DNS is beautiful
Рет қаралды 46,502
DNS or Domain Name System, despite its drawbacks, is brilliantly designed for scale. We can learn few lessons from this protocol especially when designing our own apps. This episode of the backend engineering show I go through how DNS works, the pros and the cons and attacks that happened on this system.
0:00 Intro
2:00 Overview DNS
7:40 How DNS works (Details)
15:44 DNS uses UDP
19:30 DNS Poisoning
24:10 is DNS really distributed?
26:30 How Attackers Abuse DNS
30:30 How Chrome overloaded the ROOT servers for 12 years
Resources
blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
www.cloudflare.com/learning/dns/what-is-dns/
www.cloudflare.com/learning/dns/dns-cache-poisoning/
blog.cloudflare.com/sad-dns-explained/
medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
network.husseinnasser.com
Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)
database.husseinnasser.com
Introduction to NGINX (link redirects to udemy with coupon)
nginx.husseinnasser.com
Python on the Backend (link redirects to udemy with coupon)
python.husseinnasser.com
Become a Member on KZfaq
kzfaq.info/love/_ML5xP23TOWKUcc-oAE_Egjoin
Arabic Software Engineering Channel
kzfaq.info/love/hWZsjdoRvZ0T9QWZOD6UpA
🔥 Members Only Content
kzfaq.info/sun/UUMO_ML5xP23TOWKUcc-oAE_Eg
🏭 Backend Engineering Videos in Order
backend.husseinnasser.com
💾 Database Engineering Videos
kzfaq.info/sun/PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🎙️Listen to the Backend Engineering Podcast
husseinnasser.com/podcast
Gears and tools used on the Channel (affiliates)
🖼️ Slides and Thumbnail Design
Canva
partner.canva.com/c/2766475/647168/10068
Stay Awesome,
Hussein
@hnasr 2 жыл бұрын
Get my Fundamentals of Networking for Effective Backends udemy course Head to network.husseinnasser.com (link redirects to udemy with coupon)
@briandsouza1550 2 жыл бұрын
Your content is so worth the time! Thank you for making it captivating in your own unique way. I'm a network engineer and I can't tell you how much what you say helps me expand my horizons!
@rohrvy1989 2 жыл бұрын
First I thought ok it was just DNS basics..but as you progressed through and explain DNS cache poisoning and Chrome bug.. it became a worth to watch video
@WiktorJurek 2 жыл бұрын
Love it! You always get taught about DNS, but you never get taught about the sheer brilliance to be able to deliver such a service *at scale*. Thanks, Hussein.
@faizalimuhammadzoda4731 2 жыл бұрын
Love it. Thanks for taking time to make this precious tutorial. BTW, you seem to feel so relaxed when you talk.
@derickasamani5730 2 жыл бұрын
As a network engineer I just love hearing Hussein take on DNS, it makes me appreciate some of the decisions developers have to make.
@abhi9811206369 2 жыл бұрын
What an amazing and insightful video!
@randompandit3208 2 жыл бұрын
your channel is a gold mine
@Crupanshu 2 жыл бұрын
Really nice insights... FYI I'm definitely going to look up for "Grandma for Hire" at least on surface web.
@eyondev 2 жыл бұрын
I was just having DNS problems the other day. I hope this will be useful.
@kalpakHere 2 жыл бұрын
There's nothing without problems, at the end of the day. Nice way to wrap it all up :)
@huh_wtf 2 жыл бұрын
real nice!
@tamatawanavu 5 ай бұрын
There might be more.....not sure! LOL love it.
@Mikhai_nik 2 жыл бұрын
I use G-core's DNS hosting. 10-15 ms. Unlike Cloudflare, u can configurable DNS balancing by coordinates. Balancing by IP, ASN, countries, or continents with GeoDNS. DNS still coolest thing
@g3n3ricnam35 2 жыл бұрын
My only question is, how does the tld server know the authoritative server is the right one for the domain?
@emtee5994 2 жыл бұрын
ODBC inclination of thoughts. Nice.
@hnasr 2 жыл бұрын
You noticed!
@emtee5994 2 жыл бұрын
I did!
