Dynamic DNS

I'm a bit of a security nut.

So that's why I love these little webcams.

The problem with these web cams is that well they're behind the added router.

So in order for me to access these webcams I have to know the IP address of the WAN
side of my router.

Now that's OK it's no big deal for me to figure this out.

The problem is is that I obtained this IP address via a DHCP.

So my router when he plugs into my ISP is given an IP address which changes from
time to time.

So that's what makes these cameras tough to do long term because this IP address
changes.

So to get around this we're going to use a very special kind of DNS known as
dynamic DNS dynamic DNS works in a very simple way.

You have some kind of client and this client is running behind the Nanton part of
the router.

And it will go out onto the Internet and it will talk to a DNS service and there
are companies out there that provide dynamic DNS as a service and they will talk
and they'll grab the an IP address.

And these dynamic DNS service companies have their own DNS servers and might when
IP address will be placed onto a domain name of my choosing.

So to make all this happen the first thing we're going to have to do is pick a
dynamic DNS company and sign up with them.

The one I'm going to use is an old favorite of mine.

It's called TZO.

There's a number of them out there I just like TZO.

And when we're going to use We're going to set up a little trial account so only
good for 14 days.

But it works perfectly and it's great for demonstration.

So I've actually gone ahead and signed up for the account already and they gave me
a whole bunch of different domains to choose from.

And I went ahead and chose TZO dot org.

So I'm going to give myself the name Des's weds because I like Dez Weds Des's weds
dot org and it's going to link in to this address right here.

So there's a number of things happening let's watchable.

Now the first thing I want to show you is I signed up for the account and I got
this return e-mail from TZO.

So they've given me Des's weds TZO dot org and I've been given this key.

The key is not a dynamic DNS thing it's a security feature that TZO puts into their
stuff so that after 14 days I'm going to have to pay for it.

OK so now that I have this one of the first things I could do is I can and I did
this already.

I downloaded their little client minimizes so you can appreciate that.

So I downloaded this little client tool.

So this client tool fires up I had to type my key into this that I got for my e-
mail and he's going out on the internet and talking to his DNS servers.

So once this client starts talking I can actually check the status of my DNS
servers.

So I logged into the DNS site here and it sees my here's my Des's What's that TZO
dot org.

And you can see it knows my IP address.

The reason it knows that IP address is because the client told now the only thing I
have left to do is I can go into my router and you can see I've already set it up.

I've set my router up with port forwarding.

So anything that's coming in from the Internet is going to go to the camera itself.

So I think I've got everything set up right.

I now have Des's weds dot TZO dot org signed up to the way an IP address of my
computer.

I've got port 80 forwarded.

So it should when you get this it'll go through.

We'll say this is a camera to get to the camera.

The cool part is though is that I'm not using the IP address.

I'm actually using a dynamic DNS address so you know what I'm going to go plug this
in.

And let's see if we can see anything interesting.

OK so now if this is working right I should be able to type in Des's weds Dot TZo
dot o r g.

Fingers crossed.

OK fantastic.

It's all it's got to the camera already so I know that the TZO dot org people have
used the client they have the IP address of the WAN side of my router and then my
router itself is using port forwarding on port 80 to send it to the camera so I
know that part's working.

So that tech lets you see what it sees.

OK so there's my camera.

And I'm pointing to the ceiling there a little bit.

And scroll down

that's that's my director Aaron.

He's taken a little nap.

Hey Aaron wake up.

So that's the power of dynamic DNS dynamic DNS simply allows us to take IP
addresses that change.

That's mainly DHCP addresses.

And by using clients we can talk to dynamic DNS servers which will automatically
update and they'll always have the right IP address for our devices.

It's a lot easier to type in a fully qualified domain name that an IP address.

Trust me I know.

Dynamic DNS (DDNS) enables you to use a DHCP-assigned IP address for connection

DDNS providers can update IP information

DNS Troubleshooting

One of my favorite lines I'll hear somebody say oh call me up and go Mike.

The internet's down I go now.

And the Internet is just fine.

It's the part that you're trying to connect to that's down any way.

DNS troubleshooting is a big deal because DNS does tend to go down from time to
time so the number one clue that you've got a DNS problem is something like this.

Now I'm using Google Chrome right here because Google Chrome is my primary web
browser of choice.

There's a lot of reasons to like it or dislike it.

But one of the reasons I like Google Chrome is that when there are problems Google
Chrome can often tell you where that problem is.

