Presentation is loading. Please wait.

Presentation is loading. Please wait.

AFNOG NTW 2000 - T1The Domain Name System1. AFNOG NTW 2000 - T1The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s.

Published byAnthony Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "AFNOG NTW 2000 - T1The Domain Name System1. AFNOG NTW 2000 - T1The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s."— Presentation transcript:

1 AFNOG NTW 2000 - T1The Domain Name System1

2 AFNOG NTW 2000 - T1The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS is zConfiguring a resolver on a Unix-like systemConfiguring a resolver on a Unix-like system zConfiguring a nameserver on a Unix-like systemConfiguring a nameserver on a Unix-like system zExercise: Create and install a simple zoneExercise: Create and install a simple zone

3 AFNOG NTW 2000 - T1The Domain Name System3 What the Internet’s DNS is zA systematic namespace called the domain name spaceA systematic namespace called the domain name space zDifferent people or organisations are responsible for different parts of the namespaceDifferent people or organisations are responsible for different parts of the namespace zInformation is associated with each nameInformation is associated with each name zA set of conventions for using the informationA set of conventions for using the information zA distributed database systemA distributed database system zProtocols that allow retrieval of information, and synchronisation between serversProtocols that allow retrieval of information, and synchronisation between servers

4 AFNOG NTW 2000 - T1The Domain Name System4 A systematic namespace - the domain name space zSeveral components (called labels) ywritten separated by dots yoften written terminated by a dot zHierarchical structure yLeftmost label has most local scope yRightmost label has global scope yTerminal dot represents root of the hierarchy zDomain names are case independent

5 AFNOG NTW 2000 - T1The Domain Name System5 Why use hierarchical names? zInternet hosts and other resources need globally unique names zDifficult to keep unstructured names unique ywould require a single list of all names in use zHierarchical names are much easier to make unique ycat.abc.at. is different from cat.abc.au.

6 AFNOG NTW 2000 - T1The Domain Name System6 What are domain names used for? zTo identify computers (hosts) on the Internet xaustin.ghana.com zTo identify organisations xafnog.org zTo map other information to a form that is usable with the DNS infrastructure xIP addresses, Telephone numbers, AS numbers

7 AFNOG NTW 2000 - T1The Domain Name System7 Examples of domain names z. zCOM. zGH. zCO.ZA. zwww.afnog.org. zin-addr.arpa.

8 AFNOG NTW 2000 - T1The Domain Name System8 Domain Name Hierarchy. edu Root domain comgovmilnetorg rofrat... jp icirncasepubuttvsat roearn ns std cslmndsp ulise paul accogvor... uni-linztuwien....... eunet cc univie matexpitc...... phytia alpha chris Top-Level-Domains Second Level Domains

9 AFNOG NTW 2000 - T1The Domain Name System9 Different uses of the term “domain” zSometimes, the term “domain” is used to refer to a single name ysuch as www.afnog.org zSometimes, the term “domain” is used to refer to all the names (subdomains) that are hierarchically below a particular name yin this usage, the afnog.org domain includes www.afnog.org, ws.afnog.org, t1.ws.afnog.org, etc.

10 AFNOG NTW 2000 - T1The Domain Name System10 Other information mapped to domain names zAlmost any systematic namespace could be mapped to the domain name space zNeed an algorithm agreed to by all people who will use the mapping

11 AFNOG NTW 2000 - T1The Domain Name System11 Different people responsible for diff. parts zAdministrator responsible for a domain may delegate authority for a subdomain zEach part that is administered independently is called a zone zDomain or zone administrator may choose to put subdomains in same zone as parent domain, or in different zone, depending on policy and convenience

12 AFNOG NTW 2000 - T1The Domain Name System12 What is a zone? (1) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name

13 AFNOG NTW 2000 - T1The Domain Name System13 What is a zone? (diagram 1). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B

14 AFNOG NTW 2000 - T1The Domain Name System14 What is a zone? (2) zThink of the namespace as a tree or graph of nodes joined by arcs yEach node represents a domain name zNow cut some of the arcs yEach cut represents a delegation of administrative control

