Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CMPT 471 Networking II DNS © Janice Regan, 2006-2013.

Published byJack Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CMPT 471 Networking II DNS © Janice Regan, 2006-2013."— Presentation transcript:

1 1 CMPT 471 Networking II DNS © Janice Regan, 2006-2013

2 2 Database / authoritative servers  When a authoritative master or slave DNS server is initialized it loads a configuration file which associates domain names with data files containing DNS resource records for that domain  For linux systems that file is usually /etc/named.conf, configuration for the DNS daemon named. This file will be present only on hosts running DNS servers  Next we need to look at what is in the files referred to in the configuration file. There will be one file for each domain this DNS server serves.

3 © Janice Regan, 2006-2013 3 Format of resource records  The detailed format depends on the particular resource record, but all resource records follow the pattern  name ttl class type data  The first two items may be omitted, name defaults to the last specified name ttl defaults to the value given in the SOA record  Class is usually IN for internet  Type is a code from the RFC (A, SOA, MX, PTR)  Data depends on the type of record

4 © Janice Regan, 2006-2013 4 Organization of DNS data file  Remember domain names are case insensitive  All records start in the first column of the file  The usual order for records in the file is  $TTL: set time to live (bind 8 and later only)  SOA record: indicates authority for the zone  NS record: gives a name authoritative name servers for the zone  Other records giving data on hosts in the zone A: Name to address mapping records PTR: Address to name mapping records CNAME: canonical name data (aliases)

5 © Janice Regan, 2006-2013 5 SOA record  zone IN SOA primarymasterNS contact ( serial refresh time retry time expire time negative caching ttl )  Zone, primarymasterNS and contact must be fully qualified domain names ending in.  The contact is the mail address of the contact assuming that the first. in the domain name is replaced with @  The parentheses allow the record to span more than one line

6 © Janice Regan, 2006-2013 6 SOA record fields  serial is a serial number indicating the age of the data file (last update). Used when a slave server contacts the master server. The slave will update its database if the serial number indicates its database is older that the master’s.  Serial is incremented each time data in the DNS database is changed  You should use a tool to update your DNS database, this will prevent you from forgetting to update serial  refresh gives the interval at which the slave server should check with the master server to determine if an update is needed (RFC 1537 recommends 24 hours)  An update is needed if the serial number of the master server's data base is larger than the serial number of the slave server's

7 © Janice Regan, 2006-2013 7 SOA record fields  Retry: if the slave cannot reach the master at the end of a refresh interval, it will retry after the interval specified in the retry field (recommended 2 hours)  Expire: If the slave fails to contact the master within the expire interval the slave stops giving answers about the zone. (recommended 30 days)

8 © Janice Regan, 2006-2013 8 SOA record fields: TTL  For BIND versions before version 8 the TTL was set using the last field in the SOA record  For versions 8 and above of BIND the final field is used for the negative caching TTL, the time a remote name server can cache negative responses about our zone (non existent hosts)  In v8 and above the TTL is set using the $TTL statement.  $TTL 3h indicates a TTL of 3 hours  RFC 1537 recommends a default TTL of 4 days  Server supplies TTL in query responses, telling the server receiving the response how long it may cache the information.

9 © Janice Regan, 2006-2013 9 Nameserver records  One record for each authoritative DNS name server for the zone is added to the zone file  Zone IN NS nameserver  Zone and nameserver must be fully qualified domain names ending in.  Nameservers should be well connected (stable, accessible)  One record for each name to address mapping. Each interface on a multihomed host must have its own record  Hostname IN A IPaddress  Hostname must be a fully qualified domain name Address records

10 © Janice Regan, 2006-2013 10 Alias records  One record for each alias for a given host  hostalias IN CNAME hostname OR hostname IN A IPaddress  hostname and hostalias must be fully qualified domain names ending in.  Do not use aliases in the data portion of the database file (  A server will replace the alias with the canonical name then look up the canonical name (both returned)  The second form can be used to differentiate between multiple interfaces on a single host  The first form will choose one of the multiple interfaces according to a simple algorithm (alternate, first in list, …)

11 © Janice Regan, 2006-2013 11  One record for each address to name mapping. Each interface on a multihomed host must have its own record  Arpaaddress IN PTR hostname  hostname must be a fully qualified domain name  Arpaaddress must have the form 123.123.123.123.in-addr.arpa.  Arpaaddress of host 123.15.87.23 is 23.87.15.123.in-addr.arpa. PTR records

12 © Janice Regan, 2006-2013 12 Example from Albitz + Liu  We are making the database files for a DNS server on the machine terminator.movie.edu. This DNS server will serve zone movie.edu  terminator has two network interfaces one on network 192.249.249.0/24, and one on 192.253.253.0/24.  Since a DNS server must also service inverse queries we must also service the zones  249.249.192.in-addr.arpa  253.253.192.in-addr.arpa  We will need to make an initialization file for each of these zones. These files will be db.movie.edu, db.249.249.192, and db.253.253.192

