DNS (Domain Name System) uses UDP to send messages. UDP has the following benefits:
- No need to create a session before data is transferred (increased speed)
- The UDP packet is smaller (reduced traffic)
- A race condition can be created if multiple DNS servers are configured with the first response being used subsequent being discarded
- Any packet loss can be rectified by retrying the DNS request
Here is an example DNS request:
And here is the response packet:
Notice how the total size for the request frame is 81 bytes and the response is 97 bytes. The amount of data needed to setup a TCP connection would be much larger. The time to transact would also be much larger.
In Linux/Unix the “drill” command can be used to test the DNS system:
$ drill opens3.net ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61124 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; opens3.net. IN A ;; ANSWER SECTION: opens3.net. 300 IN A 220.127.116.11 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 393 msec ;; SERVER: 127.0.0.53 ;; WHEN: Thu Nov 22 13:41:25 2018 ;; MSG SIZE rcvd: 44
DNS can be used to “black hole” addresses. For example my ad block software (see apps section) uses a specially configured server to block tracking and ad domains:
$ drill graph.facebook.com @18.104.22.168 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 18996 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; graph.facebook.com. IN A ;; ANSWER SECTION: graph.facebook.com. 2 IN A 0.0.0.0 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 327 msec ;; SERVER: 22.214.171.124 ;; WHEN: Thu Nov 22 13:43:35 2018 ;; MSG SIZE rcvd: 52
Querying for graph.facebook.com on my DNS server returns 0.0.0.0 address which is not reachable. This means webpages, scripts and other traffic to this domain will be blocked by being sent to a “black hole”.
The 327ms response time is due to me living in Australia and the server residing in America.