February 20th, 2002, 05:59 AM
um. first post here. hope my question is not too lame. can anyone tell me if a dns address is stuffed into a packet put on the wire? if it is, can it still be in the packet when it goes from ip1 to gateway at ip2 and released into the void? i have lan book by goldman and reviewd 802.3 frame layout but not sure if/where dns address would be included.
my questions stems from this: bigisp.com assigns static ip1, gateway ip2 and dns ip 3,4,5. to littleguy dsl user. are littleguy packets sent to bigisp.com network (ala gateway), access their dns ip 3,4,5 internally, then sent out into the void? does this pose a risk if badman.com has dns ip 3,4,5 registered to badman.com?
links and reading material welcome. any and all help appreciated.
February 20th, 2002, 06:45 AM
hmm... lots of stuff to cover in order to answer this question...
let me first say that you can find an index of tutorials that people have submitted here...
If I am remembering this correctly... 802.3 frame Ethernet is a Datalink layer protocol, meaning, it doesnt leave your local area network. When traffic is sent to a site which is not on your local arenetwork, your router will recieve the 802.3 frames, and send out on the other side, whatever the otherside happens to require. You probably want to start looking at the TCP/IP protocol suite in order to get a handle on how the internet works. Having said that, I will try to answer what I think you are asking....
bottom line is, any traffic travelling on a network from anywhere to anywhere is to use your words "stuffed inside a packet" of some type or other.
hosts(a website, mail server, etc.., etc..) are identified on the internet by an IP(internet protocol) Address which looks something like this... 18.104.22.168
All internet traffic is routed by IP addresses. the clever names that people give their websites(domain names), www.antionline.com for example, are merely easy ways for humans to remember where they want to go.
DNS(Domain Name System) is a system by which a computer can look up the numerical address which corresponds to the name you typed in. for example...
www.antionline.com resolves to 22.214.171.124
So, your computer figures out by asking a DNS server(which in turn asks other DNS servers, but that can take way to long to explain here) what the numerical address is supposed to be to correspond with the human friendly name you enter into your browser.
All of that communication is done via TCP/IP over a network, and all of that data is sent in packets.
Now, if someone somehow were able to modify the DNS information for a specific site,(cause people trying to go to www.antionline.com to be directed to a different IP address for some nefarious reason)that can be a very big problem.
February 21st, 2002, 02:29 AM
Thanks for the reply San. I read up on the tcp/ip protocol suite this morning. Determined of the four layers: Application, Transport, Internet and Network, that DNS runs in the application layer utilizing sockets (or netbios). I am currently reading the newbie link you included on the DNS section and see if i can glean further info on what actually happens within the packets on the application layer between networks. I wonder if internal networks somehow disassemble and reassemble packets before sending to gateway, thus stripping any dns ip info within application layer of original packet. Thanks for the info!
February 21st, 2002, 04:18 AM
Well San, now you've got me reading. I found RFC 1122 & 1123. Thanks for the pointer in the right direction!