So for example on here it says what is not available that's a pretty standard there
and says the server a WWW Google dot com can't be found because the DNS Look-Up
failed.

So that's one of the nice things about Chrome it tells you straight up where the
error is.

Now keep in mind other web browsers for example Internet Explorer and Firefox they
will give you clues to that a lot of times you're gonna have to look down here in
the lower left hand corner and will say things like attempting to resolve w w w dot
Google dot com.

The bottom line is is that your first indication that you have a DNS problem is
that you can't use DNS.

Anytime you type in a fully qualified domain name FQDN it fails.

Web browsers because they're so predominant tend to be the first place where people
notice it.

But if you're using fully qualified domain names in your email server settings it
will fail if you're trying to get to an FTP site it'll fail.

So it's always going to fail on you one way or another.

Now I'm going to show you one little quick trick you can do to verify the DNS is a
problem.

Now in order to do this we have to know ahead of time the IP address of a known Web
site.

Let me show you mine.

So what I'm going to do I'm just going to open up another tab here real quick and I
actually keep this IP address on my iPhone.

So I'm just pulled up a note on my iPhone I'm typing it in.

I don't remember what it is.

It's a web page of some kind.

Cool.

Now clearly we're hitting a web page.

Now that's the big clue that you've got a DNS problem.

If you can access a web page by its IP address but not by its DNS name.

You've got a DNS problem.

So the trick to doing something like this is that you've actually got to keep an IP
address for a web page someplace where you can access it for when you have trouble
because you won't be able to get it otherwise.

OK so I've got a DNS problem.

One of the places I'm going to look is at.

Do I have a misconfiguration.

So to do that I'm going to open up a command prompt and I'm going to run IP config
slash all lots and lots of stuff in there.
Now I'm actually running off my wireless right now so I'm looking at my wireless
LAN adapter and it says that my DNS server is 23 44 55 66 one of the other things
that people should know is what is our DNS server.

If you're a network tech you're going to be supporting a lot of computers that all
use the exact same DNS.

So I can look at that very very quickly and.

I don't think that that's my DNS server.

So let's go ahead and go into our network connections.

I'm going to look at my wife my and I'm going to look under Properties

here is my IPV4 right there and we'll hit properties and this is my IP settings so
this is where we set up.

This is DHP but I want you to notice this right here.

You can do DNS settings separately from all your other settings.

So even though DHC is going to give me my IP address and my subnet mask is my

Notice that this is intentionally mis configured to manually type in a DNS address.

This is actually a very cool and very flexible feature.

Now if I set this back to obtain an IP I'm sorry obtain a DNS server address
automatically got hit OK you've got to hit close.

All right.

Now I'm going to run IP config slash all again.

And it usually is pretty much instantaneous although I ran pretty quick there.

There we go.

Now if you take a look you'll see that I've got two DNS servers setting 75 75 76 76
and then all 75.

These are the DNS server settings that are passed out by my ISP.

So my router gets DHCP settings from the ISP and then because most home routers do
this it automatically passes that DNS information down through DHCP.

So that's where these are coming from.

And because I know my network and I'm a good network plus tech I know that those
are the settings I should have.

So let's give it a quick test and I'm just going to open up another tab and let's
see if I can get to Google properly this time Teta it works like a champ.

All right.
Now what you'll notice is that there were two DNS settings there and that's really
really important because DNS goes out so often it is standard for you to always
have two DNS server settings.

So I'm going to go into my properties.

Now you'll notice that those were set in there automatically.

But if you take a look you'll see it says preferred and alternate.

What's going to happen is that your computer will always try to use the preferred
first but if it fails it will automatically try the second one without you having
to do anything.

So in most cases you're always going to be typing in at least two DNS server
settings or at least you're going to have your DHCP server passing those out.

Misconfiguration happen but they're pretty rare.

I mean most the time things work ok there.

The challenge that we run into is that DNS servers sometimes just stop working or
for example my totalsem.com Web site we just moved at about an hour ago from one
computer to a new ISP and a new Web service

and everything.

So WWW that total dot com isn't pointing to the old IP address.

It shouldn't be pointing to the new one now.

Our ISP is taking care of this for us and it's being propagated through the
Internet and the DNS servers are being updated fairly quickly.

However you can run into a lot of problems here.

The problem that we run into is that your individual computers and your local DNS
server will cache resolved copies of where w w w that total dot com is.

And it's our job to wipe those caches and then to tell the computer look I know you
used to think the w w w dot total some dot com was that this IP address but by
wiping the cache it will compel it to go to another place.

