Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DNS & PNRP

advertisement 
Name Resolution in Windows Server 2008 (R2)
DNS & PNRP
Name Resolution Overview
 NetBIOS name resolution
 Host name resolution
 Peer Name Resolution
Name Resolution Overview
 NetBIOS name resolution
* Originally a broadcast-based NR protocol
in PC-LAN & LM networks on top of NetBEUI
* Based on single-label names (non-hierarchical)
* Uses lmhosts (static) files, broadcasts and
WINS (NBNS) servers in TCP/IP networks
 Host name resolution
* Original ARPANET (Internet) NR protocol
* Based on multi-level names (hierarchical)
* Distributed database model
* Uses hosts (static) files and DNS Servers
Name Resolution Overview
 Peer Name Resolution
* Strictly for IPv6 addresses
* Distributed and serverless protocol
* Real-time updates
* Adresses computers, ports and services
* Unsecured or secured with PK-cryptography
Protocol stack comparison
NetBIOS Interface
WinSock Interface
SMB
A
SMB, CIFS, HTTP
P
S
NetBEUI
(NBF)
T
IP
N
D
P
TCP UDP
LLC
MAC
802.n
ARP, PPP, xDLC
802.n
medium
medium
Broadcast NR Traffic
Unicast NR Traffic
Protocol stack comparison
NetBIOS Interface
WinSock Interface
NBT
SMB
A
SMB, CIFS, HTTP
P
NetBIOS over
TCP/IP helper
S
T
TCP UDP
N
IP
D
ARP, PPP, xDLC
802.n
LLC
MAC
medium
P
Broadcast NR Traffic
Unicast NR Traffic
Internet DNS Namespace
“ “ root
a.root-servers.net
b.root-servers.net
c.root-servers.net
d.root.servers.net
e.root-servers.net
f.root-servers.net
g.root-servers.net
“13” root-servers.net
…
l.root-servers.net
m.root-servers.net
.org
.com
.edu
gTLD’s
generic Top Level Domains
Second Level
Domains
Third Level
Domains
.yale
.ucla
.gov
.mit
.law
.math
.physics
.int
.mil
.net
.army .airforce .navy
Internet DNS Namespace
“ “ root
a.root-servers.net
b.root-servers.net
c.root-servers.net
d.root.servers.net
e.root-servers.net
f.root-servers.net
g.root-servers.net
“13” root-servers.net
…
l.root-servers.net
m.root-servers.net
.org
.com
.edu
gTLD’s
generic Top Level Domains
Second Level
Domains
Third Level
Domains
.yale
.ucla
.gov
.mit
.law
.math
.physics
.int
.mil
.net
.army .airforce .navy
Internet DNS Namespace
“ “ root
a.root-servers.net
b.root-servers.net
c.root-servers.net
d.root.servers.net
e.root-servers.net
f.root-servers.net
g.root-servers.net
“13” root-servers.net
…
l.root-servers.net
m.root-servers.net
.org
.com
gTLD’s
.edu
generic Top Level Domains
.gov
.int
.mil
.net
ISO 3166 country codes
.be
.fr .de
.nl .jp
.il .ru .tw .tv
.nu .au
.gb
Internet DNS Namespace
“ “ root
a.root-servers.net
b.root-servers.net
c.root-servers.net
d.root.servers.net
e.root-servers.net
f.root-servers.net
g.root-servers.net
“13” root-servers.net
…
l.root-servers.net
m.root-servers.net
.org
.com
gTLD’s
.edu
generic Top Level Domains
.gov
.int
.mil
.net
ISO 3166 country codes
.be
ccTLD’s
Country code
Top Level Domains
.fr .de
.nl .jp
.il .ru .tw .tv
.nu .au
.uk
Recursive query
“13” root-servers.net
“ “ root
http://www.amazon.com
?
Root hints
202.12.27.33
m.root-servers.net.
l.root-servers.net.
k.root-servers.net.
j.root-servers.net.
i.root-servers.net.
h.root-servers.net.
g.root-servers.net.
f.root-servers.net.
e.root-servers.net.
d.root-servers.net.
c.root-servers.net.
b.root-servers.net.
a.root-servers.net.
198.32.64.12
193.0.14.129
198.41.0.10
192.36.148.17
128.63.2.53
192.112.36.4
192.5.5.241
192.203.230.10
128.8.10.90
192.33.4.12
128.9.0.107
198.41.0.4
.com
Cached? … No!
