Home    Training    Downloads    Tutorials    Arbitary    Get Fate    Proxy Info
Training session 28: DNS/DHCP
Difficulty: Medium
Learn how a DNS and DHCP server work
Creator: m101

Have you ever wondered how when you type www.google.com into your browser, you end up connection to a box on the other side of the world? Well every computer on the internet has its own unique ip address, packets from any ip address can reach any other ip address through being routed through diferent paths, but this still doesnt answer howcome www.google.com gets translated to something like This is the job of the DNS. DNS stands for Dynamic Name Server and its basic function is to translate names to ip addresses.

If a DNS does not have the ip address of the server requested, it sends the request to the next DNS. This is a hierachy of servers thats main basis is to resolve addresses. Let us examine how for example this heirachy works when we request yahoo.co.uk from the internet:

Firstly the request is sent to your ISP, isp.co.uk. The isp checks its list for the ip address and if it doesnt find it, it sends the request to its default route, which is .co.uk. This DNS contains all of the names of every address ending with .co.uk. If this DNS for some reason does not have the address, then the request is forwarded to .uk which has every address ending with .uk. If the address still is not found then the request is forwarded to .root, which is InterNIC. This DNS contains every single name of every single ip address that has been registered. If .root fails to find a match in its database, then the request fails. After a DNS uses its default route to find an address, it proceeds to store it in its own DNS table. A DNS table would look something similar to the following:


As you can see there is no www. in any of the addresses, this is handled by the box that belongs to the ip address, this box can then forward addresses onto any subdomain it wishes. This is why for example www.area-6.net and irc.area-6.net are on diferent ip addresses.

The basic theory behind spoofing a DNS server is to modify an entry in the table, or give the table a false entry that specifies a false ip address. For example if we were to change which for example is google.com, to which may be area-6.net, on an ISP's DNS server, then every request for google.com would be redirected to area-6.net.

On a network of for example 500 computers, could you imagine manually setting each and everyones ip address? It would take ages, and the chances of doubling up would be high. This is where the Dynamic Host Configuration Protocol (DHCP) is used. A DHCP server is used to assign ip addresses to the computers on a network. The DHCP Server holds a list of every ip address currently in use and assigns an ip address to the connecting computer. Every computer on the network is told the address of the DHCP Server. So when for example a computer without an ip address logs onto a network the following may happen:

1. The computer firstly sends a request to its DHCP Server, if none are specified this is usually So our example computer will send a DHCP request to the server

2. The Server recieves this request and looks through its table at what is already in use. The table looks something similar to this: cell800 BM POS cell1300 m101 Morbid

So our example computer 'Trinity' is assigned the address of because this address is the next possible address in the table that is not used. The table now looks like the following: Trinity cell800 BM POS cell1300 m101 Morbid

3. The assigned address is sent back to the computer and it sets its ip address.

The DHCP Server may handle naming of computers and MAC addresses, but this is unneccisary. This is just a basic overview of how a DNS and DHCP Server operate, but hopefully you now have some understanding of how addressing works.

URL or Email