DNS can be hacked….use SecureDNS from Twingate to protect yourself and your people: ntck.co/twingate_zerotrust 🔍 Your Web Browser is Dumb….without DNS🔍 Did you know your web browser is clueless when it comes to finding websites? When you type in a URL like academy.networkchuck.com, your browser has no idea where to go. That's where DNS, the Domain Name System, steps in to save the day! 🌐 In this video, we dive deep into the magic behind DNS. We'll break down how your browser queries DNS servers to turn website names into IP addresses, making the internet work seamlessly. From how DNS can be hacked to how you can secure your own DNS with tools like SecureDNS from TwinGate, we've got it all covered. 💻 🔐 DNS Security Tips: Learn how to use DNS over HTTPS (DOH), DNS over TLS (DOT), and other methods to keep your browsing secure from hackers and prying eyes. Protect your privacy and keep your internet safe. 🛠 Tools Mentioned: TwinGate for SecureDNS Raspberry Pi for DIY DNS servers AdGuard and PiHole for ad-blocking and DNS control Grab your coffee ☕, and let’s dive into how the internet really works! 👉 Subscribe for more IT tutorials, cybersecurity tips, and fun tech projects! 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy 💻📱Check out our new course, Laptop and Mobile Device Basics: ntck.co/mobiledevices **Sponsored by Twingate 00:00 - Introduction: Why your browser is "dumb" 01:46 - What is DNS? (The Contacts app of the Internet) 04:02 - DNS Hierarchy: The Mafia Bosses of the Internet 09:13 - Securing DNS from Hackers 15:30 - DNS Records Explained: A, NS, MX, and More 19:55 - Real-world example: Buying a New Domain 22:58 - Running Your Own DNS Server and Ethical DNS Hacking
@@Mr.JohnLong atleast 3 times a day before eating so like before having breakfast, launch and dinner, and remember if your gf cheats on that's not her fault "It's always DNS!"
This was fun, I know dns but still liked it. It's been a while since I've seen any of your videos. I still remember before you went YT full time. You've done so well. Keep it up!
Very good summary of most of the important parts. Some time ago I actually read through the whole RFC as I implemented my own DNS server from scratch in C# :D It currently runs on my raspberry pi with mono. ps: SOA stands for Start Of Authority, not "State" :) Other than that all pretty accurate and comprehensive. pps: fun fact: in german "acid" is called "Säure" and DNA (Deoxyribonucleic acid) is actually called "DNS" in german (Desoxyribonukleinsäure). I think that's pretty fitting, the DNA of the internet :)
Sorry, Chuck, but you missed a HUGELY CRITICAL aspect. The hosts file. Before it reaches out to stub to resolve, it'll look at anything in the hosts file to see if there's a static entry. This is also a common malware/hacking method to mess with people and hack them. It's literally the first thing you should probably check to ensure it's not interfering with something in DNS (because? it's literally the first thing your device will check). If your device checks that first, you should check it first as well. There's a lot of malware out there that will bar you from even looking at your own hosts file, even though you're an admin, by the way. It's kind of a dead giveaway that your device is infected.
"There is no spoon" from The Matrix. You and your movies. You know a message is no longer a secret when you publish it on DNS. Everybody and their computers know it. Love your videos and humor.
I was looking into your videos from 4 years ago, and today, the editing and the quality of the metaphors to simplify your explanations is second to none, thanks for inspiring how instruction should be done.
Awesome video, Chuck! Could you dive deeper into setting up a homelab server, particularly the hardware requirements for a budget-friendly build? It'd be great to see a comparison of the cost-effectiveness and benefits of running a homelab versus leveraging free cloud solutions or opting out of a homelab entirely. Keen to see more in-depth content on this-keep up the great work!
Hey, will you ever do a WiFi 7 video explained similar to the WiFi 6 video? Or have you done one already and I've missed it? You're the reason I was excited for WiFi 6 and it has now filtered down to my team mates as well who have been helping upgrading our customers.
1. Great job on this explanation! Def helped to better understand DNS! 2. It is funny that Bernard's phone number goes to a McDonalds in San Jose, CA! lol
Chuck your videos are always top-notch and easy to understand especially with the schematics and your lovely personality but please for the love of god make something that doesn't require a credit card, every time I'm following along with a tutorial I get halfway through then I'd have to sign up with a credit card-- please think of the rest of us who might not have credit cards and aren't from the US
It is crazy to think about DNS files being measured in kbs and a simple txt file. Paul Mockpetris earned his Hall of Fame recognition. The internet is awesome.
