vps header 1200x200

4.1 Domain Name Resolution

A domain name is a human understandable set of words that will link to a website. For example, a domain name could be "my website dot com" which is written mywebsite.com. DNS, which stands for Domain Name System, is a system used to translate domain names to their respective IP addresses. Learning how to set up and use DNS is important because each website has two names. One is a computer friendly name. The other is a human friendly name. Computers like to use numbers. Computers assign each network connection end point a 12-digit number such as 123.456.789.001 We call this 12-digit number an IP address. However, it is hard for us humans to remember 12-digit number numbers. We prefer to use domain names like mywebsite.com. A DNS server (which is also called a Name Server) is used to connect the IP address 123.456.789.001 to the domain name mywebsite.com.

01

How does DNS work? – The hotel example

To understand how DNS works, consider how networking happens in a hotel. Imagine you need to visit your friend who is staying at a hotel. You know your friends name is John Smith but you do not know their room number. To find your friend’s room, you go to the hotel receptionist and tell the receptionist your friends name and ask for their room number. The receptionist then looks up the room number for John Smith.

Let’s say John Smith is staying in room 12.34. This means that to find his room, you would go to the 12th floor and then look for room number 34. DNS acts in a similar way. Your friend’s name is his domain name. His room number is his IP address. You type a website name into a browser. The browser sends the request to the DNS server. The DNS server provides the IP address.

How do I find the DNS or IP number of my home computer?

Your home computer has more than one connection. We will focus on our default Ethernet connection which in LMDE is called Wired connection 1. First, we need to know what network management system is being used. This will help us understand where we should look to find the file that is controlling the DNS.

We found earlier that Network Manager is controlling network management on Linux Mint Debian Edition (LMDE). Network Manager is configured by clicking on the Network icon on your bottom right task bar. Then click Edit Connections.

02

Click on Wired connection 1 to select it. Then click on the Setting wheel to open up the Wired 1 Edit screen.

03

Wired connection 1 uses your laptop's Ethernet device which is called eno1.

Note that a device is a Network Interface Card (NIC) while a connection is a configuration that is applied to a NIC. Each NIC can have more than one connection. Click on the IPv4 tab:

04

Wired connection 1 does not have a static or fixed IP address. Instead it is automatically assigned an IP address by DHCP. To see the automatically assigned address to the eno1 device, open a terminal and type

ip addr show eno1

The ip address shown on my laptop (after the word inet) was 192.168.1.50. But on a future day, the assigned IP number might be different. My local area network "gateway" IP address is 192.168.1.1 which means that DHCP can assign any number to the Wired connection from 192.168.1.2 to 192.168.1.250.

Wired connection 1 also does not have an assigned DNS server. It will therefore use the DNS server provided by your Internet Service Provider (which can be very slow and also censor the responses).

For network connections configured by DHCP the DHCP server provides to Network Manager with both an IP address for the local interface (or Local Area Network or LAN) and the address of a (remote) DNS name server (which will resolve domain names of the Wide Area Network or WAN also known as the Internet or Public Internet).

The DNS Dilemma... Who should control Internet Traffic?

DNS stands for Domain Name System which is a process for converting domain names such as example.com into numerical IP addresses such as 192.168.1.1. But DNS also stands for Domain Name Servers. These are servers that specialize in rapidly converting (aka resolving) millions of DNS requests into their IP addresses every second. DNS lookups are such an essential feature of the Internet that control of DNS lookups equates to control of Internet traffic. And control of Internet traffic means control of the flow of information.

05

These important DNS resolvers are required to offer users two resolver IP addresses under the hope that if one resolver IP address or server goes down, that the second one will still be able to resolve the DNS request.

The most widely known DNS resolver is owned and controlled by Google. They use the resolver IP addresses 8.8.8.8 and 8.8.4.4. Google's draconian censorship policies have caused many to turn against Google.

A second common DNS resolver is owned and controlled by Cloudflare. They use the resolver IP addresses 1.1.1.1 and 1.0.0.1. Sadly, Cloudflare is basically a front for the NSA and the CIA. So many privacy advocates think that Cloudflare is not any better than Google. Both are monopolies in terms of controlling Internet traffic.

