Wikipedia:Reference desk/Archives/Computing/2016 November 14

= November 14 =

If a DNS server is under attack, can I still connect through typing the IP
Provided I know the IP of a web-site, but the DNS server is down due to a DoS attack, can I still connect to it? Llaanngg (talk) 03:06, 14 November 2016 (UTC)
 * It depends on how the web service is configured for the specific website. It can be configured to serve up a website without needing the domain name, but there are a large number of websites that do require the domain name. When you type a domain name in your web browser, the domain name is sent to the web server using the Host header via the HTTP protocol. This allows one web server to host many different websites on the same IP address. See virtual hosting. A web service can be configured to not require the host header, but you'll find more than not that you'll need the domain name. Alternatively you could put the IP address and domain name in your hosts file and still connect to the website without your DNS server. The hosts file will overwrite any DNS. The bad thing about this though is by overwriting the default DNS behavior you could potentially be disabling any failover or CDN systems the site put in place. You can also run your own caching DNS server or change to different DNS server(s) that aren't offline. Google offers alternative DNS servers you can use, there are also a number of other services that offer alternative DNS servers you can use. Offnfopt (talk) 04:07, 14 November 2016 (UTC)
 * Edit: Is your question regarding a specifc websites DNS being attacked or your own internet providers DNS being under attack? Offnfopt (talk) 04:13, 14 November 2016 (UTC)


 * A possible point of confusion... A website doesn't have a DNS. If you connect to the Internet with SuperCom, you will use SuperCom's DNS server to change a URL, such as "wikipedia.org" into an IP address. If you connect to the Internet with FreeNet, you will use FreeNet's DNS server to change a URL to an IP address. If you connect to the Internet with MyInternet, you will use MyInternet's DNS server to change a URL to an IP address. The point is that while the DNS server you use may be under attack, the DNS server someone else uses may not be under attack. So, you can't down a website for everyone using a DoS attack on one DNS server. You'd have to hit all of them - and there are millions of them. But, supposing that the DNS server you use is under attack, you have the option to use and DNS server you like if you know how to alter your network settings. I personally don't use my ISP's DNS server because it is very slow. You can also, as you mentioned, use the IP address directly. But, assuming it is a web page you want to get, you should expect it to contain many embedded URLs, all of which have the chance of requiring DNS resolution. So, while you get to the initial web page, the contents of the web page might not load. 209.149.113.4 (talk) 14:55, 14 November 2016 (UTC)
 * 209.149.113.4, Your statement is not entirely true. A domain names DNS is handled by a number of DNS servers, if you take down those DNS servers the information cached in other DNS servers will expire, so other DNS servers like your ISP DNS server will no longer have the IP information to send their users. There are various methods to take to make it harder to take down the DNS for a specific domain, but it is definitely possible and has been done in the past. Offnfopt (talk) 15:55, 14 November 2016 (UTC)
 * You already demonstrated that you were not qualified to answer my theoretical CS question, and you also show that you're not qualified to answer this applied CS question either. An attack on the authoritative name servers can most definitely cause a DNS outage, since most caching servers don't cache entries for long - the 2016 Dyn cyberattack is a great example of that. It's also technically incorrect that you're using DNS to change a URL to an IP address. It's the domain name that you change to an IP address - the domain is only one part of the URL. "A website doesn't have a DNS" - this is false for most large websites, most large websites definitely do have their own authoritative DNS servers for their own domains.
 * The answer for the OP is "yes" for the most part, but embedded content does require more resolutions in general. A complication to consider is when multiple websites under different domains are hosted on a single server, which is common with shared hosting services. In that case, just typing in an IP address won't tell the server enough information to give the right content.--Jasper Deng (talk) 17:38, 14 November 2016 (UTC)


