Presentation is loading. Please wait.

Presentation is loading. Please wait.

Domain Name Server Presented By: Mahesh Venkat Adusumelli

Published byМаргарита Ваткеева Modified over 4 years ago

Similar presentations

Presentation on theme: "Domain Name Server Presented By: Mahesh Venkat Adusumelli"— Presentation transcript:

1 Domain Name Server Presented By: Mahesh Venkat Adusumelli
Garima Thakral Vivek Nemarugommula

2 Introduction Computers (hosts, routers) connected to the Internet have two forms of names: IP address — a 32 bit identifier used for addressing hosts and routing data to them. Hostname — an ASCII string used by applications. cs.unt.edu

3 Purpose The DNS is an Internet-wide service that provides
mappings between IP addresses and hostnames The DNS is usually used to translate a host name into an IP address . The DNS is a distributed database implemented in a hierarchy of name servers It is an application-layer protocol that allows hosts and name servers to communicate to provide the translation service.

4 Network The DNS protocol runs over UDP and uses port 53.
Domain names comprise a hierarchy so that names are unique, yet easy to remember. Hosts and routers use name servers to resolve names (address/name translation) Name resolution is an essential Internet function implemented as application layer protocol. Name servers are often UNIX machines running the Berkeley Internet Name Domain (BIND) software.

5 Name Hierarchy

6 Top Level Domains

7 Root Name Servers

8 Important Applications
Host aliasing – a host can have one or more alias names (e.g., ibm.com and one of which is the canonical hostname relay1.west-coast.ibm.com Aliasing by service – a company can use the same host name for its Web server, mail server, ftp server, etc. even though these are different computers with different IP addresses Load distribution – a set of IP addresses can be associated with a canonical hostname. DNS will return the set of addresses, varying the order of addresses

9 Specification RFC 1034 - Domain names - concepts and facilities
This RFC is an introduction to the Domain Name System (DNS). This RFC introduces domain style names, their use for Internet mail and host address support, and the protocols and servers used to implement domain name facilities. RFC Domain names - implementation and specification This RFC describes the details of the domain system and protocol

10 Configuration

11 Goals Names are not required to contain network identifiers, routes, addresses, etc. Maintained in a distributed manner with local caching to improve performance Access to info is more critical than speed or consistency

12 Further… Functions of DNS Operations of DNS Name resolution Process
Event Flow in DNS

13 DNS Functions

14 DNS Functions… Name Space
DNS uses a hierarchical name space consisting of a single, complex, multi-level structure into which all names in the system fit. The name space is organized starting from a single root into which “containers” (called domains) are placed. Name Registration (Including Administration and Authorities) DNS uses a hierarchical arrangement of authorities that complements the hierarchical name space. A centralized authority determines the overall shape and structure of the name space, and handles registration of names at the highest level.

15 DNS Functions… Name Resolution: This is the most important part of DNS deign, to ensure that it could handle many name resolution requests each day.The name resolution process is implemented using two basic software elements that play the role of client and server: name servers and name resolvers. Name Servers: The main job of name servers is to receive requests for name resolution and either respond with the data requested from the database, or with the name of another name server that will lead to the requested information. Name Resolvers: Name resolvers are the usual clients in the name resolution process. When a user makes reference to a name in a networking application, the name is passed to the resolver, which issues a request to a name server.

16 Name Resolution Name resolution is the most important part of DNS as discussed before... DNS uses a very capable client/server name resolution method that makes use of a distributed database of name information. Domain Name Servers: These servers, which may be either dedicated devices or software processes running on machines that also perform other tasks. They store and manage information about domains, and respond to resolution requests for clients.

17 DNS Basic Name Resolution Techniques:
Iterative and Recursive Resolution Cache: Locality of Reference

18 Operation of DNS

19 Event Flow in DNS

20 Event Flow The user passes the query to the Resolver, the role of the Resolver is to hide the distribution of data among the servers from the user. It(Resolver) starts with known name server for the information as a result to this it either gets the desired resultant server or it gets the reference to other server. Name Server: Manages 2 kinds of data. (i) Which are held in sets- Zone. Each zone is the complete database for a particular subtree of the domain space . A name server periodically checks to make sure that its zones are up to date, and if not, obtains a new copy of updated zones from master files stored locally or in another name server.