So let's clear some cash to clear your cash.

Well first of all I want to show you your cash on your individual computers.

I'm going to do an IP config slash display DNS when you run this command.

These are all of the resolved DNS addresses that are being stored in your computer.

I've got a couple of thousand here and I've only been running for a few minutes so
if we take a look at any one particular one here.

Here we go.

Here's w w w. ABC 13 dot com.

And somewhere in here it says go to ABC 13 dot com.

So what we need to do is we type in the command IP config.

Flush DNS.

So when we do this it wipes out all of that cache.

The nice part here is that the system now instead of just assuming that it knows
the IP address will automatically go back to our DNS server and force the
resolution.

OK now there's a couple other things that can happen here.

Let's just say that you're fairly limited in terms of your own local DNS server.

You can actually put in replacement DNS servers.

So I'm going to go back and buy properties and when I'm going to do this time is
I'm going to use the DNS server addresses statically.

And I know that my ISP is 75 75 76 76 but I'm going to type in a really really
famous one and one you should know that 8. 8.8 8, 8 8 8 8 is the big Google DNS
servers and they never go down ever.

So if I think I've got a bad DNS server.

One of the things I can do is just replace it on the fly was something like 8 8 8 8
8 8 8 8 8 8 8 4 4.4.

There's a bunch of them.

OK.

Now the last thing I want to be able to do is to determine is my DNS server Good.

OK.

Now Network Plus does not assume that you're going to go fixing DNS servers but you
should be able to query a DNS server to determine whether it's working or not.

And there's two tools to do that.

And this look up and dig now N.S. look up stands for name Savir look up and N.S.
look up is actually a very very powerful tool.

However N.S. look up is so powerful that most DNS servers are designed to ignore
anything that comes from nslookup.

But this is on the network.

Plus I want to show you a couple of things.

First of all if I just type N.S. look at by itself it says this is my DNS server
and it's just pulling from my primary DNS server.

Now the other thing I could do is I can just type in at this point I type in the
word server and then a DNS server.

Now you'll see this resolves back as a good DNS server.

Let me show you what happens when we put in a bad one.

I'm just making these numbers up.

Now you see that the name couldn't resolve in this case.

That's because it's not a DNS server.

So it's not capable of actually doing that.

So that's about all that you can really do with N.S. look up anymore if you want to
have fun with DNS.

You have to use a tool called Dig dig does not come with Windows however.

So I'm using the third party tool that's a graphical dig that works really really
well.

If you've got a Unix system dig it just works at a command prompt it works great.

So let me show you dig.

Now this is called Easy dig and it works really really well.

So first thing I got to do is I have to say what DNS server do I want to use.

And look they got them all built in a bunch of them.

So I'm going to say use this DNS server so this is the one I want to test and then
I've got to put in some arbitrary queery.

So I'm going to test for.

It doesn't matter.

And I'm going to see the records for.

ftp totalsem . com

So I'm just going to hit dig and you'll see it resolves back with a legitimate
address.

This is telling me that the Google DNS server at 8 8 8 8 8 8 is a good DNS server.

The query I'm putting in here is just an arbitrary thing that I'm trying to use to
make it do something.

So let's put in something that doesn't work.

I can leave this as it is

thud.

Nothing's happening.
Now the thing you need to appreciate about both N.S. look up and Digg is that these
are very very powerful tools.

You can do things with them for example you can go to a DNS server and query it and
say show me all your name server records stuff like that.

Use an IP address of a Web site to test connectivity without DNS

Run ipconfig or ifconfig in linux to clear the DNS resolver cache

Run nslookup or dig to check the status of a DNS server

It's a huge security disaster because bad guys use this information to generate
spam and all kinds of stuff.

So over a decade ago pretty much all DNS servers are shut down so that they won't
really respond to hardly any nslookup or dig queries.

So the one thing these two things can still do though is you can answer this
question is this particular DNS server up and running or is this a DNS server.

That's pretty much all you can do with it.

OK.

There's one more tool I want to make mention of and everybody forgets about this
it's a great DNS tool.

It's just good old ping.

You can go to a command prompt and type in Ping space w w w that total some dot com
and hit enter.

And I don't care whether the ping works or not.

That's irrelevant because what will take place is that the pings still has to
resolve that fully qualified domain name to an IP address.

So Ping is a great quick and dirty way to say is DNS working.

The big thing I want to leave you with on this is that the network plus exam is
really going to hit you on output.

Make sure you know what an N.S. look up output looks like you're going to be seeing
it on the exam.