Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS.

Similar presentations


Presentation on theme: "ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS."— Presentation transcript:

1 ISOC NTW T2The Domain Name System1

2 ISOC NTW T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS is zConfiguring a resolver on a Unix-like systemConfiguring a resolver on a Unix-like system zConfiguring a nameserver on a Unix-like systemConfiguring a nameserver on a Unix-like system zExercise: Create and install a simple zoneExercise: Create and install a simple zone

3 ISOC NTW T2The Domain Name System3 What the Internet’s DNS is zA systematic namespace called the domain name spaceA systematic namespace called the domain name space zDifferent people or organisations are responsible for different parts of the namespaceDifferent people or organisations are responsible for different parts of the namespace zInformation is associated with each nameInformation is associated with each name zA set of conventions for using the informationA set of conventions for using the information zA distributed database systemA distributed database system zProtocols that allow retrieval of information, and synchronisation between serversProtocols that allow retrieval of information, and synchronisation between servers

4 ISOC NTW T2The Domain Name System4 A systematic namespace - the domain name space zSeveral components (called labels) ywritten separated by dots yoften written terminated by a dot zHierarchical structure yLeftmost label has most local scope yRightmost label has global scope yTerminal dot represents root of the hierarchy zDomain names are case independent

5 ISOC NTW T2The Domain Name System5 Why use hierarchical names? zInternet hosts and other resources need globally unique names zDifficult to keep unstructured names unique ywould require a single list of all names in use zHierarchical names are much easier to make unique ycat.abc.at. is different from cat.abc.au.

6 ISOC NTW T2The Domain Name System6 What are domain names used for? zTo identify computers (hosts) on the Internet xaustin.ghana.com zTo identify organisations xafnog.org zTo map other information to a form that is usable with the DNS infrastructure xIP addresses, Telephone numbers, AS numbers

7 ISOC NTW T2The Domain Name System7 Examples of domain names z. zCOM. zGH. zCO.ZA. zwww.afnog.org. zin-addr.arpa.

8 ISOC NTW T2The Domain Name System8 Domain Name Hierarchy. edu Root domain comgovmilnetorg rofrat... jp icirncasepubuttvsat roearn ns std cslmndsp ulise paul accogvor... uni-linztuwien eunet cc univie matexpitc phytia alpha chris Top-Level-Domains Second Level Domains

9 ISOC NTW T2The Domain Name System9 Different uses of the term “domain” zSometimes, the term “domain” is used to refer to a single name ysuch as zSometimes, the term “domain” is used to refer to all the names (subdomains) that are hierarchically below a particular name yin this usage, the afnog.org domain includes ws.afnog.org, t1.ws.afnog.org, etc.

10 ISOC NTW T2The Domain Name System10 Other information mapped to domain names zAlmost any systematic namespace could be mapped to the domain name space zNeed an algorithm agreed to by all people who will use the mapping

11 ISOC NTW T2The Domain Name System11 Different people responsible for diff. parts zAdministrator responsible for a domain may delegate authority for a subdomain zEach part that is administered independently is called a zone zDomain or zone administrator may choose to put subdomains in same zone as parent domain, or in different zone, depending on policy and convenience

12 ISOC NTW T2The Domain Name System12 What is a zone? (1) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name

13 ISOC NTW T2The Domain Name System13 What is a zone? (diagram 1). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B

14 ISOC NTW T2The Domain Name System14 What is a zone? (2) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name zNow cut some of the arcs yEach cut represents a delegation of administrative control

15 ISOC NTW T2The Domain Name System15 What is a zone? (diagram 2). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone cut

16 ISOC NTW T2The Domain Name System16 What is a zone? (3) zEach zone consists of a set of nodes that are still joined to each other through paths that do not involve arcs that have been cut yThe name “CAT.K.B” is in the “B” zone yThe name “DOG.K.B” is in the “DOG.K.B” zone yThe “DOG.K.B” zone is a child of the “B” zone

