Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System

Size: px
Start display at page:

Download "Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System"

Transcription

1 Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma DNS The Domain Name System

2 RFC 1034 Network Working Group P. Mockapetris Request for Comments: 1034 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES - CONCEPTS AND FACILITIES 1. STATUS OF THIS MEMO This RFC is an introduction to the Domain Name System (DNS), and omits many details which can be found in a companion RFC, "Domain Names - Implementation and Specification" [RFC-1035]. That RFC assumes that the reader is familiar with the concepts discussed in this memo.

3 RFC 1034 (2) 2.2. DNS design goals The design goals of the DNS influence its structure. They are: - The primary goal is a consistent name space which will be used for referring to resources. In order to avoid the problems caused by ad hoc encodings, names should not be required to contain network identifiers, addresses, routes, or similar information as part of the name. - The sheer size of the database and frequency of updates suggest that it must be maintained in a distributed manner, with local caching to improve performance. Approaches that attempt to collect a consistent copy of the entire database will become more and more expensive and difficult, and hence should be avoided. The same principle holds for the structure of the name space, and in particular mechanisms for creating and deleting names; these should also be distributed. - etc.

4 RFC 1035 Network Working Group Request for Comments: 1035 Obsoletes: RFCs 882, 883, 973 P. Mockapetris ISI November 1987 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 1. STATUS OF THIS MEMO This RFC describes the details of the domain system and protocol, and assumes that the reader is familiar with the concepts discussed in a companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034]. The domain system is a mixture of functions and data types which are an official protocol and functions and data types which are still experimental. Since the domain system is intentionally extensible, new data types and experimental behavior should always be expected in parts of the system beyond the official protocol. The official protocol parts include standard queries, responses and the Internet class RR data formats (e.g., host addresses). Since the previous RFC set, several definitions have changed, so some previous definitions are obsolete.

5 The DNS Name Space A portion of the Internet domain name space.

6 Resource Records The principal DNS resource records types.

7 Resource Records (2) A portion of a possible DNS database for cs.vu.nl.

8 Name Servers Chaque zone possède (au moins) un serveur délégué Part of the DNS name space showing the division into zones.

9 Name Servers (2) Requête récursive : un résolveur sur flits.cs.vu.nl cherche l adresse de linda.cs.yale.edu

10 Requête : exemple 1 nslookup > set norecurse > set debug > Server: donaser.labri.u-bordeaux.fr Address: Got answer: HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 0, authority records = 4, additional = 4 QUESTIONS: type = A, class = IN

11 Requête 1 : enregistrements «autorisés» AUTHORITY RECORDS: -> chalmers.se nameserver = cthns.chalmers.se ttl = (11 hours 51 mins 50 secs) -> chalmers.se nameserver = chalmers.se ttl = (11 hours 51 mins 50 secs) -> chalmers.se nameserver = ns.ckoia.chalmers.se ttl = (11 hours 51 mins 50 secs) -> chalmers.se nameserver = dns.uu.se ttl = (11 hours 51 mins 50 secs)

12 Requête 1 : enregistrements supplémentaires ADDITIONAL RECORDS: -> cthns.chalmers.se internet address = ttl = (11 hours 51 mins 50 secs) -> chalmers.se internet address = ttl = (11 hours 16 mins 1 sec) -> ns.ckoia.chalmers.se internet address = ttl = (11 hours 51 mins 50 secs) -> dns.uu.se internet address = ttl = (3 hours 42 mins 39 secs)

13 Requête : exemple 2 > Server: [ ] Address: Got answer: HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: response, auth. answer, recursion avail. questions = 1, answers = 1, authority records = 4, additional = 4 QUESTIONS: type = A, class = IN ANSWERS: -> internet address = ttl = (12 hours)

14 Requête 3 : serveurs de courrier > set type=mx > cs.chalmers.se Server: [ ] Address: Got answer: HEADER: opcode = QUERY, id = 7, rcode = NOERROR header flags: response, auth. answer, recursion avail. questions = 1, answers = 2, authority records = 4, additional = 5 QUESTIONS: cs.chalmers.se, type = MX, class = IN ANSWERS: -> cs.chalmers.se MX preference = 0, mail exchanger = pheidippides.md.chalmers.se ttl = (12 hours) -> cs.chalmers.se MX preference = 100, mail exchanger = chalmers.se ttl = (12 hours)

15 Requête 3 : enregistrements supplémentaires ADDITIONAL RECORDS: -> pheidippides.md.chalmers.se internet address = ttl = (12 hours) -> chalmers.se internet address = ttl = (12 hours) etc.

