Computer Names. based on chapter 10 of CompTIA Network+ Exam Guide, 4th edition, by Mike Meyers OVERVIEW

Transcription

1 Computer Names based on chapter 10 of CompTIA Network+ Exam Guide, 4th edition, by Mike Meyers OVERVIEW 1

2 Computer Names and Addresses Computers are given names to make it easy for people to refer to them Computers need addresses to make them accessible over a network Networking software needs a way to match up names and addresses Computer Addresses and Names Identifying nodes and routing messages on the Internet depends on IP addresses - Not easy for humans to remember or use but people use Domain Names to identify computers - Networks have domain names corresponding to their network IDs Name resolution matches domain names with IP addresses Nodes in a network have host names corresponding to their host IDs - The host name is the leftmost piece of the domain name» montcs.bloomu.edu or ftp.funet.fi montcs.bloomu.edu ftp.funet.fi bitsy.mit.edu The subnet mask isolates the host portion of the IP address 2

3 Host names A computer in a network needs an individual address - host portion of IP address, or host address Networks assign their own host addresses - viz., BloomU assigns to a host computer - Networks also assign hostnames and subdomain names» viz., montcs, rmontant-01.buad Finding the host name: Linux: - use command hostname - also: hostname -d for the domain name Windows: - Start Control Panel System - command prompt: hostname - also: set find /i name for the computer, set find /i domain for the domain name jump to DNS 3

4 Some Relevant RFCs RFC 1034, 1035 Domain Names - Specification of the Domain Name System (DNS) - supersedes RFC 882, 883 RFC 2100 The Naming of Hosts - Description of host-naming schemas The naming of hosts is a difficult matter, it isn t just one of your holiday games; you may think at first I m as mad as a hatter When I tell you, a host must have THREE DIFFERENT NAMES. activity: look up and read RFC 2100 Name Spaces a Historical Perspective Flat name space a list of distinct names - if a name is repeated, confusion arises - MS-DOS v1.0, other file systems used a flat name space - Windows Networks used a flat name space» names could be used in more than one network, so networks couldn't readily interconnect Hierarchical name space names organized into categories - Frequently shown as a tree structure - Internet Domain names Flattened name space the Linux /etc/hosts file shows a flat list of locally-known names 4

5 an example of the /etc/hosts file DNS the Domain Name System 1982: RFC 805, others describe a domainname addition to addresses 1983: RFC 882, 883 describe Domain Name Servers - superseded by RFC 1034, 1035 Top-Level Domains - Highest level of hierarchical name space the Internet uses standardized TLDS - Private networks can define any TLDs they want 5

6 The DNS Hierarchy Root servers collectively named "." - Top-Level Domain servers "edu", etc»second-level servers server(s) for bloomu.edu -local and private nameservers server(s) for buad.bloomu.edu Exercise - dig the nameservers dig NS. - How many root servers? - What are their IP addresses? - Which root servers have IPv6 addresses? Where are they located? dig NS edu. dig NS bloomu.edu. dig NS buad.bloomu.edu. dig NS students.bloomu.edu. 6

7 Root Name Servers Thirteen root name servers, named "A" through "M" Operated by the RIRs Complete information, but only serve addresses of TLD-servers aut-num: AS20144 as-name: L-ROOT descr: DNS Root Name Server L.ROOT-SERVERS.NET import: from AS-ANY accept ANY export: to AS-ANY announce AS20144 remarks: ################################# remarks: # ICANN - DNS Operations - www: remarks: # L-Root, One of the 13 Internet root name server, is being operated by ICANN remarks: # AS20144 is dedicated for the use of L-Root and distributed using Anycast. remarks: # 24/7/365 NOC via network(at)dns.icann.org via phone remarks: # Prefixes Announced: /24 & 2001:500:3::/48 remarks: # Visit for our peering information remarks: ################################# admin-c: DUMY-RIPE tech-c: DUMY-RIPE mnt-by: ICANN-DNS mnt-routes: ICANN-DNS changed: mehmet(at)icann.org notify: dnsops(at)icann.org source: RIPE remarks: **************************** remarks: * THIS OBJECT IS NOT VALID remarks: * Please note that all personal data has been removed from this object. remarks: * To view the original object, please query the RIPE Database at: remarks: * remarks: **************************** RIRs and Root Name Servers a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, (21 locations) k RIPE London (also 16 other locations) i Autonomica, Stockholm (plus 28 other locations) e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 36 other locations) m WIDE Tokyo (also Seoul, Paris, SF) b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA 13 root name servers worldwide 2: Application Layer 15 7