Your videos are awesome...Can you please share what software/hardware you are using to present your tutorials on the screen (freehand writing) with all the diff colors and stuff. BTW, I'm using a MAC computer. Thanks!
Can anyone tell me if the CCNA course with 24 videos on this channel a complete and exhaustive series? Or there are going to be more videos in that playlist??
DOH is nice. Not enough though. The resolver is still vulnerable if the remote zone is not dnssec enabled. (Also, making your own recursive resolver is cool) (Also, there is no spoon)
Thanks chuck, i will watch this another 2 times just so that it sticks in my head, the video caught my attention because my pc was asking me about it, at the time i didn't know, so when i saw this i thought ahhh.....nice 1 chuck, so yeah nice one and thanks chuck, oh one more thing....should i continue to use a vpn as well as dns protection ?
I wanted to create my own authoritative DNS server but it was kinda scary to configure something then switch it from cloudflare, then wait and pray that my services will work when DNS changes are fully propagated. Now i think i have better understanding of different types records so i think i will do it sometime soon. Anyway where is that spoooon ;D
Professor, thank you for your efforts. I am following you and one of your fans. I am a beginner student. If you would be so kind, I would like the correct steps to implement a man-in-the-middle attack on the network and access the devices connected to the network.Thank you very much.
The secret message is: "You are awesome! You just queried a TXT record and found this secret message! Take a sip of coffee and give yourself a pat on the back. Post this in the comments to let people know you found it: \"there is no spoon\" " Love your videos, Chuck, keep up the great work.
I have Quad9 and security.cloudflare-dns configured using DNS over TLS setup in my router. In case 1 goes down, I have a backup. I figure this protects all devices on my network from 'known' malware. The Asus router uses normal DNS for its checks, I wish it would use the DNS over TLS. But all client traffic uses the DNS over TLS. I know this as I had NextDNS setup for awhile and that was how the traffic looked like in the logs. I also have the non-secure DNS using quad9 and security.cloudflare-dns. In my travel router, I use Cloudflare over TLS. Figure another layer of protection while in a hotel or other unknown network is a good thing.
the followup video (or perhaps you have already done this one?) : now that I have resolved the DNS address to an IP address, how do I get to the server via the IP address? (basically: part 2)
"You are awesome! You just queried a TXT record and found this secret message! Take a sip of coffee and give yourself a pat on the back. Post this in the comments to let people know you found it: \"there is no spoon\""
11:00 Add your Root and Intermediate CA on the victim computer, then do ssl strip (Do not Try to bend the spoon[Only if it's yours]). Or just Home/Enterprise SSL inspection :P xProTip: remember to check if the certificate is good for a websites like Banks or other that data transported secure way between You and the server matters.
Very informative, as per usual! A couple of questions. If I am connect through a VPN service, like ExpressVPN, are my DNS requests routed through there as well, or are they traveling separately (and therefore exposed) from my actual web traffic. Second question, are your ISPs DNS servers also "recursive" similar to your Google example?
There you are with another awesome video. Is there anything you can't make easy to understand. No is probably the answer to that question, but maybe there is one subject, cars, wood...SPOONS!! Spoon, I'm sure you can't make a spoon interesting, I challenge you.
DNS can be hacked….use SecureDNS from Twingate to protect yourself and your people: ntck.co/twingate_zerotrust
🔍 Your Web Browser is Dumb….without DNS🔍
Did you know your web browser is clueless when it comes to finding websites? When you type in a URL like academy.networkchuck.com, your browser has no idea where to go. That's where DNS, the Domain Name System, steps in to save the day! 🌐
In this video, we dive deep into the magic behind DNS. We'll break down how your browser queries DNS servers to turn website names into IP addresses, making the internet work seamlessly. From how DNS can be hacked to how you can secure your own DNS with tools like SecureDNS from TwinGate, we've got it all covered. 💻
🔐 DNS Security Tips: Learn how to use DNS over HTTPS (DOH), DNS over TLS (DOT), and other methods to keep your browsing secure from hackers and prying eyes. Protect your privacy and keep your internet safe.
🛠 Tools Mentioned:
TwinGate for SecureDNS
Raspberry Pi for DIY DNS servers
AdGuard and PiHole for ad-blocking and DNS control
Grab your coffee ☕, and let’s dive into how the internet really works!