16 Requête 4 : SOA > set type=soa > chalmers.se Server: [ ] Address: Got answer: HEADER: opcode = QUERY, id = 9, rcode = NOERROR header flags: response, auth. answer, recursion avail. questions = 1, answers = 1, authority records = 4, additional = 4 QUESTIONS: chalmers.se, type = SOA, class = IN

17 Requête 4 : réponse ANSWERS: -> chalmers.se ttl = (12 hours) primary name server = chalmers.se responsible mail addr = cth-nic.chalmers.se serial = refresh = (4 hours) retry = 3600 (1 hour) expire = (7 days) default TTL = 600 (10 mins)

18 Secure Naming (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.

19 Secure Naming (2) How Trudy spoofs Alice's ISP DNS Server.

20 Secure Naming (3) Explications : Trudy gère son propre serveur DNS (serveur délégué pour le domaine trudythe-intruder.com), appelons le T. Le message 1 engendre des messages 1a (requête) et 1b (réponse), entre F, le serveur DNS du FAI d Alice, et C, le serveur DNS du domaine «top level».com ; ces messages n apparaissent pas sur le schéma. La réponse 1b contient, en plus de la réponse proprement dite (adresse IP de foobar.trudy-the-intruder.com), le nom du serveur DNS du domaine (authority record) et son adresse IP (additional record). F garde en mémoire cache tous les enregistrements (RR) comosant la réponse B.

21 Secure Naming (4) Pour répondre à la requête 2, F interroge directement T (message 3), sans passer par C. F construit séquentiellement les identificateurs permettant d apparier requêtes et réponses : faute inadmissible, un nouvel identificateur doit être imprévisible. Noter aussi que Trudy peut envoyer des requêtes DNS (et même une réponse) au serveur F ; possible, sauf si ces requêtes sont bloquées par un NAT (cas où le FAI de Trudy n est pas celui d Alice), ou si la réponse est bloquée par un pare-feu sortant (qui détecte que Trudy émet un paquet avec une adresse IP source falsifiée).

22 Format Messages DNS Mockapetris [Page 25] RFC 1035 Domain Implementation and Specification November MESSAGES 4.1. Format All communications inside of the domain protocol are carried in a single format called a message. The top level format of message is divided into 5 sections (some of which are empty in certain cases) shown below: Header Question the question for the name server Answer RRs answering the question Authority RRs pointing toward an authority Additional RRs holding additional information

23 Format Messages DNS (2) Header section format ID QR Opcode AA TC RD RA Z RCODE QDCOUNT ANCOUNT NSCOUNT ARCOUNT ID A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied into the corresponding reply and can be used by the requester to match up replies to outstanding queries.

24 RFC 2535 Network Working Group D. Eastlake Request for Comments: 2535 IBM Obsoletes: 2065 March 1999 Updates: 2181, 1035, 1034 Category: Standards Track Domain Name System Security Extensions Extensions to the Domain Name System (DNS) are described that provide data integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records.

25 DNS Security Extensions The extensions provide for the storage of authenticated public keys in the DNS. This storage of keys can support general public key distribution services as well as DNS security. The stored keys enable security aware resolvers to learn the authenticating key of zones in addition to those for which they are initially configured. Keys associated with DNS names can be retrieved to support other protocols. Provision is made for a variety of key types and algorithms.

26 Example An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed hash of the A and KEY records to verify their authenticity.

27 Key RR The KEY resource record (RR) is used to store a public key that is associated with a Domain Name System (DNS) name. This can be the public key of a zone, a user, or a host or other end entity. A KEY RR is, like any other RR, authenticated by a SIG RR. KEY RRs must be signed by a zone level key.