@emtee5994 2 жыл бұрын
I'm looking for things to do to grow and going through your content is enlightening. Thank you.
@kornelijussliubauskas8299 2 жыл бұрын
I might think this would sound deadly simple to understand for some, but as through my self taught programming journey I still have no colorful view of base64 encoding. Peeked at your channel ad didn't found nothing about it. So asking you a favor for creating video about base64 encoding, what problems it "was" solving and current benefits of it. Thank you.
@hnasr 2 жыл бұрын
Sure! It is basically taking any binary blob and make it into string of subset characters (a-z 0-9) . Main use cases is getting rid special characters such as % and spaces and make it into a simple string that everyone understands. In the example I mentioned, environment vars will have special chars, spaces, etc so hackers in this case took all that and base64 Eg This is a base 64 string RW5jb2RlIHRoaXMgIiRwZWNpYWwgc3RyaW5nIg== Which is converted from this text Encode this "$pecial string" Play with it here amp.base64encode.org Hope that helps
@almostcertainlynotapotato6528 2 жыл бұрын
@@hnasr So base64 is like sha256 but reversible?
@kornelijussliubauskas8299 2 жыл бұрын
@@hnasr So if binary blob is being transported no matter what layer 4, layer 7 is in count, it always has to be encoded in base64 for the convenience of parsing it at one end so it's platform agnostic? Its funny to say because so far everything seems to make sense for me talking about networking, but this base64 is just... :DD
@SlackerVez 2 жыл бұрын
@@kornelijussliubauskas8299 It's not so much about ease of parsing or being platform agnostic, as it is about getting the blob through intact. Many communication channels are not binary safe (i.e. control characters in terminals, CRLF conversion on windows), so base64 trims down the character set in a way that any any two bytes can be represented using three "plain text" characters, minimising the chances the data gets mangled in transit. It's a more efficient version of turning the bytes into a string of hexadecimal values, as base64 has a size overhead of 50% whereas hexadecimal notation has an overhead of 100% (doubling the size). Either way, once decoded, you now have your binary blob elsewhere, but unless you're just piping it out to disk / network, you still need to process it in whatever potentially platform specific way it may require. All the lower layer networking is binary-safe, base64 mostly helps overcoming application protocols that look for control characters in the byte stream and modify it in transit.
@gugocharade 2 жыл бұрын
Let's say i have a company which has a private network and i want a DNS server, how can i do that ?
@poiiihy 2 жыл бұрын
Instead of partitioning with TLDs, couldnt they have partitioned by letters of the domain? Like as if the first or last letter was a tld without the dot.
@hnasr 2 жыл бұрын
I see, your idea is to replace TLD with the first character of the domain, so there will be a fixed number of 26 partitions only. The root servers will return IP address of a partition server. And the partition sever will return the authoritative name server IP. example, resolving hussein will ask the root server for an “h” server which there will be many, the client connect to the h server, and ask for hussein, get back the authoritative name server which will have the ip address of hussein. Sub domains will be asked from the authoritative name server. We can even add an additional layer of partitioning in case one letter gets too large. I love the idea. Might work! (Btw I love comments like this which challenges what we have today)
@vikingthedude 2 жыл бұрын
Interesting idea. This would also mean we're coupling the name we want with the DNS nameservers. If there was ever a reason we'd want to avoid a certain nameserver, we'd have to mostly change our site's name. This is opposed to the current situation where we'd just have to change the tld part of our site's name.
@gamer-gw9iy 2 жыл бұрын
This would centralize DNS unless the tld was also partitioned or the full domain list was made public somewhere, eg each domain registrar posted a list of all their domains and IP addresses so that anyone could run their own 'h' master server 🤔
@KangJangkrik 2 жыл бұрын
Professor, when is the deadline?
@BennyKleykens 2 жыл бұрын
DNS never goes down. That's the beauty of it. Just like the Internet never goes down.
@peterszarvas94 2 жыл бұрын
So Google was DDoS-ing the DNS root servers for 10 years, haha
@bubulray1106 2 жыл бұрын
Damn... Those attackers who hacked apple really got big brains. 😂
@dragon_warrior_ 2 жыл бұрын
😂😂
@zainabalhaidary 2 жыл бұрын
Who here made it to the grandmas for hire part? 😅
@sidheshwartiwari9834 Жыл бұрын
Lmao
@maximus6884 2 жыл бұрын
Btw, how could DNS spoof work in modern internet as browsers check for certificates?
