If you have used Internet there is a pretty good chance that you have used DNS even without realizing it. DNS is the acronym for Domain Name System. What it basically does is translating domain names into machine readable IP addresses.
All machines which are connected to the internet has an address named the IP address in order to find them over the internet by other machines on the internet. This IP address consists of several numbers for the ease of computational purposes. 192.0.2.1 is an example for an IP address. But these IP addresses are not human friendly, which means it is not easy or possible for humans to keep in mind the IP addresses of all machines that are important to them. Therefore a new concept named Domain Names were introduced as a solution for this. "www.example.com" is an example for a domain name. They are simple and easy to remember as they are alphabetical characters. Each domain name maps to an IP address. What DNS service does is performing the conversion between these domain names and IP addresses.
DNS server is a computer server that contains a database of public IP addresses and their associated domain names. When you enter a domain name into your web browser, if your router does not have enough information to do the domain name to IP address conversion, it uses the help of a DNS server to perform this conversion by connecting to one of the available DNS servers.
In order to find the IP address of the DNS server that is used by your router, one of the below methods can be used.
Method 1: Using Router's web GUI
The most easiest way to find the DNS server IP address of your router is to check it from the router's web GUI.
1. First you need to find out the IP address of your router. (In most cases the default IP address is 192.168.1.1)
For Windows Machines :
1.1. If you are using a Windows machine, open the Command prompt by typing 'cmd' into your Windows machine's search bar.
1.2. Type 'ipconfig' in order to view network information.
There you will be able to see the Default Gateway Address details under Wireless LAN details. In this case it is 192.168.1.1
For Linux Machines :
1.3. If you are using a Linux machine, open the Terminal.
for an example, in an Ubuntu machine Terminal can be opened by searching for it on the Search bar
1.4 Then type 'ip r | grep default' on the Terminal to view Network details. It will then display the default gateway details
In here there are 2 IP addresses and the one with the lowest metric is selected as the default IP address, which is 10.8.0.1 in this case
2. Then enter this IP address into the Address bar of your web browser and you will be prompted to insert username and password in order to get access to the web GUI of your router
3. Then in the 'Status' tab, you will be able to view the DNS information of your router
Method 2: Using Windows Commands
2.1. One method here is to use the nslookup command. This command provides you with DNS lookup details. In order to view them, you can type the below in the Command Prompt
The first 2 lines of the output provide you with the DNS server details.
2.2. The second method is to use the 'ipconfig /all' command in the command prompt
As you can see, 192.168.8.1 is the DNS address as per the above output.
Method 3: Using Linux Commands
In Linux distributions, DNS details can be extracted from 'host' or 'dig' commands
host : host command is a utility that performs DNS lookups. Therefore DNS server details can be viewed as below by using it.
As per the above output, 10.0.10.11 is the IP address of the DNS server.
dig : dig is a tool that is used for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.
As shown above this command provides you the IP address of the DNS server that is used by your router.
However, in some cases, you can define the IP addresses of the DNS servers that you need your computer to use and then they can be passed on to your router as well. They can be defined in the '/etc/resolv.conf' file and the content of it can be viewed as below
As per the above, priority is given to 10.0.80.11 and only if it is unable to retrieve the relevant information, details are passed to 10.0.80.12 to perform a DNS query.
Method 4: Take a packet dump and view DNS details
In order to take a packet dump of the current network traffic, tcpdump command can be used. Tcpdump is a network packet analysis tool which is used a capture or filter tcp/ip packets that transfer over network. This is widely used be Linux users for network troubleshooting purposes.
To view network traffic, run below command as the root of a separate tab in the terminal
tcpdump -n -s 1500 -i eth0 udp port 53
Then on another tab, generate dns traffic using host or dig command as below
Then you will be able to see a similar output to below, in the tcpdump output
In the above sample output, you can clearly see my machine (ip address 192.168.64.140) asking from the DNS server (ip address 192.168.64.2) about the domain name www.google.com