4Mail Servers – MX RRs 3w = TTL ; mail server Resource Records for the zone (domain)3w IN MX 10 mail.example.com.; the second mail server has lower priority and is; external to the zone (domain) - backupIN MX 20 mail.example.net.3w = TTLPriority 10 simply means you can add a more important mail server with only one change
5Mail Servers – Multiple RRs ; zone file fragmentIN MX 10 mail.example.com.IN MX 10 mail1.example.com.IN MX 10 mail2.example.com.....mail IN Amail1 IN Amail2 IN AORmail IN AIN AIN A
6Mail Servers No difference in two approaches All local mail servers must have access to common mail filestoreBackup servers (priority 20) are configured to forward mail to real (priority 10) mail serversMX RRs can be set to very high TTLsA or AAAA RRs may change
7Mail Server Reverse Map ; reverse-map file fragment; for IN-ADDR.ARPA....PTR mail.example.com.PTR mail.example.com.PTR mail.example.com.
8Other Services Typically uses multiple A (AAAA) RRs Multiple RRs called RRsetsIn case of web - browser will do IP failover in 2 – 3 minutesDynamic updating of IP with short TTL will failover in 30 minutes (MSIE)DNS load balances on IP addressWorks for flat loadsIf transaction loads vary must use load- balancer
9Load Balance – Multiple RRs ; example.com zone file fragment....ftp IN Aftp IN Aftp IN Awww IN Awww IN AIN AIN Awww IN AIN A
10Parent and Child domains Parent of any domain is the next level in the hierarchyParent contains NS RRs which are not AuthoritativeChild contains NS RRs which are Authoritative
12DNS Subdomain Delegation Two methodsFull delegationNeeds separate name serversComplete control to delegated authorityMethod used by domain systemMultiple zone filesVirtual subdomainDoes not need name serversSingle zone file to maintain
13Parent Zone File ; IPv4 zone file for example.com $TTL 2d ; default TTL for zone$ORIGIN example.com. ; base domain-name; Start of Authority record defining the key characteristics of the zone (domain)@ IN SOA ns1.example.com. hostmaster.example.com. (; se = serial number12h ; ref = refresh15m ; ret = update retry3w ; ex = expiry2h ; min = minimum); name servers Resource Records for the domainIN NS ns1.example.com.; the second name server is; external to this zone (domain).IN NS ns2.example.net.; mail server Resource Records for the zone (domain)3w IN MX 10 mail.example.com.; the second mail server has lower priority and is; external to the zone (domain)IN MX 20 mail.example.net.; domain hosts includes NS and MX records defined previously; plus any others requiredns IN Amail IN Ajoe IN Awww IN A; aliases ftp (ftp server) to an external locationftp IN CNAME ftp.example.net.
14DNS Subdomain Delegation ;; subdomain definitions in the same zone file ; $ORIGIN directive simplifies and clarifies definitions $ORIGIN ramq.example.com. ; all subsequent RRs use this ORIGIN ; two name servers for the IN NS ns3.ramq.example.com. ; the preceding record could have been written without the $ORIGIN as ; ramq.example.com. IN NS ns3.ramq.example.com. ; IN NS ns3 ; the second name server points back to preceding ns IN NS ns1.example.com. ; A records for name server ns3 required - the glue record ns IN A ; glue record ; the preceding record could have been written as ; ns3.ramq.example.com. A if it's less confusing
15Child Zone File ; zone file for subdomain us.example.com $TTL 2d ; zone default of 2 days$ORIGIN ramq.example.com.IN SOA ns3.ramq.example.com. hostmaster.ramq.example.com. (; serial number2h ; refresh = 2 hours15m ; update retry = 15 minutes3w12h ; expiry = 3 weeks + 12 hours2h20m ; minimum = 2 hours + 20 minutes); subdomain name serversIN NS ns3.ramq.example.com.IN NS ns1.example.com. ; see following notes; subdomain mail serverIN MX 10 mail.ramq.example.com.; A records for preceding name serversns IN Ans1.example.com. IN A ; 'glue' record; A record for preceding mail servermail IN A; next record defines our ftp serverftp IN A
16Full Subdomain Delegation One of the Parent name servers provides NS services (slave) – common but not essentialMail is also delegated – not essential could use mail.example.comNeeds one DNS server in this case (ns3.ramq.example.com)Zone file controlled by delegated authorityCan delegate further
17Virtual Subdomains $ORIGIN ramq.example.com. IN MX 10 mail ; preceding record could have been written as; ramq.example.com. IN MX 10 mail.ramq.example.com.; A record for subdomain mail servermail IN A; the preceding record could have been written as; mail.ramq.example.com. A if it's less confusingftp IN A; ftp.ramq.example.com. A if it's less confusing....; other subdomain definitions as required$ORIGIN mderr.example.com.
