1 / 41

DNS & PNRP

Name Resolution in Windows Server 2008 (R2). DNS & PNRP. Name Resolution Overview. NetBIOS name resolution Host name resolution Peer Name Resolution. Name Resolution Overview.

duy
Download Presentation

DNS & PNRP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Name Resolution in Windows Server 2008 (R2) DNS & PNRP

  2. Name Resolution Overview • NetBIOS name resolution • Host name resolution • Peer Name Resolution

  3. Name Resolution Overview • NetBIOS name resolution* Originally a broadcast-based NR protocol in PC-LAN & LM networks on top of NetBEUI* Based on single-label names (non-hierarchical)* Uses lmhosts (static) files, broadcasts and WINS (NBNS) servers in TCP/IP networks • Host name resolution* Original ARPANET (Internet) NR protocol* Based on multi-level names (hierarchical)* Distributed database model* Uses hosts (static) files and DNS Servers

  4. Name Resolution Overview • Peer Name Resolution* Strictly for IPv6 addresses* Distributed and serverless protocol* Real-time updates* Adresses computers, ports and services* Unsecured or secured with PK-cryptography

  5. Protocol stack comparison WinSock Interface NetBIOS Interface SMB SMB, CIFS, HTTP A P NetBEUI(NBF) S TCP UDP T IP N LLC MAC D ARP, PPP, xDLC 802.n 802.n medium medium P Unicast NR Traffic Broadcast NR Traffic

  6. Protocol stack comparison WinSock Interface NetBIOS Interface NBT SMB SMB, CIFS, HTTP A P S NetBIOS over TCP/IP helper TCP UDP T IP N LLC MAC ARP, PPP, xDLC D 802.n medium P Unicast NR Traffic Broadcast NR Traffic

  7. a.root-servers.net b.root-servers.net c.root-servers.net d.root.servers.net e.root-servers.net f.root-servers.net g.root-servers.net … l.root-servers.net m.root-servers.net Internet DNS Namespace “ “ root “13” root-servers.net .org .com .net .edu gTLD’s .gov .mil .int generic Top Level Domains Second Level Domains .mit .yale .ucla .navy .army .airforce Third Level Domains .law .math .physics

  8. a.root-servers.net b.root-servers.net c.root-servers.net d.root.servers.net e.root-servers.net f.root-servers.net g.root-servers.net … l.root-servers.net m.root-servers.net Internet DNS Namespace “ “ root “13” root-servers.net .org .com .net .edu gTLD’s .gov .mil .int generic Top Level Domains Second Level Domains .mit .yale .ucla .navy .army .airforce Third Level Domains .law .math .physics

  9. a.root-servers.net b.root-servers.net c.root-servers.net d.root.servers.net e.root-servers.net f.root-servers.net g.root-servers.net … l.root-servers.net m.root-servers.net Internet DNS Namespace “ “ root “13” root-servers.net .org .com .net .edu gTLD’s .gov .mil .int generic Top Level Domains ISO 3166 country codes .be .gb .gb .fr .au .de .nu .nl .tv .jp .tw .il .ru

  10. a.root-servers.net b.root-servers.net c.root-servers.net d.root.servers.net e.root-servers.net f.root-servers.net g.root-servers.net … l.root-servers.net m.root-servers.net Internet DNS Namespace “ “ root “13” root-servers.net .org .com .net .edu gTLD’s .gov .mil .int generic Top Level Domains ISO 3166 country codes .be .uk .fr .au .de .nu ccTLD’s .nl .tv .jp .tw .il .ru Country codeTop Level Domains

  11. Recursive query “13” root-servers.net “ “ root ? Root hints m.root-servers.net. 202.12.27.33 l.root-servers.net. 198.32.64.12 k.root-servers.net. 193.0.14.129 j.root-servers.net. 198.41.0.10 i.root-servers.net. 192.36.148.17 h.root-servers.net. 128.63.2.53 g.root-servers.net. 192.112.36.4 f.root-servers.net. 192.5.5.241 e.root-servers.net. 192.203.230.10 d.root-servers.net. 128.8.10.90 c.root-servers.net. 192.33.4.12 b.root-servers.net. 128.9.0.107 a.root-servers.net. 198.41.0.4 http://www.amazon.com .com Cached? … No! www.amazon.com? Own zone? … No! .amazon www Cached? … No! Ask my DNS server

