A Domain Name System (DNS) is used to resolve hostnames to IP addresses. A hostname is a human-readable name given to a device connected to a network and the IP address is a string of numbers that identifies this device on the internet.
Whenever you type a web address in your browser your computer asks a DNS server for the IP address to the web address you typed. This action is called a name resolution query and uses UDP port 53.
Let’s see how DNS works below:
In our lab diagram, you will notice an IP address associated to each hostname.
SERVER has an IP address of 192.168.0.1,
CLIENT has an IP address of 192.168.0.2 and
GATEWAY has an IP address of 192.168.0.3.
For us it is easier to associate a device name and the device’s function by reading the hostname than it is by reading it’s IP address.
Let’s run Wireshark on CLIENT (192.168.0.2) and capture traffic to see how DNS is used.
Open wire shark, click on Capture, then Options, select the network card with the IP address you want to use. In this case I want to use IP address 192.168.0.2 for the CLIENT. Clear all entries in the Capture Filter box, Click Start and minimize Wireshark.
So what can we find by running Wireshark to understand how DNS works?