8 Detailed Root Server map see Standard Top-Level Domains Top-Level Domains are the last part of the domain name January 1986 Subject-specific TLDs chosen:.com.edu.org.net.mil.gov.int companies (and others) educational institutions organizations networks military government agencies international orgs. (rare).bitnet nodes on the Bitnet network Two-letter Country-Code domains include:.ca Canada.jp Japan.cn China.tv Tuvalu.eu European Union.us United States.uk United Kingdom December 2002 additional domains added:.name for individuals.biz businesses.info informational sites -More added occasionally 8

9 FQDNs Fully Qualified Domain Names {host}.{subdomain}.{domain}.{tld}. - Rightmost dot refers to the DNS root usually omitted Subdomains are optional - may have multiple levels, as desired by domain owner Maximum length for FQDN is 254 octets - Plus the root-dot, for a total of 255 FQDNs can include upper- & lower-case letters, digits, hyphen Creating Domain names TLDs are established by ICANN Names within domains are assigned by registrars - EDUCAUSE assigns bloomu.edu Domain-name owners control names within their domain - BloomU assigns buad, montcs, rmontant-01 FQDN host name plus domain name - Fully Qualified Domain Name - rmontant-01.dyn.buad.bloomu.edu.» Note the sub-domains 19 9

10 HOW DNS WORKS Name Servers Each domain or subdomain maintains an authoritative name server - a.k.a. SOA, Start Of Authority - Maintains a zone file listing all hosts in its (sub)domain Additional name servers replicate, are updated from, the SOA s primary zone file - Use secondary zone files A name server can be the SOA for multiple domains Root name server (for a top-level domain) knows all SOAs in its network 10

11 The DNS Hierarchy Domains at each level have - one SOA - one or more nameservers Each domain, maybe except the lowest, has subdomains NS a.root-servers.net b.root-servers.net NS a.edu-servers.net b.edu-servers.net NS vovager.bloomu.edu pioneer.bloomu.edu NS AD2.buad.bloomu.edu ad1.buad.bloomu.edu. SOA a.root-servers.net edu. SOA a.edu-servers.net bloomu.edu. SOA voyager.bloomu.edu buad.bloomu.edu. SOA ad1.buad.bloomu.edu NS caprica.bloomu.edu library.bloomu.edu. SOA caprica.bloomu.edu local nameservers , , etc. Local Name Server does not strictly belong to hierarchy each ISP (residential ISP, company, university) has one. - also called default name server when host makes DNS query, query is sent to its local DNS server - acts as proxy, forwards query into hierarchy - look at /etc/resolv.conf DNS servers pass queries along until one has an answer - Servers can cache answers from other servers 23 11

12 Who is my local DNS server? Windows: - ipconfig/all Linux: - Different configurations keep information in various places Try - grep nameserver /etc/resolv.conf or - grep name-servers /var/lib/dhcp/dhclient* activity dig soa - e.g., dig. soa, dig bloomu.edu soa - who is this subdomain's SOA? /etc/resolv.conf - what nameservers does this host go to? wireshark run a DNS query (dig command), look at the query and response - who did the query go to? - who answered it? 12

13 Pure Iterative Name Lookup pc.bloomu.edu asks its local nameserver for Local nameserver gives it root server s IP Ask root server Root server offers.ch nameserver IP Ask.ch nameserver Get cern.ch nameserver IP Ask cern.ch nameserver Get IP of pc.bloomu.edu accesses dns.bloomu.edu pc.bloomu.edu a.root-servers.net dns.ch dns.cern.ch Pure Recursive Name Lookup pc.bloomu.edu asks its local nameserver for Local nameserver asks root server for Root server asks.ch server for server asks cern.ch server for cern.ch returns IP of to.ch.ch, root each return IP in order Local nameserver gives IP to pc.bloomu.edu pc.bloomu.edu accesses dns.bloomu.edu pc.bloomu.edu a.root-servers.net dns.ch dns.cern.ch 13