28 Key RR (2) The public key in a KEY RR is for the object named in the owner name. A DNS name may refer to three different categories of things. For example, foo.host.example could be (1) a zone, (2) a host or other end entity, or (3) the mapping into a DNS name of the user or account Thus, there are flag bits in the KEY RR to indicate with which of these roles the owner name and public key are associated. Note that an appropriate zone KEY RR MUST occur at the apex node of a secure zone and zone KEY RRs occur only at delegation points.

29 Key RDATA KEY RDATA format : flags protocol algorithm / / public key / / /

30 Protocol 1 is reserved for use in connection with TLS. 2 is reserved for use in connection with . 3 is used for DNS security. 4 is reserved to refer to the Oakley/IPSEC [RFC 2401] protocol and indicates that this key is valid for use in conjunction with that security standard.

31 Algorithm RSA/MD5 [RFC 2537] - recommended Diffie-Hellman [RFC 2539] - optional, key only DSA [RFC 2536] - MANDATORY reserved for elliptic curve crypto 254 private - OID : the public key area for the KEY RR and the signature begin with an unsigned length byte followed by a BER encoded Object Identifier (ISO OID) of that length. The OID indicates the private algorithm in use and the remainder of the area is whatever is required by that algorithm. Entities should only use OIDs they control to designate their private algorithms.

32 Sig RR The SIG or "signature" resource record (RR) is the fundamental way that data is authenticated in the secure Domain Name System (DNS). As such it is the heart of the security provided. The SIG RR unforgably authenticates an RRset of a particular type, class, and name and binds it to a time interval and the signer's domain name. This is done using cryptographic techniques and the signer's private key. The signer is frequently the owner of the zone from which the RR originated.

33 Sig RDATA type covered algorithm labels original TTL signature expiration signature inception key tag signer's name + / / / / / signature / / /

DNS at NLnet Labs. Matthijs Mekking

DNS at NLnet Labs. Matthijs Mekking DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the

More information

Teldat Router. DNS Client

Teldat Router. DNS Client Teldat Router DNS Client Doc. DM723-I Rev. 10.00 March, 2003 INDEX Chapter 1 Domain Name System...1 1. Introduction...2 2. Resolution of domains...3 2.1. Domain names resolver functionality...4 2.2. Functionality

More information

THE DOMAIN NAME SYSTEM DNS

THE DOMAIN NAME SYSTEM DNS Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace

More information

1 DNS Packet Structure

1 DNS Packet Structure Fundamentals of Computer Networking Project 1 Primer: DNS Overview CS4700/CS5700 Fall 2009 17 September 2009 The DNS protocol is well-documented online, however, we describe the salient pieces here for

More information

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names. Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names

More information

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30) DNS Some advanced topics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.6, 2013/09/19 10:55:30) Friday, September 13, 2013 Karst Koymans (with Niels Sijm) (UvA)

More information

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace Motivation Domain Name System (DNS) IP addresses hard to remember Meaningful names easier to use Assign names to IP addresses Name resolution map names to IP addresses when needed Namespace set of all

More information

Domain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved

Domain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction

More information

DNS Conformance Test Specification For Client

DNS Conformance Test Specification For Client DNS Conformance Test Specification For Client Revision 1.0 Yokogawa Electric Corporation References This test specification focus on following DNS related RFCs. RFC 1034 DOMAIN NAMES - CONCEPTS AND FACILITIES

More information

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s) Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab dns Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani, M.

More information

Some advanced topics. Karst Koymans. Friday, September 11, 2015

Some advanced topics. Karst Koymans. Friday, September 11, 2015 DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 Karst Koymans (UvA) DNS Friday, September 11, 2015 1 /

More information

Domain Name System Security

Domain Name System Security Abstract Domain Name System Security Ladislav Hagara hgr@vabo.cz Department of Automated Command Systems and Informatics Military Academy in Brno Brno, Czech Republic Domain Name System (DNS) is one of

More information

Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org

Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org TCP/IP Protocol Suite Application Layer DHCP DNS SNMP HTTP SMTP POP Transport Layer UDP TCP ICMP IGMP Network Layer IP Link Layer ARP ARP

