1

Topic: The request to DNS - goes a name of the domain or all link?

I ask the help, specification is necessary, in what type there is a request of resolution of a name to DNS. Admit I follow the link https://www.avito.ru/moskva/kvartiry On DNS goes only "avito.ru" or completely "https://www.avito.ru/moskva/kvartiry"?

2

Re: The request to DNS - goes a name of the domain or all link?

Hello, BurningInside, you wrote: BI> I Ask the help, specification is necessary, in the cook a type there is a request of resolution of a name to DNS. BI> Admit I follow the link https://www.avito.ru/moskva/kvartiry On DNS goes only "avito.ru" or completely "https://www.avito.ru/moskva/kvartiry"? Only "avito.ru" All remaining - already  on a server in which the DNS-inquiry was resolved (for behind the domain there can be a farm with a policy round robin or load factor or something else, can be anycast with a choice of the server nearest topologically, etc.).

3

Re: The request to DNS - goes a name of the domain or all link?

Hello, Mr. Delphist, you wrote: MD> Hello, BurningInside, you wrote: BI>> I Ask the help, specification is necessary, in the cook a type there is a request of resolution of a name to DNS. BI>> Admit I follow the link https://www.avito.ru/moskva/kvartiry On DNS goes only "avito.ru" or completely "https://www.avito.ru/moskva/kvartiry"? MD> only "avito.ru" MD> All remaining - already  on a server in which the DNS-inquiry was resolved (for behind the domain there can be a farm with a policy round robin or load factor or something else, can be anycast with a choice of the server nearest topologically, etc.). Then one more question. If to me the hacker registers on a router left false DNS - whether he sees links on which I walk? Or only domains and all? Though it is clear - directs on the left address and there already receives the full link. It would be desirable to specify.

4

Re: The request to DNS - goes a name of the domain or all link?

Hello, BurningInside, you wrote: BI> Then one more question. If to me the hacker registers on a router left false DNS - whether he sees links on which I walk? Or only domains and all? Though it is clear - directs on the left address and there already receives the full link. It would be desirable to specify. Only domains. But they happen are very eloquent.

5

Re: The request to DNS - goes a name of the domain or all link?

Hello, Pzz, you wrote: Pzz> Hello, BurningInside, you wrote: BI>> Then one more question. If to me the hacker registers on a router left false DNS - whether he sees links on which I walk? Or only domains and all? Though it is clear - directs on the left address and there already receives the full link. It would be desirable to specify. Pzz> only domains. But they happen are very eloquent. No. At first we give pseudo-DNS the domain. Then us direct on a phishing resource, on which: MD> All remaining - already  i.e. receives the full link. Which can be written down in broad gulls both etc. and etc. I so I understand.

6

Re: The request to DNS - goes a name of the domain or all link?

Hello, BurningInside, you wrote: BI> Is not present. At first we give pseudo-DNS the domain. Then us direct on a phishing resource, on which: MD>> All remaining - already  BI> i.e. receives the full link. Which can be written down in broad gulls both etc. and etc. I so I understand. Well. At first  only the domain through DNS. If the dns-server belongs to the malefactor it can send the address of any server to the answer. Your browser then installs with this server connection on https protocol (as at you in the link it is specified) and in a message body transfers host name and a way (well, roughly speaking, the link). Certainly, if it is the server of the malefactor it can it . And certainly for this purpose it needs at least to be able to show the entrusted certificate. Therefore if also you, and the server use key pinning it will be protected from such attack partially probably: The malefactor receives the domain address (as supervises the dns-server), but cannot read request contents (where the remaining part of the reference is found).

7

Re: The request to DNS - goes a name of the domain or all link?

Hello, watchmaker, you wrote: w> Your browser then installs with this server connection on https protocol (as at you in the link it is specified) and in a message body transfers host name and a way (well, roughly speaking, the link). A domain name - yes, in an open type. The link, as part HTTP of request, is transferred already only after setting TLS of connection, which will not be installed, since the malefactor (in the theory) does not have necessary key - actually from what httpS and it urged to protect.  on Yandex. A disk

8

Re: The request to DNS - goes a name of the domain or all link?

Hello, Anton Batenev, you wrote: AB> which it will not be installed, since the malefactor (in the theory) does not have necessary key - actually from what httpS and it urged to protect. If it is used key pinning - that difficult. In remaining cases the malefactor does not need to get access to the present private key, it is enough to it to let out new (which satisfies the client to the formal signs), and the client joyfully installs "the protected" connection. Yes it even everywhere meets in practice for more or less useful activity: half of offices and antiviruses put the entrusted root certificate on the machines and have an opportunity to sign any https sites. But I, of course, agree that it not absolutely trivial action.

9

Re: The request to DNS - goes a name of the domain or all link?

Hello, BurningInside, you wrote: BI> i.e. receives the full link. Which can be written down in broad gulls both etc. and etc. I so I understand. In case of HTTPS so it does not turn out. Besides, is still DNSSec, but it is not used yet everywhere.

10

Re: The request to DNS - goes a name of the domain or all link?

Hello, BurningInside, you wrote: BI> I Ask the help, specification is necessary, in what type there is a request of resolution of a name to DNS. BI> Admit I follow the link https://www.avito.ru/moskva/kvartiry On DNS goes only "avito.ru" or completely "https://www.avito.ru/moskva/kvartiry"? The request for www.avito.ru - so, not avito.ru, it in essence is sent.

11

Re: The request to DNS - goes a name of the domain or all link?

Hello, netch80, you wrote: N> the request for www.avito.ru - so, not avito.ru, it in essence Is sent. And here if to write without www often browser itself philosophizes.

12

Re: The request to DNS - goes a name of the domain or all link?

Hello, Ops, you wrote: N>> the request for www.avito.ru - so, not avito.ru, it in essence Is sent. Ops> and here if to write without www often browser itself philosophizes. Did not note such on one browser. www and without www it is two different sites (more often, of course, one, but it is not mandatory), the browser here to philosophize has no right, it is possible to write safely . Most likely on the site there is a redirect with avito.ru on www.avito.ru, here this redirect probably can remember the browser.

13

Re: The request to DNS - goes a name of the domain or all link?

Hello, vsb, you wrote: vsb> did not note such on one browser. www and without www it is two different sites (more often, of course, one, but it is not mandatory), the browser here to philosophize has no right, it is possible to write safely . Most likely on the site there is a redirect with avito.ru on www.avito.ru, here this redirect probably can remember the browser. Not, so, anyway . If does not find a site without www tries with it. Try any fgddsafnlk.ru and look at an error.

14

Re: The request to DNS - goes a name of the domain or all link?

Hello, Ops, you wrote: Ops> Not, so, anyway . If does not find a site without www tries with it. Try any fgddsafnlk.ru and look at an error. Well is not present, this another all such something. Some browsers in case of an error generally send to search, some show popular sites with a similar spelling on a case of a possible misprint (besides independently walking in search), some show beautiful pictures. But all this amateur performance is a result of handling of an error when already anything except dns-error to show to the user it is impossible. But the first request goes as was primary without any modifications (well besides if the browser did not receive on it  once earlier the code 301 moved permanently or something similar). If it not so it really should be considered and  as a bug.

15

Re: The request to DNS - goes a name of the domain or all link?

Hello, netch80, you wrote: N> the request for www.avito.ru - so, not avito.ru, it in essence Is sent. Yes. Subdomains is present at request. Glanced in the broad gulls: 20:26:42.145407 IP 192.168.0.15.37724> google-public-dns-a.google.com.domain: 30452 + A? XXXX.YYY.ZZZZZZZ.amazonaws.com.