17 ISOC NTW T2The Domain Name System17 What is a zone? (diagram 3). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone Zone cut Root zone A zone B zone DOG.K.B zone

18 ISOC NTW T2The Domain Name System18 Information is associated with each domain name zSeveral types of records (Resource Records, RRs), all with a similar formatSeveral types of recordsall with a similar format zEach RR contains some information that is associated with a specific domain name zEach domain name can have several RRs of the same type or of different types

19 ISOC NTW T2The Domain Name System19 General format of RRs zOwner name - the domain name that this record belongs to zTTL - how long copies of this RR may be cached (measured in seconds) zClass - almost always IN zType - there are many typesType - there are many types zData - different RR types have different data formats

20 ISOC NTW T2The Domain Name System20 Several types of RRs zIP address for a hostIP address for a host zInformation needed by the DNS infrastructure itselfInformation needed by the DNS infrastructure itself zHostname for an IP addressHostname for an IP address zInformation about mail routingInformation about mail routing zFree form textFree form text zAlias to canonical name mappingAlias to canonical name mapping zMany more (but less commonly used)

21 ISOC NTW T2The Domain Name System21 IP address for a host zA record zOwner is host name zData is IP address ; IP address of austin.gh.com austin.ghana.com IN A

22 ISOC NTW T2The Domain Name System22 Information needed by the DNS infrastructure itself zSOA recordSOA record yEach zone has exactly one SOA record zNS recordsNS records yEach zone has several nameservers that are listed as having authoritative information about domains in the zone yOne NS record for each such nameserver zZone cuts are marked by these RRsZone cuts are marked by these RRs

23 ISOC NTW T2The Domain Name System23 SOA record zEvery zone has exactly one SOA record zThe domain name at the top of the zone owns the SOA record zData portion of SOA record contains: yMNAME - name of master nameserver yRNAME - address of zone administrator ySERIAL - serial number yREFRESH RETRY EXPIRE MINIMUM - timing parameters

24 ISOC NTW T2The Domain Name System24 NS record zEach zone has several listed nameservers zOne NS record for each listed nameserver ymaster/primary and slaves/secondaries zthe data portion of each NS record contains the domain name of a nameserver zDoes not contain IP address yGet that from an A record for the nameserver

25 ISOC NTW T2The Domain Name System25 SOA and NS record example ; owner TTL class type data ghana.com IN SOA austin.gh.com. support.gh.com. ( ; serial ; refresh 3600 ; retry ; expire 900 ) ; minimum ghana.com IN NS ns1.ghana.com. ghana.com IN NS ns2.ghana.com. ghana.com IN NS server.elsewhere.example.

26 ISOC NTW T2The Domain Name System26 SOA and NS example using some shortcuts $ORIGIN ghana.com. $TTL ; owner TTL class type IN SOA austin.gh.com. Support.gh.com. ( ; serial ; refresh 3600 ; retry ; expire 900 ) ; minimum NS ns1 NS ns2 NS server.elsewhere.example.

27 ISOC NTW T2The Domain Name System27 More about RRs above and below zone cuts zRRs in the child zone (below the cut) ySOA and NS records (authoritative) zRRs in the parent zone (above the cut) yNS records (should be identical to those in the child zone) zglue records ythe child zone’s nameservers sometimes need A records in the parent zone

28 ISOC NTW T2The Domain Name System28 Zone cut example - RRs in the child zone zparent is COM zone; child is GHANA.COM zone zchild zone has SOA and NS records, and A records for hosts ghana.com. IN SOA xxx xxx xxx xxx xxx xxx xxx NS ns1.ghana.com. NS another.elsewhere.com. ns1.ghana.com. A ; the ghana.com zone does not have an A record ; for another.elsewhere.com.