 * Where in the HTTP protocol does a server have the ability to tell a client to use a specific DNS? That is an absolute requirement for a website to have its own DNS. I am NOT referring to a web server having a configured DNS. I am referring to a website having a DNS that is attached to that website and if that DNS goes down, then the website is unreachable. I am not referring to function. I am referring to response. Without DNS, the website will not respond. Without that, I can use whatever I DNS that I like to access any website that is listed in the DNS of my choosing. I can even run DNS on my own computer. If you feel the need to claim that "somesite.com" has a requirement that a specific DNS be used, then prove it.
 * The only remotely reasonable claim made is that if a DoS attack lasts an extremely long time, an entry in a DNS database might expire. But, what happens when an entry expires? Is it deleted? Not in any DNS servers that I maintain. They make a request for updates. Under a DoS attack, the request for update will go unfulfilled and the existing DNS entry will be retained until the next expiration. That is how DNS databases hold DNS entries for websites that don't exist with domain names that aren't registered to anyone. They simply retain the expired IP until (usually) the original registrar sends out a change to point them to some sort of "get domain names here" advertisement page. Do you have proof that the standard for DNS is to haphazardly delete all entries when they expire?
 * Finally: This is not some sort of scholarpedia. Bringing up qualifications is vulgar and unwanted. You do not know my qualifications and I do not know yours, other than your expertise in ad hominem. 209.149.113.4 (talk) 18:29, 14 November 2016 (UTC)
 * Then please tell me what an authoritative name server is and how DNS resolution works. I don't think you understand either of those concepts.
 * My concern is simply that you give accurate answers, or concede that "I may be wrong, this is not my field of expertise". I may be wrong about your qualifications, but the onus is on you to not give misleading answers. And in response to your question about the HTTP protocol, see virtual hosting.--Jasper Deng (talk) 19:31, 14 November 2016 (UTC)


 * The authoritative name server is, in the context of this discussion, a domain name server. It translates domain names to an IP address. The authoritative entries are configured by an administrator. It will likely maintain cache copies of non-authoritative entries. When registering a domain name, you will set the DNS authority, or the authoritative name server. If a local cache for a domain name expires, a request will be sent to the authority for an update. My point is that if the authority is down, the cache copy is not automatically deleted. It is maintained and a request is repeated at a later time. We can muddy this up a great deal by discussing WAN and LAN DNS and even personal or dark web DNS. I do not see a benefit. The only important point here is that whatever DNS you use, the cache copy of the domain-to-IP entry is there, even if it expires. The expiry isn't a "must be deleted" time. It is a "request a new copy" time. Further, DNS servers are under no obligation to use the time-to-live value provided by the authority. If the authority says TTL is 1 day, the DNS server can opt to use 1 hour or 1 month.
 * I can use your example to show this. You mentioned the Dyn attack. I am on the East coast. It was affected by the Dyn attack. Why? Many of the large ISPs on the East coast use Dyn for DNS services. So, if you use Bellsouth or Charter or AT&T, you were likely using the DNS they set for you. If that DNS was Dyn, you lost DNS services (technically, they were just very very slow, not completely lost). So, the user claimed that the Internet was down when really it was DNS was down. I use this example because I am on the East coast. The university system was having spotty services. Light-rail services (a special ISP) worked but most services (most of the Internet) did not. For me, everything worked. I set my computer to use DNS servers in California. So, I was still able to access Twitter, Facebook, or any other popular website. Taking down Dyn did "essentially" take down the Internet for a lot of users, but it didn't really take down the Internet at all. It had the effect of doing so.
 * As for the original question... If a user tried to go to 31.13.65.36 during the Dyn attack (and the user was using Dyn DNS), they would certainly get a response from Facebook. They would likely not get a complete web page. Advertising would likely be broken. Style sheets and Javascript would be missing. It would show something. It wouldn't be down. I would describe it as broken.
 * I was initially unsure why you are bringing virtual hosting into this discussion. This is a good argument. The most common form of virtual hosting is domain-based hosting. The web server detects the domain name and serves a page based on the domain name. If you manually enter the IP address, you will get the default website because there is no domain to use. But, the website is on the server and you can reach it. You just need to know more information, such as the website is in vhosts/somedomain.com/. Therefore, this is a case where using the IP address will risk getting the wrong website because a domain name was not used. 209.149.113.4 (talk) 20:03, 14 November 2016 (UTC)
 * As for keeping of cached entries, my point is not that this is required behavior; like you said, it's far from that. However, my organization's local caching name server, as well as Google's public ones (8.8.8.8 and one other; I use the former), did not preserve the affected records during the Dyn attack, and other caching servers I tried did not either. Rather, there is no guarantee that name servers will cache the records in general; you have to know that about the specific server you're using. Technically, however, if the authoritative name servers are down, then a domain's records can't be looked up iteratively from the root, and we have no way of knowing for sure if that domain actually exists.
 * By the way, it confuses me when you say a website "has a DNS". I assumed you meant "has a DNS server". If that is not correct then you need to clarify that.--Jasper Deng (talk) 23:48, 14 November 2016 (UTC)


