Weds., 10 Feb. 2016
I
I
DNS
Examples using dig
DNS: root name servers
v
v
contacted by local name server that can not resolve name
root name server:
§  contacts authoritative name server if name mapping not known
§  gets mapping
§  returns mapping to local name server
c. Cogent, Herndon, VA (5 other sites)
d. U Maryland College Park, MD
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites )
e. NASA Mt View, CA
f. Internet Software C.
Palo Alto, CA (and 48 other
sites)
a. Verisign, Los Angeles CA
(5 other sites)
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)
k. RIPE London (17 other sites)
i. Netnod, Stockholm (37 other sites)
m. WIDE Tokyo
(5 other sites)
13 root name
“servers”
worldwide
Application Layer 2-64
TLD, authoritative servers
top-level domain (TLD) servers:
§  responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
§  Network Solutions maintains servers for .com TLD
§  Educause for .edu TLD
authoritative DNS servers:
§  organization’s own DNS server(s), providing authoritative
hostname to IP mappings for organization’s named hosts
§  can be maintained by organization or service provider
Application Layer 2-65
DNS: a distributed, hierarchical database
Root DNS Servers
…
com DNS servers
yahoo.com
amazon.com
DNS servers DNS servers
…
org DNS servers
pbs.org
DNS servers
edu DNS servers
poly.edu
umass.edu
DNS serversDNS servers
client wants IP for www.amazon.com; 1st approx:
v
v
v
client queries root server to find com DNS server
client queries .com DNS server to get amazon.com DNS server
client queries amazon.com DNS server to get IP address for
www.amazon.com
Application Layer 2-63
Local DNS name server
does not strictly belong to hierarchy
v  each ISP (residential ISP, company, university) has
one
v
§  also called “default name server”
v
when host makes DNS query, query is sent to its
local DNS server
§  has local cache of recent name-to-address translation
pairs (but may be out of date!)
§  acts as proxy, forwards query into hierarchy
Application Layer 2-66
I
Canonical name: the “official” hostname (could be many
aliases)
I
Authoritative server: the “authorized” name server for an
organization, company, school, etc. (Not necessarily the same
as a “local” name server.)
There are several types of DNS entries, called “resource records”;
here are some of the more common ones:
I
A — Address record (for looking up an IP address)
I
CNAME — Canonical name record
I
MX — mail exchange record (identify mail servers)
I
NS — name server record (identify name servers)
I
PTR — used for reverse lookups
2/5
Sample Resource Records
Reverse Lookup of an IP Address: dig -x 141.195.226.25
...
;; ANSWER SECTION:
25.226.195.141.in-addr.arpa. 85338 IN PTR aldenv25.allegheny.ed
Find Mail Servers at Penn State: dig psu.ed MX
...
;; ANSWER SECTION:
psu.edu. 3195 IN
MX 10 tr16g04.aset.psu.edu.
psu.edu. 3195 IN
MX 10 r02a07.cac.psu.edu.
psu.edu. 3195 IN
MX 10 tr12g04.aset.psu.edu.
...
3/5
Sample Resource Records (cont.)
Find Name Servers at U.Mass: dig umass.edu NS
...
;; ANSWER SECTION:
umass.edu. 14400 IN
NS ns1.umass.edu.
umass.edu. 14400 IN
NS ns2.umass.edu.
umass.edu. 14400 IN
NS ns3.umass.edu.
4/5
Sample Resource Records (cont.)
The SOA (start of authority) record “Specifies authoritative information
about a DNS zone, including the primary name server, the email of the
domain administrator, the domain serial number, and several timers
relating to refreshing the zone.” (Wikipedia)
Find SOA Record for Allegheny: dig allegheny.edu SOA +multiline
;; ANSWER SECTION:
allegheny.edu. 85915 IN SOA amdns1.allegheny.edu.
thunter.allegheny.edu. (
2016021201 ; serial
10800
; refresh (3 hours)
3600
; retry (1 hour)
1209600
; expire (2 weeks)
3600
; minimum (1 hour)
)
5/5