More information

DNS Resolving using nslookup

DNS Resolving using nslookup DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based

More information

The Domain Name System from a security point of view

The Domain Name System from a security point of view The Domain Name System from a security point of view Simon Boman Patrik Hellström Email: {simbo105, pathe321}@student.liu.se Supervisor: David Byers, {davby@ida.liu.se} Project Report for Information Security

More information

Domain Name System (DNS) Fundamentals

Domain Name System (DNS) Fundamentals Domain Name System (DNS) Fundamentals Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International

More information

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1 SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,

More information

DNS : Domain Name System

DNS : Domain Name System 1/30 DNS : Domain Name System Surasak Sanguanpong nguan@.ac.th http://www...ac.th/~nguan Last updated: May 24, 1999 Outline 2/30 DNS basic name space name resolution process protocol configurations Why

More information

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS)

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Veuillez vérifier les éléments suivants avant de nous soumettre votre accord : 1. Vous avez bien lu et paraphé

More information

Internetworking with TCP/IP Unit 10. Domain Name System

Internetworking with TCP/IP Unit 10. Domain Name System Unit 10 Domain Name System Structure 10.1 Introduction 10.2 Fully Qualified Domain Names (FQDNs) Generic Domains Country Domains 10.3 Mapping domain names to IP addresses 10.4 Mapping IP Addresses to Domain

More information

The Domain Name System

The Domain Name System Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose

More information

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.

More information

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com Domain Name System (DNS) Session-1: Fundamentals Ayitey Bulley abulley@ghana.com Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved between

More information

Resilient Networking. Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning. Securing DNS Split-Split-DNS DNSSEC.

Resilient Networking. Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning. Securing DNS Split-Split-DNS DNSSEC. Resilient Networking 6: Attacks on DNS Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC SoSe 2014 Fachbereich Informatik Telecooperation Group

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

10 Linux nslookup Command Examples for DNS Lookup

10 Linux nslookup Command Examples for DNS Lookup 10 Linux nslookup Command Examples for DNS Lookup nslookup is a network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or any other specific DNS

More information

# $ # % $ % $ % & ' $( # ) *$ www.microsoft.com mail.virgilio.it ftp.cs.cornell.edu

# $ # % $ % $ % & ' $( # ) *$ www.microsoft.com mail.virgilio.it ftp.cs.cornell.edu ! www.microsoft.com mail.virgilio.it ftp.cs.cornell.edu " " # $ # % $ % $ % & ' $( # ) *$ #+, $-., www.microsoft.com 131.114.9.252 mail.virgilio.it 192.113.21.27 ftp.cs.cornell.edu 115.116.123.11 / / request(nome)

More information

The Use of DNS Resource Records

The Use of DNS Resource Records International Journal of Advances in Electrical and Electronics Engineering 230 Available online at www.ijaeee.com & www.sestindia.org/volume-ijaeee/ ISSN: 2319-1112 Simar Preet Singh Systems Engineer,

More information

Domain Name System (DNS) Security By Diane Davidowicz 1999 Diane Davidowicz

Domain Name System (DNS) Security By Diane Davidowicz 1999 Diane Davidowicz Domain Name System (DNS) Security By Diane Davidowicz 1999 Diane Davidowicz Contents 1. Abstract...3 2. Introduction...3 3. Overview of the DNS...3 3.1. Fundamentals of DNS...4 3.1.1. The Domain Name Space...4

More information

DNS SECURITY TROUBLESHOOTING GUIDE

DNS SECURITY TROUBLESHOOTING GUIDE DNS SECURITY TROUBLESHOOTING GUIDE INTERNET DEPLOYMENT OF DNS SECURITY 27 November 2006 Table of Contents 1. INTRODUCTION...3 2. DNS SECURITY SPECIFIC FAILURE MODES...3 2.1 SIGNATURES...3 2.1.1 Signature

More information

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example Document ID: 113571 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information

More information

Goal of this session

Goal of this session DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:

More information

Internet-Praktikum I Lab 3: DNS

Internet-Praktikum I Lab 3: DNS Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans

