Lecture – DNS How to find things…. Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname

Lecture – DNS

How to find things…

Domain Name System

Associate human-friendly names with machine-friendly IP addresses

Resolution of a given hostname to an IP address Domain Names, as opposed to IP addresses have

the top-most element on the right Each element can be up to 63 characters long, the

full name can be no more than 255 characters Letters, numbers or dashes can be used in a name

element

DNS Allows machines to be grouped logically, by domain name Right-most element is called the (TLD) Top Level Domain The full name is referred to as the (FQDN) Fully Qualified

Domain Name lugh.student.comp.dit.ie or lugh Internet Assigned Numbers Authority (IANA) controls the

top-level domains

Host names map to IP addresses in a one-to-many relationship, each machine may have many IP addresses, and each IP address may be associated with many machines

Mail Routing using DNS

DNS builds in some application specific information Hosts that are designed to perform email routing,

mail exchangers, have special-purpose records in DNS, MX records

A domain should have multiple mail exchangers. Mail that cannot sent to one mail exchanger, can

instead be delivered to an alternative server, providing a failsafe redundancy.

Before DNS

Before DNS, name resolution was accomplished solely by text file databases residing on each host (“hosts” files)

The method is not scalable, and it requires centralised management of the text files

Internet DNS Hierarchy

Root Name Servers Provide references to the appropriate zone

authoritative name servers for the top-level domains

Zone-Authoritative name servers Master and slave servers for zones

Root Name Servers

There are 13 root-name servers Each has an associated letter name (a to m)

No more names can be used because of protocol limitations UDP packet can only carry 512 bytes reliably A hint file with more than 13 servers would be

larger than 512 bytes C, F, I, J, K and M servers now exist in

multiple locations on different continents

Root name servers

Letter Old name Operator Location

A ns.internic.net VeriSign Dulles, Virginia, USA

B ns1.isi.edu ISI Marina Del Rey, California, USA

Cc.psi.net Cogent Commu

nicationsdistributed using anycast

Dterp.umd.edu University of M

arylandCollege Park, Maryland, USA

E ns.nasa.gov NASA Mountain View, California, USA

F ns.isc.org ISC distributed using anycast

G ns.nic.ddn.mil U.S. DoD NIC Columbus, Ohio, USA

Haos.arl.army.mil U.S. Army Res

earch LabAberdeen Proving Ground, Maryland, USA

I nic.nordu.net Autonomica distributed using anycast

J VeriSign distributed using anycast

K RIPE NCC distributed using anycast

L ICANN Los Angeles, California, USA

M WIDE Project distributed using anycast

A simplified domain-map(Root)

.ie domain

dit

WicklowTaranaki Aislinghermes

.com .org

Wicklow.dit.ie.

Domains

Dividing domains into sub-domains is important in several regards

Division of a namespace into sub-domains in an hierarchical manner Removes the requirement that the names of

individual hosts be unique but the FQDNs must still be unique

It allows for the decentralised management of the entire namespace

Up to 127 levels deep(!)

cs.dit.ie domain-map(Root)

.ie domain

cs

dit

hermesTaranki

Wicklow

MyLaptop

Wicklow.cs.dit.ie.

Zones, Domains and Delegation

A Domain is a complete sub-tree of the hierarchical namespace

A zone is part of the domain managed by a particular server

Sub domains may be delegated into additional zones

A zone may directly manage some sub domains A zone represents the scope of administration for

which one body is responsible

cs.dit.ie zones (?)(Root)

.ie domain

cs

dit

hermes

Aisling

Taranki

Wicklow

Wicklow.cs.dit.ie.MyLaptop?

Relationship between domains, zones and DNS Servers

The DNS database is effectively spread across all servers

DNS Servers are delegated to manage particular zones and the links to the rest of the database.

Zone is not necessarily equivalent to domain A DNS server can manage one or more

zones

Comp.dit.ie dns-servers(Root)

.ie domain

cs

dit

hermes

Aisling

Taranki

Wicklow

147.252.224.67

MyLaptop

hermes.dit.ie.

The DNS Server

Server receives request from client If the server does not have the answer it will either

ask a root server or it forwards the request to another name server

This may happen a number of times until a name server is found that knows the answer

When the server gets a response it will place a copy in its local cache and return a copy to the requesting client

Name Server Hierarchy

Master Name Server Contains the master copy of data for the zone

Slave Name Server Provides an automatic backup to the master name server All slave servers maintain synchronisation with their master

name server Both Master and Slave servers contain authoritative data Zone may have multiple slaves but only one master Slave may get its data from another slave

Authoritative ?

If the name server responding to a query is authoritative with respect to the query performed, the data returned is said to be authoritative

Alternatively, responses may come from a name server which has cached the information, in which case the response is said to be non-authoritative

The client may choose not to accept non-authoritative information

Resolver

The DNS client is called the resolver Resolver capability is built into any program that

needs it by way of the resolver library calls Resolver functions implemented in libresolv.so DNS Clients and servers communicate using UDP

packets in most cases UDP is fast, but packets can be no larger than 512

bytes If query or response is larger than 512bytes, it must

be sent by TCP

Resolution Configuration Files

/etc/host.conf mainly used to indicate which source of information is to be used and in what orderorder hosts,bind

Resolution Configuration Files

/etc/resolv.conf is used to configure which servers are to be used and whether any domains are assumed for non qualified host namessearch cs.dit.ienameserver 147.252.224.70nameserver 147.252.224.73nameserver 147.252.1.37

How did I find out the name servers?C:\>nslookup

Default Server: WL.domain.name

Address: 192.168.1.1

> set type=ns

> cs.dit.ie

Server: WL.domain.name

Address: 192.168.1.1

Non-authoritative answer:

cs.dit.ie nameserver = cara.comp.dit.ie

> microsoft.com

Server: WL.domain.name

Address: 192.168.1.1


microsoft.com nameserver = ns2.msft.net





>

nslookup on wicklowrbradley@wicklow:~$ nslookup

> set type=ns

> cs.dit.ie

Server: 147.252.1.37

Address: 147.252.1.37#53

cs.dit.ie nameserver = cara.comp.dit.ie.

> microsoft.com

Server: 147.252.1.37

Address: 147.252.1.37#53


microsoft.com nameserver = ns2.msft.net.





Authoritative answers can be found from:

ns1.msft.net internet address = 65.55.37.62





>

Nslookup on my laptopC:\>nslookup wicklowServer: WL.domain.nameAddress: 192.168.1.1

*** WL.domain.name can't find wicklow: Non-existent domain

C:\>nslookup wicklow.cs.dit.ieServer: WL.domain.nameAddress: 192.168.1.1

Non-authoritative answer:Name: wicklow.cs.dit.ieAddress: 147.252.224.108

C:\>

Deeper into nslookup

rbradley@wicklow:~$ nslookup> set type=mx> dit.ieServer: 147.252.1.37Address: 147.252.1.37#53

dit.ie mail exchanger = 5 smtp.dit.ie.dit.ie mail exchanger = 10 staffmail.dit.ie.dit.ie mail exchanger = 15 mymail.dit.ie.> cs.dit.ieServer: 147.252.1.37Address: 147.252.1.37#53

*** Can't find cs.dit.ie: No answer>

Deeper into nslookup

> set type=a> hermes.dit.ieServer: 147.252.1.37Address: 147.252.1.37#53

Name: hermes.dit.ieAddress: 147.252.1.43

147.252.1.43

Server: 147.252.1.37Address: 147.252.1.37#53

43.1.252.147.in-addr.arpa name = hermes.dit.ie.>

Documents

Lecture – DNS How to find things…. Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname