum length of a subdomain?
Walkthrough:
Remember that there are restrictions on subdomains including length (in characters) and naming (can’t use special characters other than hyphens).
Answer:
(Highlight below to find the answer):
63
Question 2
Which of the following characters cannot be used in a subdomain ( 3 b _ – )?
Walkthrough:
Subdomains can use only letters, numbers, and hyphens.
Answer:
(Highlight below to find the answer):
_
Question 3
What is the maximum length of a domain name?
Walkthrough:
In addition to the restrictions on naming the second level and subdomains, the total domain name has a maximum length, in characters.
Answer:
(Highlight below to find the answer):
252
Question 4
What type of TLD is .co.uk?
Walkthrough:
Top level domains (TLDs) can be either generic or country code. What’s the acronym for a country code top level domain?
Answer:
(Highlight below to find the answer):
ccTLD
Task 3 – Record Types
DNS records are instructions that provide information about a domain. This information can include the IP address as well as how to handle requests for the domain. DNS records are files that live on DNS servers.
There are different types of DNS records.
A Records – Resolve to IPv4 addresses.
AAAA Records – Resolve to IPv6 addresses.
CNAME Records – Resolve to another domain name.
MX Records – These are used for email servers.
TXT Records – Store text based data. These are commonly used to verify ownership of a domain.
Question 1
What type of record would be used to advise where to send email?
Walkthrough:
Which of the DNS records are used for email servers?
Answer:
(Highlight below to find the answer):
MX
Question 2
What type of record handles IPv6 addresses?
Walkthrough:
There are two types of records that resolve to IP addresses; one to IPv4 and the other to IPv6.
Answer:
(Highlight below to find the answer):
AAAA
Task 4 – Making a Request
A DNS request occurs anytime you want to access a website using a domain name rather than an IP address.
There are five steps that occur when you make a DNS request:
1) Your computer check’s its’ own DNS cache for an IP address corresponding to the domain you are trying to access. If you’ve visited the website recently, your computer may find an entry in its’ DNS table. If it doesn’t find what its looking for, the next step is to query your local recursive DNS server.
2) The recursive DNS server checks its cache containing the DNS table. If it doesn’t find an entry, it will forward the query to a root DNS server.
3) Root servers are the ‘backbone of the internet’, and will refer your request to the appropriate top level domain (TLD).
4) The top level domain (TLD) will know where to find the authoritative DNS server with the information we need. It will forward your query along.
5) The authoritative DNS server keeps records of all domains under its’ purview.
Question 1
What field specifies how long a DNS record should be cached for?
Walkthrough:
DNS records have a Time To Live field that tells recursive DNS servers how long they should cache the record. What’s the acronym for a Time To Live field?
Answer:
(Highlight below to find the answer):
TTL
Question 2
What type of DNS Server is usually provided by your ISP?
Walkthrough:
This is the type of DNS server that your computer looks to first to see if has the IP address cached. Check step # 2.
Answer:
(Highlight below to find the answer):
Recursive
Question 3
What type of server holds all the records for a domain?
Walkthrough:
This server is the (semi-) permanent keeper of the DNS records for a domain.
Answer:
(Highlight below to find the answer):
Authoritative
Task 5 – Practical
This Task contains a command line simulation to help us get familiar with DNS.
When the simulator opens, you’ll see the command line interface (CLI) as well as some fields above it that we use to interact with it.
Note the command that appears by default: nslookup website.thm
nslookup is a command line tool for accessing DNS records including finding an IP address / domain name mapping.
In ‘website.thm’, note that ‘.thm’ is the top level domain (TLD) and ‘website’ is the second level domain (SLD).
Question 1
What is the CNAME of shop.website.thm?
Walkthrough:
You’ll need to enter the ‘shop’ subdomain into the text field at the top of the page. This will automatically add the shop subdomain to the command.
Next, specify a CNAME record type in the drop down box on the left of the subdomain text field.
Note that this changes the command to:
nslookup –type=CNAME shop.website.thm
We are using the option ‘type=CNAME’ in order to specify the CNAME record type.
Click the blue “Send DNS Request” button.
You will see a response with the web address you entered (shop.website.thm) as well as a canonical name.
Which of these is the answer?
Recall that CNAME is used to redirect a user from one domain to another. The two addresses that were returned correspond to this redirection. We’ll need the canonical name to answer this question.
Answer:
(Highlight below to find the answer):
shops.myshopify.com
Question 2
What is the value of the TXT record of website.thm?
Walkthrough:
Make sure that the ‘shop’ subdomain entry from the last question is now gone, and select a TXT record type.
Looking at the command line, we can see that we are again using the ‘type’ option, this time to specify a TXT record type:
nslookup –type=TXT website.thm
Click the blue “Send DNS Request” button to execute the command.
The flag that we need for this question is at the end of the response.
Answer:
(Highlight below to find the answer):
THM{7012BBA60997F35A9516C2E16D2944FF}
Question 3
What is the numerical priority value for the MX record?
Walkthrough:
Recall that MX records have to do with email servers. They come with a priority flag that tells the client what order to try the servers in if the main server goes down and email must be sent to a backup server.
Change the DNS record type to MX and execute the command using the blue button.
The response given is:
Non-authoritative answer:
website.thm mail exchanger = 30 alt4.aspmx.l.google.com
Although we haven’t seen this before, we can recognize that there is only one numerical entry in this record. Since we’re looking for a number, this should be the answer.
Answer:
(Highlight below to find the answer):
30
Question 4
What is the IP address for the A record of www.website.thm?
Walkthrough:
An A record is used to lookup an IPv4 address.
Change the record type to A and run the command.
You should receive a response with an IP address.
Answer:
(Highlight below to find the answer):
10.10.10.10
Conclusion
This room does a great job of introducing topics related to DNS as well as providing practice. As with other rooms, my favorite part is the hands-on exercise using nslookup.
I think a bit of an introduction to the topic of DNS records would have been useful, because the topic is introduced and we are shown multiple types of DNS records without first being given an explanation of what DNS records actually are.
Overall, I learned a lot from this room. A huge thanks to tryhackme, and adamtlangley for putting this room together!