👉 Subscribe for more IT tutorials, cybersecurity tips, and fun tech projects!
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
💻📱Check out our new course, Laptop and Mobile Device Basics: ntck.co/mobiledevices
**Sponsored by Twingate
00:00 - Introduction: Why your browser is "dumb"
01:46 - What is DNS? (The Contacts app of the Internet)
04:02 - DNS Hierarchy: The Mafia Bosses of the Internet
09:13 - Securing DNS from Hackers
15:30 - DNS Records Explained: A, NS, MX, and More
19:55 - Real-world example: Buying a New Domain
22:58 - Running Your Own DNS Server and Ethical DNS Hacking
first
Thank you for this one. Wou you please create one for securing email servers.
Cheers! K.E
everything can be hacked , Chuck ;)
Please, I want to speak with ChatGPT on my Windows PC, but there isn't a version for Windows. Can anyone help me overcome this problem?
Public yha site paid dns required more secure your IP ... .. more firewall in needed
My favorite topic DNS, remember "it's Always DNS"
I'm new here, how often do I have to remind myself it's always dns?
@@Mr.JohnLong atleast 3 times a day before eating so like before having breakfast, launch and dinner, and remember if your gf cheats on that's not her fault "It's always DNS!"
Redshirtjeff
Why DNS 😢
except when it is IPv6
You’re right “there is no spoon”, only sporks.
This was fun, I know dns but still liked it. It's been a while since I've seen any of your videos. I still remember before you went YT full time. You've done so well. Keep it up!
Learning Networking is very Important
understanding basics that dont change in 20 years truly does. thats the base knowledge
Very good summary of most of the important parts. Some time ago I actually read through the whole RFC as I implemented my own DNS server from scratch in C# :D It currently runs on my raspberry pi with mono.
ps: SOA stands for Start Of Authority, not "State" :) Other than that all pretty accurate and comprehensive.
pps: fun fact: in german "acid" is called "Säure" and DNA (Deoxyribonucleic acid) is actually called "DNS" in german (Desoxyribonukleinsäure). I think that's pretty fitting, the DNA of the internet :)
Fun fact : in dutch SOA is short for "seksueel overdraagbare aandoening" in english STD (sexually transmitted disease)
@@ppdan :D That's really funny. Just reminds you how dangerous the internet is :P So don't plug into unknown systems unprotected....
the editor on this video is insane 😂😂😂
Sorry, Chuck, but you missed a HUGELY CRITICAL aspect. The hosts file. Before it reaches out to stub to resolve, it'll look at anything in the hosts file to see if there's a static entry. This is also a common malware/hacking method to mess with people and hack them. It's literally the first thing you should probably check to ensure it's not interfering with something in DNS (because? it's literally the first thing your device will check). If your device checks that first, you should check it first as well. There's a lot of malware out there that will bar you from even looking at your own hosts file, even though you're an admin, by the way. It's kind of a dead giveaway that your device is infected.
"There is no spoon" from The Matrix. You and your movies. You know a message is no longer a secret when you publish it on DNS. Everybody and their computers know it. Love your videos and humor.
there is no spoon -- Your videos helped get a job in IT and change my life forever. Thank You brother.!!
I was looking into your videos from 4 years ago, and today, the editing and the quality of the metaphors to simplify your explanations is second to none, thanks for inspiring how instruction should be done.
It's not DNS.
There's no way it's DNS.
It was DNS.
all days at work
pretty sure i have a mouse pad with that haiku
it's always dns
Ahh, I have this haiku framed in my office.
It was a full DHCP Server... We had no free internal IP addresses for that network left.
Chuck appreciation button>>>>>>>>
ahh yes, the three dots > report button
@@nikolaslehto8827😹😹
Also, please teach how to prevent DNS servers from getting hacked in upcoming videos.
hey buddy, thank you for making the things I need to study super fun. You're a true friend
It’s hilarious how well that comparison between DNS and a smartphone works so well 😂.
I'm so glad this landed well!
I haven't seen the full video, but WOW the first 2 minutes. You explanations are awesome! Thanks for doing this.
How am I supposed to eat my cereal when "there is no spoon"!
Slurp it
Or stir my coffee?!
there is no such a thing.. forget it
One of the best DNS video explanation I have seen. Kudos.
I have learned so many cool and useful things from this channel. Good job Chuck!!❤
your explanation with connecting real world examples is too good man !!
