Presentation is loading. Please wait.

Presentation is loading. Please wait.

12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003.

Published byChloe Hicks Modified over 8 years ago

Similar presentations

Presentation on theme: "12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003."— Presentation transcript:

1 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003

2 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Introduction The domain name system (DNS) can be considered as a distributed hierarchical database, with the primary purpose of resolving domain name to IP address mappings. It is also used for other resolution cases such as inverse lookup (IP=>domain name), mail and SIP servers, IPv6 addresses etc.

3 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Resolution examples Normal lookup (domain name to IPv4 address) ripper:~>host trillian.it.kth.se trillian.it.kth.se has address 130.237.212.43 Reverse lookup ripper:~>host 130.237.212.6 6.212.237.130.IN-ADDR.ARPA domain name pointer gaia.it.kth.se Hosts can have multiple domain names (aliases) ripper:~>host www.it.kth.se www.it.kth.se is a nickname for fluff.it.kth.se fluff.it.kth.se has address 130.237.203.50

4 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Resolution examples (cont) Finding a mail server for email address XXX@it.kth.se ripper:~>host -t mx it.kth.se it.kth.se mail is handled (pri=0) by mail.it.kth.se ripper:~>host mail.it.kth.se mail.it.kth.se has address 130.237.212.132 Looking up an IPv6 address ripper:~>host -t AAAA www.ssvl.kth.se www.ssvl.kth.se IPv6 address 3ffe:4008:2:4:a00:20ff:fe81:78c5

5 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Some terminology Domain Domain (e.g., kth.se) Subdomain (e.g., imit.kth.se), also part of the parent domain (kth.se). Could specify the name of a host (e.g. www.imit.kth.se) Zone Defines the border of responsibility

6 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab domain kth.se zone kth.se Domain vs zone Let’s consider the kth.se domain. If the whole kth.se was managed by a central KTH organization the domain and the zone kth.se would be the same. kth.sese it.kth.se imit.kth.se ssvl.kth.se

7 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab domain kth.se Domain vs zone (cont.) To simplify maintenance the authority of a subdomain can be delegated (here it.kth.se) se zone it.kth.se it.kth.se kth.se imit.kth.se ssvl.kth.se zone kth.se

8 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab DNS hierarchy Organized similar to a file hierarchy, but written in reverse order: ”/usr/sbin/ifconfig” ”cs.mit.edu.” ”.” comorgedusearpa in-addr.arpastanford cs (For reverse lookup) Top level Domains (TLD) Root mit mathcsmath root leaf root leaf kth ssvl

9 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Small exercise Assume the following: Your host is in the ssvl.kth.se domain and that your name server is ns.ssvl.kth.se. You would like to browse www.cs.mit.edu. Your host will send the DNS query to ns.ssvl.kth.se: How will your host find the IP address of its name server ns.ssvl.kth.se? Who will ns.ssvl.kth.se contact next in order to find the IP address? A DNS server in its parent domain, a root DNS server or some other server?

10 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Small exercise (cont.) If you then would like to lookup the address for www.cs.mit.edu again, would that DNS lookup be faster? Yes, since your host keeps a cache with domain name to IP address mappings. Yes, since ns.ssvl.kth.se has cached the mapping. No, the DNS lookup will take the same time as before.

11 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Hierarchy of name servers Root name servers 13 DNS servers located around the world. Authoritative for the root domain ”.” Knows how to find name servers authoritative for the different top level domains (TLD) TLD name servers Each authoritative for some of the TLDs (com., edu., se., fi., uk., …) Knows how to find name servers authoritative for the 2nd level domains (google.com, hotmail.com, kth.se, …) And so on …

