1 / 40

Cosc 4750

Domain Name Service (DNS). Cosc 4750. IP Addresses. Machines on the Internet need an addressing scheme (or couldn’t receive packets!) Each machine has a 32-bit address assigned by the Internet Corporation for Assigned Names and Numbers (ICANN).

shira
Download Presentation

Cosc 4750

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Domain Name Service (DNS) Cosc 4750

  2. IP Addresses • Machines on the Internet need an addressing scheme (or couldn’t receive packets!) • Each machine has a 32-bit address assigned by the Internet Corporation for Assigned Names and Numbers (ICANN). • In the U.S., American Registry for Internet Numbers (ARIN) • In Europe, Réseaux IP Européens (RIPE) • Addresses are written in dotted decimal notation: • 128 . 2 . 218 . 2 10000000 00000010 11011010 00000010 • Current max number of IP addresses = 232 ~ 4,000,000,000

  3. Domain Names • IP addresses are inconvenient to remember 129.72.216.5 v. meru.cs.uwyo.edu (fully qualified) • Domain names are alphanumeric aliases for IP addresses. They form a tree structure of FQDNs: ROOT .GOV .COM .MIL .NET .EDU .ORG .IT UWYO PITT MIT AMAZON MCKINSEY YAHOO 208.216.182.15 207.237.113.94 GSIA SDVC CS HEINZ YEN MERU DOLLAR K2 129.72.216.5 129.72.216.12

  4. DNS services • Name to IP translations • Host aliasing • asuwlink.uwyo.edu, also know as w3.uwyo.edu, ftp.uwyo.edu, etc. • Mail server aliasing • In Cosc, all mail goes to one machine, even if sent to different machines in the department • Load Distribution • One DNS name points to different machines, the DNS then uses round robins (or better algorithms) to give out IP numbers.

  5. How it works • At one point it was a single host for all machines • provided single point of failure • Traffic volumes could overwhelm it • Distant centralized database • Maintenance • Would be a real problem now.

  6. Today, it functions in a hierarchy of name servers • Lots of local name servers • Provides easy updates and quick response since local. • Local name servers have local name servers above them. • 10-15 root servers, right now • root servers point to top level local servers, don’t hold any hosts names except root servers. • Each name server has authoritative name servers (one level higher in the hierarchy usually) to kept rogue name servers from misdirecting people.

  7. DNS Namespace • Two sorts of top-level domains (TLD) • US: .edu, .net, .com, .gov, .mil, .arpa (rarely used) • Rest of the world • two letter country codes: .us (USA), .au, .de, .fi, .dk, .is, .md, .tv dozens of others. • New ones are being added, .biz and several others. • .edu, .com, .net, .arpa are used outside us.

  8. DNS names • several countries have sold their domain • .md sold to a company, now used for doctors and residents of Maryland • .tv now used for Television stations • Squatting • purchase a name, but not using it. Then sell it to a company for a huge profit. • used for nationally/internationally recognized names • Also used for people using similar names • ie. www.whitehouse.com (Porn site), www.whitehouse.gov • Companies are now successfully suing and getting the names changed.

  9. BIND software • two versions common. v4 and v9 • 4 has been discontinued (v 4.9.X), but very stable • 9 has many new features, but security issues • the daemon that does the work is called named. • Name servers, come in three types: • master, slave, cache/forwarding

  10. Example name servers structure ROOT .GOV .COM .MIL .NET .EDU .ORG .IT UWYO PITT MIT AMAZON MCKINSEY YAHOO GSIA SDVC CS HEINZ BIGHORN MERU

  11. Config files Forward lookup files: meru.cs.uwyo.edu IN A 129.72.216.4 <hostname> IN A <IP> Other parts www.cs.uwyo.edu IN CNAME hive.cs.uwyo.edu <alias hostname> IN canonical name <real hostname> www.cs.uwyo.edu IN MX 0 alameda.cs.uwyo.edu <alias hostname> IN mail <weight> <hostname to send the mail to> IN NS pike.cs.uwyo.edu <no name> IN Name server <hostname> Also you can multiple names for CNAME, MX, A: named uses a round-robin method for handing them out hive.cs.uwyo.edu IN A 129.72.216.51 IN A 129.72.216.50

  12. Subdomains in DNS • meru.cs.uwyo.edu IN A 129.72.216.4 • pike.cs.uwyo.edu IN A 129.72.216.13 • cs IN NS meru.cs.uwyo.edu • IN NS pike.cs.uwyo.edu • These are uwyo.edu records, when it gets a request for cs.uwyo.edu, it then sends the name server to meru or pike.

  13. Reverse Name files • 129.72.216.4 IN PTR meru.cs.uwyo.edu. • <IP number> IN PTR <name> • NS records are also included in the reverse name files as well.