18Virtual Subdomain Requires no new name servers Functionally identical to full delegationZone file controlled by main zone administratorsShows delegation of mail – not essential – could use mail.example.comFurther delegation possible under control of main zone administrators
19GLUE Records Widely and erroneously used term Glue is a A (AAAA) RR pointing to a authoritative name server for the child zoneGlue is essentialAt the parentFor in-zone name serversAll others are technically normal A (AAAA) RRs
20Glue – Why Essential? Client needs A RR to get to host Client needs a name server to get to host recordClient needs A RR of name server to get name serverNot required if out-of-zone – normal lookup for out-of-zone will get an in- zone name server glue record!
21DNS – SRV RRsrvce.prot.name ttl class rr pri weight port targetSRV provides a means to find a host that offers a service within domainsrvce = symbolic name of service (standardized by IANA) _ftpprot = protocol name _tcpname = domain (zone name) can be omitted (substitution)
22DNS – SRV RRsrvce.prot.name ttl class rr pri weight port targetpri = relative priority – lower is more important like the MX RR (0 – 65535)weight = when pri is the same defines the frequency of delivery of the SRV (0 – )port = the port number of the service (only time that DNS deals with ports and allows for non-standard ports)
23DNS – SRV RR target = name of the host that provides the service srvce.prot.name ttl class rr pri weight port targettarget = name of the host that provides the service
24SRV RR $ORIGIN example.com. ….. ; left hand name is _http._tcp.example.com = query target_http._tcp SRV slow.example.com.SRV fast.example.com.; if neither slow or fast available, switch to; an external backup web server but use port 8100 not port 80SRV backup.example.net.slow Afast A
25SRV RR Extensive use made by modern services such as: SIP (voip)LDAPWindows AD (kerberos and others)Web browsers rarely use SRV
26NAPTR RRsNAPTR order pref flag params regexp replaceNAPTR (Naming Authority Pointer Record) is a general purpose RR for Dynamic Delegation Discover System (DDDS). Sister or SRV. Application unique format.order = low is highest like MXpref = if order is same pref (lower is highest) is used to find best RR
27NAPTR RRs flag = Optional. Enclosed in quotes. Unique to application NAPTR order pref flag params regexp replaceflag = Optional. Enclosed in quotes. Unique to applicationparams = Optional. Enclosed in quotes. Unique to application.regexp = regular expression applied to Application User String (AUS)
28NAPTR RRsNAPTR order pref flag params regexp replacereplace = Replaces the Application User String (AUS). Dot if not used.
29ENUM Use of NAPTRENUM is a service which allows a telephone number to be converted into one or more methods to reach a humanDomain name is .e164.arpaAssume we want to contact (AUS = )First Well Known Rule (ENUM specific) creates E164.ARPA – DNS lookup
31ENUM Use of NAPTR ; zone file fragment for 220.127.116.11.18.104.22.168.E164.ARPA $TTL 2d ; zone TTL default = 2 days or seconds$ORIGIN E164.ARPA.....NAPTR (10 ;order100 ; preference"U" ; flag"E2U+sip" ;svc;ere.) ; replaceNAPTR "u" "E2U+pres" .
32ENUM Result First NAPTR RR gives sip:email@example.com If this fails second NAPTR givesRegular Expression Quick Key! = delimiter, () group, $ = EoL, \1 = backref (group), ^ = SoL+ = 1 or more times, * = 0 or more times\ escaped for DNS only (\\1), on-wire escape char removed (\1)
33Quick Quiz Normal strategy for load balancing? MX failover/load balancing strategies?Does virtual subdomain delegation require name servers?What is the parent of ramq.example.comAre NS RRs in the parent authoritativeAre GLUE records necessary for out-of- zone name servers?What do SRV records do?
34Zone File Exercise Zone files for domain delegation Full delegation Parent is gov.lcChild is nic.gov.lcMail will go to the parent domainTwo NS servers ns1.nic.gov.lc, ns2.nic.gov.lc