More information

Introduction to DNS CHAPTER 5. In This Chapter

Introduction to DNS CHAPTER 5. In This Chapter 297 CHAPTER 5 Introduction to DNS Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The following sections describe

More information

Benchmarking Zonemaster Sandoche Balakrichenan (Afnic) & Einar Lonn (IIS)

Benchmarking Zonemaster Sandoche Balakrichenan (Afnic) & Einar Lonn (IIS) Benchmarking Zonemaster Sandoche Balakrichenan (Afnic) & Einar Lonn (IIS) 1 1 Health check je n'ai pas eu de retour, peut être que c'était trop sybillin 2 DNS Health check Connectivity Name Server DNSSEC

More information

Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer

Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer CPSC 360 Network Programming Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer Systems Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

Domain Name System (DNS)

Domain Name System (DNS) Chapter 18 CSC465 Computer Networks Spring 2004 Dr. J. Harrison These slides are based on the text TCP/IP Protocol Suite (2 nd Edition) Domain Name System (DNS) CONTENTS NAME SPACE DOMAIN NAME SPACE DISTRIBUTION

More information

DNSSEC Applying cryptography to the Domain Name System

DNSSEC Applying cryptography to the Domain Name System DNSSEC Applying cryptography to the Domain Name System Gijs van den Broek Graduate Intern at SURFnet Overview First half: Introduction to DNS Attacks on DNS Second half: DNSSEC Questions: please ask! DNSSEC

More information

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works

More information

Introduction BIND. The DNS Protocol. History (1) DNS. History (2) Agenda

Introduction BIND. The DNS Protocol. History (1) DNS. History (2) Agenda History (1) DNS Domain Name System The Internet's Name Service even in the early days of the Internet, hosts have been also identified by s e.g. /etc/hosts.txt file on UNIX systems all s have been maintained

More information

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS Agenda Network Services Domain Names & DNS Domain Names Domain Name System Internationalized Domain Names Johann Oberleitner SS 2006 Domain Names Naming of Resources Problems of Internet's IP focus IP

More information

Configuring DNS. Finding Feature Information

Configuring DNS. Finding Feature Information The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname.

More information

No. Time Source Destination Protocol Info 1 0.000000 192.168.1.28 192.168.1.2 DNS Standard query A weather.noaa.gov

No. Time Source Destination Protocol Info 1 0.000000 192.168.1.28 192.168.1.2 DNS Standard query A weather.noaa.gov /tmp/dump/dump02_arp_dns-weather_syn_fin complete-session - Ethereal Page 1 1 0.000000 192.168.1.28 192.168.1.2 DNS Standard query A weather.noaa.gov Frame 1 (76 bytes on wire, 76 bytes captured) Arrival

More information

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12 DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and

More information

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2

More information

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In)

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In) DNSSEC: A Vision Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Outline DNS Today DNS Attacks DNSSEC: An Approach Countering DNS Attacks Conclusion 2 DNS Today DNS is

More information

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 Sincan 06935 Ankara, Turkey Version Table Manual Version/Date AAA/22.03.2011

More information

Motivation. Users can t remember IP addresses. Implemented by library functions & servers. - Need to map symbolic names (www.stanford.

Motivation. Users can t remember IP addresses. Implemented by library functions & servers. - Need to map symbolic names (www.stanford. Motivation 2 cs.princeton.edu User 1 user @ cs.princeton.edu Name server Mail program 192.12.69.5 3 TCP 192.12.69.5 4 192.12.69.5 5 IP Users can t remember IP addresses - Need to map symbolic names (www.stanford.edu)

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Coordinación. The background image of the cover is desgned by http://www.freepik.com/ GUIDE TO DNS SECURITY 2

Coordinación. The background image of the cover is desgned by http://www.freepik.com/ GUIDE TO DNS SECURITY 2 Autor Antonio López Padilla Coordinación Daniel Fírvida Pereira This publication belongs to INTECO (Instituto Nacional de Tecnologías de la Comunicación) and is under an Attribution- NonCommercial 3.0

