DNS Protocol Explained | TryHackme DNS in Detail

The Domain Name System (DNS) makes it easier for us to connect with devices on the internet without needing to memorize complicated numbers. Just as every house has a unique mailing address, every computer on the internet has a distinct identifier known as an IP address. An IP address consists of four groups of numbers between 0 and 255, separated by periods, like 104.26.10.229. Since remembering these complex numbers isn’t practical, DNS simplifies this process. Instead of recalling an IP like 104.26.10.229, you can simply remember a website name like tryhackme.com.

Domain Hierarchy

Top-Level Domain (TLD)

A Top-Level Domain (TLD) is the last segment of a domain name. For example, in tryhackme.com, the TLD is .com. There are two main types of TLDs:

gTLD (Generic Top-Level Domain): Originally used to indicate the purpose of a website. For instance:

• .com for commercial sites
• .org for organizations
• .edu for educational institutions
• .gov for government entities

ccTLD (Country Code Top-Level Domain): Used to represent specific countries or regions, such as:

• .ca for Canada
• .co.uk for the United Kingdom

Due to growing demand, many new gTLDs have been introduced, including .online, .club, .website, and .biz. Currently, there are over 2,000 TLDs available.

Second-Level Domain (SLD)

In a domain like tryhackme.com, tryhackme is the Second-Level Domain (SLD), while .com is the TLD. When registering a domain, the SLD must:

• Be up to 63 characters long (excluding the TLD)
• Only include lowercase letters (a–z), numbers (0–9), and hyphens
• Not start or end with a hyphen or have consecutive hyphens.

Subdomain

A subdomain appears to the left of the Second-Level Domain, separated by a period. For example, in admin.tryhackme.com, admin is the subdomain. The rules for creating a subdomain are the same as for an SLD:

• Maximum of 63 characters per subdomain
• Only lowercase letters (a–z), numbers (0–9), and hyphens are allowed
• Cannot begin or end with a hyphen or contain consecutive hyphens

Multiple subdomains can be combined, like jupiter.servers.tryhackme.com, but the entire domain name must not exceed 253 characters. There’s no limit to how many subdomains you can create for a domain.

DNS Record Types

DNS isn’t limited to resolving website addresses — it supports various record types for different functions. Here are some of the most common DNS records you might encounter:

A Record (Address Record)

• Maps a domain name to an IPv4 address.
• Example: 104.26.10.229

AAAA Record (IPv6 Address Record)

• Maps a domain name to an IPv6 address.
• Example: 2606:4700:20::681a:be5

CNAME Record (Canonical Name Record)

• Points a domain or subdomain to another domain name.
• Example: store.tryhackme.com could return a CNAME record for shops.shopify.com.
• A DNS query is then made to shops.shopify.com to resolve the actual IP address.

MX Record (Mail Exchange Record)

• Directs email traffic to the mail servers handling emails for a domain.
• Example: An MX record for tryhackme.com might point to alt1.aspmx.l.google.com.
• Includes a priority value to determine the order of servers to contact.
• This ensures emails are routed to backup servers if the main server is unavailable.

TXT Record (Text Record)

• Stores text-based data for various purposes.
• Common uses include:
• Email security: Listing authorized email servers to combat spam and spoofing.
• Domain verification: Proving domain ownership when registering with third-party services.

TXT records are flexible and can store any form of text data for different applications.

How Do DNS Requests Work?

When you enter a domain name, your computer first checks its local cache to see if it recently retrieved the address. If the address isn’t stored locally, your computer sends the request to a Recursive DNS Server.

Recursive DNS Server

• Typically provided by your Internet Service Provider (ISP), though you can configure your own.
• This server also has a cache of recent DNS lookups.
• If the domain is found in its cache, it sends the result back to your computer, completing the request.
• This is common for frequently visited sites like Google, Facebook, or Twitter.
• If the domain isn’t cached, the server begins searching for the correct answer by querying other servers.

DNS Resolution Process

Root DNS Servers:

• The search starts here if the Recursive DNS Server doesn’t have the answer.
• Root servers act as the internet’s DNS backbone.
• They direct the request to the appropriate Top-Level Domain (TLD) Server based on the domain extension.
• For example, if you request www.tryhackme.com, the root server identifies .com and redirects the request to the correct .com TLD server.

TLD DNS Servers:

• These servers manage domain extensions like .com, .org, or country-specific extensions like .uk or .ca.
• They provide the location of the Authoritative Name Server for the requested domain.

Authoritative DNS Server:

• This server holds the actual DNS records for the domain.
• For example, tryhackme.com has authoritative servers like kip.ns.cloudflare.com and uma.ns.cloudflare.com.
• Multiple authoritative servers provide redundancy in case one goes offline.

Returning the Result:

• The authoritative server sends the requested DNS record back to the Recursive DNS Server.
• The Recursive Server caches this record for future queries.
• Finally, the result is sent back to your computer.

Time To Live (TTL)

• Every DNS record has a TTL value, which specifies how long (in seconds) the record should be cached.
• Caching helps reduce repeated DNS requests, improving speed and reducing network load.

This entire process happens in milliseconds, allowing you to access websites almost instantly!

TryHackme DNS in Detail| Room Answers

Room answers can be found here.

Video Walkthrough