15 AFNOG NTW 2000 - T1The Domain Name System15 What is a zone? (diagram 2). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone cut

16 AFNOG NTW 2000 - T1The Domain Name System16 What is a zone? (3) zEach zone consists of a set of nodes that are still joined to each other through paths that do not involve arcs that have been cut yThe name “CAT.K.B” is in the “B” zone yThe name “DOG.K.B” is in the “DOG.K.B” zone yThe “DOG.K.B” zone is a child of the “B” zone

17 AFNOG NTW 2000 - T1The Domain Name System17 What is a zone? (diagram 3). A B X.A Y.A Z.A J.B K.BL.B CAT.K.B DOG.K.B Zone Zone cut Root zone A zone B zone DOG.K.B zone

18 AFNOG NTW 2000 - T1The Domain Name System18 Information is associated with each domain name zSeveral types of records (Resource Records, RRs), all with a similar formatSeveral types of recordsall with a similar format zEach RR contains some information that is associated with a specific domain name zEach domain name can have several RRs of the same type or of different types

19 AFNOG NTW 2000 - T1The Domain Name System19 General format of RRs zOwner name - the domain name that this record belongs to zTTL - how long copies of this RR may be cached (measured in seconds) zClass - almost always IN zType - there are many typesType - there are many types zData - different RR types have different data formats

20 AFNOG NTW 2000 - T1The Domain Name System20 Several types of RRs zIP address for a hostIP address for a host zInformation needed by the DNS infrastructure itselfInformation needed by the DNS infrastructure itself zHostname for an IP addressHostname for an IP address zInformation about mail routingInformation about mail routing zFree form textFree form text zAlias to canonical name mappingAlias to canonical name mapping zMany more (but less commonly used)

21 AFNOG NTW 2000 - T1The Domain Name System21 IP address for a host zA record zOwner is host name zData is IP address ; IP address of austin.gh.com austin.ghana.com. 86400 IN A 196.3.64.1

22 AFNOG NTW 2000 - T1The Domain Name System22 Information needed by the DNS infrastructure itself zSOA recordSOA record yEach zone has exactly one SOA record zNS recordsNS records yEach zone has several nameservers that are listed as having authoritative information about domains in the zone yOne NS record for each such nameserver zZone cuts are marked by these RRsZone cuts are marked by these RRs

23 AFNOG NTW 2000 - T1The Domain Name System23 SOA record zEvery zone has exactly one SOA record zThe domain name at the top of the zone owns the SOA record zData portion of SOA record contains: yMNAME - name of master nameserver yRNAME - email address of zone administrator ySERIAL - serial number yREFRESH RETRY EXPIRE MINIMUM - timing parameters

24 AFNOG NTW 2000 - T1The Domain Name System24 NS record zEach zone has several listed nameservers zOne NS record for each listed nameserver ymaster/primary and slaves/secondaries zthe data portion of each NS record contains the domain name of a nameserver zDoes not contain IP address yGet that from an A record for the nameserver

25 AFNOG NTW 2000 - T1The Domain Name System25 SOA and NS record example ; owner TTL class type data ghana.com. 86400 IN SOA austin.gh.com. support.gh.com. ( 199710161 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimum ghana.com. 86400 IN NS ns1.ghana.com. ghana.com. 86400 IN NS ns2.ghana.com. ghana.com. 86400 IN NS server.elsewhere.example.

26 AFNOG NTW 2000 - T1The Domain Name System26 SOA and NS example using some shortcuts $ORIGIN ghana.com. $TTL 86400 ; owner TTL class type data @ IN SOA austin.gh.com. Support.gh.com. ( 199710161 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimum NS ns1 NS ns2 NS server.elsewhere.example.

