netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)
|
|
- Alisha Atkins
- 8 years ago
- Views:
Transcription
1 Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab dns Version Author(s) Web Description 2.2 G. Di Battista, M. Patrignani, M. Pizzonia, F. Ricci, M. Rimondini contact@netkit.org using the domain name system
2 copyright notice All the pages/slides in this presentation, including but not limited to, images, photos, animations, videos, sounds, music, and text (hereby referred to as material ) are protected by copyright. This material, with the exception of some multimedia elements licensed by other organizations, is property of the authors and/or organizations appearing in the first slide. This material, or its parts, can be reproduced and used for didactical purposes within universities and schools, provided that this happens for non-profit purposes. Information contained in this material cannot be used within network design projects or other products of any kind. Any other use is prohibited, unless explicitly authorized by the authors on the basis of an explicit agreement. The authors assume no responsibility about this material and provide this material as is, with no implicit or explicit warranty about the correctness and completeness of its contents, which may be subject to changes. This copyright notice must always be redistributed together with the material, or its portions.
3 about the dns takes care of associating names with ip addresses (and more ) the name system is distributed over several nodes (hosts) that are hierarchically organized to form a tree each node in the hierarchy corresponds to a name a domain in the name system is a subtree a node in the hierarchy may be delegated to handle names for a particular zone such a node is an authoritative server for that zone a zone is a domain which is devoid of those nodes having a different authoritative server (i.e., a tree without subtrees)
4 the dns name hierarchy each node corresponds to a name this node is nanoinside.net org dnsroot net lugroma3 dnsorg dnsnet nanoinside dnslug dnsnano pc2 this node is.lugroma3.org
5 the dns name hierarchy leaves always correspond to real hosts org dnsroot intermediate nodes may correspond to real hosts (in this example they do not) net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2
6 domains domains are subtrees their name is the name of the root node every node (including leaves) defines a domain org domains do overlap dnsroot nanoinside.net domain net net domain lugroma3 dnsorg dnsnet nanoinside dnslug dnsnano pc2
7 a zone is a domain without the delegated subdomains org zones dnsroot zones cannot overlap each node falls into a single zone net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2
8 zones have name servers they are not constrained to be inside the zone they serve zones served by dnsroot served by dnsorg.org org dnsroot net served by dnsnet.net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2 served by dnslug.lugroma3.org served by dnsnano.nanoinside.net
9 more about the dns the dns hierarchy is orthogonal with respect to the actual network topology in order to focus on the behavior of the dns we choose a flat topology, consisting of a single collision domain
10 step 1 network topology dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
11 step 1 dns (zone) hierarchy abc domain name org net lugroma3 served by dnsroot nanoinside served by dnsorg.org served by dnsnet.net pc2 served by dnslug.lugroma3.org served by dnsnano.nanoinside.net
12 step 2 starting the lab host machine user@localhost:~$ cd netkit-lab_dns user@localhost:~/netkit :~/netkit-lab_dns$ lstart the lab is configured to start all the 7 vms automatically configure the network interfaces automatically configure the name servers automatically start the name server software (bind) on each name server
13 step 2 exploring the configuration configuration on the pcs consists of the specification of the default name server :~# cat /etc etc/resolv.conf nameserver search lugroma3.org :~# pc2 pc2:~# cat /etc etc/resolv.conf nameserver search nanoinside.net pc2:~# dnslug.lugroma3.org suffix to to append to to unqualified names (e.g. (e.g. asking to to resolve dummy results in in querying for for dummy.lugroma3.org) dnsnano.nanoinside.net
14 step 2 exploring the configuration configuration on the name servers specifies associations between zones and name servers information about the root name servers authoritative information associations between names and ip addresses
15 step 2 exploring the configuration configuration on the name servers specifies associations between zones and name servers dnslug dnslug:~# cat /etc etc/bind bind/named.conf named.conf... zone "." { type hint; file "/etc etc/bind bind/db.root db.root"; };... // add entries for other zones below here zone "lugroma3.org" { type master; file "/etc etc/bind bind/db.org.lugroma3"; }; dnslug:~# where to to find information about the root name server we are the primary master for for zone lugroma3.org where to to find data about the names in in this zone
