Using HOST command to find root servers

Making Your Internet Connection More Secure and Faster With DNS Server and BIND

In my last post, I mentioned that in this post I would explain how to speed up your internet or LAN network with a DNS server running BIND. And that is what I am going to do in this blog post. I am still in a group home and do not have full access to all the computer features I need to take screen shots to show actual examples of these actions in use. For that I apologize. But, I am going to tell you which books I am getting the information from. That way you can get a better idea.

I don’t really talk about it much, but I read a lot. I buy books and I have a Kindle eReader. In the last five years I have spent $2000-$3000 on books and eBooks. When picking my reading material, I have noticed that some subjects are not updated as often as new methods and software comes out. Also, I am cheap! I go with more books and less cost sometimes, even though I get burnt at times. I will also admit that I like “For Dummies” books too. That is because even after three and a half years of online college and all the reading, I still don’t get it all and need a cliff note step by step explanation.

With all that said, let’s take a look at the first reference book I am using. “DNS for Dummies” by Blair Rampling and David Dalan; copyright 2003. There is a great reason to read this old book! I promise. “DNS for Dummies,” a step by step instructions for Windows and Unix/Linux, sadly has command prompt commands that have been deprecated but the techniques are what we need. I will not get into installing a DNS server or BIND because that would be a blog post in itself. You can refer to books that cover your operating system of choice.

If you are just planning to set up a DNS server and have not chosen an operating system yet, I suggest you go with Ubuntu Server. It has good reliability and scalability along with being very secure. Take note though, you will be mostly working with the command prompt because they started leaving out the GUI (Graphical User Interface) for security purposes.

Here is where my book of choice for reference, “DNS for Dummies”, really shines. The first thing that we need to do once you have the DNS server and the BIND package installed and running is plan out the forwarding record table. A forwarding record is used by your DNS server in BIND to ask other DNS servers for the cached location of domains that you find on the internet like www.google.com. Cached means a stored domain name path to the server that hosts the website you are searching for.

There are a number of ‘Top Level Domain’ (TLD) name spaces that are stored on root servers that we will need the IP addresses for. This is so that we can put the IP addresses in the forwarding record in the DNS BIND server. If you are wondering about the TLDs, they are internet namespaces such as .com, .ca, .net, and so on. Now, let me explain how we are going to get the IP addresses for the forwarding record.

As I have said, you will have to use the commands for your Operating System and also use current commands that still work. Since our first reference source book is dated back to 2003, I looked up the up-to-date commands. For Linux versions, the command is “DIG” and for Windows the command has changed to “HOST”. These two commands have replaced “NSLOOKUP.” Keep the new commands in mind, because you will be using the one for your OS a lot to find the DNS server IP addresses for the TLDs to go in your forwarding table in DNS BIND.

If you are using Windows, you will have to read somewhere else how to access and add to the forwarding table. In Ubuntu, after you install the DNS server and the BIND package, you open file /etc/bind/named.conf.options. This brings me to the next reference book I am using, “Mastering Ubuntu Server: Gain Expertise in the Art of Deploying, Configuring, Managing, and Troubleshooting Ubuntu Server.”; Third Edition by Jay LaCroix, copyright 2020.

Within the file you just opened, uncomment the code for the forwarders. You uncomment the code by removing the forward slashes ‘//’ before the code that looks like this:
// forwarders {
// 0.0.0.0;
// };

After you uncomment it, the code should look like this:
Forwarders {
0.0.0.0;
};

In the book, “Mastering Ubuntu Server”, Jay only shows adding Google DNS servers like shown below:
Forwarders {
8.8.8.8;
8.8.4.4;
};

That is fine and all, but is not using the full workload of the DNS BIND server. To speed up your connections to websites, you need to use all those DNS servers or root servers that google has in their forwarding table or code. That is where using the commands “DIG” and “HOST” in your command prompt come in to find the IP addresses of all the TLD root servers. After typing in your command prompt, “HOST” for Windows and “DIG” for the Linux family of operating systems, press the “Enter” key. Then, in the command prompt, type “com” for the TLD (Top Level Domain), ‘.com,’ then press ‘Enter.’ You will get an output that lists all the ‘.com’ DNS servers for your forwarding table. Repeat and do the same for the rest of the TLDs.

Please take note, that on this outdated computer on an Intranet that may be blocking some searches I can’t get the “HOST” command to work.

I had to use “NSLOOKUP” but still couldn’t access all the root servers.

I have not been able to research or test using if-else statements in the forwarding table, but if you can, put each TLD DNS list in it’s own elseif statement. It should speed up your internet connections even more. If it will work, the pseudo code will look something like this:
If TLD = .com;
Forwarders {
8.8.8.8;
8.8.4.4;
…etc;
};
Elseif TLD = .org;
Forwarders {
0.0.0.0;
…etc;
};
Else TLD = .ca
Forwarders {
0.0.0.0;
…etc;
};

That forwarding table (code) will allow your networked computers LAN, MAN, or WAN to have direct access to the recorded TLDs for all websites. Officially you just sped up your internet connections and lowered your use and possibly your bandwidth at your local ISP by not using their DNS servers. Truly, the only reason to list your ISPs DNS servers is to lookup local hosted websites. Even then, it still may not be as fast.

I mentioned that this method will make your connections more secure. As far as a ‘man in the middle’, you are connecting faster leaving less request packets traveling on the internet for people to monitor your activity. Think about connecting to your destination website in less time. Like in 1 msec (one millisecond). That is fast! I couldn’t get all the records like shown in the book “DNS For Dummies,” but I will look into it for a future post. I was only able to get the main root servers. I was able to get that list at https://www.iana.org/domains/root/servers. That may be for security of the servers. Not sure. Everyone have a blessed day and stay in the books! Even if it is an old book, you can learn something.

2 Comments

  1. This technique is called creating a Caching server. I apologize but I haven’t finished reading the book yet. It will also need to create a db.cache root hint file in your DNS bind server!

  2. I have been through these commands and the Windows 10 computer that I am using is still using nslookup for the command. The HOST command isn’t getting me far. I have looked for the list of Top Level Domain name servers on the internet and using the commands in the “DNS for Dummies” book I have and nothing is working to get the hundreds of DNS servers that are out there to create a caching DNS server. If this is something you want to do, I suggest you go to Amazon and get this DNS For Dummies book. Because it lists some of those servers and for the other DNS servers under the root servers. Remember you need the whole list of DNS servers to speed up your connections to websites. I will keep you informed as I learn more!

Leave a Reply

Your email address will not be published. Required fields are marked *