NYC Mesh Docs

Domain name resolution (DNS)

Edit on GitHub

Last updated August 30, 2019 by Meitar M

The Domain Name System (DNS) is a mechanism by which domain names, such as nycmesh.net, are translated to IP addresses, such as 104.198.14.52. By asking questions of a DNS server, you can find out the network address belonging to a computer that has a given name, much like looking up a phone number for your friend in an address book application (or “yellow pages,” back in the day). This process in which a name is translated to an address is called name resolution.

NYC Mesh operates a public domain name resolution service (DNS server) for anyone in the world at 199.167.59.10. It performs no logging of domain name queries and no filtering of query responses. It is configured as a recursive resolver, meaning that if you ask it a question to which it does not already know the answer, it will look up the answer for you by asking other DNS servers that it knows about. In the following example, we use the nslookup command-line tool to ask NYC Mesh’s public DNS resolver for the IP address of google.com (shown as line 1), and receive an answer from it (shown in lines 5 through 7):

1$ nslookup google.com 199.167.59.10
2Server:         199.167.59.10
3Address:        199.167.59.10#53
4
5Non-authoritative answer:
6Name:   google.com
7Address: 172.217.12.142

This name resolution procedure is something your computer usually does for you automatically whenever you use a domain name anywhere within a program, such as a Web browser’s location bar.

Public resolution of private IP addresses

In addition to resolving publicly accessible domains, the NYC Mesh public DNS resolver will also provide the private IP addresses of NYC Mesh’s intra-mesh services that have been registered with our internal DNS service.

Intra-mesh services are sometimes given domain names that end in .mesh in order to make them easier for NYC Mesh members to remember and access. Only computers that are connected to NYC Mesh’s mesh network can connect to these “dot-mesh domains,” but their names and IP addresses are available to the public via the public DNS resolver. To look them up, append .nycmesh.net to the intra-mesh service’s domain name.

For example, our internal DNS server is given the dot-mesh domain name, dns.mesh, but thanks to the public DNS resolver, it is also available at dns.mesh.nycmesh.net:

1$ nslookup dns.mesh.nycmesh.net 199.167.59.10
2Server:         199.167.59.10
3Address:        199.167.59.10#53
4
5Non-authoritative answer:
6Name:   dns.mesh.nycmesh.net
7Address: 10.10.10.10

Notice on line 7 that the answer we received from the public DNS resolver was a private IP address (10.10.10.10). This means that unless we are connected to the NYC Mesh network itself, we won’t actually be able to speak directly to this computer. However, if we are connected to the NYC Mesh network ourselves, then we can access this same computer at both of its names: dns.mesh and dns.mesh.nycmesh.net.

This is an unofficial copy of the NYC Mesh Docs website published and maintained by fabacab on GitHub. There are likely differences, possibly many, between this copy and the official Docs site, but the author prefers this version over the official version. This copy remains here so long as there are major differences between the two copies so that you can read the version that you prefer.