12 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Finding the root DNS servers Your name server can recursively ask root DNS server, TLD DNS server, and so on until it reaches the name server authoritative for the target domain (e.g. cs.mit.edu) But how will your DNS server find the root DNS server(s)? It keeps them in a file, often called ”root.hints”!.371742 IN NS L.ROOT-SERVERS.NET..371742 INNS M.ROOT-SERVERS.NET..371742 IN NS A.ROOT-SERVERS.NET..371742 INNS B.ROOT-SERVERS.NET..371742 INNS C.ROOT-SERVERS.NET..371742 INNS D.ROOT-SERVERS.NET..371742 INNS E.ROOT-SERVERS.NET..371742 INNS F.ROOT-SERVERS.NET..371742 INNS G.ROOT-SERVERS.NET..371742 INNS H.ROOT-SERVERS.NET..371742 INNS I.ROOT-SERVERS.NET..371742 INNS J.ROOT-SERVERS.NET..371742 INNS K.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 499062 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 499062 IN A 202.12.27.33 A.ROOT-SERVERS.NET. 487141 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 487141 IN A 128.9.0.107 C.ROOT-SERVERS.NET. 499062 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 499062 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 487141 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 462023 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 487141 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 487141 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 499062 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 458200 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 462023 IN A 193.0.14.129

13 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Our example (bogus) domain Your own domain, sports.bogus IP address range 192.168.0.0/24 Routers, name servers, web and mail servers, ordinary hosts www gw2 gw1 mail/ftpgolfbasket.1.2.14.129.144.137.201 192.168.0.0/25 192.168.0.128/25 ns.4 ns2.11 Internet

14 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Multiple name servers For increased reliability each domain should have (at least) two DNS servers DNS information is only entered at one of the servers (primary master DNS) Slave (secondary) DNS servers receive DNS configuration from the master. This procedure is known as zone transfer. Refresh interval, or triggered updates.

15 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Configuring a name server BIND is a widespread DNS server. It has two types of configuration files: The ”zone files” The DNS ”database” files Resource records (RR): A, PTR, CNAME, … In our example the zones ”sports.bogus” and ”192.168.0” (reverse lookup) are of interest The main configuration file ”named.conf” Organizes/glues the zone files

16 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Main configuration file options { directory ”/var/named”; }; zone ”sports.bogus” in { type master; file ”pz/db.sport.bogus”; }; zone ”0.168.192.in-addr-arpa” { type master; file ”pz/db.192.168.0”; }; zone ”.” in { type hint; file ”root.hints”; }; zone ”0.0.127.in-addr-arpa” { type master; file ”pz/db.127.0.0”; }; named.confnamed.conf (cont) origin

17 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Zone file (sport.bogus) $TTL 3h sports.bogus. IN SOA ns.sports.bogus. staff.sports.bogus. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h; Negative TTL ) ; Name servers (NS records) sports.bogus. INNSns.sports.bogus. sports.bogus. INNSns2.sports.bogus. db.sports.bogus

18 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Zone file (cont) ; Addresses for canonical names (A records) gw1.sports.bogus. INA192.168.0.1 gw2.sports.bogus. INA192.168.0.2 gw2.sports.bogus. INA192.168.0.129 ns.sports.bogus. INA192.168.0.4 ns2.sports.bogus. INA192.168.0.11 www.sports.bogus. INA192.168.0.14 golf.sports.bogus. INA192.168.0.137 mail.sports.bogus. INA192.168.0.144 basket.sports.bogus. INA192.168.0.201 db.sports.bogus

19 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Zone file (cont) ; Aliases (CNAME records) ftp.sports.bogus. INCNAMEmail.sports.bogus. ; Mail servers sports.bogus.INMX 10mail.sports.bogus. db.sports.bogus Mail server priority

20 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab db.sports.bogus Abbreviations $TTL 3h @ IN SOA ns.sports.bogus. staff.sports.bogus. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h; Negative TTL ) ; Name servers (NS records) INNSns INNSns2 ”@” implied

21 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Abbreviations (cont) ; Addresses for canonical names (A records) gw1 INA192.168.0.1 gw2 INA192.168.0.2 INA192.168.0.129 ns INA192.168.0.4 ns2 INA192.168.0.11 www INA192.168.0.14 golfINA192.168.0.137 mailINA192.168.0.144 basketINA192.168.0.201 db.sports.bogus repeat last

22 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Abbreviations (cont) ; Aliases (CNAME records) ftpINCNAMEmail ; Mail servers @INMX10mail db.sports.bogus