@mateuscanelhas5662 2 жыл бұрын
By default, browsers used to try and initiate a plain http connection. Only when the origin responded with the availability of https would it try and upgrade the connection. This has been very recently changed - Not sure how this work with these in place.
@maximus6884 2 жыл бұрын
@@mateuscanelhas5662 I see. Is it still the case may I ask?
@mateuscanelhas5662 2 жыл бұрын
@@maximus6884 It is not. kzfaq.info/get/bejne/jticmbthyduwe4U.html
@poiiihy 2 жыл бұрын
Wtf where'd my comment go
@maximus6884 2 жыл бұрын
@@poiiihy youtube deletes.
@FilthySnob 2 жыл бұрын
'DNS is beautiful' no you're beautiful
@MukeshKumar-vv3wd Жыл бұрын
I really like your videos, but it would be better if you show some tools / code and demonstrate whatever you're saying.
@WhyAreThereHandlesNow87 2 жыл бұрын
For Grandma
@noirmax1083 2 жыл бұрын
😋😋😋
@__nitinkumar__ 2 жыл бұрын
First, non emoji comment.
@almostcertainlynotapotato6528 2 жыл бұрын
first reply to first non emoji comment
@__nitinkumar__ 2 жыл бұрын
@@almostcertainlynotapotato6528 😂
@phill13able 2 жыл бұрын
Bro started the video as though his wife died or something. lol
@sidheshwartiwari9834 Жыл бұрын
🤣
@sidheshwartiwari9834 Жыл бұрын
I laughed so hard man... 🤣🤣
@_just_for_fun_4472 2 жыл бұрын
Can you please shorten the length of videos
@shantanu9412015407 2 жыл бұрын
This takes out the major fun in this way, Its just asking someone to change the style of their teaching which made them popular. What makes him standout is this way of him .
@iulians1993 2 жыл бұрын
I skipped a lot of videos of this man because of their length. I see so many good feedbacks in the comments, but I don't really feel like I get that precious information from here.
@dragon_warrior_ 2 жыл бұрын
@@iulians1993 for me it was totally opposite of what you said. Depends on person to person and their domain knowledge...
@zainabalhaidary 2 жыл бұрын
I think the length of the video is perfect to go into enough details
@harsiddhdave44 4 ай бұрын
Lengthy videos ensure enough details in it. This is much needed!
@maximus6884 2 жыл бұрын
I love your explanation on DNS - but I do not agree that DNS is beautiful. Its design is beautiful however DNS itself is evil. WEB2 is broken and WEB3 is invented strogly because of DNS problems. Big goverments own the entire internet and the entire internet is broken because of DNS. Why? Because DNS is controlled by a single entity. And that entity loves to keep all power to itself. For this reason, the WEB2 cannot be decentralized, can be easily blocked and it can NEVER be secure. Comes IPFS addressing all of these issues in WEB3.
@andriangameplays 2 жыл бұрын
really? web3 is live?
@andriangameplays 2 жыл бұрын
web3 should replace web2 right now then
@gyroninjamodder 2 жыл бұрын
DNS is not controlled by a single entity. It is controlled by all of the name servers your query hits. Nothing prevents you from setting up your own root name servers. Even though the main root nameservers are run my ICANN there early hasn't been an issue even though it's centralized. IPFS uses content based addressing which is separate from just using a simple name.
@big-t2060 2 жыл бұрын
@@gyroninjamodder DNS is centrally controlled ; Just try to reach say RT or Sputnik using a DNS server located in the European Union...
@gyroninjamodder 2 жыл бұрын
@@big-t2060 Are you saying that Is European ISP's nameservers sensor it? I recommend using 8.8.8.8 or 1.1.1.1 instead in that case. It's even better to use DoH if you are worried about that.
@yesyas5972 Жыл бұрын
I really enjoy this video, thk for the video
FISPECKT
Рет қаралды 229 М.