16 step 2 exploring the configuration configuration on the name servers specifies information about the root name servers dnslug dnslug:~# cat /etc/bind/db.root. IN NS ROOT-SERVER. ROOT-SERVER. IN A dnslug:~# a resource record format of of a resource record <domain> <class> <type> <rdata> domain: the record owner (=domain to to which the record refers) class: usually IN IN (=Internet system); may be be HS HS (=hesiod) or or CH (=chaos) type: see next slide... rdata: record data (depends netkit on on [ lab: the dns ] record type)
17 step 2 exploring the configuration A A a a host host address. A6 address. A6 an an IPv6 IPv6 address. AAAA address. AAAA Obsolete Obsolete format format of of IPv6 IPv6 address AFSDB address AFSDB (x) (x) location location of of AFS AFS database database servers. servers. Experimental. CERT Experimental. CERT holds holds a a digital digital certificate. CNAME certificate. CNAME identifies identifies the the canonical canonical name name of of an an alias. DNAME alias. DNAME for for delegation delegation of of reverse reverse addresses. addresses. Replaces Replaces the the domain domain name name specified specified with another with another name name to to be be looked looked up. up. Described Described in in RFC RFC GPOS GPOS Specifies Specifies the the global global position. position. Superseded Superseded by by LOC. HINFO LOC. HINFO identifies identifies the the CPU CPU and and OS OS used used by by a a host. ISDN host. ISDN (x) (x) representation representation of of ISDN ISDN addresses. addresses. Experimental. KEY Experimental. KEY stores stores a a public public key key associated associated with with a a DNS DNS name. KX name. KX identifies identifies a a key key exchanger exchanger for for this this DNS DNS name. LOC name. LOC (x) (x) for for storing storing GPS GPS info. info. See See RFC RFC Experimental. MX Experimental. MX identifies identifies a a mail mail exchange exchange for for the the domain. domain. See See RFC RFC for for details. NAPTR details. NAPTR name name authority authority pointer. NSAP pointer. NSAP a a network network service service access access point. NS point. NS the the authoritative authoritative nameserver nameserver for for the the domain. NXT domain. NXT used used in in DNSSEC DNSSEC to to securely securely indicate indicate that that RRs RRs with with an an owner owner name name in in a a certain name certain name interval interval do do not not exist exist in in a a zone zone and and indicate indicate what what R PTR R PTR a a pointer pointer to to another another part part of of the the domain domain name name space. PX space. PX provides provides mappings mappings between between RFC RFC and and X.400 X.400 addresses. RP addresses. RP (x) (x) information information on on persons persons responsible responsible for for the the domain. domain. Experimental. RT Experimental. RT (x) (x) route-through route-through binding binding for for hosts hosts that that do do not not have have their their own own direct direct wide wide area network area network addresses. addresses. Experimental. SIG Experimental. SIG ("signature") ("signature") contains contains data data authenticated authenticated in in the the secure secure DNS. DNS. See See RFC RFC for details. for SOA details. SOA identifies identifies the the start start of of a a zone zone of of authority. SRV authority. SRV information information about about well well known known network network services services (replaces (replaces WKS). TXT WKS). TXT text text records. WKS records. WKS (h) (h) information information about about which which well well known known network network services, services, such such as as SMTP, SMTP, that that a domain a domain supports. supports. Historical, Historical, replaced replaced by by newer newer RR RR SRV. X25 SRV. X25 (x) (x) representation representation of of X.25 X.25 network network addresses. addresses. Experimental Experimental available record types
18 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL time to to live, in in seconds (determines how long a resource record should be be cached)
19 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) must be be all all on on a single line; line breaks can only be be introduced when using parentheses a a zone data file can contain only one SOA record Start of of Authority record
20 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry relative to to the ; expire origin 0 ; negative cache ttl ) this record is is referred to to the current origin (lugroma3.org) all domain names in in this data file that are not fully qualified (do not end with a. ). ) are the origin is is the domain name in in the zone statement of of the server configuration file: zone zone "lugroma3.org " lugroma3.org" " { type type master; master; file file "/etc/bind/db.org.lugroma3"; }; };
21 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) record class (Internet) record type (Start of of Authority) primary master (=authority) server for for this zone (dnslug.lugroma3.org); don t forget the trailing dot, or or the origin name (lugroma3.org) would be be appended!
