Upload
clifton-leonard
View
216
Download
0
Embed Size (px)
Citation preview
Lecture – DNS
How to find things…
Domain Name System
Associate human-friendly names with machine-friendly IP addresses
Resolution of a given hostname to an IP address Domain Names, as opposed to IP addresses have
the top-most element on the right Each element can be up to 63 characters long, the
full name can be no more than 255 characters Letters, numbers or dashes can be used in a name
element
DNS Allows machines to be grouped logically, by domain name Right-most element is called the (TLD) Top Level Domain The full name is referred to as the (FQDN) Fully Qualified
Domain Name lugh.student.comp.dit.ie or lugh Internet Assigned Numbers Authority (IANA) controls the
top-level domains
Host names map to IP addresses in a one-to-many relationship, each machine may have many IP addresses, and each IP address may be associated with many machines
Mail Routing using DNS
DNS builds in some application specific information Hosts that are designed to perform email routing,
mail exchangers, have special-purpose records in DNS, MX records
A domain should have multiple mail exchangers. Mail that cannot sent to one mail exchanger, can
instead be delivered to an alternative server, providing a failsafe redundancy.
Before DNS
Before DNS, name resolution was accomplished solely by text file databases residing on each host (“hosts” files)
The method is not scalable, and it requires centralised management of the text files
Internet DNS Hierarchy
Root Name Servers Provide references to the appropriate zone
authoritative name servers for the top-level domains
Zone-Authoritative name servers Master and slave servers for zones
Root Name Servers
There are 13 root-name servers Each has an associated letter name (a to m)
No more names can be used because of protocol limitations UDP packet can only carry 512 bytes reliably A hint file with more than 13 servers would be
larger than 512 bytes C, F, I, J, K and M servers now exist in
multiple locations on different continents
Root name servers
Letter Old name Operator Location
A ns.internic.net VeriSign Dulles, Virginia, USA
B ns1.isi.edu ISI Marina Del Rey, California, USA
Cc.psi.net Cogent Commu
nicationsdistributed using anycast
Dterp.umd.edu University of M
arylandCollege Park, Maryland, USA
E ns.nasa.gov NASA Mountain View, California, USA
F ns.isc.org ISC distributed using anycast
G ns.nic.ddn.mil U.S. DoD NIC Columbus, Ohio, USA
Haos.arl.army.mil U.S. Army Res
earch LabAberdeen Proving Ground, Maryland, USA
I nic.nordu.net Autonomica distributed using anycast
J VeriSign distributed using anycast
K RIPE NCC distributed using anycast
L ICANN Los Angeles, California, USA
M WIDE Project distributed using anycast
A simplified domain-map(Root)
.ie domain
dit
WicklowTaranaki Aislinghermes
.com .org
Wicklow.dit.ie.
Domains
Dividing domains into sub-domains is important in several regards
Division of a namespace into sub-domains in an hierarchical manner Removes the requirement that the names of
individual hosts be unique but the FQDNs must still be unique
It allows for the decentralised management of the entire namespace
Up to 127 levels deep(!)
cs.dit.ie domain-map(Root)
.ie domain
cs
dit
hermesTaranki
Wicklow
MyLaptop
Wicklow.cs.dit.ie.
Zones, Domains and Delegation
A Domain is a complete sub-tree of the hierarchical namespace
A zone is part of the domain managed by a particular server
Sub domains may be delegated into additional zones
A zone may directly manage some sub domains A zone represents the scope of administration for
which one body is responsible
cs.dit.ie zones (?)(Root)
.ie domain
cs
dit
hermes
Aisling
Taranki
Wicklow
Wicklow.cs.dit.ie.MyLaptop?
Relationship between domains, zones and DNS Servers
The DNS database is effectively spread across all servers
DNS Servers are delegated to manage particular zones and the links to the rest of the database.
Zone is not necessarily equivalent to domain A DNS server can manage one or more
zones
Comp.dit.ie dns-servers(Root)
.ie domain
cs
dit
hermes
Aisling
Taranki
Wicklow
147.252.224.67
MyLaptop
hermes.dit.ie.
