1 / 22

DNS Domain Name Service

DNS Domain Name Service. References: Wikipedia http://www.sans.org/rr/whitepapers/dns/1069.php. Domain Name System Overview. Maps domain names to IP addresses Databases that hold Internet host information Protocol for exchanging host information

nola-joyner
Download Presentation

DNS Domain Name Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNSDomain Name Service References: • Wikipedia • http://www.sans.org/rr/whitepapers/dns/1069.php

  2. Domain Name SystemOverview • Maps domain names to IP addresses • Databases that hold Internet host information • Protocol for exchanging host information • Library routines that implement the defined protocol • BIND - Berkeley Internet Name Domain • named - DNS server daemon

  3. http://en.wikipedia.org/wiki/File:Domain_name_space.svg DNS Domain Structure

  4. . (root) .edu .com .net .redhat .hawaii .fedora .rhn .hcc ssh DNS Domain Structure • Hierarchical • root domain (.) • top-level domains • subdomains • host • FQDN • Distributed • DNS servers • Replicated FQDN:ssh.hcc.hawaii.edu.

  5. Terminology • FQDN • ssh.hcc.hawaii.edu. • hierarchy is read from right to left • last "." is frequently (usually) omitted • domain - each node in the DNS database is called a domain • "." is the root node or root domain - top of hierarchy • The separator character between domains is "." • Subdomain • Any domain that has a parent • (i.e., any domain other than ".") • Subdomains can resolve to hosts, even if they have children

  6. More Terminology • Resolver • Routines that convert an unqualified domain name into an FQDN • FQDN is passed to DNS to be mapped to an IP address • Always appends the root domain "." to an unqualified domain name first • List additional domain names to try into /etc/resolv.conf file • Case Insensitive • DNS considers upper and lower case letters the same (i.e., DNS is case insensitive)

  7. Zones • Administrative groups of domains • A single DNS server is responsible for all domains within a zone. • A zone server also holds pointers to DNS servers that are responsible for the subordinate DNS zones. • Root domain • highest zone, contains information for the root domain • does not contain any hosts • contains pointers (delegates) to the DNS servers for the top-level domains • 13 authoritative name servers - responsible for the root and top-level domains.

  8. Delegation of Authority • ICANN - Internet Corporation for Assigned Names and Numbers • Delegates (designates) the (13) authoritative DNS servers for the root and top-level domains • Each top-level authoritative DNS server, then delegates (designates) for its own next higher level subdomains. • Allows local control over segments of DNS database, while making all segments available to the public.

  9. Queries Iterative and Recursive • Iterative (non-recursive) queries • Sends domain name to DNS server and requests server to provide: • the IP address of the requested domain, OR • The name of the authoritative DNS server for the requested domain (or a parent). • The server does not query other servers to obtain an answer. • Recursive queries • Sends a domain name to the DNS server and requests the IP address of the domain • The server may need to query other servers to obtain the answer (recursively) • Both types of query can fail to locate the domain

  10. Clients and Resolvers • Client example - web browser • Queries resolver for domain name resolution • Resolver recursively initiates iterative queries to the DNS server • DNS servers must answer iterative queries • If not configured to answer recursive queries, DNS servers respond as though they were iterative queries.

  11. Recursive Queries

  12. DNS Servers • Primary (or master) server • Authoritative server that holds the master copy of zone data • Copies information from the zone or master file - a local file maintained by system administrator • For security and efficiency provide iterative answers only. • Slave (or secondary) servers • Authoritative • Copies information from the master server or another slave server • DNS caches or caching servers • Not authoritative • Store answers to previous queries in cache. • Responds from cache, if available or forwards to an authoritative server.

  13. DNS Database • Resource records store node (domain) information • Over 30 types of resource records • Resource record fields: • Name Domain name or IP address • TTL Time to Live (not used in all resource records) • Class Only class supported is 1 for IN Internet • Type Record type • Data Varies based on record type

  14. Resource Record Types • AAddress. IPv4 address mapping. Ex: ns IN A 192.168.0.1 • AAAAAddress. IPv6 address mapping. Ex: ns IN AAAA (ipv6 address) • CNAMECanonical Name. Maps alias or nickname. Ex: ftp IN CNAME www.sam.net. • MXMail Exchange. Domain mail destination.Ex: speedy MX 10 mail MX 20 mail.sam.net. • NSNameServer. Name of DNS server.Ex: peach NS ns.max.net.

  15. Resource Record Types • PTRPointer. Used for reverse name resolution. (See reverse name resolution later.) Ex: 3 IN PTR grape • TXTText. Quoted character string associated with the domain name. Ex: peach "Refers to the peach subdomain"

  16. DNS Query Format • Name Domain name, FQDN, or IP address • Class Class 1 for IN or Internet class • Type Type of Record requested Example request for an address record: fedora.redhat.com IN A

  17. DNS Cache • Many DNS servers cache query responses from other DNS servers. • A DNS server will first try to respond to a query from cache. • If there is no cached response available, the DNS server may query other DNS servers, if configured to do so. • Because of DNS caching, it may take several days for DNS changes to propagate throughout the DNS.

  18. DNS Response Format • Header Record Information about the query • Query Record Restates the original query • Answer Records Records to answer the query • Authority Records Records for authoritative servers • Additional Records Additional records, such as NS

  19. DNS Query/Response Example $ dig fedora.redhat.com ... ;; QUESTION SECTION: ;fedora.redhat.com. IN A ;; ANSWER SECTION fedora.redhat.com. 600 IN CNAME www.redhat.com www.redhat.com. 330 IN A 209.132.177.50 ;; AUTHORITY SECTION redhat.com. 409 IN NS ns1.redhat.com redhat.com. 409 IN NS ns2.redhat.com redhat.com. 409 IN NS ns3.redhat.com ;; ADDITIONAL SECTION ns1.redhat.com. 300 IN A 66.187.233.210 ns2.redhat.com. 600 IN A 66.187.224.210 ns3.redhat.com. 600 IN A 66.187.229.10

  20. Reverse Name Resolution • Also referred to as "inverse mapping" or "reverse mapping." • Looks up domain names, given an IP address. • Uses special domain namedin-addr.arpa. • Resource record formats for this domain • Name field holds IP addresses. • Records are indexed hierarchically by IP address. • Data fields holds the corresponding FQDN. • Used for reverse name resolution • Allows server to retrieve and record domain names of clients. • Verification of the domain of email senders and IP address of sending machine.

  21. Examples ofReverse Name Resolution $ dig 110.232.187.66.in-add.arpa PTR ... ;; QUESTION SECTION ; 110.232.187.66.in-addr.arpa. IN PTR ;; ANSWER SECTION 110.232.187.66.in-addr.arpa. 540 IN PTR rhn.redhat.com $ dig -x 66.187.232.110 ... ;; QUESTION SECTION ; 110.232.187.66.in-addr.arpa. IN PTR ;; ANSWER SECTION 110.232.187.66.in-addr.arpa. 552 IN PTR rhn.redhat.com $ host 66.187.232.110 110.232.187.66.in-addr.arpa domain name pointer rhn.redhat.com

  22. DNS Related Utilities • whois • Look up domains • Different sites have different capabilities • nslookup • Name service lookup • Deprecated, may be removed from future distributions of Linux. • dig • Domain Internet Groper • more current than nslookup.

More Related