22 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire is is responsible for for the zone 0 ; negative cache ttl (root@dnslug.lugroma3.org) ) mail address of of the person that the first.. must be be replaced by by only meant to to be be used by by humans; has no no use within the dns service
23 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire configurations 0 ; negative cache ttl ) make sense for for master/slave server configurations
24 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) serial number determines how recent the information is is influences all all data within the zone conventional format: YYYYMMDDNN (year, month, day, # of of changes within that day)
25 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry (seconds) ; expire 0 ; negative cache ttl ) refresh interval tells a slave how often to to check that the data for for this zone is is up up to to date
26 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry between ; expire 0 ; negative cache ttl subsequent ) interval (seconds) subsequent attempts to to contact the master
27 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry (seconds) ; expire 0 ; negative cache ttl ) slave expire time if if the slave fails to to contact the master for for this amount of of time, it it considers the zone data too old and stops giving answers about it it
28 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) ttl ttl for for negative responses from authoritative name servers
29 step 2 exploring the configuration configuration on the name servers specifies associations between names and ip addresses dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. record type ( ; serial (name server) 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl IN NS dnslug.lugroma3.org. dnslug IN A IN A dnslug:~# the authoritative name server for for this zone (lugroma3.org) is is dnslug.lugroma3.org (final dot fully qualified name)
30 step 2 exploring the configuration configuration on the name servers specifies associations between names and ip addresses dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial record 28 ; refresh type 14 ; retry (address) ; expire 0 ; negative cache appended) ttl IN NS dnslug.lugroma3.org. dnslug IN A IN A dnslug:~# two machines in in this zone: dnslug.lugroma3.org.lugroma3.org (the (the origin name is is automatically
31 step 2 exploring the configuration configuration on the name servers may specify an authority for a subdomain dnsorg dnsorg:~# cat /etc etc/bind bind/db.org db.org $TTL IN SOA dnsorg.org. root.dnsorg.org. ( ; serial zone (org) ; refresh ; retry ; expire 0 ; negative cache ttl IN NS dnsorg.org. dnsorg IN A dnsorg.org is is the authority for for this zone (org) dnslug.lugroma3.org is is the authority for for zone lugroma3(.org) lugroma3 IN NS dnslug.lugroma3.org. dnslug.lugroma3 IN A dnsorg:~#
32 step 3 experiment setting :~# ping pc2.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24
33 pc2 step 3 the sniffer output pc2:~# tcpdump n t port domain no no timestamps needed capture packets to/from port domain (port 53) ip ipnumbers instead of of host names; port numbers instead of of service names
34 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) query id id (+=recursion desired) query type (address) query value packet size (not (not including UDP UDP and and IP IP headers)
35 pc2 step 3 the sniffer output pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) the query carries a response with an an additional record (an (an OPT OPT record, containing information about the the capabilities of of the the querier) query answer dnslug.lugroma3.org ( ) asks the root server ( ) last update: Computer Networks Apr 2007
36 pc2 step 3 the sniffer output query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) the root server ( ) answers with: 0 answers 1 authority (=name server) record (dnsnet.net) 2 additional records (dnsnet.net s IP IP address , and an an OPT record)
37 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) the query carries an an additional OPT record dnslug.lugroma3.org ( ) asks dnsnet.net ( )
38 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) dnsnet.net ( ) answers with: 0 answers 1 authority (=name server) record (dnsnano.nanoinside.net) 2 additional records (dnsnano.nanoinside.net s IP IP address , and an OPT record) , and netkit an OPT [ lab: record) dns ]
39 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) IP > : [1au] A? pc2.nanoinside.net. (47) the the query carries an an additional OPT OPT record dnslug.lugroma3.org ( ) asks asks dnsnano.nanoinside.net ( )
40 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on dnsnano.nanoinside.net eth0, link-type EN10MB (Ethernet), ( ) capture size answers 96 bytes with: IP > : 1 answer (pc2.nanoinside.net s IP A? pc2.nanoinside.net. IP address ) (36) IP authority (=name server) > : record (dnsnano.nanoinside.net) 2 additional records (dnsnano.nanoinside.net s [1au] A? pc2.nanoinside.net. IP IP address (47) IP , > : and and an an OPT OPT record) /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : 64854* 1/1/2 A (101)
41 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode dnslug.lugroma3.org listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : ( ) answers with: A? pc2.nanoinside.net. (36) IP > : IP IP address ) [1au] A? pc2.nanoinside.net. (47) IP > : 1 authority (=name server) record /1/2 (dnsnano.nanoinside.net) (84) IP > : 1 additional record [1au] (dnsnano.nanoinside.net s A? pc2.nanoinside.net. (47) IP IP > : address /1/2 (85) ) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : 64854* 1/1/2 A (101) IP > : /1/1 (108) ( ) answers with: 1 answer (pc2.nanoinside.net s (dnsnano.nanoinside.net s IP
42 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
43 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
44 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
45 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
46 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
47 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
48 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
49 step 3 exchanged messages recursive behavior dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
50 step 4 repeating the experiment :~# ping pc2.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24
51 step 4 repeating the experiment pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : /1/1 A (90) the name server cache helps reducing traffic
52 step 4 repeating the experiment dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24
53 step 5 restarting the name server the restart operation cleans up caches a new client query triggers the complete sequence of iterative queries dnslug dnslug:~# /etc/init.d/bind restart Stopping domain name service: named. Starting domain name service: named. dnslug:~# upon startup, the name server checks its root server configuration pc2 pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : [1au] NS?. (28) IP > : 15318* 1/0/2 NS ROOT-SERVER. (68)
54 step 6 non-existent target :~# ping pluto.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24
55 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : /1/2 (86) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...
