Basic DNS Course Lecturer: Ron Aitchison

Module 1 DNS Theory

Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries

Name Server Function The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.

Why not use an address? Names are easier to remember (google.com vs ) ‏ Multiple addressing schemes can be used (IPv4 and IPv6) ‏ We can relocate the resource without affecting the user's view of the network We can duplicate the resource for resilience

History of Name Servers Historically used files to name local devices 1974'ish IBM's SNA contained name translation capabilities 1978 Open system Interconnect (OSI) Model – Name/Address Translation (L4) ‏ 1984 NetBIOS Name Server -> WINS 1981 – 1987 RFC 1034/1034 DNS

Name Server becomes Critical No Name Server = no network access  Resilience  Performance Number of Names  LANS – 10s ->1,000s of addresses  WANs (Internet) 1,000s -> millions Frequency of Change

Domain Name System (DNS) ‏ Multiple Name Servers  Performance  Resilience Hierarchy of names (Domains) ‏  volume of names  frequency of changes  performance

DNS Name Hierarchy Organized into tree hierarchy  Top of the tree is called the root  Each branch is called a Domain Any number of branches or levels  Top Level Domain (TLD), Second Level Domain (SLD) ‏ Responsibility for Domain is Delegated Each Level is Authoritative

DNS Hierarchy Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.

DNS Domain Name Typical user domain name Each level is separated by dots Highest level is on the right Authority controls everything to the left  left of example.com in above case Authority may delegate

DNS Name Hierarchy root.us.com.arpa TLDs Delegation Authoritative

DNS TLD's gTLDs (generic Top Level Domains) ‏. com,.net,.org,.mil,.edu,.int, etc. Some are open.com,.net,.org Some restricted.mil,.edu,.int Since 2004 sTLDs Sponsored .coop,.museum,.aero,.travel,.jobs,.mobi,.cat,.tel,.asia Generic .info,.biz,.pro,.name Since 2011 auction (essentially no limits only $)

DNS TLDs ccTLDs (country code) ‏ .us,.ca,.uk etc.  Defined by ISO 3166.arpa (technically a gTLD) ‏  ICANN (IANA) use only  specialized uses

DNS – Some Terminology TLD Top Level Domain SLD Second Level Domain Can be used to refer to a user domain Confusing since in many countries the user domain is the third level (TLD!)

DNS Name Hierarchy TLDs SLDs/ User

Delegation and Authority Owner is authoritative at level Owner may do anything to left of name Owner may delegate

DNS Domain Name.com is gTLD example is user domain name who chose www? what is www?

DNS Domain Name

DNS Domain Name With the ending dot Fully Qualified Domain Name (FQDN) ‏ unambiguously defines a name to the root the dot (.) is the root and is normally silent

Domain Names ftp.example.org

Module 1 DNS Operations and Protocol

DNS - Operations/Protocol Authoritative DNS at every level in name hierarchy DNS is interrogated using queries  Port 53  UDP (mostly) ‏  512 byte blocks (EDNS0 64K) Other Operations  TCP on port 53

DNS - Operations

DNS Operations root DNS Servers user DNS Servers (example.com)‏ TLD DNS Servers Queries Query Referral Answer Referral

DNS Operations Authoritative Name Server at every level in domain name Name lookup asks (Queries) each level in hierarchy If Name Server not authoritative it returns a referral to next level If Name Server authoritative it returns an answer

DNS - Operations 13 root servers a.root-servers.net – m.root-servers.net gTLD/ccTLD servers – variable .com = 12 .net = 12 .org = 6 User servers – variable  2 minimum (Microsoft 5, Google 4) ‏

DNS Operations root DNS Servers user DNS Servers (example.com)‏ TLD DNS Servers caching DNS Server Resolver Queries

DNS Servers and Resolvers DNS (name) servers are:  Authoritative  Caching  Combinations Resolvers are:  Never Authoritative  Full – Function (follows referrals) ‏  Stub-Resolver (cannot follow referrals) ‏  Caching Stub-Resolver

Authoritative DNS May be a Master or Slave  Sometimes called Primary and Secondary Responds authoritatively to a query for the complete address  example.com authoritative server will respond to

DNS – Master and Slave

DNS - Master and Slave Master reads zone file from local storage Slave reads via network from Master Both Master and Slave are Authoritative May be one or more Slaves May be no slaves (multiple Masters) May be no visible masters (hidden Master) ‏

DNS – Zone Transfers Passive – Slave Initiated  Slave reads zone record (SOA) periodically  Full Transfer (AXFR) ‏  Incremental Transfer (IXFR) ‏  Uses TCP on port 53 Active - Master sends NOTIFY  Slave reads SOA on receipt of NOTIFY  AXFR or IXFR  Speeds up zone change propagation to slaves

DNS Zone Transfer

DNS Queries Recursive Queries  requested server will provide answer  Optional Iterative (non-recursive) Queries  Server will provide answer if available  Else sends referral  Mandatory

DNS Recursive/Iterative Queries

DNS - Queries Locally configured DNS (properties) will always point to a recursive (caching) name server PC have stub-resolvers (cannot follow referrals) ‏ Windows have caching resolver  stub-resolver  cache for performance

Quick Quiz Who controls the domain name space? What is How many DNS servers may be involved in the above? One method to speed up name changes? Will an iterative query give me answer? What type of resolver is on your PC?