29 ISOC NTW T2The Domain Name System29 Zone cut example - RRs in the parent zone zparent is COM zone; child is XYZ.COM zone zparent zone has its own SOA and NS records, plus copies of child zone’s NS records, plus glue records COM. IN SOA xxx xxx xxx xxx xxx xxx xxx NS xxxxxxx NS yyyyyyy ghana.com. NS ns1.ghana.com. NS another.elsewhere.edu. ns1.ghana.com. A ; the com zone does not have an A record ; for another.elsewhere.edu.

30 ISOC NTW T2The Domain Name System30 Hostname for an IP address zPTR record zOwner is IP address, mapped into the in- addr.arpa domain zData is name of host with that IP address ; host name for IP address in-addr.arpa. PTR austin.ghana.com.

31 ISOC NTW T2The Domain Name System31 Information about mail routing zMX record zOwner is name of domain zData contains preference value, and name of host that receives incoming ; send ghana.com’s to mailserver or backupserver ghana.com. MX 0 mail.ghana.com. ghana.com. MX 10 backupmail.ghana.com.

32 ISOC NTW T2The Domain Name System32 Alias to canonical name mapping zCNAME record zOwner is non-canonical domain name (alias) zData is canonical domain name ; ftp.xyz.com is an alias ; ftp.ghana.com is the canonical name ftp.ghana.com. CNAME austin.ghana.com

33 ISOC NTW T2The Domain Name System33 Free form text zTXT record zOwner is any domain name zData is any text associated with the domain name zVery few conventions about how to use it net.ghana.com. TXT “NETWORKS R US”

34 ISOC NTW T2The Domain Name System34 Reverse Lookup zWhen a source host establishes a connection to a destination host, the TCP/IP packets carry out only IP addresses of the source host; zFor authentication, access rights or accounting information, the destination host wants to know the name of the source host; zFor this purpose, a special domain “in-addr.arpa” is used; zThe reverse name is obtained by reversing the IP number and adding the name “in-addr.arpa”; zExample: address: reverse name: in-addr.arpa zReverse domains form a hierarchical tree and are treated as any other Internet domain. zRfc2317 Classless In-ADDR.ARPA delegation

35 ISOC NTW T2The Domain Name System35 Reverse Domain Hierarchy in-addr.arpa

36 ISOC NTW T2The Domain Name System36 A set of conventions for using the information zHow to represent the relationship between host names and IP addresses zWhat records are used to control mail routing, and how the mail system should use those records zHow to use the DNS to store IP netmask information zMany other things

37 ISOC NTW T2The Domain Name System37 The DNS is a distributed database system zWhat makes it a distributed database?What makes it a distributed database? zHow is data partitioned amongst the servers?How is data partitioned amongst the servers? zWhat about reliability?What about reliability?

38 ISOC NTW T2The Domain Name System38 What makes it a distributed database? zThousands of servers around the world zEach server has authoritative information about some subset of the namespace zThere is no central server that has information about the whole namespace zIf a question gets sent to a server that does not know the answer, that is not a problem

39 ISOC NTW T2The Domain Name System39 Requirements for a nameserver zA query should be resolved as fast as possible; zIt should be available 24 hours a day; zIt should be reachable via fast communication lines; zIt should be located in the central in the network topology; zIt should run robust, without errors and interrupts.

40 ISOC NTW T2The Domain Name System40 How is data partitioned amongst the servers? zThe namespace is divided into zones zEach zone has two or more authoritative nameservers yOne primary or master yOne or more secondaries or slaves ySlaves periodically update from master zEach server is authoritative for any number of zones (zero or more)

41 ISOC NTW T2The Domain Name System41 What about reliability? zIf one server does not reply, clients will ask another server zThat’s why there are several servers for each zone zZone administrators should choose servers that are not all subject to a single point of failure