27 AFNOG NTW 2000 - T1The Domain Name System27 More about RRs above and below zone cuts zRRs in the child zone (below the cut) ySOA and NS records (authoritative) zRRs in the parent zone (above the cut) yNS records (should be identical to those in the child zone) zglue records ythe child zone’s nameservers sometimes need A records in the parent zone

28 AFNOG NTW 2000 - T1The Domain Name System28 Zone cut example - RRs in the child zone zparent is COM zone; child is GHANA.COM zone zchild zone has SOA and NS records, and A records for hosts ghana.com. IN SOA xxx xxx xxx xxx xxx xxx xxx NS ns1.ghana.com. NS another.elsewhere.edu. ns1.ghana.com. A 192.0.2.3 ; the ghana.com zone does not have an A record ; for another.elsewhere.edu.

29 AFNOG NTW 2000 - T1The Domain Name System29 Zone cut example - RRs in the parent zone zparent is COM zone; child is XYZ.COM zone zparent zone has its own SOA and NS records, plus copies of child zone’s NS records, plus glue records COM. IN SOA xxx xxx xxx xxx xxx xxx xxx NS xxxxxxx NS yyyyyyy ghana.com. NS ns1.ghana.com. NS another.elsewhere.edu. ns1.ghana.com. A 192.0.2.3 ; the com zone does not have an A record ; for another.elsewhere.edu.

30 AFNOG NTW 2000 - T1The Domain Name System30 Hostname for an IP address zPTR record zOwner is IP address, mapped into the in- addr.arpa domain zData is name of host with that IP address ; host name for IP address 196.3.64.1 1.64.3.196.in-addr.arpa. PTR austin.ghana.com.

31 AFNOG NTW 2000 - T1The Domain Name System31 Reverse Lookup zWhen a source host establishes a connection to a destination host, the TCP/IP packets carry out only IP addresses of the source host; zFor authentication, access rights or accounting information, the destination host wants to know the name of the source host; zFor this purpose, a special domain “in-addr.arpa” is used; zThe reverse name is obtained by reversing the IP number and adding the name “in-addr.arpa”; zExample: address: 130.65.240.254 reverse name: 254.240.65.130.in-addr.arpa zReverse domains form a hierarchical tree and are treated as any other Internet domain. zRfc2317 Classless In-ADDR.ARPA delegation

32 AFNOG NTW 2000 - T1The Domain Name System32 Reverse Domain Hierarchy 187 188189190191192 193194195... 157158159160165166167168....in-addr.arpa 162161163164 161514 13121718192021 31245

33 AFNOG NTW 2000 - T1The Domain Name System33 Information about mail routing zMX record zOwner is name of email domain zData contains preference value, and name of host that receives incoming email ; send ghana.com’s email to mailserver or backupserver ghana.com. MX 0 mail.ghana.com. ghana.com. MX 10 backupmail.ghana.com.

34 AFNOG NTW 2000 - T1The Domain Name System34 Free form text zTXT record zOwner is any domain name zData is any text associated with the domain name zVery few conventions about how to use it net.ghana.com. TXT “NETWORKS R US”

35 AFNOG NTW 2000 - T1The Domain Name System35 Alias to canonical name mapping zCNAME record zOwner is non-canonical domain name (alias) zData is canonical domain name ; ftp.xyz.com is an alias ; ftp.ghana.com is the canonical name ftp.ghana.com. CNAME austin.ghana.com

36 AFNOG NTW 2000 - T1The Domain Name System36 A set of conventions for using the information zHow to represent the relationship between host names and IP addresses zWhat records are used to control mail routing, and how the mail system should use those records zHow to use the DNS to store IP netmask information zMany other things

37 AFNOG NTW 2000 - T1The Domain Name System37 The DNS is a distributed database system zWhat makes it a distributed database?What makes it a distributed database? zHow is data partitioned amongst the servers?How is data partitioned amongst the servers? zWhat about reliability?What about reliability?

38 AFNOG NTW 2000 - T1The Domain Name System38 What makes it a distributed database? zThousands of servers around the world zEach server has authoritative information about some subset of the namespace zThere is no central server that has information about the whole namespace zIf a question gets sent to a server that does not know the answer, that is not a problem

39 AFNOG NTW 2000 - T1The Domain Name System39 Requirements for a nameserver zA query should be resolved as fast as possible; zIt should be available 24 hours a day; zIt should be reachable via fast communication lines; zIt should be located in the central in the network topology; zIt should run robust, without errors and interrupts.