56 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : [1au] A? pluto.nanoinside.net. all (49) all the iterative queries IP > : /1/2 (86) are performed again IP > : because of of the cache [1au] A? pluto.nanoinside.net. (49) IP > : flush /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...
57 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : the requested domain [1au] (pluto.nanoinside.net) A? pluto.nanoinside.net. (49) IP > : /1/2 does (86) not exist (NXDomain) IP > : [1au] A? *=authoritative pluto.nanoinside.net. answer (49) IP > : /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...
58 step 6 non-existent target (cont d) pc2 query answer... IP > : A? pluto.nanoinside.net.lugroma3.org. (51) IP > : NXDomain* 0/1/0 (99) since the query has failed, tries once more with the domain search path configured inside its its /etc/resolv.conf: nameserver search lugroma3.org
59 step 6 repeating the experiment :~# ping pluto.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24
60 step 6 repeating the experiment pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : 2449 NXDomain 0/1/0 (87) IP > : A? pluto.nanoinside.net.lugroma3.org. (51) IP > : 2450 NXDomain* 0/1/0 (99) the name server negative cache has stored the negative answer
61 step 7 advanced queries resource records can be searched by using dig highly customizable queries detailed responses :~# dig pc2.nanoinside.net
62 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90
63 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A answer ;; ANSWER SECTION: flags: pc2.nanoinside.net IN A qr: qr: query response rd: rd: recursion desired (the (the user user asked for for a recursive lookup) ra: ra: recursion available (the (the server allows recursive lookups) ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90
64 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A these sections correspond to to those contained in in DNS packets ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90
65 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90 records being searched (class: IN, type: A address records) a dns dns message never contains more than than one one question section
66 step 7 advanced queries :~# dig pc2.nanoinside.net records that form the answer to to the question ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 may may be be more than than one one ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: in 90 in /etc/resolv.conf) time time to to live live of of a resource record that that is is cached on on the the server try try invoking dig digonce more to to see see it it decreasing constant if if the the record is is not not cached (i.e., (i.e., it it is is stored on on the the name server being queried by by default the the one one configured
67 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 records describing authoritative name servers are returned here ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; additional WHEN: Tue Apr records 17 14:49: ;; MSG SIZE rcvd: 90 are returned here
68 step 8 an iterative query :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et avoid displaying question and additional sections disable recursion
69 step 8 an iterative query :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: IN NS ROOT-SERVER. ;; Query time: 21 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:07: ;; MSG SIZE rcvd: 76 :~# the server answers by by specifying the authoritative name server to to be be contacted to to get the desired information
70 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: server (dnsroot) ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: net IN NS dnsnet.net. query a specific name ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:14: ;; MSG SIZE rcvd: 73 :~# dnsnet.net is is the authoritative name server for for zone net
71 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:21: ;; MSG SIZE rcvd: 74 :~# query a specific name server (dnsnet.net) dnsnano.nanoinside.net is is the authoritative name server for for zone nanoinside.net
72 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 24 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:23: ;; MSG SIZE rcvd: 90 query a specific name server (dnsnano.nanoinside.net)
73 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# a recursive query (default behavior of of dig)
74 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et an an iterative query
75 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et ; <<>> DiG <<>> +noquestion +noadditional +norecurse pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 19 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:45: ;; MSG SIZE rcvd: 74
76 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et the ttl ttl is is expiring ; <<>> DiG <<>> +noquestion +noadditional +norecurse pc2.nanoinside.net ;; global ( this options: is is a cached printcmd ;; Got answer: information) ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, the id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: recursive query 1, ADDITIONAL: 1 dnslug.lugroma3.org immediately answers with the authoritative name server for for zone nanoinside.net, which it it has learned during ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 19 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:45: ;; MSG SIZE rcvd: 74