  12. Iterative query “13” root-servers.net “ “ root ? www.amazon.com? Don’t know … ask .com server! http://www.amazon.com www.amazon.com? .com amazon.com NS = 93.151.75.200 ! www.amazon.com? Oh, it’s … 93.151.75.13! www.amazon.com? .amazon www

  13. Recursive response “13” root-servers.net “ “ root ? www.amazon.com? Don’t know … ask .com server! http://www.amazon.com www.amazon.com? .com amazon.com NS = 93.151.75.200 ! www.amazon.com? Ah, it’s … 93.151.75.13! Oh, it’s … 93.151.75.13! www.amazon.com? .amazon www

  14. Recursive response “13” root-servers.net “ “ root ? http://www.amazon.com .com Cached: www.amazon.com = 93.181.75.13 TTL = 3600 .amazon www

  15. Domain vs. Zone • Domain is a node in the Internet namespace • Root domain is largest domain • Zone is a file that contains records for a domain with or without child domains • Zones can only contain contiguous domains • Child domains can be delegated to separate DNS servers (=zone delegation)

  16. Domain vs. Zone “.” (root) Root Domain .ccTLD’s .arpa .org .mil .com .net .edu .gov .int .microsoft .myspace .youtube .contoso .amazon .google .acme .bol .hp .technet .support .update .msdn .mcp .one .com Domain .microsoft Domain

  17. Domain vs. Zone “.” (root) .ccTLD’s .arpa .org .mil .net .edu .com .gov .int .microsoft .myspace .youtube .contoso .amazon .google .acme .bol .hp .technet .support .update .msdn .mcp .one

  18. Domain vs. Zone “.” (root) Single contiguous DNS zonefilecontains all records for domains: microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com update.microsoft.com support.microsoft.com .com .microsoft .technet .support .update .msdn .mcp .one

  19. Domain vs. Zone “.” (root) DNS zonefilecontains only records for: microsoft.com .com .microsoft Delegated zones Each DNS server contains a separate zone for each delegation: one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com update.microsoft.com support.microsoft.com .technet .support .update .msdn .mcp .one

  20. Domain vs. Zone “.” (root) Partly delegated contiguous DNS zonefilecontains records for: microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com .com .microsoft Delegated zones Each DNS server contains a separate zone for each delegation: update.microsoft.com support.microsoft.com .technet .support .update .msdn .mcp .one

  21. Domain vs. Zone “.” (root) Partly delegated contiguous DNS zonefilecontains records for: microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com .com .microsoft Illegal delegation Domains .update and .support are non-contiguous (common parent needed) .technet .support .update .msdn .mcp .one

  22. Zone types • Primary zone • Secondary zone • Stub zone • AD integrated zone (acts as primary zone) • RODC AD integrated zone (acts as primary Read-Only zone)

  23. “.” (root) Primary Zone .com Primary Zone file contains R/W-version of data .acme Manual updates acme.com.dns acme.com IN SOA www.acme.com 10.10.0.50 srv1.acme.com 10.10.0.20 mail.acme.com 10.10.0.30 Automatic updates ns1.acme.com 10.10.0.40 ns2.acme.com 10.10.0.60 pc1.acme.com 10.10.0.100 pc2.acme.com 10.10.0.101 pc3.acme.com 10.10.0.102 Refreshes

  24. “.” (root) Secondary Zone .com Primary Zone file contains R/W-version of data .acme Secondary Zone file contains R/O-version of data Manual updates acme.com.dns acme.com IN SOA www.acme.com 10.10.0.50 srv1.acme.com 10.10.0.20 mail.acme.com 10.10.0.30 Automatic updates ns1.acme.com 10.10.0.40 ns2.acme.com 10.10.0.60 pc1.acme.com 10.10.0.100 pc2.acme.com 10.10.0.101 pc3.acme.com 10.10.0.102 Refreshes

  25. “.” (root) Secondary Zone And Full Zone Transfer (AXFR) .com Primary Zone file contains R/W-version of data .acme Secondary Zone file contains R/O-version of data Request full zone transfer (AXFR) … Authorized? Yes!

  26. “.” (root) DNS Notify And Incremental Zone Transfer (IXFR) .com Database version increment Primary Zone file contains R/W-version of data .acme Secondary Zone file contains R/O-version of data DNS Notify Get SOA record Version increment = 1 IXFR (1 record) Update (send 1 record) Database version increment

  27. Aging and Scavenging Lease Renewed Lease 0,5 Lease 0,5 Lease Renewed Lease Tl DHCP T0 Acknowledge Acknowledge Offer Acknowledge Discover Request Request Request Register DNS Register DNS Register DNS DNS   1 st No-Refresh Interval Refresh Interval Zone fileversion: 2nd No-Refresh Interval 1 2 3

  28. Aging and Scavenging Lease 0,5 Lease Tl DHCP T0 Offer Acknowledge Discover Request Register DNS DNS  Scavenging Interval 1 st No-Refresh Interval Refresh Interval

  29. Reverse Lookups • Resolve IP-addresses to FQDN’s • Reverse indexes the Internet • Uses the in-addr.arpa or ip6.arpa Domain • Requires participation of domain holders • Used for inbound SMTP server determination(and more)

  30. Reverse Lookups • Compare:hostname structure  IP-address structure Srv3.east.acme.com. Internet rootdomain gTLD 2nd Leveldomain 3rd Leveldomain Left-to-right = Up the hierarchy Hostname

  31. Reverse Lookups • Compare:hostname structure  IP-address structure Srv3.east.acme.com. 191.124.17.201 191.124.17.201 /24 Host-ID Net-ID Left-to-right = Down the hierarchy

  32. Reverse Lookups • Compare:hostname structure  IP-address structure Srv3.east.acme.com. 191.124.17.201 191.124.17.201 /24 Host-ID Net-ID Left-to-right = Down the hierarchy

  33. Reverse Lookups • Compare:hostname structure  IP-address structure Srv3.east.acme.com. 191.124.17.201 .17 .124 .191 .in-addr.arpa. 201 Left-to-right = Up the hierarchy “Internet root” “Host-ID”

  34. Reverse Lookups • Example IP-address 191.124.17.201 • Find PTR 201.17.124.191.in-addr.arpa. • Iterates between DNS servers to find:17.124.191.in-addr.arpa zone • Finds 201 PTR record with name:201 IN PTR srv3.acme.com • Responsibility of acme.com domain holder to maintain PTR records

  35. Reverse Lookups “.” (root) .arpa .in-addr .ccTLD’s .org .mil .gov .int What name belongs to IP: 191.124.17.201 ? 201. 17. 124. 191. . in-addr.arpa 192 255 191 254 … 1 … 3 2 srv3.acme.com ! 125 255 124 254 … … 3 2 1 191 17.124.191.in-addr.arpa. acme.com IN SOA … … PTR srv1.acme.com PTR srv2.acme.com PTR srv3.acme.com PTR srv4.acme.com … … 255 254 18 … 17 … 3 2 1

  36. Peer Name Resolution Protocol • Mentioned on P2P conference November 2001 • July 2003: Advanced Networking Pack for XP • Later SP2 for XP • PNRP 2.0 in Windows Vista, available for XP • PNRP 2.1 in:* Windows Vista SP1* Windows Server 2008* Windows XP SP3* Windows 7 Easy Connect (Remote Assistance)

  37. Peer Name Resolution Protocol PNRP Clouds: A Cloud is a group of connected PNRP nodes(any node can resolve a name published by another node in the cloud) Three cloud scopes: Global Site Local (deprecated) Link Local Transient connectivity and shortcomings in DNS Easily scales to billions of names When starting PNRP service it joins multiple clouds

  38. P2P and PNRP ID’s • Peer name is a communications endpoint • Consists of Authority.Classifier (256 bits) SHA-1 = P2P ID e06bf33a5b21 … . Friendly Name Authority Classifier SHA-1 = PNRP ID Service Location (128 – bits) 5ff01aac793c121f … (128 – bits hash) 256 bits

  39. P2P and PNRP ID’s • Peer name is a communications endpoint • Consists of Authority.Classifier (256 bits) SHA-1 = P2P ID e06bf33a5b21 … . Friendly Name Authority Classifier SHA-1 PNRP ID = PNRP ID Service Location (128 – bits) 5ff01aac793c121f … (128 – bits hash) 256 bits

  40. P2P and PNRP ID’s • Authority = 0 if unsecure, value if secure Cache PNRP ID

  41. End • Questions??

More Related