40 AFNOG NTW 2000 - T1The Domain Name System40 How is data partitioned amongst the servers? zThe namespace is divided into zones zEach zone has two or more authoritative nameservers yOne primary or master yOne or more secondaries or slaves ySlaves periodically update from master zEach server is authoritative for any number of zones (zero or more)

41 AFNOG NTW 2000 - T1The Domain Name System41 What about reliability? zIf one server does not reply, clients will ask another server zThat’s why there are several servers for each zone zZone administrators should choose servers that are not all subject to a single point of failure

42 AFNOG NTW 2000 - T1The Domain Name System42 DNS Protocols zClient/server question/answer yWhat kinds of questions can clients ask?What kinds of questions can clients ask? yThe resolver/server modelThe resolver/server model yWhat if the server does not know the answer?What if the server does not know the answer? zMaster and slave serversMaster and slave servers yConfiguration by zone administrator yPeriodic update of slaves from master

43 AFNOG NTW 2000 - T1The Domain Name System43 What kinds of questions can clients ask? zAll the records of a particular type for a particular domain name yAll the A records, or all the MX records zAll records of any type for a particular domain name zA complete zone transfer of all records in a particular zone yUsed to synchronise slave with master server

44 AFNOG NTW 2000 - T1The Domain Name System44 The resolver/server model zuser software asks resolver a question zresolver asks server zserver gives answer, error, or referral to a set of other servers zserver may recurse, or expect resolver to recurse zcaching zauthoritative/non-authoritative answers

45 AFNOG NTW 2000 - T1The Domain Name System45 The resolver/server model (diagram) Authoritative Nameserver Recursive Nameserver CACHE Resolver First query is forwarded, and reply is cached Next query is answered from cache

46 AFNOG NTW 2000 - T1The Domain Name System46 What if the server does not know the answer? zServers that receive queries for which they have no information can return a referral to another server zReferral may include SOA, NS records and A records zClient can recursively follow the referral zServer may recurse on behalf of client, if client so requests and server is willing

47 AFNOG NTW 2000 - T1The Domain Name System47 Master and slave servers za.k.a. primary and secondary zzone administrator sets up primary/master zasks friends or ISPs to set up slaves/secondaries zslave periodically checks with master to see if data has changed ztransfers new zone if necessary zserial number in SOA record in each zone

48 AFNOG NTW 2000 - T1The Domain Name System48 Location of servers zone master and at least one slave zon different networks zavoid having a single point of failure zRFC 2182- SELECTION AND OPERATION OF SECONDARY DNS SERVERS zRFC2181- CLARIFICATIONS TO THE DNS SPECIFICATION

49 AFNOG NTW 2000 - T1The Domain Name System49 Configuring a resolver on a Unix-like system zUnix-like systems use /etc/resolv.conf file zresolver is part of libc or libresolv, compiled into application programs zresolv.conf says which nameservers should be used by the resolver zresolv.conf also has other functions, see the resolver or resolv.conf man pages

50 AFNOG NTW 2000 - T1The Domain Name System50 resolv.conf example z/etc/resolv.conf file contains the following lines domain ghana.com nameserver 196.3.64.1 nameserver 192.168.3.57

51 AFNOG NTW 2000 - T1The Domain Name System51 Configuring a nameserver on a Unix-like system zBIND is the most common implementation zup to version 4.9.* use /etc/named.boot file zfrom version 8.* use /etc/named.conf file zcache name zprimary/master zone name and file name zsecondary/slave zone name, master IP address, backup file name

52 AFNOG NTW 2000 - T1The Domain Name System52 named.boot example z/etc/named.boot contains the following lines directory /etc/namedb ; type zone master file name cache. root.cache primary t1.ws.afnog.org afnog.org secondary gh.com 196.3.64.1 sec/gh.com

53 AFNOG NTW 2000 - T1The Domain Name System53 named.conf example z/etc/named.conf contains the following lines options { directory "/etc/namedb"; }; zone "." { type ; file "root.cache"; }; zone ”t1.ws.afnog.org" { type master; file ”afnog.org"; }; zone ”gh.com" { type slave; masters { 196.3.64.1; }; file "sec/gh.com"; };

