Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS.

Published byMicah Edsall Modified over 9 years ago

Similar presentations

Presentation on theme: "ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS."— Presentation transcript:

1 ISOC NTW 2000 - T2The Domain Name System1

2 ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS is zConfiguring a resolver on a Unix-like systemConfiguring a resolver on a Unix-like system zConfiguring a nameserver on a Unix-like systemConfiguring a nameserver on a Unix-like system zExercise: Create and install a simple zoneExercise: Create and install a simple zone

3 ISOC NTW 2000 - T2The Domain Name System3 What the Internet’s DNS is zA systematic namespace called the domain name spaceA systematic namespace called the domain name space zDifferent people or organisations are responsible for different parts of the namespaceDifferent people or organisations are responsible for different parts of the namespace zInformation is associated with each nameInformation is associated with each name zA set of conventions for using the informationA set of conventions for using the information zA distributed database systemA distributed database system zProtocols that allow retrieval of information, and synchronisation between serversProtocols that allow retrieval of information, and synchronisation between servers

4 ISOC NTW 2000 - T2The Domain Name System4 A systematic namespace - the domain name space zSeveral components (called labels) ywritten separated by dots yoften written terminated by a dot zHierarchical structure yLeftmost label has most local scope yRightmost label has global scope yTerminal dot represents root of the hierarchy zDomain names are case independent

5 ISOC NTW 2000 - T2The Domain Name System5 Why use hierarchical names? zInternet hosts and other resources need globally unique names zDifficult to keep unstructured names unique ywould require a single list of all names in use zHierarchical names are much easier to make unique ycat.abc.at. is different from cat.abc.au.

6 ISOC NTW 2000 - T2The Domain Name System6 What are domain names used for? zTo identify computers (hosts) on the Internet xaustin.ghana.com zTo identify organisations xafnog.org zTo map other information to a form that is usable with the DNS infrastructure xIP addresses, Telephone numbers, AS numbers

7 ISOC NTW 2000 - T2The Domain Name System7 Examples of domain names z. zCOM. zGH. zCO.ZA. zwww.afnog.org. zin-addr.arpa.

8 ISOC NTW 2000 - T2The Domain Name System8 Domain Name Hierarchy. edu Root domain comgovmilnetorg rofrat... jp icirncasepubuttvsat roearn ns std cslmndsp ulise paul accogvor... uni-linztuwien....... eunet cc univie matexpitc...... phytia alpha chris Top-Level-Domains Second Level Domains

9 ISOC NTW 2000 - T2The Domain Name System9 Different uses of the term “domain” zSometimes, the term “domain” is used to refer to a single name ysuch as www.afnog.org zSometimes, the term “domain” is used to refer to all the names (subdomains) that are hierarchically below a particular name yin this usage, the afnog.org domain includes www.afnog.org, ws.afnog.org, t1.ws.afnog.org, etc.

10 ISOC NTW 2000 - T2The Domain Name System10 Other information mapped to domain names zAlmost any systematic namespace could be mapped to the domain name space zNeed an algorithm agreed to by all people who will use the mapping

11 ISOC NTW 2000 - T2The Domain Name System11 Different people responsible for diff. parts zAdministrator responsible for a domain may delegate authority for a subdomain zEach part that is administered independently is called a zone zDomain or zone administrator may choose to put subdomains in same zone as parent domain, or in different zone, depending on policy and convenience

12 ISOC NTW 2000 - T2The Domain Name System12 What is a zone? (1) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name

13 ISOC NTW 2000 - T2The Domain Name System13 What is a zone? (diagram 1). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B

14 ISOC NTW 2000 - T2The Domain Name System14 What is a zone? (2) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name zNow cut some of the arcs yEach cut represents a delegation of administrative control

15 ISOC NTW 2000 - T2The Domain Name System15 What is a zone? (diagram 2). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone cut

16 ISOC NTW 2000 - T2The Domain Name System16 What is a zone? (3) zEach zone consists of a set of nodes that are still joined to each other through paths that do not involve arcs that have been cut yThe name “CAT.K.B” is in the “B” zone yThe name “DOG.K.B” is in the “DOG.K.B” zone yThe “DOG.K.B” zone is a child of the “B” zone