Thus, some privacy advocates promote an alternative DNS resolver called Open DNS. They use the resolver IP addresses 208.67.222.222 and 208.67.220.220. Sadly Open DNS is owned by Cisco which is another Internet monopoly that controls a huge share of the routing of traffic on the Internet and is also closely aligned to the Police state. Also Open DNS has their DNS servers located in the US which means they are under the control of draconian US laws. Unlike Google and Cloudflare, Cisco policy does not allow businesses to use Open DNS for free. So Open DNS is not really a very good option.

Therefore, in 2017, a new Non-profit organization was started in Switzerland called Quad9. They have a DNS resolver that uses the IP addresses 9.9.9.9 and 149.112.112.112.

Follow the Money

It is always useful to understand who is backing a particular program before using that program. Quad9 was started by IBM and the Global Cyber Alliance. The Global Cyber Alliance was founded through a $25 million grant obtained via a criminal asset forfeiture, organized by Manhattan District Attorney Cyrus Vance Jr. While the GCA is a non-profit organization, it requires constant funding. In the past, the GCA has received funds from the US Secret Service, City of London Police, France National Police and IBM. "Law enforcement funded" and "secures your privacy" don't often end up to together in the same sentence.

In addition to being closely connected to the Police State, Quad9 uses a censorship program which they claim is to protect us from "bad websites." This is similar to Google which also claims to protect us from "bad websites." But we have seen recently that censorship can also be used to divert the public away from websites that are critical of the Police State. Therefore, Quad 9 may not be that much better than the other "monopoly" DNS resolvers.

What is the solution to this problem?

One benefit of Quad9 is that their servers are in Switzerland and under Swiss privacy laws which are much better than the current legal situation in the US. The simple solution is to use the Quad9 resolvers.

A second solution is to seek out a lesser known DNS server - preferably one that is not located in the US. One of the best alternative DNS servers is called DNS.watch.

06

Here is their website: https://dns.watch/index

Their servers are located in Germany and their policies include no data mining and no censorship. They also offer excellent security. Finally, despite being located in Germany, their response time is very fast. Here are their two IPv4 addresses:

Primary DNS:
84.200.69.80
Secondary DNS:
84.200.70.40

A third solution is to always list your own IP gateway address as a primary DNS resolver (listing it before the normal DNS resolvers in your Named Servers files). But the best solution is to create your own DNS server - a topic we will eventually cover in a separate article.

How your File Manager Processes DNS

To see what the default settings are for Wired connection 1, open your File Manager and click on File System. Then click on the etc folder. Then click on the Network Manager folder. Then click on the system-connections folder. Then right click and click Open as Root. Then click on the Wired connection 1 file to open it. Note that

interface-name=eno1 and [ipv4] dns-search= and method=auto

Auto means that that DHCP will assign a random IP address to this connection when you turn on your laptop.

To see the default settings for Network Manager, close the Wired connection file. Then close the system-connections folder. Then click on the NetworkManager.conf file to open it.

07

This file shows that there are two plugins installed. One is called IfUpDown. The last line, (managed=false) is very confusing. But it basically means that if a network connection is managed by IfUpDown, then it will not be managed by Network Manager.

To see what connections are being managed by IfUpDown, close the Network Manager folder and open the folder just above it (/etc/network). Then click on the file interfaces to open it.

08

Note that the file says Read Only. This is because we did not right click on the previous folder screen and click Open as Root. To edit any file in the File System, you need to open it as Root.

The file explains that the source directory or folder is /etc/network/interfaces.d. But there are no files in the folder interfaces.d. Therefore, at least initially, there are no network connections controlled by /etc/network/interfaces.

Another important file is /etc/hosts. Here are the first two lines:

127.0.0.1 localhost

127.0.1.1 lmde (or debian depending on the name you gave your laptop)

The next file we need to look at is /etc/resolv.conf. Close the network folder. Then scroll down to a file called resolv.conf. Then click on it to open it. It reads:

# Generated by NetworkManager

In LMDE and Debian Desktop, this is followed by:

nameserver 192.168.1.1

In Linux Mint Ubuntu, this is followed by:

nameserver 127.0.1.1

Thus, Network Manager automatically takes the gateway IP for our Local Area Network, 192.168.1.1 and/or 127.0.1.1 and uses it as the name server for our local area network.