14 Mixed Name Lookup pc.bloomu.edu asks its local nameserver for Local nameserver asks root server for Root server returns.ch server's IP Local server asks.ch server.ch server returns cern.ch Local server asks cern.ch cern.ch returns IP of Local nameserver gives IP to pc.bloomu.edu pc.bloomu.edu accesses dns.bloomu.edu pc.bloomu.edu a.root-servers.net dns.ch dns.cern.ch RESOURCE RECORDS 14

15 Name Servers Operation Maintain lookup caches - Previously-resolved names - Cached lookups expire after a time limit - TLD servers are typically cached in local name servers» Thus root name servers not often visited Forward lookup zones - Resource Records map domain names to IP addresses - "dig" makes forward-lookup queries Reverse lookup zones - Allow reverse lookups give the host name for an IP address - "dig x" makes reverse-lookup queries DNS Zones and Zone Files A DNS Zone is a portion of the DNS namespace managed by a specific organization Contains one or more domains and subdomains Zone Files maintain information about a zone Contain directives and Resource Records (RRs)that control the operation of DNS servers for domains in the zone RR format is: (name, value, type, ttl) 15

16 DNS Resource Records from wikipedia: - In computer networking, a zone file is a text file that describes a portion of the domain name system (DNS) called a DNS zone. A zone contains information that defines mappings between domain names and IP addresses and other resources, organized in the form of resource records (RR). Maintained by the DNS server Defined in RFC 1034, RFC 1035 look at ftp://ftp.internic.net/domain/root.zone - You can use a web browser to do this Some Common RR Types Type=SOA - name is domain name - information about domain Type=NS - name is domain name - identifies authoritative name server(s) Type=MX - value is name of mailserver associated with name Type=A or AAAA - name is hostname - value is IP address» IPv4 or IPv6 Type=CNAME - name is alias name for some canonical name - is really servereast.backup2.ibm.com Type=PTR - name is pointer to a canonical name - no further lookup 16

17 SOA record structure The following example shows the basic structure of an SOA resource IN SOA <primary-name-server> <hostmaster- > ( <serial-number> <time-to-refresh> <time-to-retry> <time-to-expire> <minimum-ttl> ) Zone File example Comments follow semicolons $TTL IN SOA mailer.debiantest.net. hostmaster.debiantest.net.( ; serial 21600; refresh every 6 hours 3600; retry after one hour ; expire after a week ); minimum TTL of 1 day IN NS mailer.debiantest.net. IN MX 10 mailer.debiantest.net. mailer IN A firewall IN A switch IN A relay IN A cisco IN CNAME switch www IN CNAME mailer mrtg IN CNAME mailer 17

18 Reverse Zone File example the reverse zone file $TTL IN SOA mailer.debiantest.net. hostmaster.debiantest.net.( ; serial 21600; refresh every 6 hours 3600; retry after one hour ; expire after a week ); minimum TTL of 1 day IN NS mailer.debiantest.net. 19 IN PTR firewall.debiantest.net. 3 IN PTR switch.debiantest.net. 1 IN PTR mailer.debiantest.net. 20 IN PTR relay.debiantest.net. DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired recursion available reply is authoritative 18

19 activity start Wireshark choose a domain - Google.com - cern.ch he.net dig for information - SOA - NS - MX - A, AAAA WINDOWS NETWORKS AND NAMES 19

20 NetBIOS and NetBEUI 1983: IBM s PC-LAN networks uses NetBIOS - API (Application Programmer Interface) only - relies on other network protocols NetBIOS API provides: - Name registration, resolution service - Connection-oriented session service - Connectionless Datagram service NetBEUI NetBIOS services over IEEE frames - not used anymore NetBIOS Over TCP/IP - NBT supports NetBIOS connections on TCP/IP networks - Sometimes called NetBEUI or NetBIOS (oops) Uses well-known TCP and UDP ports: - port NetBIOS Name Service, NBNS» generally uses UDP - port NetBIOS Datagram Service» generally uses UDP - port NetBIOS Session Service» generally uses TCP» short sessions 20