17 ISOC NTW 2000 - T2The Domain Name System17 What is a zone? (diagram 3). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone Zone cut Root zone A zone B zone DOG.K.B zone

18 ISOC NTW 2000 - T2The Domain Name System18 Information is associated with each domain name zSeveral types of records (Resource Records, RRs), all with a similar formatSeveral types of recordsall with a similar format zEach RR contains some information that is associated with a specific domain name zEach domain name can have several RRs of the same type or of different types

19 ISOC NTW 2000 - T2The Domain Name System19 General format of RRs zOwner name - the domain name that this record belongs to zTTL - how long copies of this RR may be cached (measured in seconds) zClass - almost always IN zType - there are many typesType - there are many types zData - different RR types have different data formats

20 ISOC NTW 2000 - T2The Domain Name System20 Several types of RRs zIP address for a hostIP address for a host zInformation needed by the DNS infrastructure itselfInformation needed by the DNS infrastructure itself zHostname for an IP addressHostname for an IP address zInformation about mail routingInformation about mail routing zFree form textFree form text zAlias to canonical name mappingAlias to canonical name mapping zMany more (but less commonly used)

21 ISOC NTW 2000 - T2The Domain Name System21 IP address for a host zA record zOwner is host name zData is IP address ; IP address of austin.gh.com austin.ghana.com. 86400 IN A 196.3.64.1

22 ISOC NTW 2000 - T2The Domain Name System22 Information needed by the DNS infrastructure itself zSOA recordSOA record yEach zone has exactly one SOA record zNS recordsNS records yEach zone has several nameservers that are listed as having authoritative information about domains in the zone yOne NS record for each such nameserver zZone cuts are marked by these RRsZone cuts are marked by these RRs

23 ISOC NTW 2000 - T2The Domain Name System23 SOA record zEvery zone has exactly one SOA record zThe domain name at the top of the zone owns the SOA record zData portion of SOA record contains: yMNAME - name of master nameserver yRNAME - email address of zone administrator ySERIAL - serial number yREFRESH RETRY EXPIRE MINIMUM - timing parameters

24 ISOC NTW 2000 - T2The Domain Name System24 NS record zEach zone has several listed nameservers zOne NS record for each listed nameserver ymaster/primary and slaves/secondaries zthe data portion of each NS record contains the domain name of a nameserver zDoes not contain IP address yGet that from an A record for the nameserver

25 ISOC NTW 2000 - T2The Domain Name System25 SOA and NS record example ; owner TTL class type data ghana.com. 86400 IN SOA austin.gh.com. support.gh.com. ( 199710161 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimum ghana.com. 86400 IN NS ns1.ghana.com. ghana.com. 86400 IN NS ns2.ghana.com. ghana.com. 86400 IN NS server.elsewhere.example.

26 ISOC NTW 2000 - T2The Domain Name System26 SOA and NS example using some shortcuts $ORIGIN ghana.com. $TTL 86400 ; owner TTL class type data @ IN SOA austin.gh.com. Support.gh.com. ( 199710161 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimum NS ns1 NS ns2 NS server.elsewhere.example.

27 ISOC NTW 2000 - T2The Domain Name System27 More about RRs above and below zone cuts zRRs in the child zone (below the cut) ySOA and NS records (authoritative) zRRs in the parent zone (above the cut) yNS records (should be identical to those in the child zone) zglue records ythe child zone’s nameservers sometimes need A records in the parent zone

28 ISOC NTW 2000 - T2The Domain Name System28 Zone cut example - RRs in the child zone zparent is COM zone; child is GHANA.COM zone zchild zone has SOA and NS records, and A records for hosts ghana.com. IN SOA xxx xxx xxx xxx xxx xxx xxx NS ns1.ghana.com. NS another.elsewhere.com. ns1.ghana.com. A 192.0.2.3 ; the ghana.com zone does not have an A record ; for another.elsewhere.com.

29 ISOC NTW 2000 - T2The Domain Name System29 Zone cut example - RRs in the parent zone zparent is COM zone; child is XYZ.COM zone zparent zone has its own SOA and NS records, plus copies of child zone’s NS records, plus glue records COM. IN SOA xxx xxx xxx xxx xxx xxx xxx NS xxxxxxx NS yyyyyyy ghana.com. NS ns1.ghana.com. NS another.elsewhere.edu. ns1.ghana.com. A 192.0.2.3 ; the com zone does not have an A record ; for another.elsewhere.edu.

