February 2003slideset 1 Writing Zone Files Olaf M. Kolkman

Slides:



Advertisements
Similar presentations
Module 7 Advanced Zone Files.
Advertisements

Web Server Administration
Web Server Administration Chapter 4 Name Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
February 2003slideset 1 Introduction to the DNS system Olaf M. Kolkman
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Chapter 4 - Lab DNS Configuration in Linux.  DNS Configuration in Linux Projects 4-1 through 4-3 Projects 4-4 deals with multiple domains  DNS Configuration.
Welcome! APNIC DNS Workshop February 2004, Kuala Lumpur, Malaysia In conjunction with APRICOT 2004.
CS335 Networking & Network Administration Wednesday, May 26, 2010.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Presented by Neeta Jain CISC 856 TCP/IP and Upper Layer Protocols RFC 1034 & RFC 1035.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Module 10 Advanced Topics. DNS and DHCP DHCP can be configured to auto- update (using DDNS) the forward and reverse map zones Can be secured using allow-update.
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
New SA Training Topic 7: DNS and DHCP To implement the underlying basis for our organizations networking, we rely on two fundamental services  DNS – the.
DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Domain Names System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the.
DNS and C# SWE 344 Internet Protocols & Client Server Programming.
INTERNET Sujata Rao. What is INTERNET? The Internet, sometimes called simply "the Net," is a worldwide system of computer networks. A network of networks.
Global Registry Services com/net/org Registry Update for NANOG24 Matt Larson VeriSign Global Registry Services.
Test cases for domain checks – a step towards a best practice Mats Dufberg,.SE Sandoche Balakrichenan, AFNIC.
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
CITA 310 Section 1 Name Resolution (Textbook Chapter 4)
Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary.
Domain Names Implementation and specification 陳怡良 RFC #1035.
Welcome! APNIC DNS Workshop January 2004, Bangalore, India In conjunction with the SANOG III and the South Asian IPv6 Summit.
Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource.
1 Internet Network Services. 2 Module - Internet Network Services ♦ Overview This module focuses on configuring and customizing the servers on the network.
Linux Operations and Administration
DNS - BIND9 Přednášející Vaše jméno. Master and caching name server options { directory "/var/named"; allow-transfer {“none”;}; }; zone "." { type hint;
4343 X2 – Outline The Domain Name System The Web.
Configuration of Authoritative Nameservice AfCHIX 2011 Blantyre, Malawi (based on slides from Brian Candler for NSRC)
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley
Web Server Administration Chapter 4 Name Resolution.
1 CMPT 471 Networking II DNS © Janice Regan,
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
2/26/2003 Lecture 4 Computer System Administration Lecture 4 Networking Startup/DNS.
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
WHAT IS DNS??????????.
4343 X2 – The Application Layer Tanenbaum Chapter 7.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Welcome! APNIC DNS Workshop October 2004, Hong Kong Sponsored by HKedCity.
DNS Session 3: Configuration of Authoritative Nameservice Joe Abley AfNOG 2013, Lusaka, Zambia.
Configuration of Authoritative Nameservice ccTLD workshop November th 2007 Amman, Jordan based on slides from Brian Candler for NSRC.
1 Internet Service DNS & BIND OPS335 Seneca College of Applied Technology.
DNS and Inbound Load Balancing
DNS Domain name server a server to translate IP aliases to addresses
Networking Applications
Domain Name System: DNS
DNS zones and resource records
Domain Name System Tony Kombol ITIS 3110.
IMPLEMENTING NAME RESOLUTION USING DNS
DNS and Bind Presenter David Wood
Domain Name System (DNS)
Introduction to the DNS system
Domain Name System (DNS)
Introduction to the DNS system
Introduction to the DNS system
Introduction to the DNS system
Presentation transcript:

February 2003slideset 1 Writing Zone Files Olaf M. Kolkman

Jump to first page February 2003 slideset 1 -2 Writing a zone file. n Zone file is written by the zone administrator n Zone file is read by the master server and it’s content is replicated to slave servers n What is in the zone file will end up in the database n Because of timing issues it might take some time before the data is actually visible at the client side.

Jump to first page February 2003 slideset 1 -3 First attempt n The ‘header’ of the zone file u Start with a SOA record u Include authoritative name servers and, if needed, glue u Add other information n Add other RRs n Delegate to other zones

Jump to first page February 2003 slideset 1 -4 The SOA record secret-wg.org IN SOA bert.secret-wg.org. ( olaf\.kolkman.ripe.net ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. ttl n  olaf\.kolkman.ripe.net n Serial number: 32bit circular arithmetic u People often use date format u To be increased after editing n The timers above qualify as reasonable Comments Line break

Jump to first page February 2003 slideset 1 -5 Authoritative NS records and related A records n NS record for all the authoritative servers. u They need to carry the zone at the moment you publish n A records only for “in-zone” name servers. u Delegating NS records might have glue associated. secret-wg.org.3600 IN NS bert.secret-wg.org. secret-wg.org.3600 IN NS NS2.secret-wg.org. bert.secret-wg.org.3600 IN A NS2.secret-wg.org.3600 IN A

Jump to first page February 2003 slideset 1 -6 Other ‘APEX’ data Examples: n MX records for mail (see next slide) n Location records secret-wg.org IN MX 50 mailhost.secret-wg.org. secret-wg.org IN MX 150 mailhost2.secret-wg.org. secret-wg.org IN LOC ( N E 0m 100m 100m 100m ) secret-wg.org IN TXT “Demonstration and test zone” TXT records A records KEY records for dnssec

Jump to first page February 2003 slideset 1 -7 Intermezzo: MX record n SMTP (simple mail transfer protocol) uses MX records to find the destination mail server. n If a mail is sent to the sending mail agent looks up ‘ripe.net MX’ n MX record contains mail relays with priority. u The lower the number the higher the priority. n Don’t add MX records without having a mail relay configured.

