netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)"

Transcription

1 Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab dns Version Author(s) Web Description 2.2 G. Di Battista, M. Patrignani, M. Pizzonia, F. Ricci, M. Rimondini using the domain name system

2 copyright notice All the pages/slides in this presentation, including but not limited to, images, photos, animations, videos, sounds, music, and text (hereby referred to as material ) are protected by copyright. This material, with the exception of some multimedia elements licensed by other organizations, is property of the authors and/or organizations appearing in the first slide. This material, or its parts, can be reproduced and used for didactical purposes within universities and schools, provided that this happens for non-profit purposes. Information contained in this material cannot be used within network design projects or other products of any kind. Any other use is prohibited, unless explicitly authorized by the authors on the basis of an explicit agreement. The authors assume no responsibility about this material and provide this material as is, with no implicit or explicit warranty about the correctness and completeness of its contents, which may be subject to changes. This copyright notice must always be redistributed together with the material, or its portions.

3 about the dns takes care of associating names with ip addresses (and more ) the name system is distributed over several nodes (hosts) that are hierarchically organized to form a tree each node in the hierarchy corresponds to a name a domain in the name system is a subtree a node in the hierarchy may be delegated to handle names for a particular zone such a node is an authoritative server for that zone a zone is a domain which is devoid of those nodes having a different authoritative server (i.e., a tree without subtrees)

4 the dns name hierarchy each node corresponds to a name this node is nanoinside.net org dnsroot net lugroma3 dnsorg dnsnet nanoinside dnslug dnsnano pc2 this node is.lugroma3.org

5 the dns name hierarchy leaves always correspond to real hosts org dnsroot intermediate nodes may correspond to real hosts (in this example they do not) net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2

6 domains domains are subtrees their name is the name of the root node every node (including leaves) defines a domain org domains do overlap dnsroot nanoinside.net domain net net domain lugroma3 dnsorg dnsnet nanoinside dnslug dnsnano pc2

7 a zone is a domain without the delegated subdomains org zones dnsroot zones cannot overlap each node falls into a single zone net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2

8 zones have name servers they are not constrained to be inside the zone they serve zones served by dnsroot served by dnsorg.org org dnsroot net served by dnsnet.net lugroma3 nanoinside dnsorg dnsnet dnslug dnsnano pc2 served by dnslug.lugroma3.org served by dnsnano.nanoinside.net

9 more about the dns the dns hierarchy is orthogonal with respect to the actual network topology in order to focus on the behavior of the dns we choose a flat topology, consisting of a single collision domain

10 step 1 network topology dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

11 step 1 dns (zone) hierarchy abc domain name org net lugroma3 served by dnsroot nanoinside served by dnsorg.org served by dnsnet.net pc2 served by dnslug.lugroma3.org served by dnsnano.nanoinside.net

12 step 2 starting the lab host machine cd netkit-lab_dns :~/netkit-lab_dns$ lstart the lab is configured to start all the 7 vms automatically configure the network interfaces automatically configure the name servers automatically start the name server software (bind) on each name server

13 step 2 exploring the configuration configuration on the pcs consists of the specification of the default name server :~# cat /etc etc/resolv.conf nameserver search lugroma3.org :~# pc2 pc2:~# cat /etc etc/resolv.conf nameserver search nanoinside.net pc2:~# dnslug.lugroma3.org suffix to to append to to unqualified names (e.g. (e.g. asking to to resolve dummy results in in querying for for dummy.lugroma3.org) dnsnano.nanoinside.net

14 step 2 exploring the configuration configuration on the name servers specifies associations between zones and name servers information about the root name servers authoritative information associations between names and ip addresses

15 step 2 exploring the configuration configuration on the name servers specifies associations between zones and name servers dnslug dnslug:~# cat /etc etc/bind bind/named.conf named.conf... zone "." { type hint; file "/etc etc/bind bind/db.root db.root"; };... // add entries for other zones below here zone "lugroma3.org" { type master; file "/etc etc/bind bind/db.org.lugroma3"; }; dnslug:~# where to to find information about the root name server we are the primary master for for zone lugroma3.org where to to find data about the names in in this zone

16 step 2 exploring the configuration configuration on the name servers specifies information about the root name servers dnslug dnslug:~# cat /etc/bind/db.root. IN NS ROOT-SERVER. ROOT-SERVER. IN A dnslug:~# a resource record format of of a resource record <domain> <class> <type> <rdata> domain: the record owner (=domain to to which the record refers) class: usually IN IN (=Internet system); may be be HS HS (=hesiod) or or CH (=chaos) type: see next slide... rdata: record data (depends netkit on on [ lab: the dns ] record type)