23 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Reverse look-up Compare a domain name and an IP address. IP addresses also have a hierarchy, although the direction of root to leaf is reversed (left to right) Possible to use the same technique to look up domain names from IP address (reverse look up) Use of specific top and second level domain (in-addr.arpa) for this purpose, e.g., 14.0.168.192.in-addr.arpa www.sports.bogus 192.168.0.14

24 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab DNS hierarchy ”.” comorgedusearpa in-addr.arpastanford cs (For reverse lookup) Top level Domains (TLD) Root mit mathcsmath kth ssvl 192 168

25 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Reverse look up (named.conf) options { directory ”/var/named”; } zone ”sports.bogus” in { type master; file ”pz/db.sport.bogus”; }; zone ”0.168.192.in-addr-arpa” { type master; file ”pz/db.192.168.0”; }; zone ”.” in { type hint; file ”root.hints”; }; zone ”0.0.127.in-addr-arpa” { type master; file ”pz/db.127.0.0”; }; named.confnamed.conf (cont) origin

26 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab db.192.168.0 Reverse look up (zone file) $TTL 3h @ IN SOA ns.sports.bogus. staff.sports.bogus. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h; Negative TTL ) ; Name servers (NS records) INNSns.sports.bogus. INNSns2.sports.bogus. ”@” is 0.168.192.in-addr.arpa

27 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Reverse zone file (cont) ; Address to name POINTER records (PTR records) 1INPTRgw.sports.bogus. 2INPTRgw2.sports.bogus. 4INPTRns.sports.bogus. 11INPTRns2.sports.bogus. 14INPTRwww.sports.bogus. … 201INPTRbasket.sports.bogus. db.192.168.0 ”@” (0.168.192.in-addr.arpa) appended

28 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Primary and slave DNS servers Master and slave servers can answer to DNS queries in the same way Primary Master DNS This is were the administrator manually configures the zone files Can specify which slaves that can get copies of the zone files Slave DNS Specifies which zone files to download and which DNS server to download this from Polls DNS server at specific interval. May store the transfered zone files locally. Procedure is called ”zone transfer”

29 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab SOA resource record revisited $TTL 3h @ IN SOA ns.sports.bogus. staff.sports.bogus. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h; Negative TTL ) Serial, Refresh and Expire related to master/slave zone transfers $TTL and ”Negative TTL” related to lifetime of result of previous DNS queries (caching is what makes DNS scalable!!)

30 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Delegation If someone would like to look up www.sports.bogus its name server may recursively send its query to a root DNS (”.”), e.g., a.root-servers.net a TLD DNS (”bogus.”), e.g., ns.bogus our DNS (”sports.bogus.”), ns.sports.bogus But how can ns.bogus know that the query should be sent to ns.sports.bogus? And how can it know the IP address of ns.sports.bogus? There is need for some glue information in the parent name server. This is what delegation is about!

31 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab db.bogus Delegation (cont) $TTL 3h @ IN SOA ns.bogus. staff.bogus. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h; Negative TTL ) INNSns ; Name servers in delegated zones sports.bogus. INNSns.sports.bogus. INNSns2.sports.bogus. ns.sports.bogus.INA192.168.0.4 ns2.sports.bogus.INA192.168.0.11 ”@” is ”bogus” glue

32 12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Delegation (cont) How to delegate the reverse look up? The really hard thing is if there address blocks are not divided on octet borders. How can you delegate a sub domain in your own domain? For example, what if a the basket balls players would like to maintain their own domain ”basket.sports.bogus”

Download ppt "12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003."

Similar presentations

Web Server Administration

Web Server Administration
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS server & Client Objectives Contents

DNS server & Client Objectives Contents
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.

DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.

The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Chapter 9: Configuring DNS for Active Directory

Chapter 9: Configuring DNS for Active Directory
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Recursive Server. Overview Recursive Service Root server list localhost 0.0.127.in-addr.arpa named.conf.

Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Module 12: Domain Name System (DNS)

Module 12: Domain Name System (DNS)
The Domain Name System (DNS)

The Domain Name System (DNS)
DNS Domain Name Service References: Wikipedia 1.

DNS Domain Name Service References: Wikipedia 1.

Similar presentations

Ads by Google