21 (ii)The second kind of data is cached data which was acquired by a local resolver.
This data may be incomplete, but improves the performance of the retrieval process when non-local data is repeatedly accessed. Cached data is eventually discarded by a timeout mechanism. A Host can participates in ways, depending on whether the host runs programs that retrieve information from the domain system, name servers that answer queries from other hosts, or various combinations of both functions. The resolver may have to make several queries to several different foreign name servers to answer a particular user query, and hence the resolution of a user query may involve several network accesses and an arbitrary amount of time.

22 Here a primary name server acquires information about one or more zones by reading master files from its local file system, and answers queries about those zones that arrive from foreign resolvers. The shared database holds domain space data for the local name server and resolver.

23 Further… Message Formats Problems Performance Issues Extensions
Security Issues

24 Message Format DNS messages are basically QUERY and RESPONSE.
The other types of DNS messages are STATUS, NOTIFY and UPDATE.

25 Typical Message Format

26 Fields in the DNS Header

27 Fields in the DNS Question Section

28 Problems With DNS Vulnerability Note VU#327633
BIND and vulnerable to buffer overflow in q_usedns Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. In the BIND DNS Implementation a buffer overflow error exists in the handling of the q_usedns array used by the server to track nameservers and addresses that have been queried.

29 Problems With DNS Vulnerability Note VU#682110
Multiple Symantec firewall products fail to properly process DNS response packets Overview There is a vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service (DNS) response packet could allow an unauthenticated, remote attacker to cause a denial of service condition. By supplying a DNS packet containing a specially crafted compressed name pointer, an attacker could cause the kernel to enter an infinite loop on the vulnerable system.

30 Problems With DNS Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service.

31 Problems With DNS No Support to IPv6 Conversions.
Excess Traffic for Updating Slave Resource Records. No Security Procedures for DNS.

32 Extensions In DNS Support To IPv6 (RFC 1886)
New Resource Record Type—AAAA New Reverse Resolution Hierarchy A new hierarchical structure similar to IN-ADDR.ARPA is defined for IPv6 reverse lookups. Changes To Query Types And Resolution Procedure

33 Extensions In DNS Facilitating Inbound NAT Using DNS
Integrate DNS and NAT so they work together Defined in RFC 2694

34 Extensions In DNS DNS Notify (RFC 1996)
Incremental Transfers (RFC 1995)

35 Security IN DNS DNSSEC a) origin authentication of DNS data.
b) data integrity. c) authenticated denial of existence.

36 Security In DNS A resource record format is defined to associate keys with DNS names. This permits the DNS to be used as a public key distribution mechanism in support of DNS security itself and other protocols. It includes an algorithm identifier, the actual public key parameter(s), and a variety of flags including those indicating the type of entity the key is associated with and/or asserting that there is no key associated with that entity.

37 Conclusions DNS is a Nice Way of Resolving IP addresses from names.
Extensions for protection against DOS attacks have to be made.

38 References Sites - Books – www.tcpipguide.com www.cert.org
Books – Computer Networks – Andrew Tanenbaum DNS and BIND – Cricket Liu

39 Questions

40 Thank You

Download ppt "Domain Name Server Presented By: Mahesh Venkat Adusumelli"

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Domain Name System: DNS

Domain Name System: DNS
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.

1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS Domain Name Service References: Wikipedia 1.

DNS Domain Name Service References: Wikipedia 1.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
CS 4396 Computer Networks Lab

CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g., www.yahoo.com.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)

Domain Name System (DNS)
Name Resolution Domain Name System.

Name Resolution Domain Name System.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.

Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
DNS: Domain Name System

DNS: Domain Name System
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Similar presentations

Ads by Google