09

The file /etc/resolv.conf may include the warning: DO NOT EDIT THIS FILE BY HAND - YOUR CHANGES WILL BE OVERWRITTEN.

The reason you can not add DNS name servers directly to the resolv.conf file is that this file is automatically generated after input from up to seven other programs!

10

Why we want to add DNS Name Servers to the resolv.conf file

In a moment, we will look at the advantages and drawbacks of several of these methods. First, know that there are at least three reasons we want to take the time to list our own carefully selected name servers in the resolv.conf file. When it comes to resolving domain names on the Wide Area Network (the public Internet), if you do not specify your own DNS Name servers, you laptop relies entirely on your Internet Service Provider - which uses a DNS server that may be both slow and loaded with security and censorship problems. Adding your own DNS Name Servers can improve speed, increase security and reduce censorship of your website.

Add a Free Public DNS Server to your Laptop or VPS

At this point, many tutorials recommend that you add a free public DNS Server to your Ethernet connection. The most common option is the Google DNS server.

Go to your bottom task bar and click on the Networks icon. Then click on Network Connections. Then click on Wired connection 1 to open it. Then click on the IPv4 tab. Then in the Additional DNS servers box, type 8.8.8.8,4.4.4.4

11

Then click Save. Then close Network Connections. After making changes, you will need to turn off and reconnect the network to apply new settings. To do this from the Desktop, click on the Network icon.

12

I have already turned off the Wireless connection. Turn off the Wired connection. Then turn it back off. A pop up will appear saying You are now connected to Wired connection 1.

Network Manager saves these settings in /etc/NetworkManager/system-connections//Wired connection 1. Open your File Manager and click on File System, etc, NetworkManager, system-connections. Then right click and click Open as Root. Then click on Wired connection 1 to open it. The ipv4 section should read

dns=8.8.8.8;4.4.4.4

Close this file. Then click on the /etc/resolv.config file to open it. Network Manager added

nameserver 8.8.8.8 and nameserver 4.4.4.4.

Repeat the process for any additional network connections you want to change.

How to Add DNS name servers on your VPS

Virtual Machine Manager does not come with Network Manager installed. Even if we installed Network Manager, the previous tool we used to set the Name Servers (called Network Connections) would not display - because this tool only works on Desktop computers - not on servers. We will therefore need a different way to set DNS name servers on our VPS. We will first try to use an older tool called etc/network/interfaces. We will then use a newer tool called etc/dhcp/Dhclient.

Use VMM to turn on a VPS that was installed using the normal default or NAT connection. Log in and type ip addr. If the device enp1s0 has an IP address 192.168.122.xxx, then it is NAT. (18)

To see an alphabetical list of what is in the /etc/ folder, type ls /etc. Folders should be shown with different colors from files.

13

To see what is in the etc/resolv.conf file, type cat /etc/resolv.conf

The reply should be 192.168.122.1 which is the gateway IP for your VPS.

One of the folders in the etc folder is called network. To see what is in this folder, type ls /etc/network. There is a file called interfaces in the network folder. To open and or edit this file, type

sudo nano /etc/network/interfaces

Then enter your VPS password. Use the scroll bar on the left side of the screen to go back to the top of the screen. The interfaces file says that the source file is /etc/network/interfaces.d/*

Here is the rest of this file:

#The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

allow-hotplug enp1s0

iface enp1s0 inet dhcp

To add a dns server to this connection, use the down arrow to go to the bottom of the file and add a new line. Then add these lines:

dns-nameserver 8.8.8.8

dns-nameserver 8.8.4.4

To save the change, type control plus o, then Enter.

To close this file, type Control plus x.

Then use the scroller to see the prompt at the bottom of the screen.