54 AFNOG NTW 2000 - T1The Domain Name System54 Checking DNS using nslookup znslookup commands: server ; set the server to be queried set type = NS ;queries NS resources set type = SOA ;queries SOA resources set type = A ;queries A resources set type = MX ;queries MX resources set type = CNAME ;queries CNAME resources set type = PTR ;queries PTR resources set type = ANY ;queries ANY resources ls ;lists the zone ls > ;gets the zone into the file

55 AFNOG NTW 2000 - T1The Domain Name System55 Checking DNS using dig zDig yTool to manage DNS settings ySyntax is: dig [domain] @nameserver [query-type]

56 AFNOG NTW 2000 - T1The Domain Name System56 Questions

57 AFNOG NTW 2000 - T1The Domain Name System57 Exercise zEach student choose a domain name ymake it a subdomain of t1.ws.afnog.org zChoose two nameservers zCreate a zone master file ySOA, NS and A records zEdit named.conf appropriately zCheck that resolv.conf is sensible zTest using nslookup or dig

58 AFNOG NTW 2000 - T1The Domain Name System58 Exercise zEach row choose a domain name ymake it a subdomain of t1.ws.afnog.org yany reasonable name ymust be unique

59 AFNOG NTW 2000 - T1The Domain Name System59 Exercise zChoose two nameservers yOne in your cell yOne in another cell yGet the other cell’s permission zRegister with administrator of parent domain yneed to get nameservers working before registration is finished

60 AFNOG NTW 2000 - T1The Domain Name System60 Exercise zCreate a zone master file y/etc/namedb/your-file-name ySOA record yNS records y“glue” A records if necessary yA records for your hosts yany other records you want

61 AFNOG NTW 2000 - T1The Domain Name System61 Exercise zEdit named.conf appropriately y/etc/named.conf yAdd a section for your master zone yAdd sections for any slave zones, if another cell asks you to be a secondary for them zStart your nameserver yndc restart yor run named by hand

62 AFNOG NTW 2000 - T1The Domain Name System62 Exercise zEnable named in freebsd yedit /etc/rc.conf yadd a section for named yNAMED_ENABLE= “YES” yNAMED_PROGRAM=“/USR/SBIN/NAMED” zStart your nameserver yndc restart yor run named by hand/usr/sbin/named

63 AFNOG NTW 2000 - T1The Domain Name System63 Exercise zCheck that resolv.conf is sensible ynameserver xxx.xxx.xxx.xxx zThis allows applications on your host to do DNS lookups

64 AFNOG NTW 2000 - T1The Domain Name System64 Exercise zTest with nslookup or dig ydig @your.ip.addr.ess yourdomain.t1.ws.afnog.org. SOA ycheck for sensible answer with AA flag yalso dig @ your secondary server yalso dig for NS records

65 AFNOG NTW 2000 - T1The Domain Name System65 Exercise Checking DNS using dig zdig command: # dig [zone] @nameserver [query-type] zExercises y# dig @t1-dns.t1.ws.afnog.org t1.ws.afnog.org A y# dig @t1-dns.t1.ws.afnog.org t1.ws.afnog.org NS y# dig @t1-dns.t1.ws.afnog.org t1.ws.afnog.org MX zWhat information does this give you? You can check other domains, known to you.

Download ppt "AFNOG NTW 2000 - T1The Domain Name System1. AFNOG NTW 2000 - T1The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s."

Similar presentations

ISOC NTW 2000 - T2The Domain Name System1. ISOC NTW 2000 - T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS.

ISOC NTW T2The Domain Name System1. ISOC NTW T2The Domain Name System2 Some DNS topics zWhat the Internet’s DNS isWhat the Internet’s DNS.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
20101 The Application Layer Domain Name System Chapter 7.

20101 The Application Layer Domain Name System Chapter 7.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
Domain Name System: DNS

Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.

Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.

Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.

Similar presentations

Ads by Google