Upload
dyn
View
2.118
Download
2
Embed Size (px)
DESCRIPTION
In this slide deck, Dyn Chief Scientist Tom Daly explains how DNS works, the technology involved and some of the advantages of going with a managed/outsourced provider like Dyn.
Citation preview
Dyn.com | @dyninc
DNS 101: The Domain Name System (DNS)
Tom Daly Chief Scien5st, Dyn Labs [email protected] | @tomdyninc
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Agenda • Welcome and Introduc5on
• DNS Components and Terminology
• DNS is Cri5cal Internet Infrastructure
• Challenges of Opera5ng DNS
• Introduc5on to DynECT Managed DNS
• Q&A
Let’s dive into DNS
hMp://www.flickr.com/photos/maM_gibson/2559703930/sizes/o/in/photostream/
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
An Analogy to Start… • Servers on the Internet have IP Addresses, like a telephone number.
• A Domain Name (like dyn.com, twiMer.com, and amazon.com) is a name badge on the Internet.
• DNS (domain name system) service is the Internet’s Telephone Book.
• If you have someone’s name, you can look up their phone number.
• DNS maps domain names to IP addresses and other pieces of network data to get you to the right place.
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Domain Names • Domain Names are registered through ICANN accredited registrars – companies who work with domain name registries.
• Example Registrars: – Dyn.com – GoDaddy – Network Solu5ons
• Example Registries: – .com, .net, .org, .info, .biz, .mobi, .co.uk, .com.cn, .de, .dk
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The Domain Name System (DNS) • Fundamentally, the DNS is a mul5-‐level database distributed throughout the world.
• DNS maps domain names to network resources, such as the IP address of a web server, FTP server, or e-‐mail server.
• This is accomplished through a variety of DNS record types. Record types give you the hint about the type of remote server you’re contac5ng.
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The Goal: Your Customers Connect
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The Goal: Your Customers Connect
Components and Terminology
hMp://www.flickr.com/photos/kryptos5/3281740790/sizes/z/in/photostream/
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Naming in DNS • Fully Qualified Domain Name (FQDN): A complete name for something in the DNS. – ex: server1.www.dyn.com. – Alterna5vely known as a “Hostname”
• Domain Name: A registered name with a registry. – ex: dyn.com
• Subdomain Name: A registered name within a Domain, but not an FQDN. – ex: www.dyn.com
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The DNS Hierarchy • There are over 141,922,316 domain names registered in the main TLDs today.
• That’s a lot of data for a single sever to have mapping informa5on about.
• The DNS is broken up into various levels to help spread out the database.
• Let’s look at how server1.www.dyn.com is setup in DNS – shall we?
It all starts at <root>
<root>
server1.www.dyn.com. ? A
With databases for each Top Level Domain
<root>
server1.www.dyn.com. ? A
.com .net .org
With databases for each Domain in the TLD
<root>
server1.www.dyn.com. ? A
.com
dyn.com cnn.com cnbc.com
Combining data helps to find the answer…
<root>
server1.www.dyn.com. ? A 204.13.248.106
.com
dyn.com
AuthoritaZve DNS servers have a copy of the data at every level.
<root>
.com
dyn.com
Root DNS Servers
.com Servers
dyn.com Servers
And delegaZons help us find relaZonships…
<root>
.com
dyn.com
Root DNS Servers
.com Servers
dyn.com Servers
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
What are we searching for? • FQDNs and DNS Records – Ul5mate answers about where you want to go.
• DelegaZons – Points to help you find the right path if the current authorita5ve server doesn’t know the answer.
• DNS Security (DNSSEC) InformaZon – Secret passphrases and keys to secure DNS informa5on (an advanced topic!)