30 ISOC NTW 2000 - T2The Domain Name System30 Hostname for an IP address zPTR record zOwner is IP address, mapped into the in- addr.arpa domain zData is name of host with that IP address ; host name for IP address 196.3.64.1 1.64.3.196.in-addr.arpa. PTR austin.ghana.com.

31 ISOC NTW 2000 - T2The Domain Name System31 Information about mail routing zMX record zOwner is name of email domain zData contains preference value, and name of host that receives incoming email ; send ghana.com’s email to mailserver or backupserver ghana.com. MX 0 mail.ghana.com. ghana.com. MX 10 backupmail.ghana.com.

32 ISOC NTW 2000 - T2The Domain Name System32 Alias to canonical name mapping zCNAME record zOwner is non-canonical domain name (alias) zData is canonical domain name ; ftp.xyz.com is an alias ; ftp.ghana.com is the canonical name ftp.ghana.com. CNAME austin.ghana.com

33 ISOC NTW 2000 - T2The Domain Name System33 Free form text zTXT record zOwner is any domain name zData is any text associated with the domain name zVery few conventions about how to use it net.ghana.com. TXT “NETWORKS R US”

34 ISOC NTW 2000 - T2The Domain Name System34 Reverse Lookup zWhen a source host establishes a connection to a destination host, the TCP/IP packets carry out only IP addresses of the source host; zFor authentication, access rights or accounting information, the destination host wants to know the name of the source host; zFor this purpose, a special domain “in-addr.arpa” is used; zThe reverse name is obtained by reversing the IP number and adding the name “in-addr.arpa”; zExample: address: 130.65.240.254 reverse name: 254.240.65.130.in-addr.arpa zReverse domains form a hierarchical tree and are treated as any other Internet domain. zRfc2317 Classless In-ADDR.ARPA delegation

35 ISOC NTW 2000 - T2The Domain Name System35 Reverse Domain Hierarchy 187 188189190191192 193194195... 157158159160165166167168....in-addr.arpa 162161163164 161514 13121718192021 31245

36 ISOC NTW 2000 - T2The Domain Name System36 A set of conventions for using the information zHow to represent the relationship between host names and IP addresses zWhat records are used to control mail routing, and how the mail system should use those records zHow to use the DNS to store IP netmask information zMany other things

37 ISOC NTW 2000 - T2The Domain Name System37 The DNS is a distributed database system zWhat makes it a distributed database?What makes it a distributed database? zHow is data partitioned amongst the servers?How is data partitioned amongst the servers? zWhat about reliability?What about reliability?

38 ISOC NTW 2000 - T2The Domain Name System38 What makes it a distributed database? zThousands of servers around the world zEach server has authoritative information about some subset of the namespace zThere is no central server that has information about the whole namespace zIf a question gets sent to a server that does not know the answer, that is not a problem

39 ISOC NTW 2000 - T2The Domain Name System39 Requirements for a nameserver zA query should be resolved as fast as possible; zIt should be available 24 hours a day; zIt should be reachable via fast communication lines; zIt should be located in the central in the network topology; zIt should run robust, without errors and interrupts.

40 ISOC NTW 2000 - T2The Domain Name System40 How is data partitioned amongst the servers? zThe namespace is divided into zones zEach zone has two or more authoritative nameservers yOne primary or master yOne or more secondaries or slaves ySlaves periodically update from master zEach server is authoritative for any number of zones (zero or more)

41 ISOC NTW 2000 - T2The Domain Name System41 What about reliability? zIf one server does not reply, clients will ask another server zThat’s why there are several servers for each zone zZone administrators should choose servers that are not all subject to a single point of failure

42 ISOC NTW 2000 - T2The Domain Name System42 DNS Protocols zClient/server question/answer yWhat kinds of questions can clients ask?What kinds of questions can clients ask? yThe resolver/server modelThe resolver/server model yWhat if the server does not know the answer?What if the server does not know the answer? zMaster and slave serversMaster and slave servers yConfiguration by zone administrator yPeriodic update of slaves from master