More information

Authenticated Denial of Existence in the DNS

Authenticated Denial of Existence in the DNS CC BY-SA 3.0 SIDN Labs 2011/0x01-v2 Authenticated Denial of Existence in the DNS Miek Gieben, miek.gieben@sidn.nl, SIDN Matthijs Mekking, matthijs@nlnetlabs.nl, NLnet Labs January 2012 Abstract Authenticated

More information

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide HTG X XROADS NETWORKS Network Appliance How To Guide: DNS Delegation How To Guide DNS Delegation (The Simple Redundancy Solution) The key requirement when performing DNS based network redundancy and load

More information

A Security Evaluation of DNSSEC with NSEC3

A Security Evaluation of DNSSEC with NSEC3 A Security Evaluation of DNSSEC with NSEC3 Jason Bau Stanford University Stanford, CA, USA jbau@stanford.edu Abstract Domain Name System Security Extensions (DNSSEC) with Hashed Authenticated Denial of

More information

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin Domain Name System: DNS Objective: map names to IP addresses (i.e., high level names to low level names) Original namespace was flat, didn t scale.. Hierarchical naming permits decentralization by delegating

More information

3. The Domain Name Service

3. The Domain Name Service 3. The Domain Name Service n Overview and high level design n Typical operation and the role of caching n Contents of DNS Resource Records n Basic message formats n Configuring/updating Resource Records

More information

Understanding DNS (the Domain Name System)

Understanding DNS (the Domain Name System) Understanding DNS (the Domain Name System) A white paper by Incognito Software January, 2007 2007 Incognito Software Inc. All rights reserved. Understanding DNS (the Domain Name System) Introduction...2

More information

CS 348: Computer Networks. - DNS; 22 nd Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - DNS; 22 nd Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - DNS; 22 nd Oct 2012 Instructor: Sridhar Iyer IIT Bombay Domain Name System Map between host names and IP addresses People: many identifiers: name, Passport #, Internet hosts:

More information

Forouzan: Chapter 17. Domain Name System (DNS)

Forouzan: Chapter 17. Domain Name System (DNS) Forouzan: Chapter 17 Domain Name System (DNS) Domain Name System (DNS) Need System to map name to an IP address and vice versa We have used a host file in our Linux laboratory. Not feasible for the entire

More information

Step-by-Step DNSSEC-Tools Operator Guidance Document

Step-by-Step DNSSEC-Tools Operator Guidance Document Step-by-Step DNSSEC-Tools Operator Guidance Document Using the DNSSEC-Tools v1.0 distribution SPARTA, Inc. Table of Contents 1. Introduction... 1 Organization of this Document... 1 Key Concepts... 2 Zones

More information

Rough Outline. Introduction Why DNSSEC DNSSEC Theory Famous last words. http://www.nlnetlabs.nl/ Universiteit van Amsterdam, Sep 2006.

Rough Outline. Introduction Why DNSSEC DNSSEC Theory Famous last words. http://www.nlnetlabs.nl/ Universiteit van Amsterdam, Sep 2006. page 2 Rough Outline An introduction to DNSSEC Olaf Kolkman 21 September 2006 Stichting (www.nlnetlabs.nl) Introduction Why DNSSEC DNSSEC Theory Famous last words page 3 DNSSEC evangineers of the day Olaf:

More information

How to set up the Integrated DNS Server for Inbound Load Balancing

How to set up the Integrated DNS Server for Inbound Load Balancing How to set up the Integrated DNS Server for Introduction Getting Started Peplink Balance has a built-in DNS server for inbound link load balancing. You can delegate a domain s NS/SOA records, e.g. www.mycompany.com,

More information

Subverting BIND s SRTT algorithm Derandomizing NS selection

Subverting BIND s SRTT algorithm Derandomizing NS selection Subverting BIND s SRTT algorithm Derandomizing NS selection Roee Hay roeeh@il.ibm.com Jonathan Kalechstein kalechstain@gmail.com Gabi Nakibly, Ph.D. gnakibly@cs.technion.ac.il April 14, 2013 Abstract.

