Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.

Slides:



Advertisements
Similar presentations
Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
20101 The Application Layer Domain Name System Chapter 7.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
Chabot College ELEC Name Resolution.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)
CS426Fall 2010/Lecture 341 Computer Security CS 426 Lecture 34 DNS Security.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 18: Domain Name System Slides used with.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Ch-9: NAME SERVICES By Srinivasa R. Gudipati. To be discussed.. Fundamentals of Naming Services Naming Resolution The Domain Name System (DNS) Directory.
Got DNS? A review of Domain Name Services and how it impacts website developers. By Jason Baker Digital North.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
IIT Indore © Neminath Hubballi
CS526Topic 19: DNS Security1 Information Security CS 526 Topic 19: DNS Security.
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.
DNS: Domain Name System
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.
14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 17 Domain Name System
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Deploying a Web Application Presented By: Muhammad Naveed Date:
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
1 Kyung Hee University Chapter 18 Domain Name System.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
CPSC 441: DNS 1. DNS: Domain Name System Internet hosts: m IP address (32 bit) - used for addressing datagrams m “name”, e.g., - used by.
Configuring Name Resolution and Additional Services Lesson 12.
24. DNS Domain Name System address 1. Name server domain name IP address ftp.cs.mit.eduxx.xx.xx.xx 24.2 Mapping Domain Names To.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Linux Operations and Administration
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Informatics Institute of Technology 3SFE611 Network Design 1 DNS (Domain Name System) RFC1035 Why names? Computers use addresses. Humans cannot remember.
1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.
COMP2322 Lab 3 DNS Steven Lee Feb. 19, Content Understand the Domain Name System (DNS). Analyze the DNS protocol with Wireshark. 2.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
COMP 431 Internet Services & Protocols
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
WHAT IS DNS??????????.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
CSE 461 Section. Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
Security Issues with Domain Name Systems
Domain Name System (DNS)
DNS Cache Poisoning Attack
Information Security CS 526 Omar Chowdhury
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
COMPUTER NETWORKS PRESENTATION
Presentation transcript:

Short Intro to DNS (part of Tirgul 9) Nir Gazit

What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System. ▫Recursive Queries to NS (Name Servers) – from top to bottom. ▫Authoritative Name Servers – assigned responsible for a specific domain. Top Level Domain Sub Domains

DNS: Simplified Mechanism com google.com

DNS Lookup DNS Records (RRs), 3 main types: ▫Hostname A IPAddress  A  Maps the hostname to an IP address. ▫Hostname NS Nameserver  google.com NS ns.google.com  Specifies an authoritative name server for the domain. ▫Hostname1 CNAME Hostname2  mail.google.com CNAME googl .l.google.com  Alias of one hostname to another. The DNS lookup will continue by retrying the lookup with the new name.

DNS Lookup - continuing 2 Top Levels ▫Root servers (13 currently, called A to M) ▫TLD servers (.com,.net,.edu,…) Caching ▫Each DNS response (RR – Resource Record) contains a TTL value (Time To Live) for cache storage time. Glued Responds ▫Name Servers are identified by name (eg. ns.google.com).  So we might get circular dependencies. ▫So, a Name Server might add an IP address as a “Glued RR” to help in the process.

DNS: Full Mechanism Resolve Resolve com google.com com NS ns.com ns.com A google.com NS ns.google.com ns.google.com A A Resolve

DNS Poisoning Injecting fake DNS RRs. Method 1: by ‘glue’ RRs ▫Query: Resolve A ▫Response: facebook.com NS google.com and google.com A

DNS Poisioning (Method 1 Example) Resolve Resolve com facebook.com com NS ns.com ns.com A facebook.com NS ns1.facebook.com ns1.facebook.com A A A Resolve

DNS Poisoning - continuing (continuing with…) Method 1 (Glue RRs) ▫Bailiwick Rule – allow answers only for subdomains.  a.ns.facebook.com can’t answer for google.com. Method 2: send spoofed DNS response (DNS Injection).

DNS Injection

DNS Injection – can it work? According to RFC5452 – Requesting server must validate: ▫Same question section as in request. ▫Same (16-bit) ID field (chosen randomly). ▫Same dest IP address and port as the source in the request. ▫Same IP address of responding DNS server Response must arrive before the response of the authoritative NS.

DNS Injection as a method of censorship Thought to be used by the “Great Firewall of China”

Reality Check A true story ( oarc.net/pipermail/dns-operations/2010- March/ html) oarc.net/pipermail/dns-operations/2010- March/ html ▫A Chilean DNS operator found that when accessing sometimes you get a bad IP instead of the correct one. ▫Caused by accessing root servers (F, I and J) that have anycast originating in China. Also happening when Korean (.kr) users try to access German (.de) sites. Today, happens mostly on the TLD level (not root level) – queried often, short TTL.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.