To apply this change, type

sudo ifdown enp1s0 && ifup enp1s0

then shutdown and restart your VPS by typing

sudo poweroff

Then log back in and type

cat /etc/resolv.conf

It will likely reply 192.168.122.1

Why did the Resolv.conf file not show the new name servers???

There are many tutorials on the Internet that claim that you can add DNS name servers to your etc/network/interfaces file and they will then be added to your resolv.conf file. So why did this not work for us?

There are several reasons. First, the primary network interface device, called enp1s0 is being controlled by DHCP. All of the tutorials use examples where the primary interface device is controlled by static rather than by DHCP. In our case, the primary network interface is the default network interface. So we would need to create a different interface if we wanted to use the interfaces file to set the DNS name servers.

But wait... Wasn't Wired network 1 also controlled by DHCP? Yes, it was. And we just added DNS servers to Wired network 1 and it worked! So what is the difference???

The difference is that the tool we used for add DNS servers to Wired connection 1, called Network Connections, is a part of Network Manager. And Network Manager has priority over DHCP. But DHCP has priority over etc/network/interfaces! So any change made by Network Connections will be added to the Resolv.conf file regardless of the DHCP settings. But any changes made by etc/network/interfaces will not be added because they are being blocked by DHCP settings.

This means that if a device or connection is using DHCP and we do not have Network Manager installed, we will need to add the DNS name servers by making changes in the DHCP configuration file rather than in etc/network/interfaces.

This complex nightmare just to add DNS name servers is ridiculous and it is the reason I refer to this problem as the DNS Mess. Nevertheless, we will next look at how to add DNS servers using the DHCP configuration file.

Add DNS servers using the DHCP configuration file

To edit the DHCP configuration file, type the following into the VPS server terminal:

sudo nano /etc/dhcp/dhclient.conf

Use the down arrow to scroll down to the line that begins with the word prepend. Then delete the hash #. Then use the right arrow to type the following into the line:

prepend domain-name-servers 8.8.8.8, 8.8.4.4;

Do not add more than two IP addresses to this line as we want to also use the default DNS server and there is a limit of 3 domain name servers that can be shown on the resolv.conf file. Then save the file with Control plus o, then Enter. Close the file with Control plus x.

Then shut down the server with sudo poweroff and restart it and log back in. Then type

cat /etc/resolv.conf

The reply should be

nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver 192.168.122.1

The first two will be our public name servers (change to whatever you want) and the last one will be the name server for our local area network. Type sudo poweroff to close your VPS. Then close VMM.

Comments on other DNS Name server tools

Some tutorials on the internet recommend adding Network Manager to your VPS and using Network Manager tools like nmtui to set the DNS servers. This has the advantage over the DHCP tool in that many connections are not controlled by DHCP. They could be static or manual. So we may add Network Manager later if needed. But the problem with adding Network Manager now is that the only network device on the VPS, called enp1s0, is configured using etc/network/interfaces. Sadly, Network Manager will not control any device which is configured with etc/network/interfaces. So there is literally no device for Network Manager to control! Things may change when we add a second bridged connection.

Other tutorials recommend adding DNSmasq. This is a powerful tool for complex DNS situations where there are lots of connections and you want to precisely control which connections get which DNS name servers. (note that resolv.conf only assigns DNS servers globally). So DNSmasq actually replaces resolv.conf. There is another tool called resolvconfig that can also replace resolv.conf. DNSmasq also works with Network Manager by adding the line dns=dnsmasq to the Network Manager configuration file. So we may add these tools later if needed.

Other tutorials recommend using Network d and/or Netplan. Both of these are loaded with problems. Finally, some people have gotten so frustrated with all of the programs fighting for control over the /etc/resolv.conf file that they removed the symbolic link to it with:

rm /etc/resolv.conf

They then created a new version of the file which can be directly edited with:

sudo nano /etc/resolv.conf

The reason this is a bad idea is that you may later need to add a more complex configuration to your DNS name servers - one that requires the use of Network Manager and or DNSmasq. While the symbolic link creates lots of problems, getting rid of it only creates more problems.

What's Next?

In the next article, we will look at a file called Etc/hosts which actually has priority over Etc/resolv.conf.