  14. nslookup & dig • nslookup meru.cs.uwyo.edu • provides the IP • nslookup <return> • enter the shell programs • >meru • returns the ip number, 129.72.216.4 • >129.72.216.4 • returns the name, meru

  15. >set type=MX • >hive.cs.uwyo.edu • returns the mail server redirection, alameda • dig provides same info, but stat’s number of requests, and query time

  16. /etc/resolv.conf • File on UNIX listing the name servers nameserver 10.216.218.13 nameserver 10.216.218.12 nameserver 10.84.60.8 search cs.uwyo.edu uwyo.edu (OR) domain cs.uwyo.edu

  17. win2k • changed the standard for DNS • microsoft: embrace, extend, exterminate or change two things and call it microsoft’s • Win2k comes with it own version of DNS (needs updated before using). • BIND version 8 and 9 will accept microsoft’s implementation of DNS • needs to understand the _ and - • dynamic updates, but not with kerberos 5 (secure updates)

  18. NFS and NS Cosc 4750

  19. NFS • NFS = Network File System • NFS is almost transparent to the users and is “stateless”, meaning that no information is lost when an NFS server crashes • Introduced by Sun in 1985 • Used for sharing a “filesystem” from a server to client machines

  20. Currently two versions in use • NFS version 2 • All UNIX O/S can use this version • NFS version 3 • Used by Sun, Sgi, HP-UX, and FreeBSD • used by most linux distro’s, but a little buggy. • NFS version 4 • still new, lot of problems with configurations. • Is supposed to be able to deal with firewalls.

  21. Filesytems and file ownership • The Server assumes that the client is using the same UIDs and GIDs • The server and the client had better be using the same set or there will be major security problem.

  22. Root access • An exported NFS filesystem can be set to block incoming root (UID 0) requests. • Since root can su into another users account, root can still gain access to the files. • the nobody account • UID –2, or -65,534 [2’s complement of –2] are also blocked.

  23. File locking • NFS file locking has a tendency to be “flaky”. • Since so many machines can be using the same file at the same time, it is a difficult process handled by lockd and statd. • Disk quotas • handled by the server’s stated filesystem, but the users on a remote system won’t know that unless rquotad is running on the server.

  24. Security • By default NFS provides no security • You can Sun’s public key system or Kerberos for NFS • If you have a firewall, you can block port 2049 (UDP and TCP) • unless you are using Sun’s WebNFS

  25. Server-Side NFS • It uses, nfsd, mountd, and portmap (since NFS relies on rpc) • mountd and nfsd rely on a file, that tells them what filesystems are to be exported • /etc/exports (solaris: /etc/dfs/dfstab) • To tell mountd and nfsd you changed the file, you must run: exportfs –a (solaris: shareall)

  26. exports file • The syntax is different between vendors • 1 line for each filesystem to be exported and the following can (are) listed. • the filesystem • computers that have read/write priv’s • computers that have read only priv’s • computers that have root priv’s

  27. If a machine is listed by it’s name (NOT the IP number) • Then the machine name and IP number must be listed in the /etc/hosts file. Otherwise, it will be denied access • Some NFS servers allow a wildcard * • Fedora/Redhat linux does

  28. Example • Redhat version • /home meru(rw,no_root_squash) *.cs.uwyo.edu(rw) • /usr/local *.cs.uwyo.edu(rw) • /var *.cs.uwyo.edu(ro) • Standard NFS (Not used by many venders though) • /meru3 rw,access=meru:alameda:k2,root=meru

  29. Client-side NFS • Uses the mountd daemon (can also use the nfsiod daemon as well). • auto mounting on boot • uses the /etc/fstab (/etc/vfstab for Sun) • manual mounting • uses the mount command • mount <machine>:<filesystem> <mount point>

  30. fstab file, used for both nfs and local drives • What it looks like: • <machine>:<filesystem> <mount point> <flags> 0 0 • flags: (some of them) • rw Read/Write ro Read Only • bg background the mount of the filesystem • soft If nfs server fails, access fails with an error • hard if nfs server fails, access to blocked until server returns • intr Allows users to interrupted blocked operations

  31. Stat’s and debugging • nfsstat –s • shows stat’s and information about an nfs server, rpc stat’s, timeouts, and many filesystem commands • nfsstat -c • shows stat’s and information about an nfs client, rpc stat’s, timeouts, and many filesystem commands

  32. Showmount • List all hosts that have mounted a nfs filesystem • showmount –a • list all hosts and what they mounted • showmount –d • list all the fileystems that have been mounted • showmount –e • list all exported filesystems and who can mount them • showmount [-a –e –d] <host> • Same as above, but for a remote host.

  33. automatic mounting • Besides mounting at boot time, an automouting daemon can be setup to mount the filesystem only when needed and removed when not used. • Allows you to provide a list of replicated filesystems, for that case that a nfs server fails.

  34. NIS • NIS: the Network Information Service • originally called Sun Yellow Pages (yp), but sued by the AT&T and changed the name. • Allows you to share account information (passwd, shadow, group), as well as other system files, like hosts and services.

  35. Advantages • You can setup a user account on one machine and the information is distributed out to the other machines in the group. • The user can then login into any machine in group • Combined with NFS, the user has the same file space and account information on a variety of computers.

  36. How it works. • One computer acts as a master server • Other machines can act as slave server • Client machines then ask for information from the server (master or slave). • Example of a password file: … normal password line +seker::::::: User seker can have access + All NIS accounts have access

  37. All information about the user is gotten from the server password file • So for user seker, it will ask the server which shell to use • For security reasons, only UID over 100 are shared out in Fedora/Redhat. • Can be configured to share all UIDs, except root.

  38. ypserv is the server program • yppasswd (maybe part of ypserv), used on the server for new passwords • ypbind is the client program, which also runs the server • ypasswd, used on the client machine instead of passwd to change a users password.

  39. The reason that ypbind runs on server machines that all server machines are also client machines.

  40. Q A &

More Related