netkit lab Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab walkthrough Version 1.3 Author(s) Massimo Rimondini E-mail Web Description contact@netkit.org
More informationwalkthrough Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab walkthrough Version 1.2 Author(s) Massimo Rimondini E-mail Web Description contact@netkit.org
More informationDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationDomain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com
Domain Name System (DNS) Session-1: Fundamentals Ayitey Bulley abulley@ghana.com Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved between
More informationnetkit lab two-hosts Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab two-hosts Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,
More informationMotivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace
Motivation Domain Name System (DNS) IP addresses hard to remember Meaningful names easier to use Assign names to IP addresses Name resolution map names to IP addresses when needed Namespace set of all
More informationnetkit lab static-routing Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab static-routing Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,
More informationGoal of this session
DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,
More informationInternet-Praktikum I Lab 3: DNS
Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans
More informationDNS : Domain Name System
1/30 DNS : Domain Name System Surasak Sanguanpong nguan@.ac.th http://www...ac.th/~nguan Last updated: May 24, 1999 Outline 2/30 DNS basic name space name resolution process protocol configurations Why
More informationDNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)
DNS Some advanced topics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.6, 2013/09/19 10:55:30) Friday, September 13, 2013 Karst Koymans (with Niels Sijm) (UvA)
More informationnetkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)
netkit lab load balancer dns Version Author(s) 1.2 Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A lab showing how to perform simple load balancing on a set of web
More informationTHE DOMAIN NAME SYSTEM DNS
Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace
More informationHow-to: DNS Enumeration
25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS
More informationCreating a master/slave DNS server combination for your Grid Infrastructure
Creating a master/slave DNS server combination for your Grid Infrastructure When doing a Grid Infrastructure installation, a DNS server is needed to resolve addresses for the cluster- scan addresses. In
More informationDNS. Computer networks - Administration 1DV202. fredag 30 mars 12
DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and
More informationDNS. Computer Networks. Seminar 12
DNS Computer Networks Seminar 12 DNS Introduction (Domain Name System) Naming system used in Internet Translate domain names to IP addresses and back Communication works on UDP (port 53), large requests/responses
More informationIntroduction to DNS CHAPTER 5. In This Chapter
297 CHAPTER 5 Introduction to DNS Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The following sections describe
More informationDomain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works
More informationDomain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin
Domain Name System: DNS Objective: map names to IP addresses (i.e., high level names to low level names) Original namespace was flat, didn t scale.. Hierarchical naming permits decentralization by delegating
More informationNetworking Domain Name System
System i Networking Domain Name System Version 5 Release 4 System i Networking Domain Name System Version 5 Release 4 Note Before using this information and the product it supports, read the information
More informationnetkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)
netkit lab MPLS VPNs with overlapping address spaces Version Author(s) 1.0 S.Filippi, L.Ricci, F.Antonini E-mail Web Description silvia.filippi@kaskonetworks.it http://www.kaksonetworks.it/ A lab showing
More informationDNS at NLnet Labs. Matthijs Mekking
DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the
More informationHow to Configure DNS Zones
How to Configure DNS Zones The Barracuda NG Firewall DNS configuration object contains two predefined zones: _template and. To be able to edit and specify DNS zones within the Barracuda NG Firewall DNS
More informationTable of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.
Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names
More informationNetworking Domain Name System
System i Networking Domain Name System Version 6 Release 1 System i Networking Domain Name System Version 6 Release 1 Note Before using this information and the product it supports, read the information
More informationHow to Add Domains and DNS Records
How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.
