Presentation is loading. Please wait.

Presentation is loading. Please wait.

Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.

Published byMagnus Patrick Modified over 7 years ago

Similar presentations

Presentation on theme: "Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System."— Presentation transcript:

1 Short Intro to DNS (part of Tirgul 9) Nir Gazit

2 What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System. ▫Recursive Queries to NS (Name Servers) – from top to bottom. ▫Authoritative Name Servers – assigned responsible for a specific domain. www.google.com Top Level Domain Sub Domains

3 DNS: Simplified Mechanism www.google.com? www.google.com? www.google.com? www.google.com? www.google.com? 173.194.67.147.com google.com

4 DNS Lookup DNS Records (RRs), 3 main types: ▫Hostname A IPAddress  www.google.com A 173.194.67.147  Maps the hostname to an IP address. ▫Hostname NS Nameserver  google.com NS ns.google.com  Specifies an authoritative name server for the domain. ▫Hostname1 CNAME Hostname2  mail.google.com CNAME googlemail.l.google.com  Alias of one hostname to another. The DNS lookup will continue by retrying the lookup with the new name.

5 DNS Lookup - continuing 2 Top Levels ▫Root servers (13 currently, called A to M) ▫TLD servers (.com,.net,.edu,…) Caching ▫Each DNS response (RR – Resource Record) contains a TTL value (Time To Live) for cache storage time. Glued Responds ▫Name Servers are identified by name (eg. ns.google.com).  So we might get circular dependencies. ▫So, a Name Server might add an IP address as a “Glued RR” to help in the process.

6 DNS: Full Mechanism Resolve www.google.com? www.google.com? Resolve www.google.com? www.google.com? 173.194.67.147.com google.com com NS ns.com ns.com A 63.156.206.38 google.com NS ns.google.com ns.google.com A 216.239.32.10 www.google.com A 173.194.67.147 Resolve www.google.com?

7 DNS Poisoning Injecting fake DNS RRs. Method 1: by ‘glue’ RRs ▫Query: Resolve A www.facebook.com ▫Response: facebook.com NS google.com and google.com A 1.1.1.1.

8 DNS Poisioning (Method 1 Example) Resolve www.facebook.com? www.facebook.com? Resolve www.facebook.com? www.facebook.com? 31.13.72.23.com facebook.com com NS ns.com ns.com A 63.156.206.38 facebook.com NS ns1.facebook.com ns1.facebook.com A 69.171.239.12 www.facebook.com A 31.13.72.23 www.google.com A 1.1.1.1 Resolve www.google.com?

9 DNS Poisoning - continuing (continuing with…) Method 1 (Glue RRs) ▫Bailiwick Rule – allow answers only for subdomains.  a.ns.facebook.com can’t answer for google.com. Method 2: send spoofed DNS response (DNS Injection).

10 DNS Injection

11

12 DNS Injection – can it work? According to RFC5452 – Requesting server must validate: ▫Same question section as in request. ▫Same (16-bit) ID field (chosen randomly). ▫Same dest IP address and port as the source in the request. ▫Same IP address of responding DNS server Response must arrive before the response of the authoritative NS.

13 DNS Injection as a method of censorship Thought to be used by the “Great Firewall of China”

14 Reality Check A true story (https://lists.dns- oarc.net/pipermail/dns-operations/2010- March/005260.html)https://lists.dns- oarc.net/pipermail/dns-operations/2010- March/005260.html ▫A Chilean DNS operator found that when accessing www.facebook.com, sometimes you get a bad IP instead of the correct one. ▫Caused by accessing root servers (F, I and J) that have anycast originating in China. Also happening when Korean (.kr) users try to access German (.de) sites. Today, happens mostly on the TLD level (not root level) – queried often, short TTL.

Download ppt "Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System."

Similar presentations

Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.

Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.

The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.

Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
20101 The Application Layer Domain Name System Chapter 7.

20101 The Application Layer Domain Name System Chapter 7.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.

CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
Chabot College ELEC 99.08 Name Resolution.

Chabot College ELEC Name Resolution.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g., www.yahoo.com.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)

Domain Name System (DNS)
CS426Fall 2010/Lecture 341 Computer Security CS 426 Lecture 34 DNS Security.

CS426Fall 2010/Lecture 341 Computer Security CS 426 Lecture 34 DNS Security.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 18: Domain Name System Slides used with.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 18: Domain Name System Slides used with.

Similar presentations

Ads by Google