Jump to first page February 2003 slideset 1 -8 Other data in the zone n Add all the other data to your zone file. n Some notes on notation. u Note the fully qualified domain name including trailing dot. u Note TTL and CLASS localhost.secret-wg.org IN A bert.secret-wg.org IN A IN CNAME bert.secret-wg.org.

Jump to first page February 2003 slideset 1 -9 secret-wg.org IN SOA bert.secret-wg.org. ( olaf\.kolkman.ripe.net ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. Ttl secret-wg.org IN NS bert.secret-wg.org. secret-wg.org IN NS NS2.secret-wg.org. secret-wg.org IN MX 50 mailhost.secret-wg.org. secret-wg.org IN MX 150 mailhost2.secret-wg.org. secret-wg.org IN LOC ( N E 0m 100m 100m 100m ) secret-wg.org IN TXT “Demonstration and test zone” bert.secret-wg.org IN A NS2.secret-wg.org IN A localhost.secret-wg.org IN A bert.secret-wg.org IN A IN CNAME bert.secret-wg.org. Zone file format short cuts nice formatting

Jump to first page February 2003 slideset secret-wg.org IN SOA bert.secret-wg.org. ( olaf\.kolkman.ripe.net ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. Ttl 3600 IN NS bert.secret-wg.org IN NS NS2.secret-wg.org IN MX 50 mailhost.secret-wg.org IN MX 150 mailhost2.secret-wg.org IN LOC ( N E 0m 100m 100m 100m ) 3600 IN TXT “Demonstration and test zone” bert.secret-wg.org IN A NS2.secret-wg.org IN A localhost.secret-wg.org IN A bert.secret-wg.org IN A IN CNAME bert.secret-wg.org. Zone file format short cuts: repeating last name

Jump to first page February 2003 slideset $TTL3600 ; Default TTL directive secret-wg.org. IN SOA bert.secret-wg.org. ( olaf\.kolkman.ripe.net ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. Ttl IN NS bert.secret-wg.org. IN NS NS2.secret-wg.org. IN MX 50 mailhost.secret-wg.org. IN MX 150 mailhost2.secret-wg.org. IN LOC ( N E 0m 100m 100m 100m ) IN TXT “Demonstration and test zone” bert.secret-wg.org. IN A NS2.secret-wg.org. IN A localhost.secret-wg.org. IN A bert.secret-wg.org IN A IN CNAME bert.secret-wg.org. Zone file format short cuts: default TTL

Jump to first page February 2003 slideset $TTL3600 ; Default TTL directive $ORIGIN IN SOA bert ( olaf\.kolkman.ripe.net ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. Ttl IN NS bert IN NS NS2 IN MX 50 mailhost IN MX 150 mailhost2 IN LOC ( N E 0m 100m 100m 100m ) IN TXT “Demonstration and test zone” bert IN A NS2 IN A localhost IN A bert 4500 IN A www IN CNAME bert Zone file format short cuts: ORIGIN

Jump to first page February 2003 slideset ripe.net zone Delegating a zone (becoming a parent) n Delegate authority for a sub domain to another party (splitting of disi.ripe.net from ripe.net) disi.ripe.net zone net com ripe www edu isi tislabs disi ws1ws2 ftp sun moon google

Jump to first page February 2003 slideset Concept: Glue n Delegation is done by adding NS records: disi.ripe.net. NS ns1.disi.ripe.net. disi.ripe.net. NS ns2.disi.ripe.net. n How to get to ns1 and ns2… We need the addresses. n Add glue records to so that resolvers can reach ns1 and ns2. ns1.disi.ripe.net. A ns2.disi.ripe.net. A

Jump to first page February 2003 slideset Only this record needs glue Concept: Glue (continued) n Glue is ‘non-authoritative’ data n Don’t include glue for servers that are not in sub zones disi.ripe.net. NS ns1.disi.ripe.net. disi.ripe.net NS ns2.ripe.net. disi.ripe.net NS ns.bert.secret-wg.org. ns1.disi.ripe.net. A

Jump to first page February 2003 slideset Delegating disi.ripe.net. from ripe.net. disi.ripe.net n Setup minimum two servers n Create zone file with NS records n Add all disi.ripe.net data ripe.net n Add NS records and glue n Make sure there is no other data from the disi.ripe.net. zone in the zone file.`

Jump to first page February 2003 slideset Becoming a child In general n Buy your domain at favorite registry n Set up your name servers n Register the name servers: your registry will communicate the name servers to the registrar who will make sure the name servers are published. u This process might take hours-days. n Registrars may require a sensible setup

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.