Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DNS Domain Name Service

advertisement 
DNS
Domain Name Service
References:
 Wikipedia

http://www.sans.org/rr/whitepapers/dns/1069.php
1
Domain Name System
Overview






Maps domain names to IP addresses
Databases that hold Internet host information
Protocol for exchanging host information
Library routines that implement the defined
protocol
BIND - Berkeley Internet Name Domain
named - DNS server daemon
2
DNS Domain Structure

http://en.wikipedia.org/wiki/File:Domain_name_space.svg
3
DNS Domain Structure

Hierarchical
◦
◦
◦
◦
◦

root domain (.)
top-level domains
subdomains
host
FQDN
. (root)
.com
Distributed
◦ DNS servers

.edu
.net
.redhat
.hawaii
Replicated
.fedora
FQDN:
ssh.hcc.hawaii.edu.
.rhn
.hcc
ssh
4
Terminology

FQDN
◦ ssh.hcc.hawaii.edu.
◦ hierarchy is read from right to left
◦ last "." is frequently (usually) omitted

domain - each node in the DNS database is called a
domain
◦ "." is the root node or root domain - top of hierarchy


The separator character between domains is "."
Subdomain
◦ Any domain that has a parent
 (i.e., any domain other than ".")
◦ Subdomains can resolve to hosts, even if they have children
5
More Terminology

Resolver
◦ Routines that convert an unqualified domain name into an FQDN
◦ FQDN is passed to DNS to be mapped to an IP address
◦ Always appends the root domain "." to an unqualified domain name
first
◦ List additional domain names to try into /etc/resolv.conf file

Case Insensitive
◦ DNS considers upper and lower case letters the same
(i.e., DNS is case insensitive)
6
Zones

Administrative groups of domains
◦ A single DNS server is responsible for all domains within a zone.
◦ A zone server also holds pointers to DNS servers that are
responsible for the subordinate DNS zones.

Root domain
◦ highest zone, contains information for the root domain
◦ does not contain any hosts
◦ contains pointers (delegates) to the DNS servers for the top-level
domains
◦ 13 authoritative name servers - responsible for the root and toplevel domains.
7
Delegation of Authority

ICANN - Internet Corporation for Assigned Names and
Numbers
◦ Delegates (designates) the (13) authoritative DNS servers for the
root and top-level domains


Each top-level authoritative DNS server, then delegates
(designates) for its own next higher level subdomains.
Allows local control over segments of DNS database,
while making all segments available to the public.
8
Queries
Iterative and Recursive

Iterative (non-recursive) queries
◦ Sends domain name to DNS server and requests server to provide:
 the IP address of the requested domain, OR
 The name of the authoritative DNS server for the requested domain (or
a parent).
 The server does not query other servers to obtain an answer.

Recursive queries
◦ Sends a domain name to the DNS server and requests the IP address of
the domain
◦ The server may need to query other servers to obtain the answer
(recursively)

Both types of query can fail to locate the domain
9
Clients and Resolvers

Client example - web browser
◦ Queries resolver for domain name resolution
◦ Resolver recursively initiates iterative queries to the DNS server

DNS servers must answer iterative queries
◦ If not configured to answer recursive queries, DNS servers
respond as though they were iterative queries.
10
Recursive
Queries
11
DNS Servers



Primary (or master) server
◦ Authoritative server that holds the master copy of zone data
◦ Copies information from the zone or master file - a local file
maintained by system administrator
◦ For security and efficiency provide iterative answers only.
Slave (or secondary) servers
◦ Authoritative
◦ Copies information from the master server or another slave server
DNS caches or caching servers
◦ Not authoritative
◦ Store answers to previous queries in cache.
◦ Responds from cache, if available or forwards to an authoritative
server.
12
DNS Database



Resource records store node (domain) information
Over 30 types of resource records
Resource record fields:
◦
◦
◦
◦
◦
Name
TTL
Class
Type
Data
Domain name or IP address
Time to Live (not used in all resource records)
Only class supported is 1 for IN Internet
Record type
Varies based on record type
13
Resource Record Types

