How do I Google?

Review Part 1

• Key is pressed on Keyboard
• Keyboard Polls through the Key matrix
• Keyboard Notices a Change and waits until the next USB packet can be sent
• Keyboard sends USB packet to Computer
• The OS gets packet and sends it to the correct Program

Whats Next?

• Keyboard
• Computer to Program
• URL Bar in Browser
• Finding the Web Server
• Sending Data to Web Server
• Retrieving Data from Web Server
• Browser getting other files from webpage
• Browser rendering the Data for the viewer

What are URLs

• Well most likely you did not type https://www.google.com/ in to the URL bar
• So the Internet Browser has so fill in some assumptions
  • Did you mean http,https,ftp,data,about,mailto,file
• Since google.com is popular and most likely in your history it uses that

What are URLs

• Now we have a full URL that has something like this

• The Scheme is the first part of the URL
  • This denotes how the browser will talk to the server
  • The most common are http and https
• Your browser has a list of domains that require the secure https scheme for all connections.
  • This is a security feature that was added to prevent possible redirection attack.

Where is the Server?

• With the full URL https://google.com/
  • If there were non "a-zA-Z0-9-." the name must be converted first. See https://i❤.ws -> https://xn--i-7iq.ws/ with Punycode encoding
• Now we have to find what IP address google.com is
  • People use the Domain names because it is easier to remember than 142.251.40.132
• Your browser has a temporary cache of this information.
  • Why a cache?

Where is the Server?

• You can manually map domains to IP addresses using the computers internal hosts file
  • C:\Windows\System32\drivers\etc\hosts
  • /etc/hosts
  • This has a manual mapping of domains to IP Addresses

Where is the Server?

• Then the OS has a separate cache that is checked.
  • Windows has a Service running in the background that caches DNS responses called DNS Client Service.
  • Running the ipconfig /displaydns command will show the current values in the cache

Routing 101

• When all of those fail an actual request to a server is made
• To send an actual DNS request to a server lets learn a little bit about routing
• So lets first talk about how we get an IP address

DHCP

• When your computer is plugged in or connects to to the wifi network is send a special message to every device on that network
• This asks if there are any DHCP Servers
• A DHCP Server (which is usually on the router) will respond to this request with an unused IP address
  • The server adds this IP to its list of given addresses to insure it is not given again

DHCP Response

• The response includes
  • IP we can use (Ex. 192.168.88.253)
  • Router IP address (Ex. 192.168.88.1)
  • Subnet Mask (Ex. /24) used to show how many local IPs can exist
  • A list of DNS Servers
• DNS Servers are usually passed down by the ISP you use but can also be manually changed

Routing 101

• Lets say that we want to send a DNS request to the 1.1.1.1 server. How does your computer know where to send that data?
• Each device/computer has a list of destinations and what physical network interface can reach that destination
•  
•  
•  
• The default destination is the fallback if there no other matches are in the route

Routing 101

• Other information from this command include
  • My Local IP is 192.168.88.253
  • My Local Router IP is 192.168.88.1 connected by the enp0s35 Ethernet port
• To connect to the 1.1.1.1 DNS address it must use the default route and forward the request to 192.168.88.1 my internal network router

A Router's Routes

• Here is the route table on my router
  • The router internal IP address is 192.168.88.1
  • The router external IP address is 173.70.252.102
•  
•  
•  
•  
• Subnet masks are a way of defining a IP address Range
  • For example
    173.70.252.0/24 = 173.70.252.0 - 173.70.252.255  0.0.0.0/0              = 0.0.0.0    -       255.255.255.255

How a router works?

• The request continues to the 173.70.252.1 IP which is owned by my ISP
• The ISP now has to direct the request to the correct destination
• ISPs don't have a default route.
• Instead they have a huge list of every IP range and what is the next stage to get there
  • This can change contently to avoid congestion, server crashes, etc.
  • Other ISPs connect to each other allowing more communication to more destinations

DNS 101

• Since the Browser and the OS cache return no results for the IP lookup we ask one of the DNS Servers provided by the DHCP response
• Asking the first DNS address 192.168.88.1 the same address as the router returns the correct IP

Recursive DNS Server

• The DNS Server on the router is called a Recursive DNS Server.
  • This means that it will do all of the hard work to lookup an IP address
• To get DNS to work there needs to be some semi-hardcoded IPs. These are called Root Domain Name Servers.
  • These Servers have changed in the past but changes are very infrequent and planed in advance
  • This works because the majority of the servers stay the same address when an update occurs

DNS Answer

• Alright lets just ask the Root DNS Server for what www.google.com is. That sounds easy.
• Using the info that we got before lets ask e.root-servers.net. (192.203.230.10) what www.google.com is

Asking the .com servers

• Lets cache those responses so we don't have to ask again for later
• Lets ask the .com authority for www.google.com

Asking the google.com servers

• Lets cache the responses so we don't have to ask again for later
• Lets ask the google.com authority for www.google.com

Recursive DNS

• We had to ask a Root Server (192.203.230.10) to get a ".com" Authority
• We had to ask a ".com" Authority (192.12.94.30) to get a "google.com" authority
• We had to ask a "google.com" Authority (216.239.34.10) to get one of the "www.google.com" address (142.251.40.196)