42 ISOC NTW T2The Domain Name System42 DNS Protocols zClient/server question/answer yWhat kinds of questions can clients ask?What kinds of questions can clients ask? yThe resolver/server modelThe resolver/server model yWhat if the server does not know the answer?What if the server does not know the answer? zMaster and slave serversMaster and slave servers yConfiguration by zone administrator yPeriodic update of slaves from master

43 ISOC NTW T2The Domain Name System43 What kinds of questions can clients ask? zAll the records of a particular type for a particular domain name yAll the A records, or all the MX records zAll records of any type for a particular domain name zA complete zone transfer of all records in a particular zone yUsed to synchronise slave with master server

44 ISOC NTW T2The Domain Name System44 What if the server does not know the answer? zServers that receive queries for which they have no information can return a referral to another server zReferral may include SOA, NS records and A records zClient can recursively follow the referral zServer may recurse on behalf of client, if client so requests and server is willing

45 ISOC NTW T2The Domain Name System45 Master and slave servers za.k.a. primary and secondary zzone administrator sets up primary/master zasks friends or ISPs to set up slaves/secondaries zslave periodically checks with master to see if data has changed ztransfers new zone if necessary zserial number in SOA record in each zone

46 ISOC NTW T2The Domain Name System46 Location of servers zone master and at least one slave zon different networks zavoid having a single point of failure zRFC SELECTION AND OPERATION OF SECONDARY DNS SERVERS zRFC2181- CLARIFICATIONS TO THE DNS SPECIFICATION

47 ISOC NTW T2The Domain Name System47 Configuring a nameserver on a Unix-like system zBIND is the most common implementation zup to version 4.9.* use /etc/named.boot file zfrom version 8.* use /etc/named.conf file zcache name zprimary/master zone name and file name zsecondary/slave zone name, master IP address, backup file name

48 ISOC NTW T2The Domain Name System48 named.boot example z/etc/named.boot contains the following lines directory /etc/namedb ; type zone master file name cache. root.cache primary t1.ws.afnog.org afnog.org secondary gh.com sec/gh.com

49 ISOC NTW T2The Domain Name System49 named.conf example z/etc/named.conf contains the following lines options { directory "/etc/namedb"; }; zone "." { type ; file "root.cache"; }; zone ”t1.ws.afnog.org" { type master; file ”afnog.org"; }; zone ”gh.com" { type slave; masters { ; }; file "sec/gh.com"; };

50 ISOC NTW T2The Domain Name System50 Checking DNS using nslookup znslookup commands: server ; set the server to be queried set type = NS ;queries NS resources set type = SOA ;queries SOA resources set type = A ;queries A resources set type = MX ;queries MX resources set type = CNAME ;queries CNAME resources set type = PTR ;queries PTR resources set type = ANY ;queries ANY resources ls ;lists the zone ls > ;gets the zone into the file

51 ISOC NTW T2The Domain Name System51 Checking DNS using dig zDig yTool to manage DNS settings ySyntax is: dig [query-type]

52 ISOC NTW T2The Domain Name System52 Best Practices zUpgrade to latest version of BIND zAlways Increment your serial number zInform hostmasters of orgs you to run name service for you. zMX servers should know about your domain otherwise mail bounces. zAlways signal to reload after making changes

53 ISOC NTW T2The Domain Name System53 Best Practices zDon’t forget to add reverse delegation zmake sure you don’t have syntax errors in conf file and zone files zdon’t forget to add trailing dots in database file zProper Subdomain delegation ymissing subdomain delegation yincorrect subdomain delegation

54 ISOC NTW T2The Domain Name System54 Best Practices zSyntax error in resolv.conf zdon’t forget to set your default domain

55 ISOC NTW T2The Domain Name System55 Checking for DNS correctness zSeveral Programs available zftp://ftp.isc.org/isc/bind/src/8.1.1/bind- contrib.tar.gz zwww.domtools.com

56 ISOC NTW T2The Domain Name System56 Questions


Download ppt "ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS."

Similar presentations


Ads by Google