More informationnetkit lab bgp: multi-homed Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab bgp: multi-homed Version Author(s) E-mail Web Description 2.0 G. Di Battista, M. Patrignani,
More informationThe Domain Name System
DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),
More informationCopyright 2012 http://itfreetraining.com
In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the
More informationDomain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved
Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction
More informationDNS Conformance Test Specification For Client
DNS Conformance Test Specification For Client Revision 1.0 Yokogawa Electric Corporation References This test specification focus on following DNS related RFCs. RFC 1034 DOMAIN NAMES - CONCEPTS AND FACILITIES
More informationNetworking Domain Name System
IBM i Networking Domain Name System Version 7.2 IBM i Networking Domain Name System Version 7.2 Note Before using this information and the product it supports, read the information in Notices on page
More informationDNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved
DNS ActiveX Control for Microsoft Windows Copyright Magneto Software All rights reserved 1 DNS Overview... 3 1.1 Introduction... 3 1.2 Usage... 3 1.3 Property... 4 1.4 Event... 4 1.5 Method... 4 1.6 Error
More informationDNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .
Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name
More informationDNS Pharming Attack Lab
CNT 5410 - Fall 2014 1 DNS Pharming Attack Lab (This is a modified version of the exercise listed below. Modifications are to provide tighter configuration so as to minimize the risk of traffic leaving
More informationDNS Service on Linux. Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th
DNS Service on Linux Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th Host Name Resolution Common Host Name Service Files (/etc/hosts and /etc/networks) DNS (/etc/resolv.conf) Multiple client-side resolvers:
More informationEnabling DNS for IPv6 CSD Fall 2011
Enabling DNS for IPv6 CSD Fall 2011 Team members: Bowei Dai daib@kth.se 15 credits Elis Kullberg elisk@kth.se 18 credits Hannes Junnila haju@kth.se 15 credits Nur Mohammad Rashed nmrashed@kth.se 15 credits
More informationLecture 2 CS 3311. An example of a middleware service: DNS Domain Name System
Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.
More informationApplication Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System
Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management Protocols of the application layer are common communication
More informationKAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10
KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 Sincan 06935 Ankara, Turkey Version Table Manual Version/Date AAA/22.03.2011
More informationApplication Protocols in the TCP/IP Reference Model
Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management WWW Virtual Terminal Name Service File Transfer HTTP FTP Telnet SMTP DNS SNMP TFTP Internet protocols TCP UDP
More informationDomain Name System Security
Abstract Domain Name System Security Ladislav Hagara hgr@vabo.cz Department of Automated Command Systems and Informatics Military Academy in Brno Brno, Czech Republic Domain Name System (DNS) is one of
More informationThe Domain Name System (DNS)
The Domain Name System (DNS) Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 24-1 Overview Naming hierarchy hierarchy Name resolution Other information in name servers 24-2
More informationAgenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS
Agenda Network Services Domain Names & DNS Domain Names Domain Name System Internationalized Domain Names Johann Oberleitner SS 2006 Domain Names Naming of Resources Problems of Internet's IP focus IP
More informationDNS Resolving using nslookup
DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based
More informationECE 4321 Computer Networks. Network Programming
ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet
More informationUnderstanding DNS (the Domain Name System)
Understanding DNS (the Domain Name System) A white paper by Incognito Software January, 2007 2007 Incognito Software Inc. All rights reserved. Understanding DNS (the Domain Name System) Introduction...2
More informationnetkit lab single-host Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab single-host Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,
More informationConfiguring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files
Configuring DNS BIND: UNIX Name Service Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files Zone: a collection of domain information contained
More informationCS3250 Distributed Systems
CS3250 Distributed Systems Lecture 4 More on Network Addresses Domain Name System DNS Human beings (apart from network administrators and hackers) rarely use IP addresses even in their human-readable dotted
More informationVersion Author(s) E-mail Web Description
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Netkit The poor man s system for experimenting computer networking Version Author(s) E-mail Web
More informationSome advanced topics. Karst Koymans. Friday, September 11, 2015
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 Karst Koymans (UvA) DNS Friday, September 11, 2015 1 /
More informationAPI of DNS hosting. For DNS-master and Secondary services Table of contents
API of DNS hosting. For DNS-master and Secondary services Table of contents API of DNS hosting. For DNS-master and Secondary services... 1 1. Introduction... 3 2. Setting access area of application for
More informationBuilding a Linux IPv6 DNS Server
Building a Linux IPv6 DS Server By David Gordon and Ibrahim Haddad Open Systems Lab Ericsson Research Corporate Unit This article presents a tutorial on building an IPv6 DS Linux server that provides IPv6
More informationBulk DNS Update CSV File
Bulk DNS Updates Bulk DNS Update CSV File Each line in the comma-separated value (CSV) file represents a resource record. A line break must follow each line, and the file may contain up to 5000 lines.
More informationHostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS
Hostnames CSCE 515: Computer Network Programming ------ Address Conversion Function and DNS RFC 1034, RFC 1035 Wenyuan Xu http://www.cse..edu/~wyxu/ce515f07.html Department of Computer Science and Engineering
More informationCSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)
CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS) By Michael Olan, Richard Stockton College (last update: March 2012) Purpose At this point, all hosts should be communicating
More informationDNS SECURITY TROUBLESHOOTING GUIDE
DNS SECURITY TROUBLESHOOTING GUIDE INTERNET DEPLOYMENT OF DNS SECURITY 27 November 2006 Table of Contents 1. INTRODUCTION...3 2. DNS SECURITY SPECIFIC FAILURE MODES...3 2.1 SIGNATURES...3 2.1.1 Signature
More informationDomain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers
Domain Name Servers COMP76 Networked Computer Systems Internet Names Hierarchical starting from the right host.subnet.organization.type Names are case insensitive and can be in either upper or lower case.
More informationDomain Name System (DNS)
Chapter 18 CSC465 Computer Networks Spring 2004 Dr. J. Harrison These slides are based on the text TCP/IP Protocol Suite (2 nd Edition) Domain Name System (DNS) CONTENTS NAME SPACE DOMAIN NAME SPACE DISTRIBUTION
More information- Domain Name System -
1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize
More informationCSE 127: Computer Security. Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationThe Domain Name System: An Integral Part of the Internet. By Keiko Ishioka
The Domain Name System: An Integral Part of the Internet By Keiko Ishioka The Domain Name System (otherwise known as the Domain Name Server system) (DNS) is a distributed database that is accessed by anyone
More information19 Domain Name System (DNS)
CHAPTER 9 Domain Name System (DNS) I n this chapter, we discuss the second application program, Domain Name System (DNS). DNS is a client/server application program used to help other application programs.
More informationnetkit lab bgp: prefix-filtering Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab bgp: prefix-filtering Version Author(s) E-mail Web Description 2.1 G. Di Battista,
More informationApplication Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System
Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management Protocols of the application layer are common communication
More informationDNS Domain Name System
Domain Name System DNS Domain Name System The domain name system is usually used to translate a host name into an IP address Domain names comprise a hierarchy so that names are unique, yet easy to remember.
More informationThe Root of the Matter: Hints or Slaves
The Root of the Matter: Hints or Slaves David Malone October 21, 2003 Abstract We consider the possibility of having a name server act as a slave to the root zone, rather than caching
More informationDNS and BIND. David White
DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind
More informationForouzan: Chapter 17. Domain Name System (DNS)
Forouzan: Chapter 17 Domain Name System (DNS) Domain Name System (DNS) Need System to map name to an IP address and vice versa We have used a host file in our Linux laboratory. Not feasible for the entire
More informationwhat s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference
what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference whoami work for robert morris university, pittsburgh, pa primarily mac and voip admin @mboylan
More informationInstalling and Setting up Microsoft DNS Server
Training Installing and Setting up Microsoft DNS Server Introduction Versions Used Windows Server 2003 Setup Used i. Server Name = martini ii. Credentials: User = Administrator, Password = password iii.
More informationAutomated domain name registration: DNS background information
IBM eserver Automated domain name registration: DNS background information ^business on demand software ADNRbackground.ppt Page 1 of 14 Overview of z/os DNS solutions Two z/os name servers supported ƒdns
More informationDNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.