13 © Janice Regan, 2006-2013 13 Examples: resource records bigt.movie.edu. 75012 IN CNAME terminator.movie.edu 4.253.253.192.in-addr.arpa. IN PTR carrie.movie.edu  The second number in the first three records is the TTL, this is often omitted when records are input but appears in output of dig and other resolvers. isc.org. 2898 IN NS ns-ext.lga1.isc.org. ns-ext.lga1.isc.org. 75012 IN A 192.228.91.19

14 © Janice Regan, 2006-2013 14 server data file db.movie.edu: 1 $TTL 3h Movie.edu. IN SOA terminatior.movie.edu. al.robocob.movie.edu.( 1; Serial 3h; Refresh after 3 hours 1h; Retry after 1 hour 1w ; Expire after 1 week 1h ); Negative caching TTL 1 hour ; ; Name servers ; Movie.edu. IN NS terminator.movie.edu. Movie.edu. INNSwormhole.movie.edu. : :Addresses ; Localhost.movie.edu.IN A127.0.0.1 robocop.movie.edu.IN A192.249.249.2 terminator.movie.edu.IN A192.249.249.3

15 © Janice Regan, 2006-2013 15 server data file db.movie.edu: 2 diehard.movie.eduIN A192.249.249.4 misery.movie.eduIN A192.243.253.2 shining.movie.eduIN A192.253.253.3 carrie.movie.eduIN A192.253.253.4 Wormhole.movie.edu.INA192.249.249.1 Wormhole.movie.edu.INA192.253.253.1 : :Aliases ; bigtt.movie.eduIN CNAME terminatior.movie.edu. dh.movie.eduIN CNAME diehard.movie.edu. wh.movie.eduIN CNAME wormhole.movie.edu. ; ; Interface specific names ; Wh249.movie.edu.INA192.249.249.1 Wh253.movie.eduINA192.253.253.1

16 Aliases  The CNAME is used to look up the name of the host (not the alias)  Then the name is looked up to find the requested information describing the host  Requesting the information for a dns name for a multihomed host will return all information regarding all interfaces of the multihomed host (in a list)  If we ping, or execute another command that does a dns lookup it will use the first name in the list (which one is it?) not the interface we want. We also need interface specific names © Janice Regan, 2006-2013 16

17 © Janice Regan, 2006-2013 17 server data file, db.249.249.192 $TTL 3h 249.249.192.in-addr.arpa..IN SOA terminatior.movie.edu. al.robocob.movie.edu.( 1; Serial 3h; Refresh after 3 hours 1h; Retry after 1 hour 1w ; Expire after 1 week 1h ); Negative caching TTL 1 hour ; ; Name servers ; 249.249.192.in-addr.arpa. IN NS terminator.movie.edu. 249.249.192.in-addr.arpa. INNSwormhole.movie.edu. ; :Addresses point to canonical name ; 1.249.249.192.in-addr.arpa. IN PTRwormhole.movie.edu. 2,249.249.192.in-addr.arpa. IN PTR robocop.movie.edu. 3.249.249.192.in-addr.arpa. IN PTR terminator.movie.edu. 4.249.249.192.in-addr.arpa. IN PTR diehard.movie.edu.

18 © Janice Regan, 2006-2013 18 Server data file, db.253.253.192 $TTL 3h 253.253.192.in-addr.arpa..IN SOA terminatior.movie.edu. al.robocob.movie.edu.( 1; Serial 3h; Refresh after 3 hours 1h; Retry after 1 hour 1w ; Expire after 1 week 1h ); Negative caching TTL 1 hour ; ; Name servers ; 253.253.192.in-addr.arpa. IN NS terminator.movie.edu. 253.253.192.in-addr.arpa. INNSwormhole.movie.edu. ; :Addresses point to canonical name ; 1.253.253.192.in-addr.arpa. IN PTRwormhole.movie.edu. 2,253.253.192.in-addr.arpa. IN PTR misery.movie.edu. 3.253.253.192.in-addr.arpa. IN PTR shining.movie.edu.. 4.253.253.192.in-addr.arpa. IN PTR carrie.movie.edu.