More information

NET0183 Networks and Communications

NET0183 Networks and Communications NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/2009 1 NET0183 Networks and Communications by Dr Andy Brooks DNS is a distributed database implemented in a hierarchy of many

More information

DNS + DHCP. Michael Tsai 2015/04/27

DNS + DHCP. Michael Tsai 2015/04/27 DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration

More information

GDS Resource Record: Generalization of the Delegation Signer Model

GDS Resource Record: Generalization of the Delegation Signer Model GDS Resource Record: Generalization of the Delegation Signer Model Gilles Guette, Bernard Cousin, David Fort To cite this version: Gilles Guette, Bernard Cousin, David Fort. GDS Resource Record: Generalization

More information

Bluetooth Low Energy

Bluetooth Low Energy Bluetooth Low Energy Responsable de l épreuve : L. Toutain Tous documents autorisés. Répondez uniquement sur la copie en annexe. Lisez bien tout le document avant de commencer à répondre 1 Bluetooth Low

More information

ECE 4321 Computer Networks. Network Programming

ECE 4321 Computer Networks. Network Programming ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet

More information

Protection of DNS using HAVAL

Protection of DNS using HAVAL International Journal of Electronics and Computer Science Engineering 972 Available Online at www.ijecse.org ISSN- 2277-1956 Protection of DNS using HAVAL Raghvendra Vikram Singh 1, Deepak Chaudhary 2

More information

An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis

An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis Ramaswamy Chandramouli NIST, Gaithersburg, MD 20899 (mouli@nist.gov) Abstract The Domain Name System (DNS) is the world

More information

Request for Comments: 1788 Category: Experimental April 1995

Request for Comments: 1788 Category: Experimental April 1995 Network Working Group W. Simpson Request for Comments: 1788 Daydreamer Category: Experimental April 1995 Status of this Memo ICMP Domain Name Messages This document defines an Experimental Protocol for

More information

CSI 3140. Lab 1 : Exercise 1. 1.1 Find the IP address of www.whitehouse.gov www.site.uottawa.ca www.pastis.org. Or, another way:

CSI 3140. Lab 1 : Exercise 1. 1.1 Find the IP address of www.whitehouse.gov www.site.uottawa.ca www.pastis.org. Or, another way: CSI 3140 Lab 1 : Exercise 1 1.1 Find the IP address of www.whitehouse.gov www.site.uottawa.ca www.pastis.org C:\Documents and Settings\gvj>nslookup www.whitehouse.org Name: www.whitehouse.org Address:

More information

Parallel Discrepancy-based Search

Parallel Discrepancy-based Search Parallel Discrepancy-based Search T. Moisan, J. Gaudreault, C.-G. Quimper Université Laval, FORAC research consortium February 21 th 2014 T. Moisan, J. Gaudreault, C.-G. Quimper Parallel Discrepancy-based

More information

DNS security: poisoning, attacks and mitigation

DNS security: poisoning, attacks and mitigation DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain

More information

Networking Domain Name System

Networking Domain Name System IBM i Networking Domain Name System Version 7.2 IBM i Networking Domain Name System Version 7.2 Note Before using this information and the product it supports, read the information in Notices on page

More information

How to Add Domains and DNS Records

How to Add Domains and DNS Records How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.

More information

Domain Name System DNS

Domain Name System DNS CE443 Computer Networks Domain Name System DNS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks course thought by

More information

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS Hostnames CSCE 515: Computer Network Programming ------ Address Conversion Function and DNS RFC 1034, RFC 1035 Wenyuan Xu http://www.cse..edu/~wyxu/ce515f07.html Department of Computer Science and Engineering

More information

Domain Name System (DNS)

Domain Name System (DNS) Domain Name System (DNS) Instructor: Anirban Mahanti Office: ICT 745 Email: mahanti@cpsc.ucalgary.ca Class Location: ICT 121 Lectures: MWF 12:00 12:50 Notes derived from Computer Networking: A Top Down

More information

The Application Layer: DNS

The Application Layer: DNS Recap SMTP and email The Application Layer: DNS Smith College, CSC 9 Sept 9, 0 q SMTP process (with handshaking) and message format q Role of user agent access protocols q Port Numbers (can google this)

