And now DNS
DNS (Domain Name System) correlates an IP address to a domain name. For example, 22.214.171.124 is www.microsoft.com. In your Internet Browser Address Bar you can type either and you will be directed to Microsoft's web site. However, www.microsoft.com is much easier to remember than 126.96.36.199 and if at some point in the future Microsoft changes the IP address of its website, typing in www.microsoft.com will still direct you to the right place but typing 188.8.131.52 will not.
This is very important when establishing VPN connections because most ISPs do not provide fixed IP addresses to residential consumers. In most cases IP addresses are allocated from a ‘pool' of addresses managed by a DHCP Server and have a limited life (perhaps seven days). At the end of this period the address record ‘expires' and is normally renewed automatically for a further period. If however, your IP address expires while your Internet Gateway is switched off or there is a disruption in service or a network reconfiguration by your ISP then when the connection is re-established you may be allocated a different IP address. If you are travelling away from home when this happens you will suddenly find that your VPN connection from your laptop in your hotel room to your desktop at home will no longer connect if the connection is reliant upon you entering an IP address. Furthermore, from your hotel room you have no way of discovering your ‘new' IP address (calling your spouse at home in the middle of the night to ask them to have a look in your Gateway for the updated IP address is really not an option for most people).
Fortunately, there is a solution through a service that tracks your IP address and matches it with a domain name. This service is known as Dynamic DNS and involves signing up for an account with a DDNS provider (usually free for residential consumers). You will then be able to choose your own domain name, such as mydomain.dyndns.info. A small software utility installed on your PC (the most recent Internet Gateways have this built in) then tracks your IP address and sends changes to the DDNS provider, who in turn updates your public DNS record. When setting up your VPN connection you can then enter your non-changing DNS address rather than your volatile IP address.
"So all over the world at all times IP addresses are changing and constantly being re-correlated with Domain Names?" Yes. "This sounds like a big task fraught with risk." It is. "So how does it work?" Around the world attached to the Internet are DNS Servers whose sole job is to communicate with other DNS servers and update DNS records. This can take time; perhaps 24 hours before all DNS Servers around the world are updated after a change. So the system is by no means perfect but it is most certainly adequate and it works well providing DNS Servers are properly set up and configured.
Associated with the IP address of a particular computer are one or more IP addresses of DNS Servers. Your PC will communicate with these servers to ‘look up' the IP address of a particular Domain Name or to look up the Domain Name of a particular IP Address.
Since all DNS servers can never contain all the world's DNS records, DNS Servers are configured to ask other DNS Servers for information they do not know. In turn those DNS Servers will be configured to ask others, and so on. This is known as DNS forwarding and the servers receiving the request from other DNS Servers are called DNS Forwarders.
Below is the IP configuration record for one of my PCs, which displays:
Indicates that my IP address was provided by a DHCP Server.
My current IP address.
Controls what parts of a subnet I can communicate with and what parts I cannot (don't worry too much about this).
The Default Gateway for my network, which is the path to the Internet and other Networks.
The IP Address of the Server that provided all the IP information above.
The IP addresses of DNS Servers my PC will contact in turn to request a ‘look-up'.
The record also shows when I obtained my IP address ‘lease' and when this will expire.
Don't worry about the ‘WINS Server' entries; I have these on my network because I'm mental (according to my wife) and still play with PCs that operate with Windows 98 and Windows 3.11 that don't properly support DNS.
Also, you may be wondering why I appear to have two ‘Default Gateways'; surely this is an oxymoron (or is it a dichotomy)? Anyway, this is a ‘trick' I use; in the event that my Default Gateway is unavailable (that is, bust) as indicated by a loss of Internet connectivity, I can reboot my PC and automatically be assigned the alternative ‘Default Gateway'.
So, those are the fundamentals; now we're ready to start exploring VPN...