coffee-20120618-1 - SPARCS
advertisement
DNS & BIND
SPARCS 12
coffee
ara.kaist.ac.kr
143.248.234.103
ara.kaist.ac.kr
143.248.234.103
DNS
• Domain Name System
– Hierarchical distributed naming system
– Translate b/t two principal namespaces
• domain name hierarchy
• Internet Protocol(IP) address
– Maintains the domain name hierarchy
www.example.com
domain name hierarchy
192.0.43.10 (IPv4)
2620:0:2d0:200::10 (IPv6)
IP address
Architecture of DNS
Domain Name Space
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
Sub domains(…)
ara
otl
moodle
jp
Domain Name Space
Root
Top Level Domain
com
org
net
kr
us
co
ac
go
DNS is maintained by a
distributed database system
Second Level Domain
google
naver
kaist
Sub domains(…)
ara
otl
moodle
jp
Domain Name Space
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
Sub domains(…)
ara
otl
Each node or leaf in the tree has zero or
more resource records.
moodle
jp
Domain Name Space
Sub domain
Top level
http://www.example.co.kr/
Sub domain
Second level
Label : letter(a-z or A-Z), digits(0-9), hyphen(-), cannot use hyphen in first letter
Each label may contain up to 63 characters.
The full domain name may not exceed a total length of 253 characters
in its external dotted-label specification.
Domain name consists of one or more labels
Each label is delimited by dots
This tree of subdivisions may have up to 127 levels.
TLD(Top Level Domain)
• 일반 도메인(generic domain, gTLD)
– com, net, org, info, …
• 국가 도메인(country code domain, ccTLD)
– kr, us, eu, jp, …
• 인터넷 인프라 도메인(infrastructure
domain)
FQDN(Fully Qualified Domain Name)
• 도메인 네임을 루트 도메인으로부터 시작
하는 전체 이름의 표기를 사용한 것.
• 끝에 root domain의 null label까지 완전히
표기(끝에 .으로 끝남)
– ara.kaist.ac.kr (x)
– ara.kaist.ac.kr. (o)
PQDN(Partially Qualified Domain Name)
• Label doesn’t end with null string.
• 시스템 기본 도메인이 kaist.ac.kr일 경우
www.example.co.kr은
www.example.co.kr.kaist.ac.kr로 해석될 수
있다.
• Resolver가 www.example.co.kr.(FQDN)으
로 해석하여 name server에 전달 -> 없으
면 www.example.co.kr.kaist.ac.kr로 전달
DNS zone
DNS zone
• Portion of a domain name space.
kaist.ac.kr zone
ac.kr zone
kaist.ac.kr
s
aaaaaaaaa
ara.kaist.ac.kr
otl.kaist.ac.kr
moodle.kaist.ac.kr
ac.kr
postech.ac.kr zone
aaaaaa
www.postech.ac.kr
postech.ac.kr
library.postech.ac.kr
Resource Records
Resource Records(RR)
• Name – Domain name as key index
• TTL – Time to Live on cache table
• Class – only IN(internet)
• Type – A-1, NS-2, SOA-6, etc.
• RDATA – Raw data, depends on the type
Resource Records - Types
Type
Code
의미
A
1
A host address 32bit IPv4 주소
AAAA
28
IP6 address 128bit IPv6 주소
NS
2
An authoritative name server 네임서버 도메인 네임 지정
CNAME
5
The canonical name for an alias Alias 도메인 네임 지정
SOA
6
Marks the start of a zone of authority Zone의 속성 정보 지정
MX
15
Mail exchange 메일서버의 도메인 네임 지정
http://en.wikipedia.org/wiki/List_of_DNS_record_types
Resource Records
DNS protocol
Section
Header
Question
Answer
Value
Metadata
The question for the name server
RRs answering the question
Authority
RRs pointing toward an authority
Additional
RRs holding additional information
Querying
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
google.com?
Sub domains(…)
ara
otl
jp
moodle
Querying
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
google.com?
Sub domains(…)
ara
otl
jp
moodle
Querying
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
google.com?
Sub domains(…)
ara
otl
jp
moodle
Querying
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
kaist
google.com?
Sub domains(…)
ara
otl
jp
moodle
Update
Root
Top Level Domain
Second Level Domain
Sub domains(…)
com
google
org
naver
net
kr
us
co
ac
go
new resource record
(sparcs.kaist.ac.kr)
kaist
ara
otl
moodle
jp
Update
Root
Top Level Domain
Second Level Domain
com
google
org
naver
net
kr
us
co
ac
go
jp
kaist
Sub domains(…)
ara
otl
moodle
sparcs
sudo apt-get install dnsutils
Hosts?
• windows/system32/drivers/etc/hosts
• /etc/resolv.conf – in Linux
dig(domain information grouper)
• dig [@global-server] [domain] [q-type]
{q-opt} …
• Ex) dig @ns.kaist.ac.kr otl.kaist.ac.kr A
nslookup
BIND?
• Berkeley Internet Name Domain
• 현재 전 세계에서 가장 많이 사용되는
DNS용 응용프로그램
• 1980년대 초 UC Berkeley 대학원생 4명에
의해 시작됨
BIND
• BIND 4 by the Computer Systems
Research Group(CSRG) at UC Berkeley.
• BIND 8 by the Internet Systems
Consortium(ISC)
• BIND 9 was released in September 2000
master & slave?
• 같은 내용을 가진 두 개 이상의 DNS 서버
를 운영하는 경우
• slave가 master로부터 일정한 주기마다 데
이터를 가져오도록 설정할 수 있음
• zone에 따라 한 서버가 master일 수도,
slave일 수도 있음
RDATA of SOA
• mname – 해당 zone의 primary master
name server domain name
• rname – zone을 관리하는 관리자 이메일
• serial – zone의 변경에 따른 버전번호 정
보 필드(YYYYMMDDNN)
• refresh, retry, expire – 변경여부 확인, 갱
신 재시도, 유효기간
• minimum – dafault TTL
NS, A
• @
IN
• coffee IN
NS ns.mazic.org.
A
134.248.234.103
sudo apt-get install bind9
이걸 보고 따라하면 됩니다
•
•
•
•
스팍스 서버에 /etc/bind/에 있는
named.conf
sparcs.conf
db.SPARCS.ORG
db.SPARCS.ORG
db.SPARCS.ORG
해보자!
• 각자의 휠 세미나 실습 서버에 DNS서버를
구현해보자!
• (자기ID).wseminar#.sparcs.org로 연결하면
아라가 뜨게 해보자 ㅋ
Reference
SPARCS seminar – hodduc - 20100705
SPARCS seminar – boolgom – 20110629
SPARCS seminar – gangok – 20110701
http://en.wikipedia.org/wiki/Domain_Nam
e_System
• http://dns.kisa.or.kr/kor/main.jsp
•
•
•
•
– DNS서버운영지침서.pdf
Reference
• http://blog.naver.com/une4535?Redirect=
Log&logNo=140055620130
• http://www.freesoft.org/CIE/Topics/77.htm