The DNS Server
Server receives request from client If the server does not have the answer it will either
ask a root server or it forwards the request to another name server
This may happen a number of times until a name server is found that knows the answer
When the server gets a response it will place a copy in its local cache and return a copy to the requesting client
Name Server Hierarchy
Master Name Server Contains the master copy of data for the zone
Slave Name Server Provides an automatic backup to the master name server All slave servers maintain synchronisation with their master
name server Both Master and Slave servers contain authoritative data Zone may have multiple slaves but only one master Slave may get its data from another slave
Authoritative ?
If the name server responding to a query is authoritative with respect to the query performed, the data returned is said to be authoritative
Alternatively, responses may come from a name server which has cached the information, in which case the response is said to be non-authoritative
The client may choose not to accept non-authoritative information
Resolver
The DNS client is called the resolver Resolver capability is built into any program that
needs it by way of the resolver library calls Resolver functions implemented in libresolv.so DNS Clients and servers communicate using UDP
packets in most cases UDP is fast, but packets can be no larger than 512
bytes If query or response is larger than 512bytes, it must
be sent by TCP
Resolution Configuration Files
/etc/host.conf mainly used to indicate which source of information is to be used and in what orderorder hosts,bind
Resolution Configuration Files
/etc/resolv.conf is used to configure which servers are to be used and whether any domains are assumed for non qualified host namessearch cs.dit.ienameserver 147.252.224.70nameserver 147.252.224.73nameserver 147.252.1.37
How did I find out the name servers?C:\>nslookup
Default Server: WL.domain.name
Address: 192.168.1.1
> set type=ns
> cs.dit.ie
Server: WL.domain.name
Address: 192.168.1.1
Non-authoritative answer:
cs.dit.ie nameserver = cara.comp.dit.ie
> microsoft.com
Server: WL.domain.name
Address: 192.168.1.1
Non-authoritative answer:
microsoft.com nameserver = ns2.msft.net
microsoft.com nameserver = ns3.msft.net
microsoft.com nameserver = ns5.msft.net
microsoft.com nameserver = ns1.msft.net
microsoft.com nameserver = ns4.msft.net
>
nslookup on wicklowrbradley@wicklow:~$ nslookup
> set type=ns
> cs.dit.ie
Server: 147.252.1.37
Address: 147.252.1.37#53
cs.dit.ie nameserver = cara.comp.dit.ie.
> microsoft.com
Server: 147.252.1.37
Address: 147.252.1.37#53
Non-authoritative answer:
microsoft.com nameserver = ns2.msft.net.
microsoft.com nameserver = ns3.msft.net.
microsoft.com nameserver = ns4.msft.net.
microsoft.com nameserver = ns5.msft.net.
microsoft.com nameserver = ns1.msft.net.
Authoritative answers can be found from:
ns1.msft.net internet address = 65.55.37.62
ns2.msft.net internet address = 64.4.59.173
ns3.msft.net internet address = 213.199.161.77
ns4.msft.net internet address = 207.46.75.254
ns5.msft.net internet address = 65.55.226.140
>
Nslookup on my laptopC:\>nslookup wicklowServer: WL.domain.nameAddress: 192.168.1.1
*** WL.domain.name can't find wicklow: Non-existent domain
C:\>nslookup wicklow.cs.dit.ieServer: WL.domain.nameAddress: 192.168.1.1
Non-authoritative answer:Name: wicklow.cs.dit.ieAddress: 147.252.224.108
C:\>
Deeper into nslookup
rbradley@wicklow:~$ nslookup> set type=mx> dit.ieServer: 147.252.1.37Address: 147.252.1.37#53
dit.ie mail exchanger = 5 smtp.dit.ie.dit.ie mail exchanger = 10 staffmail.dit.ie.dit.ie mail exchanger = 15 mymail.dit.ie.> cs.dit.ieServer: 147.252.1.37Address: 147.252.1.37#53
*** Can't find cs.dit.ie: No answer>
Deeper into nslookup
> set type=a> hermes.dit.ieServer: 147.252.1.37Address: 147.252.1.37#53
Name: hermes.dit.ieAddress: 147.252.1.43
147.252.1.43
Server: 147.252.1.37Address: 147.252.1.37#53
43.1.252.147.in-addr.arpa name = hermes.dit.ie.>