43 ISOC NTW 2000 - T2The Domain Name System43 What kinds of questions can clients ask? zAll the records of a particular type for a particular domain name yAll the A records, or all the MX records zAll records of any type for a particular domain name zA complete zone transfer of all records in a particular zone yUsed to synchronise slave with master server

44 ISOC NTW 2000 - T2The Domain Name System44 What if the server does not know the answer? zServers that receive queries for which they have no information can return a referral to another server zReferral may include SOA, NS records and A records zClient can recursively follow the referral zServer may recurse on behalf of client, if client so requests and server is willing

45 ISOC NTW 2000 - T2The Domain Name System45 Master and slave servers za.k.a. primary and secondary zzone administrator sets up primary/master zasks friends or ISPs to set up slaves/secondaries zslave periodically checks with master to see if data has changed ztransfers new zone if necessary zserial number in SOA record in each zone

46 ISOC NTW 2000 - T2The Domain Name System46 Location of servers zone master and at least one slave zon different networks zavoid having a single point of failure zRFC 2182- SELECTION AND OPERATION OF SECONDARY DNS SERVERS zRFC2181- CLARIFICATIONS TO THE DNS SPECIFICATION

47 ISOC NTW 2000 - T2The Domain Name System47 Configuring a nameserver on a Unix-like system zBIND is the most common implementation zup to version 4.9.* use /etc/named.boot file zfrom version 8.* use /etc/named.conf file zcache name zprimary/master zone name and file name zsecondary/slave zone name, master IP address, backup file name

48 ISOC NTW 2000 - T2The Domain Name System48 named.boot example z/etc/named.boot contains the following lines directory /etc/namedb ; type zone master file name cache. root.cache primary t1.ws.afnog.org afnog.org secondary gh.com 196.3.64.1 sec/gh.com

49 ISOC NTW 2000 - T2The Domain Name System49 named.conf example z/etc/named.conf contains the following lines options { directory "/etc/namedb"; }; zone "." { type ; file "root.cache"; }; zone ”t1.ws.afnog.org" { type master; file ”afnog.org"; }; zone ”gh.com" { type slave; masters { 196.3.64.1; }; file "sec/gh.com"; };

50 ISOC NTW 2000 - T2The Domain Name System50 Checking DNS using nslookup znslookup commands: server ; set the server to be queried set type = NS ;queries NS resources set type = SOA ;queries SOA resources set type = A ;queries A resources set type = MX ;queries MX resources set type = CNAME ;queries CNAME resources set type = PTR ;queries PTR resources set type = ANY ;queries ANY resources ls ;lists the zone ls > ;gets the zone into the file

51 ISOC NTW 2000 - T2The Domain Name System51 Checking DNS using dig zDig yTool to manage DNS settings ySyntax is: dig [domain] @nameserver [query-type]

52 ISOC NTW 2000 - T2The Domain Name System52 Best Practices zUpgrade to latest version of BIND zAlways Increment your serial number zInform hostmasters of orgs you to run name service for you. zMX servers should know about your domain otherwise mail bounces. zAlways signal to reload after making changes

53 ISOC NTW 2000 - T2The Domain Name System53 Best Practices zDon’t forget to add reverse delegation zmake sure you don’t have syntax errors in conf file and zone files zdon’t forget to add trailing dots in database file zProper Subdomain delegation ymissing subdomain delegation yincorrect subdomain delegation

54 ISOC NTW 2000 - T2The Domain Name System54 Best Practices zSyntax error in resolv.conf zdon’t forget to set your default domain

55 ISOC NTW 2000 - T2The Domain Name System55 Checking for DNS correctness zSeveral Programs available zftp://ftp.isc.org/isc/bind/src/8.1.1/bind- contrib.tar.gz zwww.domtools.com

56 ISOC NTW 2000 - T2The Domain Name System56 Questions

Download ppt "ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS."

Similar presentations

Domain Name System (DNS) Adapted from a presentation by Ayitey Bulley DNS Fundamentals.

Domain Name System (DNS) Adapted from a presentation by Ayitey Bulley DNS Fundamentals.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
Domain Name System: DNS

Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.

Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.

Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.

Similar presentations

Ads by Google