Basic DNS Course Lecturer: Ron Aitchison
Module 1 DNS Theory
Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries
Name Server Function The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.
Why not use an address? Names are easier to remember (google.com vs ) Multiple addressing schemes can be used (IPv4 and IPv6) We can relocate the resource without affecting the user's view of the network We can duplicate the resource for resilience
History of Name Servers Historically used files to name local devices 1974'ish IBM's SNA contained name translation capabilities 1978 Open system Interconnect (OSI) Model – Name/Address Translation (L4) 1984 NetBIOS Name Server -> WINS 1981 – 1987 RFC 1034/1034 DNS
Name Server becomes Critical No Name Server = no network access Resilience Performance Number of Names LANS – 10s ->1,000s of addresses WANs (Internet) 1,000s -> millions Frequency of Change
Domain Name System (DNS) Multiple Name Servers Performance Resilience Hierarchy of names (Domains) volume of names frequency of changes performance
DNS Name Hierarchy Organized into tree hierarchy Top of the tree is called the root Each branch is called a Domain Any number of branches or levels Top Level Domain (TLD), Second Level Domain (SLD) Responsibility for Domain is Delegated Each Level is Authoritative
DNS Hierarchy Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.
DNS Domain Name Typical user domain name Each level is separated by dots Highest level is on the right Authority controls everything to the left left of example.com in above case Authority may delegate
DNS Name Hierarchy root.us.com.arpa TLDs Delegation Authoritative
DNS TLD's gTLDs (generic Top Level Domains) . com,.net,.org,.mil,.edu,.int, etc. Some are open.com,.net,.org Some restricted.mil,.edu,.int Since 2004 sTLDs Sponsored .coop,.museum,.aero,.travel,.jobs,.mobi,.cat,.tel,.asia Generic .info,.biz,.pro,.name Since 2011 auction (essentially no limits only $)
DNS TLDs ccTLDs (country code) .us,.ca,.uk etc. Defined by ISO 3166.arpa (technically a gTLD) ICANN (IANA) use only specialized uses
DNS – Some Terminology TLD Top Level Domain SLD Second Level Domain Can be used to refer to a user domain Confusing since in many countries the user domain is the third level (TLD!)
DNS Name Hierarchy TLDs SLDs/ User
Delegation and Authority Owner is authoritative at level Owner may do anything to left of name Owner may delegate
DNS Domain Name.com is gTLD example is user domain name who chose www? what is www?
DNS Domain Name
DNS Domain Name With the ending dot Fully Qualified Domain Name (FQDN) unambiguously defines a name to the root the dot (.) is the root and is normally silent
Domain Names ftp.example.org
Module 1 DNS Operations and Protocol
DNS - Operations/Protocol Authoritative DNS at every level in name hierarchy DNS is interrogated using queries Port 53 UDP (mostly) 512 byte blocks (EDNS0 64K) Other Operations TCP on port 53
DNS - Operations
DNS Operations root DNS Servers user DNS Servers (example.com) TLD DNS Servers Queries Query Referral Answer Referral
DNS Operations Authoritative Name Server at every level in domain name Name lookup asks (Queries) each level in hierarchy If Name Server not authoritative it returns a referral to next level If Name Server authoritative it returns an answer
DNS - Operations 13 root servers a.root-servers.net – m.root-servers.net gTLD/ccTLD servers – variable .com = 12 .net = 12 .org = 6 User servers – variable 2 minimum (Microsoft 5, Google 4)
DNS Operations root DNS Servers user DNS Servers (example.com) TLD DNS Servers caching DNS Server Resolver Queries
DNS Servers and Resolvers DNS (name) servers are: Authoritative Caching Combinations Resolvers are: Never Authoritative Full – Function (follows referrals) Stub-Resolver (cannot follow referrals) Caching Stub-Resolver
Authoritative DNS May be a Master or Slave Sometimes called Primary and Secondary Responds authoritatively to a query for the complete address example.com authoritative server will respond to
DNS – Master and Slave
DNS - Master and Slave Master reads zone file from local storage Slave reads via network from Master Both Master and Slave are Authoritative May be one or more Slaves May be no slaves (multiple Masters) May be no visible masters (hidden Master)
DNS – Zone Transfers Passive – Slave Initiated Slave reads zone record (SOA) periodically Full Transfer (AXFR) Incremental Transfer (IXFR) Uses TCP on port 53 Active - Master sends NOTIFY Slave reads SOA on receipt of NOTIFY AXFR or IXFR Speeds up zone change propagation to slaves
DNS Zone Transfer
DNS Queries Recursive Queries requested server will provide answer Optional Iterative (non-recursive) Queries Server will provide answer if available Else sends referral Mandatory
DNS Recursive/Iterative Queries
DNS - Queries Locally configured DNS (properties) will always point to a recursive (caching) name server PC have stub-resolvers (cannot follow referrals) Windows have caching resolver stub-resolver cache for performance
Quick Quiz Who controls the domain name space? What is How many DNS servers may be involved in the above? One method to speed up name changes? Will an iterative query give me answer? What type of resolver is on your PC?