#ItWasDNS
Did you get deep-sleep on the Raspberry Pi Pico 2 working yet?
Only one comment 😅 lemme fix that 🎉
I finally went to a micro center for the first time. Sadly i live in switzerland, i dont have a micro center :(
Got a raspberry pi 5 there
Awesome way to explain … I will use this way to educate others on dns ……keep making good videos chuck
This fits nice and snug into your CCNA playlist. Appreciate the content!
Awesome video, Chuck! Could you dive deeper into setting up a homelab server, particularly the hardware requirements for a budget-friendly build? It'd be great to see a comparison of the cost-effectiveness and benefits of running a homelab versus leveraging free cloud solutions or opting out of a homelab entirely. Keen to see more in-depth content on this-keep up the great work!
Great video! Clear, concise, and fun. Love the content.
Nice work, you nailed it and made it entertaining. I will refer my students to this.
"there is no spoon" Awesome video as always Chuck! I was just in the process of choosing between self-hosted AdGuard and NextDNS
Thank you Chuck! You are an amazing teacher and you make the mundane fun ❤
Just finished my cup of coffee. Now I'm ready for this video!
i dont drink coffee at all and work in IT for 17 years. im an imposter
Really looking forward to PART 2 😁
Perfect timing. I recently took a deep dive into multiple ways to do a MITM attack. DNS spoofing is one of them.
Thank you so much for your content. You offer a lot of young people a perspective.
From one Chuck to another; you rock, dude!
Hey, will you ever do a WiFi 7 video explained similar to the WiFi 6 video? Or have you done one already and I've missed it?
You're the reason I was excited for WiFi 6 and it has now filtered down to my team mates as well who have been helping upgrading our customers.
1. Great job on this explanation! Def helped to better understand DNS! 2. It is funny that Bernard's phone number goes to a McDonalds in San Jose, CA! lol
even back then most people didn't really remember any phone numbers apart from their own, they used phone books (or whatever they were called)
You don't have the Idea how much I Learn from your videos. I'm kid from INDIA, and I request you don't stop it. ❤
I love your teachings it has helped a lot
I just started Network+ I love learning about this stuff
Loved this video! How do you make concepts so easy to understand? .... there is no spoon
I gave in at "Network Chuck from the future here...." 14:13 😂
honestly i hate your coffee breaks but i love your content 😅
I just finished my CNS exam and now i get recommended this vid😂
11:38 Waldo got a glow up. Drippy.
Please make a practical video on each and every protocol you know....❤❤
"Your browser is kind of dumb"
I couldn't agree more (I am forced to use Edge on this borrowed PC)
You have the best tech videos fr
I love the reference from Matrix, one of the reasons why IT fascinates me so much - "there is no spoon"
Yeah CCNA ❤ networking video 🎉❤
Chuck your videos are always top-notch and easy to understand especially with the schematics and your lovely personality but please for the love of god make something that doesn't require a credit card, every time I'm following along with a tutorial I get halfway through then I'd have to sign up with a credit card-- please think of the rest of us who might not have credit cards and aren't from the US
It is crazy to think about DNS files being measured in kbs and a simple txt file. Paul Mockpetris earned his Hall of Fame recognition. The internet is awesome.
Damn bruh, if only teachers in school would teach kids like you do here.... Imagine the possibilities 😯
My stub has been quite resolved, thank you.
Well done, Chuck! 👍
That was a fun little quest
"there is no spoon"
Im a fan of chuck. Really Love you and your contents
“There is no spoon” lol
Check with different domain hosting sites, they won't charge you for WHOIS while some do. Find it irritating they charge for that kind of feature.
5:10 lmao at the *Kokey* reference. 😂
Wait, usually DNS makes my internet NOT work 😂
Your videos are awesome...Can you please share what software/hardware you are using to present your tutorials on the screen (freehand writing) with all the diff colors and stuff. BTW, I'm using a MAC computer. Thanks!
I like network Chuck. And I like his presentation style.
But who is the Bob Ross of cyber security? ;)
Can anyone tell me if the CCNA course with 24 videos on this channel a complete and exhaustive series? Or there are going to be more videos in that playlist??
I am curious about this as well
Loved that old fashioned telephone -> 0:39
I was looking for a comment like this, while I've paused the video at that timestamp 😂 now everyone can call him
DOH is nice. Not enough though. The resolver is still vulnerable if the remote zone is not dnssec enabled. (Also, making your own recursive resolver is cool)
(Also, there is no spoon)
This guy is a pbrush pro that does computer stuff.. Do a perfect circle on a chalkboard next!