A

AAAA

CNAME

MX

NS
Address. IPv4 address mapping.
Ex: ns
IN
A
192.168.0.1
Address. IPv6 address mapping.
Ex: ns
IN
AAAA (ipv6 address)
Canonical Name. Maps alias or nickname.
Ex: ftp
IN
CNAME www.sam.net.
Mail Exchange. Domain mail destination.
Ex: speedy MX 10
mail
MX 20
mail.sam.net.
NameServer. Name of DNS server.
Ex: peach NS ns.max.net.
14
Resource Record Types

PTR
Pointer. Used for reverse name resolution.
(See reverse name resolution later.)
Ex:

TXT
3
IN
PTRgrape
Text. Quoted character string associated with the
domain name.
Ex:
peach
"Refers to the peach subdomain"
15
DNS Query Format
1.
2.
3.
Name
Class
Type
Domain name, FQDN, or IP address
Class 1 for IN or Internet class
Type of Record requested
Example request for an address record:
fedora.redhat.com
IN
A
16
DNS Cache




Many DNS servers cache query responses from
other DNS servers.
A DNS server will first try to respond to a query from
cache.
If there is no cached response available, the DNS
server may query other DNS servers, if configured
to do so.
Because of DNS caching, it may take several days
for DNS changes to propagate throughout the DNS.
17
DNS Response Format





Header Record
Query Record
Answer Records
Authority Records
Additional Records
Information about the query
Restates the original query
Records to answer the query
Records for authoritative servers
Additional records, such as NS
18
DNS Query/Response Example
$ dig fedora.redhat.com
...
;; QUESTION SECTION:
;fedora.redhat.com.
IN
A
;; ANSWER SECTION
fedora.redhat.com.
600
IN
CNAME
www.redhat.com
www.redhat.com.
330
IN
A
209.132.177.50
;; AUTHORITY SECTION
redhat.com.
409
IN
NS
ns1.redhat.com
redhat.com.
409
IN
NS
ns2.redhat.com
redhat.com.
409
IN
NS
ns3.redhat.com
;; ADDITIONAL SECTION
ns1.redhat.com.
300
IN
A
66.187.233.210
ns2.redhat.com.
600
IN
A
66.187.224.210
ns3.redhat.com.
600
IN
A
66.187.229.10
19
Reverse Name Resolution





Also referred to as "inverse mapping" or "reverse mapping."
Looks up domain names, given an IP address.
Uses special domain named in-addr.arpa.
Resource record formats for this domain
◦ Name field holds IP addresses.
◦ Records are indexed hierarchically by IP address.
◦ Data fields holds the corresponding FQDN.
Used for reverse name resolution
◦ Allows server to retrieve and record domain names of clients.
◦ Verification of the domain of email senders and IP address of sending
machine.
20
Examples of
Reverse Name Resolution
$ dig 110.232.187.66.in-add.arpa PTR
...
;; QUESTION SECTION
; 110.232.187.66.in-addr.arpa.
;; ANSWER SECTION
110.232.187.66.in-addr.arpa. 540 IN
IN
PTR
PTR rhn.redhat.com
$ dig -x 66.187.232.110
...
;; QUESTION SECTION
; 110.232.187.66.in-addr.arpa.
;; ANSWER SECTION
110.232.187.66.in-addr.arpa. 552 IN
IN
PTR
PTR rhn.redhat.com
$ host 66.187.232.110
110.232.187.66.in-addr.arpa
domain name pointer rhn.redhat.com
21
DNS Related Utilities

whois
◦ Look up domains
◦ Different sites have different capabilities

nslookup
◦ Name service lookup
◦ Deprecated, may be removed from future
distributions of Linux.

dig
◦ Domain Internet Groper
◦ more current than nslookup.
22
Related documents
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Matching game to review for Exam II
Matching game to review for Exam II
Assignment-2_old Paper
Assignment-2_old Paper
Scott Edwards
Scott Edwards
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
Download
advertisement