21 NetBIOS, NetBEUI, and OSI matched to OSI layers: - 7 Redirector - 6 SMB» replaced by CIFS - 5 NetBIOS - 4 NetBIOS, NetBEUI - 3 NetBIOS, NetBEUI - 2 NDIS» Network Driver Interface Specification - 1 NIC Redirector - sends network requests to appropriate server SMB - file and printer sharing NetBIOS - session, datagram, and name services NetBEUI - data transport, frame formatting works with NetBIOS NDIS - MS interface to NICs SMB/CIFS Networking Servers broadcast their name, advertise services - Entire group/domain sees broadcast Windows Workgroup - Organizes computers into groups that can share - My Network Places folder on a Windows machine - Any node can join by choosing the workgroup name - Non-Windows nodes: Samba software provides CIFS support Windows Domain - Based on a domain controller node, running Windows Server - Nodes must authenticate to the domain controller to join - All domain controllers are also DNS servers Active Directory - Distributed organization of domain controllers 21

22 NetBIOS Names NetBIOS names are flat no extension or suffix - Maximum length of 16 octets» MS: 15 characters for name, 16 th octet gives node type - Disallowed characters are \ / : *? " ; and SPACE - Distinct from computer s name, but usually set equal - Case-insensitive: abcd, abcd, and ABCD are all the same name Windows Names 22

23 NetBIOS Names At startup, Windows host broadcasts its name - This registers the name on the local network SMB and CIFS share files/folders and printers, based on NetBIOS names - Server Message Block original Microsoft protocol - Common Internet File System current, crossplatform version Wireshark Windows Name Broadcast 23

24 Windows Networking in the VM-LAN Start your Linux client - Start Wireshark - Set the display filter as: (udp.port>=137 && udp.port<=139) Start your Windows client - You should see NBNS and BROWSER frames in wireshark Active Directory and Integrated Zones Standard DNS keeps a primary zone file on a domain s primary DNS server - Secondary DNS servers mirror it with secondary zone files - Only the primary zone records can be updated Active Directory-integrated zone allows all domain controllers to update DNS records - DHCP servers, new IP nodes can submit updates to one of the DNS servers 24

25 LMHOSTS, WINS Servers and Proxies LMHOSTS file on a client node - Text file, keeps listings of other NetBIOS nodes - Similar to DNS hosts file WINS servers - Windows Internet Name Service - Maintain records of NetBIOS names - Clients register directly with WINS server instead of broadcasting - Can accept routed registrations WINS proxy agents - Forward broadcast NetBIOS names to a WINS server - Needed to support nodes that don t know about WINS servers WINS and TCP/IP Windows 7 Advanced TCP/IP settings dialog Use and configuration of WINS server and LMHOSTS file are managed here 25

26 LOOKING AT DNS Cached Lookups Most DNS servers are configured as caching servers - They store DNS answers, based on a Time-To-Live value Windows hosts cache DNS answers locally: - ipconfig /displaydns shows all cached FQDNs - There may be surprisingly many entries Linux hosts don t cache DNS answers by default - nscd name-service caching daemon can be installed if desired (but it s uncommon) 26

27 Some useful Windows tools nbtstat c - cached NetBIOS names/addresses net view - Show accessible hosts Dynamic DNS RFC Protocol for dynamically updating DNS server records DHCP servers register their clients' records with the DNS server(s) - Add 'A' records to identify names - Add reverse pointer to identify host addresses MS Windows: - part of Active Directory - DHCP server registers 'A' records - Individual DHCP clients register the reverse pointers 27

28 DNS Security Extensions RFCs 4033, 4034, March 2005 Extensions to DNS that provide authentication for clients ("resolvers") - DNS records are digitally signed via public-key cryptography - Backwards compatible with plain DNS - Does not provide confidentiality Protects against attacks such as DNS poisoning, spoofing DNS servers, etc. Troubleshooting DNS Ping can tell if IP address works when domain name doesn t - If so, it s a DNS problem. - If not, it s a connectivity problem. - ping or ping are easy to remember Check for correct DNS server settings» Windows: ipconfig/all Ubuntu: grep name-servers /var/lib/dhcp/dhclient* - Check for connectivity to the DNS server Investigate what the DNS server is sends back - nslookup, dig 28

29 DNS Query, Response Linux dig command performs DNS lookups - Replaces the older lookup program Query asked for Response shows canonical name, IP address, authoritative nameservers; local server s IP address (DONE) 29