Dns response and connection

Seregwethrin · 06-12-2010, 01:50 PM

Hi,

I've a simple question, and please let me ask it with an example.

I get dns response for youtube.com
Name: youtube.com
Addresses:
74.125.95.93
74.125.127.93
74.125.47.93

But I make a connection with IP 74.125.65.190.

How is this done? I'm really curious about this. Where the 74.125.65.190 is coming from?

salasi · 06-12-2010, 05:07 PM

When you say:

Quote:

Originally Posted by Seregwethrin

I get dns response for youtube.com

this is not the output that dig would you, how did you get it and what does dig give you?

Quote:

But I make a connection with IP 74.125.65.190.

And what gave you this?

Seregwethrin · 06-13-2010, 02:24 AM

Dig outputs

Code:

;; ANSWER SECTION:
youtube.com.            41      IN      A       74.125.95.93
youtube.com.            41      IN      A       74.125.47.93
youtube.com.            41      IN      A       74.125.127.93

And I get second ip which I make connection from this:
https://chrome.google.com/extensions...ckbhdgcdpflmdo

An extension which shows you some information of the website you surf for Google Chrome.

salasi · 06-13-2010, 03:59 AM

Quote:

Originally Posted by Seregwethrin

And I get second ip which I make connection from this:
https://chrome.google.com/extensions...ckbhdgcdpflmdo

Ah, Chrome: under KDE, Chrome seems to get its DNS settings from the from the KDE system (under Gnome, XFCE, Enlightenment something else probably happens) - at least, if you try to change settings, it opens up a KDE dialogue box.

This will probably be similar under other GUIs, but I don't know for sure.

Other browsers do this differently and either maintain their own list of DNS servers, or use the system settings

Your system settings in resolv.conf could be quite unrelated to the GUI settings, so this situation has the potential for causing confusion.

Seregwethrin · 06-13-2010, 04:10 AM

So do we surf the web with ips from the response of dns server always?

The case here is it just uses another dns servers, right?

salasi · 06-14-2010, 04:36 AM

Quote:

Originally Posted by Seregwethrin

So do we surf the web with ips from the response of dns server always?

Not quite: you could also specify the website by its IP. So you could browse to a site by its IP address if you wanted to. But you probably don't want to do this, except if DNS is, in some way, broken. And you have to bear in mind that there is an expiry time set on DNS lookups deliberately; after the expiry time, the number you have is just a guess that might work or it might not.

Quote:

The case here is it just uses another dns servers, right?

Err, yes...what else could it use?...I would say, by definition, anything that converts a human-readable, www-type, address to an IP using the domain name system is a DNS server of some kind.

TimothyEBaldwin · 06-16-2010, 12:42 PM

There is more than one domain name involved in loading Youtube.

LVsFINEST · 06-16-2010, 08:10 PM

I get the same output as you when I manually query my DNS server using nslookup. So I then ran a packet capture with filter 'net 74.125.0.0/16 or port 53' while loading www.youtube.com in a browser. What I seen was that my machine queried my primary DNS server (same one as nslookup) but the response was different:

youtube-ui.l.google.com: type A, class IN, addr 74.125.115.190
youtube-ui.l.google.com: type A, class IN, addr 74.125.115.91
youtube-ui.l.google.com: type A, class IN, addr 74.125.115.93
youtube-ui.l.google.com: type A, class IN, addr 74.125.115.136

So to answer your question, you're connecting to 74.125.115.190 because that is in fact a valid IP for www.youtube.com per DNS. Now the question is why is there a difference between using nslookup (or dig, or host) opposed to normal browser traffic...

LVsFINEST · 06-16-2010, 08:11 PM

Quote:

Originally Posted by TimothyEBaldwin

There is more than one domain name involved in loading Youtube.

What are other the ones?

Plaethos · 06-17-2010, 09:41 AM

http://centralops.net/co/

When you do a "Domain Dossier, it gives the following output:

Address lookup
canonical name youtube.com.
aliases
addresses 74.125.95.93
74.125.127.93
74.125.47.93

Domain Whois record
Queried whois.internic.net with "dom youtube.com"...

Domain Name: YOUTUBE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 16-feb-2010
Creation Date: 15-feb-2005
Expiration Date: 15-feb-2011

>>> Last update of whois database: Thu, 17 Jun 2010 07:41:55 UTC <<<

Queried whois.markmonitor.com with "youtube.com"...

Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Domain Name: youtube.com

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571
Technical Contact, Zone Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Created on..............: 2005-02-14.
Expires on..............: 2011-02-14.
Record last updated on..: 2010-03-21.

Domain servers in listed order:

ns2.google.com
ns3.google.com
ns1.google.com
ns4.google.com

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protection™
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300
--

Network Whois record
Queried whois.arin.net with "74.125.95.93"...

OrgName: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

NetRange: 74.125.0.0 - 74.125.255.255
CIDR: 74.125.0.0/16
NetName: GOOGLE
NetHandle: NET-74-125-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:
RegDate: 2007-03-13
Updated: 2007-05-22

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com

# ARIN WHOIS database, last updated 2010-06-16 20:00

DNS records
name class type data time to live
youtube.com IN TXT v=spf1 ip4:208.117.224.0/19 ip4:208.65.152.0/22 ip4:64.15.112.0/20 include:google.com mx -all 3600s (01:00:00)
youtube.com IN NS ns2.google.com 86400s (1.00:00:00)
youtube.com IN A 74.125.47.93 300s (00:05:00)
youtube.com IN MX preference: 10
exchange: sjl-mbox1.sjl.youtube.com
3600s (01:00:00)
youtube.com IN NS ns3.google.com 86400s (1.00:00:00)
youtube.com IN A 74.125.95.93 300s (00:05:00)
youtube.com IN NS ns1.google.com 86400s (1.00:00:00)
youtube.com IN NS ns4.google.com 86400s (1.00:00:00)
youtube.com IN SOA server: sjl-ins1.sjl.youtube.com
email: dns-admin.youtube.com
serial: 1418650
refresh: 10800
retry: 3600
expire: 604800
minimum ttl: 600
3600s (01:00:00)
youtube.com IN A 74.125.127.93 300s (00:05:00)
93.95.125.74.in-addr.arpa IN PTR iw-in-f93.1e100.net 86305s (23:58:25)

-- end --