Lab Exercise DNS Objective DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Step 1: Analyse the supplied DNS Trace Here we examine the supplied trace of a
More informationUse Domain Name System and IP Version 6
Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)
More informationThe Use of DNS Resource Records
International Journal of Advances in Electrical and Electronics Engineering 230 Available online at www.ijaeee.com & www.sestindia.org/volume-ijaeee/ ISSN: 2319-1112 Simar Preet Singh Systems Engineer,
More informationUnbound a caching, validating DNSSEC resolver. Do you trust your name server? Configuration. Unbound as a DNS cache (SEC-less)
Unbound a caching, validating DNSSEC resolver UKUUG Spring 2011 Conference Leeds, UK March 2011 Jan-Piet Mens $ dig 1.1.0.3.3.0.8.1.7.1.9.4.e164.arpa naptr Do you trust your name server? DNS clients typically
More informationDomain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org
Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org TCP/IP Protocol Suite Application Layer DHCP DNS SNMP HTTP SMTP POP Transport Layer UDP TCP ICMP IGMP Network Layer IP Link Layer ARP ARP
More informationDomain Name Server. Training Division National Informatics Centre New Delhi
Domain Name Server Training Division National Informatics Centre New Delhi Domain Name Service (DNS) I. History of DNS II. DNS structure and its components III. Functioning of DNS IV. Possible Configurations
More informationNET0183 Networks and Communications
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/2009 1 NET0183 Networks and Communications by Dr Andy Brooks DNS is a distributed database implemented in a hierarchy of many
More informationDNS and LDAP persistent search
FreeIPA Training Series DNS and LDAP persistent search FreeIPA 3.0 and bind-dyndb-ldap 2.3 Petr Špaček 01-14-2013 FreeIPA DNS integration FreeIPA is able to store
More informationThe Domain Name System
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose
More informationDeploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7. Kirk Farquhar
Deploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7 Kirk Farquhar 1 Content Introduction Bind 8 & Bind 9 Administering a DNS Server H2N Using DNS Manager The SCO Resolvers Firewall Issues
More information3. The Domain Name Service
3. The Domain Name Service n Overview and high level design n Typical operation and the role of caching n Contents of DNS Resource Records n Basic message formats n Configuring/updating Resource Records
More informationTHE MASTER LIST OF DNS TERMINOLOGY. v 2.0
THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people
More informationDNS + DHCP. Michael Tsai 2015/04/27
DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration
More informationDNS - Domain Name System
DNS - Domain Name System TCP/IP class 1 outline introduction naming scheme protocol format record types how it works reverse lookup implementation - named config files summary - futures 2 bibliography
More informationRemote DNS Cache Poisoning Attack Lab
SEED Labs Remote DNS Cache Poisoning Attack Lab 1 Remote DNS Cache Poisoning Attack Lab Copyright c 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by the following
More informationConfiguring DNS on Cisco Routers
Configuring DNS on Cisco Routers Document ID: 24182 Contents Introduction Prerequisites Requirements Components Used Conventions Setting Up a Router to Use DNS Lookups Troubleshooting You Can Ping a Web
More informationServices: DNS domain name system
Services: DNS domain name system David Morgan Buying numbers and names numbers are IP addresses you buy them from an ISP the ISP makes sure those addresses go to your place the names are domain names you
More information1 DNS Packet Structure
Fundamentals of Computer Networking Project 1 Primer: DNS Overview CS4700/CS5700 Fall 2009 17 September 2009 The DNS protocol is well-documented online, however, we describe the salient pieces here for
More informationDomain Name System. 188lecture12.ppt. Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo
Domain Name System 88lecture2.ppt Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo S-38.88 - Computer Networks - Spring 2003 Outline What and why? Structure of DNS Management of Domain Names Name Service in
More informationCoordinación. The background image of the cover is desgned by http://www.freepik.com/ GUIDE TO DNS SECURITY 2
Autor Antonio López Padilla Coordinación Daniel Fírvida Pereira This publication belongs to INTECO (Instituto Nacional de Tecnologías de la Comunicación) and is under an Attribution- NonCommercial 3.0
More informationIntroduction to DNS and Application Issues related to DNS. Kirk Farquhar
Introduction to DNS and Application Issues related to DNS Kirk Farquhar 1 Content What is DNS? How it all works Setting up your domain Creating your nameserver files The Resolver Testing Firewall configuration
More informationnetkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)
netkit lab load balancer web switch Version Author(s) 1.1 Giuseppe Di Battista, Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A lab showing the operation of a web switch
More informationNo. Time Source Destination Protocol Info 1 0.000000 192.168.1.28 192.168.1.2 DNS Standard query A weather.noaa.gov
/tmp/dump/dump02_arp_dns-weather_syn_fin complete-session - Ethereal Page 1 1 0.000000 192.168.1.28 192.168.1.2 DNS Standard query A weather.noaa.gov Frame 1 (76 bytes on wire, 76 bytes captured) Arrival
More informationChapter 23 The Domain Name System (DNS)
CSC521 Communication Protocols 網 路 通 訊 協 定 Chapter 23 The Domain Name System (DNS) 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Outline 1. Introduction 2. Names For Machines 3. Flat Namespace 4. Hierarchical Names 5.
More informationDNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a subdomain? In principle straightforward: just insert NS records for the subdomain, pointing at someone else's
More information