19 © Janice Regan, 2006-2013 19 Comments on the example  Aliases, alternate names for particular domains, can be implemented in different ways  Using a CNAME record. A CNAME record maps a alias onto its canonical name. A nameserver replaces the alias with the canonical name.  In a multihomed system we can have a name for each interface of the system, we do not want these names to be aliases. The name and address of each interface will be in a separate address record.  Using an additional address record to define an alias that are not due to multiple interfaces may confuse the sendmail or require additional configuration to make sure in understands all possible aliases

20 © Janice Regan, 2006-2013 20 Root Hints Data  In addition to your local data you need to know where the name servers for the root zone are  Remember every DNS server needs to know the addresses of the root server  Download a copy of named.root from the root zone servers (ftp.rs.internic.net, 198.41.0.6) to make sure your list of root server information is currentftp.rs.internic.net  The names and addresses of the root servers are stored in this file which should be renamed db.cache to prepare it for use

21 © Janice Regan, 2006-2013 21 Sample contents of db.cache.3600000 INNSA.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000A198.41.0.4 ;.3600000 INNSB.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000INA128.9.0.7 ;.3600000 INNSC.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000INA192.33.4.12 ; ; more similar entries ;.3600000 INNSM.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000INA202.12.27.33

22 © Janice Regan, 2006-2013 22 Configuration File  The nameserver needs to be instructed to read all of the data files we have constructed  The file containing these instructions is the configuration file in  /etc/named-boot (BIND 4)  src/bin/named-bootconf (BIND 8)  contrib/named-bootconf (BIND 9)

23 © Janice Regan, 2006-2013 23 Configuration file format ;BIND 4 configuration file Directory /var/named ;Directory contains the zone data files primarymovie.edudb.movie.edu primary249.249.192.in-addr.arpadb.192.249.249 primary253.253.192.in-addr.arpadb.192.253.253 primary0.0.127.in-addr.arpadb.127.0.0 cache.db.cache

24 © Janice Regan, 2006-2013 24 Configuration file format (1) // BIND configuration file options{ directory “/var/named”; // additional options }; zone “movie.edu”{ type master; file “db.movie.edu”; }; zone “249.249.192.in-addr.arpa”{ type master; file “db.192.249.249” };

25 © Janice Regan, 2006-2013 25 Configuration file format (1) zone “253.253.192.in-addr.arpa”{ type master; file “db.192.253.253” }; zone “0.0.127.in-addr.arpa”{ type master; file “db.127.0.0” }; zone “.”{ type hint; file “db.cache” };

26 © Janice Regan, 2006-2013 26 Configuration file format (1) // BIND configuration file for slave server options{ directory “/var/named”; // additional options }; zone “movie.edu”{ type slave; file “bak.movie.edu”; masters{ 192.249.249.3; } }; zone “249.249.192.in-addr.arpa”{ type slave; file “bak.192.249.249” masters{ 192.249.249.3; } };

27 © Janice Regan, 2006-2013 27 Configuration file format (1) zone “253.253.192.in-addr.arpa”{ type slave; file “bak.192.253.253” masters{ 192.249.249.3; } }; zone “0.0.127.in-addr.arpa”{ type master; file “db.127.0.0” }; zone “.”{ type hint; file “db.cache” };

28 © Janice Regan, 2006-2013 28 Tools  Tools to help an administrator set up these files are available  Can make the zone data files using h2n which generates files based on your /etc/hosts file

29 © Janice Regan, 2006-2013 29 Slave servers  Entries in the configuration of the form zone “movie.edu”{ type slave; masters{ 192.249.249.1 }; file “bak.movie.edu”; };  Can have multiple levels of slaves (slaves using other slaves as masters) but it does take longer for updates

30 © Janice Regan, 2006-2013 30 Caching only nameserver  Not authoritative for any domain (except 0.0.127.in-addr.arpa)  Needs a root hints file  Configuration file contains only options, zone “0.0.127.in-addr.arpa”, and zone “.”

Download ppt "1 CMPT 471 Networking II DNS © Janice Regan, 2006-2013."

Similar presentations

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.

School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.

Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.
DNS server & Client Objectives Contents

DNS server & Client Objectives Contents
DNS Domain Name System –name servers –Translates FDQN to IP address List of fully qualified domain names (FDQN) and their IP addresses, FDQN has three.

DNS Domain Name System –name servers –Translates FDQN to IP address List of fully qualified domain names (FDQN) and their IP addresses, FDQN has three.
DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.

DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Chapter 4 - Lab DNS Configuration in Linux.  DNS Configuration in Linux Projects 4-1 through 4-3 Projects 4-4 deals with multiple domains  DNS Configuration.

Chapter 4 - Lab DNS Configuration in Linux.  DNS Configuration in Linux Projects 4-1 through 4-3 Projects 4-4 deals with multiple domains  DNS Configuration.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
DNS Domain Name Service america.pcs.cnu.edu->137.155.2.10.

DNS Domain Name Service america.pcs.cnu.edu->
Recursive Server. Overview Recursive Service Root server list localhost 0.0.127.in-addr.arpa named.conf.

Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.

Similar presentations

Ads by Google