 * The original question states that in the hypothetical situation, a user knows the IP address for a website, but "the DNS" is down. What DNS? The question has a "possible point of confusion" that I mentioned. There are people (and I have met many of them) who do not understand what DNS is. They only know that you need DNS to get to a website and, therefore, think that if you go to Facebook, you use Facebook's DNS. If you go to Google, you use Google's DNS. If you go to Wikipedia, you use Wikipedia's DNS. From there, it isn't a major leap to think that someone can DoS Facebook's DNS and take down the Facebook website. That leads to the question... If "the DNS" is down, can you get to the website using the IP address? I do not personally see the need to go into authoritative name servers, time-to-live caching, and virtual hosting to clear up that specific point of possible confusion. 209.149.113.4 (talk) 14:27, 15 November 2016 (UTC)


 * The question might be ambiguous regarding the DNS server(s). But I assume it's clear that it is about connecting with the IP only, and no DNS access.Llaanngg (talk) 17:03, 15 November 2016 (UTC)

More Excel help: marking only some of the duplicates
I have a two-column chart; most cells in column A are filled with "1", and the remainder with "2". The cells in column B have widely differing values. For example: I'm trying to write a formula (putting it in the now-unused column D) that will return a result if A=2, and when that's the case, it gets the value in B, finds all the other lines with identical results in B, and places a piece of text in the now-unused column C for all lines where this is the case. In my example text, it would mark lines 1-2 (it finds that A2's value is "2", sees that B2's value is "aa", and notes that A2's value is identical), ignore lines 3-5 (there's no A=2 here), mark lines 7-9 (ditto from 1-2), and I don't care what it would do with line 6, because there are very few spots where A=2 has a unique B value, and I'm setting this up for manual review. I've done a sort by B-then-A values to ensure that a line with A=2 always appears below the lines with A=1 when the B values are identical. The ideal result would be: I'm familiar with the IF and AND functions, but I don't know how to get a function that finds a group of identical values (without knowing how many there will be) and does something with the lines containing them. I can't simply use the conditional formatting feature and mark all of the duplicates, because that would cause lines 4 and 5 (in my example) to be marked, and I'm doing my best to ignore lines with A=1 when their B values aren't shared with lines where A=2. In a smaller table, I could do the whole thing manually (CTRL+F, go to each A=2 line in turn, and see if it shares a B value with nearby A=1 lines), but there are nearly 850,000 lines in the whole table. Nyttend (talk) 15:57, 14 November 2016 (UTC)
 * 1) 1 aa
 * 2) 2 aa
 * 3) 1 bb
 * 4) 1 cc
 * 5) 1 cc
 * 6) 2 dd
 * 7) 1 ee
 * 8) 1 ee
 * 9) 2 ee
 * 1) 1 aa  x  [formula]
 * 2) 2 aa  x  [formula]
 * 3) 1 bb      [formula]
 * 4) 1 cc      [formula]
 * 5) 1 cc      [formula]
 * 6) 2 dd      [formula]
 * 7) 1 ee  x  [formula]
 * 8) 1 ee  x  [formula]
 * 9) 2 ee  x  [formula]
 * I hate to be "that guy", but what you are doing looks awfully like you would need a "real" programming language and are reaching the limits of Excel. Consider switching to (for example) Python (programming language) (which is free as a beer and as speech, and has portable executables (i.e. you can download it and use it without the need for admin rights to install it)). Of course, you will then need to learn a bit about loops, conditional statements, and file input/output.
 * Among languages, Excel should ship with the ability to write and execute VBA (i.e. "macros"), but the only good reason to use it would be if you already have Excel-specific formatting in place in the file. (And if you do, you are using a 850,000-line-long file for presentation purposes, which somehow looks wrong). Tigraan Click here to contact me 17:19, 14 November 2016 (UTC)
 * I've already been on the verge of buying MacroExpress; it would take a little while, but it could do this task a good deal faster than running it manually, and it wouldn't require learning any programming whatsoever, since I'm already familiar with it. You're giving me even more reason to do what I was already considering.  Thanks!  Nyttend (talk) 22:10, 14 November 2016 (UTC)

I'm not sure I've really understood your explanation, but I can do what's required with an extra column. Consider this setup:
 * Column A exists as you have it.
 * Column B exists as you have it.
 * Column C has a formula in it that reads like this =IFERROR(VLOOKUP(B1,D:E,2,FALSE),"") (this is the formula for cell C1).
 * Column D has a formula in it that reads like this =IF(A1=2,B1,"") (this is the formula for cell D1).
 * Column E is simply a continuous column of x's (or whatever you want the identifying mark to be).

Column D checks to see if the condition of whether column A has the value of 2 is met and returns the B column value. Column C then uses this to act as an anchor for its lookup function. When I tried it, it returned exactly the findings of your example, but more complicated values might take a little tweaking. Matt Deres (talk) 02:28, 15 November 2016 (UTC)