Own zone? … No!
.amazon
Cached? … No!
Ask my DNS server
www
Iterative query
“13” root-servers.net
“ “ root
http://www.amazon.com
?
www.amazon.com?
amazon.com NS = 93.151.75.200 !
.com
.amazon
www
Recursive response
“13” root-servers.net
“ “ root
http://www.amazon.com
?
www.amazon.com?
amazon.com NS = 93.151.75.200 !
.com
.amazon
www
Recursive response
“13” root-servers.net
“ “ root
http://www.amazon.com
?
.com
Cached: www.amazon.com = 93.181.75.13
TTL = 3600
.amazon
www
Domain vs. Zone
 Domain is a node in the Internet namespace
 Root domain is largest domain
 Zone is a file that contains records for a
domain with or without child domains
 Zones can only contain contiguous domains
 Child domains can be delegated to separate
DNS servers (=zone delegation)
Domain vs. Zone
“.” (root)
.com Domain
.microsoft Domain
Root Domain
Domain vs. Zone
“.” (root)
Domain vs. Zone
“.” (root)
Single contiguous DNS zonefile
contains all records for domains:
microsoft.com
one.microsoft.com
technet.microsoft.com
msdn.microsoft.com
mcp.microsoft.com
update.microsoft.com
support.microsoft.com
Domain vs. Zone
“.” (root)
DNS zonefile
contains only records for:
microsoft.com
Delegated zones
Each DNS server contains a
separate zone for each
delegation:
one.microsoft.com
technet.microsoft.com
msdn.microsoft.com
mcp.microsoft.com
update.microsoft.com
support.microsoft.com
Domain vs. Zone
“.” (root)
Partly delegated
contiguous DNS zonefile
contains records for:
microsoft.com
one.microsoft.com
technet.microsoft.com
msdn.microsoft.com
mcp.microsoft.com
Delegated zones
Each DNS server contains a
separate zone for each
delegation:
update.microsoft.com
support.microsoft.com
Domain vs. Zone
“.” (root)
Partly delegated
contiguous DNS zonefile
contains records for:
microsoft.com
one.microsoft.com
technet.microsoft.com
msdn.microsoft.com
mcp.microsoft.com
Illegal delegation
Domains .update and
.support are non-contiguous
(common parent needed)
Zone types
 Primary zone
 Secondary zone
 Stub zone
 AD integrated zone (acts as primary zone)
 RODC AD integrated zone (acts as primary
Read-Only zone)
“.” (root)
Primary Zone
Primary Zone file contains
R/W-version of data
acme.com.dns
acme.com IN SOA
www.acme.com 10.10.0.50
srv1.acme.com 10.10.0.20
mail.acme.com 10.10.0.30
ns1.acme.com 10.10.0.40
ns2.acme.com 10.10.0.60
pc1.acme.com 10.10.0.100
pc2.acme.com 10.10.0.101
pc3.acme.com 10.10.0.102
Manual updates
Automatic updates
Refreshes
“.” (root)
Secondary Zone
Primary Zone file contains
R/W-version of data
acme.com.dns
Secondary Zone file contains
R/O-version of data
Manual updates
acme.com IN SOA
www.acme.com 10.10.0.50
srv1.acme.com 10.10.0.20
mail.acme.com 10.10.0.30
ns1.acme.com 10.10.0.40
ns2.acme.com 10.10.0.60
pc1.acme.com 10.10.0.100
pc2.acme.com 10.10.0.101
pc3.acme.com 10.10.0.102
Automatic updates
Refreshes
Secondary Zone
And Full Zone Transfer (AXFR)
Primary Zone file contains
R/W-version of data
Secondary Zone file contains
R/O-version of data
Authorized?…Yes!