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Popular Record Types • (A) – point names to IPv4 addresses
– ex. dyn.com A to 204.13.248.106
• (AAAA) – points names to IPv6 addresses – ex. dyn.com AAAA to 2600:2001:0:3::106
• (CNAME) – points one name to another – ex. www.dyn.com CNAME is an alias for dyn.com
• (MX) – points email to an inbound email server – ex. dyn.com MX to zmta-‐01-‐mht.dyndns.com.
• (SPF) – declares authorized email servers for a domain – ex. dyn.com TXT to "v=spf1 ip4:216.146.45.0/24”
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS Servers in Two Parts • AuthoritaZve DNS: The copies of maps about where to
go. – We some5mes call this part “the Internet’s telephone book.” – Geeks think of it as a huge, globally distributed database. – Generally run by registrars, hos5ng providers, and managed DNS
providers.
• Recursive DNS: The driver looking for maps, and taking you to the informa5on. – More like “Directory Assistance” – Ability to search for informa5on across lots of different
Authorita5ve DNS servers and temporarily store a copy of the info. – Generally run by ISPs, or Dyn Internet Guide, OpenDNS, GoogleDNS
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The AuthoritaZve DNS Server • Clusters of authorita5ve DNS servers work together to provide redundancy.
• Delega5ons indicate all of a domain’s poten5al servers in a cluster.
dyn.com
ns1.dyn.com ns2.dyn.com
ns3.dyn.com ns4.dyn.com
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
The Recursive DNS Server • One or two recursive DNS servers are given to your ISP or provider – you only use one at a 5me.
• They help find you answers about the Internet, places to go, things to do.
• Recursive DNS servers cache DNS answers for a period of 5me, known as the Time to Live (TTL).
• This helps DNS be less noisy on the Internet.
Recursive DNS
Working Together: The Lifecycle of a DNS Request
<root>
server1.www.dyn.com.
204.13.248.106
.com
dyn.com
Root DNS Servers
.com Servers
dyn.com Servers
Recursive DNS
DNS is core Internet Infrastructure
hMp://www.poslovnipuls.com/wp-‐content/uploads/2011/05/sta5s5ka_v.jpg
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Internet ApplicaZons Depends on DNS • Web: U5lizes A (IPv4) and AAAA (IPv6) records to locate web servers for web sites.
• Email: U5lizes MX records to locate email servers and to implement automated email server failover.
• An5-‐SPAM: SPF, DKIM and DMARC all used to prevent junk from gesng to the inbox.
• VPN: IPSECKEY records help secure connec5ons. • Collabora5on: SRV records help locate chat, audio, and video conferencing bridges and components.
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS for the Web
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS for Email
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS for VOIP
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS for Audio and Video
Challenges of OperaZng DNS
hMp://www.poslovnipuls.com/wp-‐content/uploads/2011/05/sta5s5ka_v.jpg
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
DNS MisconfiguraZon • Misconfigura5on of DNS s5ll accounts for a significant number of site outages worldwide.
• State of the Art is a Text Editor: • Some appliances have a fancy UI on them.
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Availability and Performance • DNS must always be available, otherwise, web, email, video, VOIP, and online services are down.
• Need to build redundancy into the network, and maintain specially clustered systems.
• Risk of aMack on your DNS? • When things go wrong, people say:
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Limited Visibility and Monitoring • Except for custom tools, repor5ng for DNS is limited.
• DNS needs global monitoring and availability repor5ng.
• Can you really tell if you are up or down from within your network?
• Even worse, what happens when your customers noZce?!!!
SoluZon: DynECT Managed DNS
hMp://www.flickr.com/photos/nhuisman/3168683736/sizes/l/in/photostream/
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Web UI or API?
DNS Core Engine
WebUI
SOAP API
REST API
Dynamic DNS API
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Global ResoluZon Network
DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc
Extensive ReporZng
A Proven Track Record
And an amazing team!
Dyn.com | @dyninc
Stay Tuned!
DNS 102: Managing Traffic with DynECT Managed DNS Advanced Services
October 31st @ 02:00pm Eastern Time
Thanks for listening!