260 likes | 406 Views
Lecture – DNS. How to find things…. Domain Name System. Associate human-friendly names with machine-friendly IP addresses Resolution of a given hostname to an IP address Domain Names, as opposed to IP addresses have the top-most element on the right
E N D
Lecture – DNS How to find things…
Domain Name System • Associate human-friendly names with machine-friendly IP addresses • Resolution of a given hostname to an IP address • Domain Names, as opposed to IP addresses have the top-most element on the right • Each element can be up to 63 characters long, the full name can be no more than 255 characters • Letters, numbers or dashes can be used in a name element
DNS • Allows machines to be grouped logically, by domain name • Right-most element is called the (TLD) Top Level Domain • The full name is referred to as the (FQDN) Fully Qualified Domain Name • lugh.student.comp.dit.ie or lugh • Internet Assigned Numbers Authority (IANA) controls the top-level domains • Host names map to IP addresses in a one-to-many relationship, each machine may have many IP addresses, and each IP address may be associated with many machines
Mail Routing using DNS • DNS builds in some application specific information • Hosts that are designed to perform email routing, mail exchangers, have special-purpose records in DNS, MX records • A domain should have multiple mail exchangers. • Mail that cannot sent to one mail exchanger, can instead be delivered to an alternative server, providing a failsafe redundancy.
Before DNS • Before DNS, name resolution was accomplished solely by text file databases residing on each host (“hosts” files) • The method is not scalable, and it requires centralised management of the text files
Internet DNS Hierarchy • Root Name Servers • Provide references to the appropriate zone authoritative name servers for the top-level domains • Zone-Authoritative name servers • Master and slave servers for zones
Root Name Servers • There are 13 root-name servers • Each has an associated letter name (a to m) • No more names can be used because of protocol limitations • UDP packet can only carry 512 bytes reliably • A hint file with more than 13 servers would be larger than 512 bytes • C, F, I, J, K and M servers now exist in multiple locations on different continents
A simplified domain-map (Root) .ie domain .com .org dit hermes Taranaki Wicklow Aisling Wicklow.dit.ie.
Domains • Dividing domains into sub-domains is important in several regards • Division of a namespace into sub-domains in an hierarchical manner • Removes the requirement that the names of individual hosts be unique • but the FQDNs must still be unique • It allows for the decentralised management of the entire namespace • Up to 127 levels deep(!)
cs.dit.ie domain-map (Root) .ie domain Wicklow.cs.dit.ie. dit cs hermes MyLaptop Taranki Wicklow
Zones, Domains and Delegation • A Domain is a complete sub-tree of the hierarchical namespace • A zone is part of the domain managed by a particular server • Sub domains may be delegated into additional zones • A zone may directly manage some sub domains • A zone represents the scope of administration for which one body is responsible
cs.dit.ie zones (?) (Root) .ie domain dit cs Taranki hermes Wicklow MyLaptop ? Wicklow.cs.dit.ie. Aisling
Relationship between domains, zones and DNS Servers • The DNS database is effectively spread across all servers • DNS Servers are delegated to manage particular zones and the links to the rest of the database. • Zone is not necessarily equivalent to domain • A DNS server can manage one or more zones
Comp.dit.ie dns-servers (Root) .ie domain hermes.dit.ie. dit 147.252.224.67 cs hermes Taranki MyLaptop Aisling Wicklow
The DNS Server • Server receives request from client • If the server does not have the answer it will either ask a root server or it forwards the request to another name server • This may happen a number of times until a name server is found that knows the answer • When the server gets a response it will place a copy in its local cache and return a copy to the requesting client
Name Server Hierarchy • Master Name Server • Contains the master copy of data for the zone • Slave Name Server • Provides an automatic backup to the master name server • All slave servers maintain synchronisation with their master name server • Both Master and Slave servers contain authoritative data • Zone may have multiple slaves but only one master • Slave may get its data from another slave
Authoritative ? • If the name server responding to a query is authoritative with respect to the query performed, the data returned is said to be authoritative • Alternatively, responses may come from a name server which has cached the information, in which case the response is said to be non-authoritative • The client may choose not to accept non-authoritative information
Resolver • The DNS client is called the resolver • Resolver capability is built into any program that needs it by way of the resolver library calls • Resolver functions implemented in libresolv.so • DNS Clients and servers communicate using UDP packets in most cases • UDP is fast, but packets can be no larger than 512 bytes • If query or response is larger than 512bytes, it must be sent by TCP
Resolution Configuration Files • /etc/host.conf mainly used to indicate which source of information is to be used and in what orderorder hosts,bind
Resolution Configuration Files • /etc/resolv.conf is used to configure which servers are to be used and whether any domains are assumed for non qualified host namessearch cs.dit.ienameserver 147.252.224.70nameserver 147.252.224.73nameserver 147.252.1.37
How did I find out the name servers? C:\>nslookup Default Server: WL.domain.name Address: 192.168.1.1 > set type=ns > cs.dit.ie Server: WL.domain.name Address: 192.168.1.1 Non-authoritative answer: cs.dit.ie nameserver = cara.comp.dit.ie > microsoft.com Server: WL.domain.name Address: 192.168.1.1 Non-authoritative answer: microsoft.com nameserver = ns2.msft.net microsoft.com nameserver = ns3.msft.net microsoft.com nameserver = ns5.msft.net microsoft.com nameserver = ns1.msft.net microsoft.com nameserver = ns4.msft.net >
rbradley@wicklow:~$ nslookup > set type=ns > cs.dit.ie Server: 147.252.1.37 Address: 147.252.1.37#53 cs.dit.ie nameserver = cara.comp.dit.ie. > microsoft.com Server: 147.252.1.37 Address: 147.252.1.37#53 Non-authoritative answer: microsoft.com nameserver = ns2.msft.net. microsoft.com nameserver = ns3.msft.net. microsoft.com nameserver = ns4.msft.net. microsoft.com nameserver = ns5.msft.net. microsoft.com nameserver = ns1.msft.net. Authoritative answers can be found from: ns1.msft.net internet address = 65.55.37.62 ns2.msft.net internet address = 64.4.59.173 ns3.msft.net internet address = 213.199.161.77 ns4.msft.net internet address = 207.46.75.254 ns5.msft.net internet address = 65.55.226.140 > nslookup on wicklow
Nslookup on my laptop C:\>nslookup wicklow Server: WL.domain.name Address: 192.168.1.1 *** WL.domain.name can't find wicklow: Non-existent domain C:\>nslookup wicklow.cs.dit.ie Server: WL.domain.name Address: 192.168.1.1 Non-authoritative answer: Name: wicklow.cs.dit.ie Address: 147.252.224.108 C:\>
Deeper into nslookup rbradley@wicklow:~$ nslookup > set type=mx > dit.ie Server: 147.252.1.37 Address: 147.252.1.37#53 dit.ie mail exchanger = 5 smtp.dit.ie. dit.ie mail exchanger = 10 staffmail.dit.ie. dit.ie mail exchanger = 15 mymail.dit.ie. > cs.dit.ie Server: 147.252.1.37 Address: 147.252.1.37#53 *** Can't find cs.dit.ie: No answer >
Deeper into nslookup > set type=a > hermes.dit.ie Server: 147.252.1.37 Address: 147.252.1.37#53 Name: hermes.dit.ie Address: 147.252.1.43 • 147.252.1.43 Server: 147.252.1.37 Address: 147.252.1.37#53 43.1.252.147.in-addr.arpa name = hermes.dit.ie. >