More information

More Internet Support Protocols

More Internet Support Protocols Domain Name System (DNS) Ch 2.5 More Internet Support Protocols Problem statement: Average brain can easily remember 7 digits On average, IP addresses have 10.28 digits We need an easier way to remember

More information

Using the Domain Name System for System Break-ins

Using the Domain Name System for System Break-ins Using the Domain Name System for System Break-ins Steven M. Bellovin Presented by: Thomas Repantis trep@cs.ucr.edu CS255-Computer Security, Winter 2004 p.1/37 Overview Using DNS to spoof a host s name

More information

DNS Pharming Attack Lab

DNS Pharming Attack Lab CNT 5410 - Fall 2014 1 DNS Pharming Attack Lab (This is a modified version of the exercise listed below. Modifications are to provide tighter configuration so as to minimize the risk of traffic leaving

More information

The Domain Name System

The Domain Name System DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),

More information

Advanced DNS Course. Module 4. DNS Load Balancing

Advanced DNS Course. Module 4. DNS Load Balancing Advanced DNS Course Module 4 DNS Load Balancing Services (SRV) Record The Services RR allows a service to be associated with a host name. A user or application that wishes to discover where a service

More information

Network Working Group. Category: Standards Track October 2006

Network Working Group. Category: Standards Track October 2006 Network Working Group B. Volz Request for Comments: 4704 Cisco Systems, Inc. Category: Standards Track October 2006 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client Fully Qualified Domain

More information

Liste d'adresses URL

Liste d'adresses URL Liste de sites Internet concernés dans l' étude Le 25/02/2014 Information à propos de contrefacon.fr Le site Internet https://www.contrefacon.fr/ permet de vérifier dans une base de donnée de plus d' 1

More information

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a subdomain? In principle straightforward: just insert NS records for the subdomain, pointing at someone else's

More information

Thursday, February 7, 2013. DOM via PHP

Thursday, February 7, 2013. DOM via PHP DOM via PHP Plan PHP DOM PHP : Hypertext Preprocessor Langage de script pour création de pages Web dynamiques Un ficher PHP est un ficher HTML avec du code PHP

More information

DNS and E-mail Interface User Guide

DNS and E-mail Interface User Guide DNS and E-mail Interface User Guide Document Revision 04 // 2012 www.twcbc.com back back to TOC to TOC Header Text and Info Table of Contents 1. Introduction 3 2. Accessing the Application 4 3. Working

More information

dnsperf DNS Performance Tool Manual

dnsperf DNS Performance Tool Manual dnsperf DNS Performance Tool Manual Version 2.0.0 Date February 14, 2012 Copyright 2002-2012, Inc. - All Rights Reserved This software and documentation is subject to and made available pursuant to the

More information

DATA COMMUNICATOIN NETWORKING

DATA COMMUNICATOIN NETWORKING DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach By: Kurose, Ross Introduction Course Overview Basics of Computer Networks Internet

More information

The Domain Name System

The Domain Name System The Domain Name System Antonio Carzaniga Faculty of Informatics University of Lugano October 9, 2012 2005 2007 Antonio Carzaniga 1 IP addresses and host names Outline DNS architecture DNS process DNS requests/replies

More information

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals

More information

Memory Eye SSTIC 2011. Yoann Guillot. Sogeti / ESEC R&D yoann.guillot(at)sogeti.com

Memory Eye SSTIC 2011. Yoann Guillot. Sogeti / ESEC R&D yoann.guillot(at)sogeti.com Memory Eye SSTIC 2011 Yoann Guillot Sogeti / ESEC R&D yoann.guillot(at)sogeti.com Y. Guillot Memory Eye 2/33 Plan 1 2 3 4 Y. Guillot Memory Eye 3/33 Memory Eye Analyse globale d un programme Un outil pour

More information

The Domain Name System

The Domain Name System The Domain Name System Mark Handley) UCL Computer Science CS 3035/GZ01 Today 1. The Domain Name System (DNS) 2. A Brief Word on DNS Security A name indicates what we seek. An address indicates where it

More information

- Domain Name System -

- Domain Name System - 1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize

More information