“.” (root)
“.” (root)
DNS Notify
And Incremental Zone Transfer (IXFR)
Primary Zone file contains
R/W-version of data
Database version
increment
Secondary Zone file contains
R/O-version of data
Update
Database version
increment
Aging and Scavenging
Lease
Renewed Lease
Tl
0,5 Lease
DHCP
Register DNS
Request
Request
1 st No-Refresh Interval
Renewed Lease
Acknowledge

Register DNS
Zone file
version: 123
Register DNS
DNS
Acknowledge
Acknowledge
Offer
Discover
T0
Request
0,5 Lease

Refresh Interval
2nd No-Refresh Interval
Aging and Scavenging
Lease
0,5 Lease
DHCP
Request
Discover
Acknowledge
Offer
Register DNS
DNS
Tl
T0

1 st No-Refresh Interval
Scavenging Interval
Refresh Interval
Reverse Lookups
 Resolve IP-addresses to FQDN’s
 Reverse indexes the Internet
 Uses the in-addr.arpa or ip6.arpa Domain
 Requires participation of domain holders
 Used for inbound SMTP server determination
(and more)
Reverse Lookups
 Compare:
hostname structure  IP-address structure
Srv3.east.acme.com.
gTLD
2nd Level
domain
3rd Level
domain
Hostname
Internet root
domain
Reverse Lookups
 Compare:
hostname structure  IP-address structure
Srv3.east.acme.com.
191.124.17.201 /24
Net-ID
Host-ID
Reverse Lookups
 Compare:
hostname structure  IP-address structure
Srv3.east.acme.com.
191.124.17.201 /24
Net-ID
Host-ID
Reverse Lookups
 Compare:
hostname structure  IP-address structure
Srv3.east.acme.com.
191.124.17.201
201.17 .124.191.in-addr.arpa.
“Host-ID” Left-to-right = Up the hierarchy
“Internet root”
Reverse Lookups
 Example IP-address 191.124.17.201
 Find PTR 201.17.124.191.in-addr.arpa.
 Iterates between DNS servers to find:
17.124.191.in-addr.arpa zone
 Finds 201 PTR record with name:
201 IN PTR srv3.acme.com
 Responsibility of acme.com domain holder to
maintain PTR records
Reverse Lookups
“.” (root)
What name belongs to IP:
191.124.17.201 ?
201.17.124.191.in-addr.arpa.
srv3.acme.com !
17.124.191.in-addr.arpa.
acme.com
…
…
199 PTR
200 PTR
201 PTR
202 PTR
…
…
IN
SOA
srv1.acme.com
srv2.acme.com
srv3.acme.com
srv4.acme.com
191
Peer Name Resolution Protocol
 Mentioned on P2P conference November 2001
 July 2003: Advanced Networking Pack for XP
 Later SP2 for XP
 PNRP 2.0 in Windows Vista, available for XP
 PNRP 2.1 in:
* Windows Vista SP1
* Windows Server 2008
* Windows XP SP3
* Windows 7 Easy Connect (Remote Assistance)
Peer Name Resolution Protocol
PNRP Clouds:
A Cloud is a group of connected PNRP nodes
(any node can resolve a name published by another node in the cloud)
Three cloud scopes:
1. Global
2. Site Local (deprecated)
3. Link Local
Transient connectivity and shortcomings in DNS
Easily scales to billions of names
When starting PNRP service it joins multiple clouds
P2P and PNRP ID’s
 Peer name is a communications endpoint
 Consists of Authority.Classifier (256 bits)
SHA-1
e06bf33a5b21 …
Authority
.
Friendly Name
= P2P ID
Classifier
SHA-1
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits)
256 bits
= PNRP ID
P2P and PNRP ID’s
 Peer name is a communications endpoint
 Consists of Authority.Classifier (256 bits)
SHA-1
e06bf33a5b21 …
Authority
.
= P2P ID
Friendly Name
Classifier
SHA-1
PNRP ID
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits)
256 bits
= PNRP ID
P2P and PNRP ID’s
 Authority = 0 if unsecure, value if secure
Cache
PNRP ID
End
 Questions??
Related documents
Lab8 - Heyook Lab
Lab8 - Heyook Lab
BLTC-9e Issue Spotter Answers Ch. 8: Ethics and Business
BLTC-9e Issue Spotter Answers Ch. 8: Ethics and Business
JOB SHADOW THANK YOU LETTER GUIDE & SAMPLE LETTER
JOB SHADOW THANK YOU LETTER GUIDE & SAMPLE LETTER
Questions for Unit-7
Questions for Unit-7
PRESS RELEASE SUM PARTS
PRESS RELEASE SUM PARTS
Censorship Guide for Teachers pdf here
Censorship Guide for Teachers pdf here
Download
advertisement