There is no spoon. Honestly couldn't have thought of a better secret message myself.
Thanks chuck, i will watch this another 2 times just so that it sticks in my head, the video caught my attention because my pc was asking me about it, at the time i didn't know, so when i saw this i thought ahhh.....nice 1 chuck, so yeah nice one and thanks chuck, oh one more thing....should i continue to use a vpn as well as dns protection ?
Fantastic video for learning!
Yes, indeed it does make the internet work
I wanted to create my own authoritative DNS server but it was kinda scary to configure something then switch it from cloudflare, then wait and pray that my services will work when DNS changes are fully propagated. Now i think i have better understanding of different types records so i think i will do it sometime soon. Anyway where is that spoooon ;D
Yes, "there is no spoon"! Thx for this great lesson!
Something else that's fun with DNS. You can use DNScat to perform data exfil.
mentioned Philippines. Mabuhay Network Chuck! :)
Professor, thank you for your efforts. I am following you and one of your fans. I am a beginner student. If you would be so kind, I would like the correct steps to implement a man-in-the-middle attack on the network and access the devices connected to the network.Thank you very much.
"there is no spoon" available at taco bell, they only have sporks
pro tip: the quickest way to query DNS is through `dig ` (pre-installed on Macs)
I didn't understand a word you said, but I loved it anyway. 😅
The secret message is: "You are awesome! You just queried a TXT record and found this secret message! Take a sip of coffee and give yourself a pat on the back. Post this in the comments to let people know you found it: \"there is no spoon\" " Love your videos, Chuck, keep up the great work.
even cisco umbrella use doh method for their dns activities any way thanks for sharing , great video chunk
Good Explanation bruh👍👍👍👍
"there is no spoon". Thx for the wonderful lesson.
I have Quad9 and security.cloudflare-dns configured using DNS over TLS setup in my router. In case 1 goes down, I have a backup. I figure this protects all devices on my network from 'known' malware. The Asus router uses normal DNS for its checks, I wish it would use the DNS over TLS. But all client traffic uses the DNS over TLS. I know this as I had NextDNS setup for awhile and that was how the traffic looked like in the logs. I also have the non-secure DNS using quad9 and security.cloudflare-dns. In my travel router, I use Cloudflare over TLS. Figure another layer of protection while in a hotel or other unknown network is a good thing.
There is no spoon! Nice video.
the followup video (or perhaps you have already done this one?) : now that I have resolved the DNS address to an IP address, how do I get to the server via the IP address? (basically: part 2)
well i went to your website, and its really cool. Nostalgic arcade theme,
Chuck, would love for you to show us how to self host a DNS server using Quad9 on a Pi-Hole
There is no spoon
Hey Chuck, what brand of T-Shirt is that?
That was very informative.
"You are awesome! You just queried a TXT record and found this secret message! Take a sip of coffee and give yourself a pat on the back. Post this in the comments to let people know you found it: \"there is no spoon\""
There is no spoon
11:00 Add your Root and Intermediate CA on the victim computer, then do ssl strip (Do not Try to bend the spoon[Only if it's yours]). Or just Home/Enterprise SSL inspection :P
xProTip:
remember to check if the certificate is good for a websites like Banks or other that data transported secure way between You and the server matters.
I pronounce "registerer" with the emphasis on "i" and it makes it much easier. If it is wrong - I do not care, I'm not native speaker))
Very informative, as per usual! A couple of questions. If I am connect through a VPN service, like ExpressVPN, are my DNS requests routed through there as well, or are they traveling separately (and therefore exposed) from my actual web traffic. Second question, are your ISPs DNS servers also "recursive" similar to your Google example?
Yes (normally) and yes.
Yellow Pages Book would have been perfect with that old phone 😀
There you are with another awesome video.
Is there anything you can't make easy to understand.
No is probably the answer to that question, but maybe there is one subject, cars, wood...SPOONS!!
Spoon, I'm sure you can't make a spoon interesting, I challenge you.
Great for a review, also meme game strong. About lost it at Mr cool ice 😂
Your viewer here from PH 🙋♂
We need a syslog server tutorial!
GD bless you and family Mr Chuck. Ty, I thank the LORD for filling you w/HIS purpose and your desire to share
Massive security hole in VPNs shows their shortcomings as a defensive measure