17 step 2 exploring the configuration A A a a host host address. A6 address. A6 an an IPv6 IPv6 address. AAAA address. AAAA Obsolete Obsolete format format of of IPv6 IPv6 address AFSDB address AFSDB (x) (x) location location of of AFS AFS database database servers. servers. Experimental. CERT Experimental. CERT holds holds a a digital digital certificate. CNAME certificate. CNAME identifies identifies the the canonical canonical name name of of an an alias. DNAME alias. DNAME for for delegation delegation of of reverse reverse addresses. addresses. Replaces Replaces the the domain domain name name specified specified with another with another name name to to be be looked looked up. up. Described Described in in RFC RFC GPOS GPOS Specifies Specifies the the global global position. position. Superseded Superseded by by LOC. HINFO LOC. HINFO identifies identifies the the CPU CPU and and OS OS used used by by a a host. ISDN host. ISDN (x) (x) representation representation of of ISDN ISDN addresses. addresses. Experimental. KEY Experimental. KEY stores stores a a public public key key associated associated with with a a DNS DNS name. KX name. KX identifies identifies a a key key exchanger exchanger for for this this DNS DNS name. LOC name. LOC (x) (x) for for storing storing GPS GPS info. info. See See RFC RFC Experimental. MX Experimental. MX identifies identifies a a mail mail exchange exchange for for the the domain. domain. See See RFC RFC for for details. NAPTR details. NAPTR name name authority authority pointer. NSAP pointer. NSAP a a network network service service access access point. NS point. NS the the authoritative authoritative nameserver nameserver for for the the domain. NXT domain. NXT used used in in DNSSEC DNSSEC to to securely securely indicate indicate that that RRs RRs with with an an owner owner name name in in a a certain name certain name interval interval do do not not exist exist in in a a zone zone and and indicate indicate what what R PTR R PTR a a pointer pointer to to another another part part of of the the domain domain name name space. PX space. PX provides provides mappings mappings between between RFC RFC and and X.400 X.400 addresses. RP addresses. RP (x) (x) information information on on persons persons responsible responsible for for the the domain. domain. Experimental. RT Experimental. RT (x) (x) route-through route-through binding binding for for hosts hosts that that do do not not have have their their own own direct direct wide wide area network area network addresses. addresses. Experimental. SIG Experimental. SIG ("signature") ("signature") contains contains data data authenticated authenticated in in the the secure secure DNS. DNS. See See RFC RFC for details. for SOA details. SOA identifies identifies the the start start of of a a zone zone of of authority. SRV authority. SRV information information about about well well known known network network services services (replaces (replaces WKS). TXT WKS). TXT text text records. WKS records. WKS (h) (h) information information about about which which well well known known network network services, services, such such as as SMTP, SMTP, that that a domain a domain supports. supports. Historical, Historical, replaced replaced by by newer newer RR RR SRV. X25 SRV. X25 (x) (x) representation representation of of X.25 X.25 network network addresses. addresses. Experimental Experimental available record types

18 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL time to to live, in in seconds (determines how long a resource record should be be cached)

19 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) must be be all all on on a single line; line breaks can only be be introduced when using parentheses a a zone data file can contain only one SOA record Start of of Authority record

20 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry relative to to the ; expire origin 0 ; negative cache ttl ) this record is is referred to to the current origin (lugroma3.org) all domain names in in this data file that are not fully qualified (do not end with a. ). ) are the origin is is the domain name in in the zone statement of of the server configuration file: zone zone "lugroma3.org " lugroma3.org" " { type type master; master; file file "/etc/bind/db.org.lugroma3"; }; };

21 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) record class (Internet) record type (Start of of Authority) primary master (=authority) server for for this zone (dnslug.lugroma3.org); don t forget the trailing dot, or or the origin name (lugroma3.org) would be be appended!

22 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire is is responsible for for the zone 0 ; negative cache ttl ) mail address of of the person that the first.. must be be replaced by by only meant to to be be used by by humans; has no no use within the dns service

23 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire configurations 0 ; negative cache ttl ) make sense for for master/slave server configurations

24 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) serial number determines how recent the information is is influences all all data within the zone conventional format: YYYYMMDDNN (year, month, day, # of of changes within that day)

25 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry (seconds) ; expire 0 ; negative cache ttl ) refresh interval tells a slave how often to to check that the data for for this zone is is up up to to date

26 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry between ; expire 0 ; negative cache ttl subsequent ) interval (seconds) subsequent attempts to to contact the master

27 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry (seconds) ; expire 0 ; negative cache ttl ) slave expire time if if the slave fails to to contact the master for for this amount of of time, it it considers the zone data too old and stops giving answers about it it

28 step 2 exploring the configuration configuration on the name servers specifies authoritative information dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl ) ttl ttl for for negative responses from authoritative name servers

29 step 2 exploring the configuration configuration on the name servers specifies associations between names and ip addresses dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. record type ( ; serial (name server) 28 ; refresh 14 ; retry ; expire 0 ; negative cache ttl IN NS dnslug.lugroma3.org. dnslug IN A IN A dnslug:~# the authoritative name server for for this zone (lugroma3.org) is is dnslug.lugroma3.org (final dot fully qualified name)

30 step 2 exploring the configuration configuration on the name servers specifies associations between names and ip addresses dnslug dnslug:~# cat /etc etc/bind bind/db.org.lugroma3 $TTL IN SOA dnslug.lugroma3.org. root.dnslug.lugroma3.org. ( ; serial record 28 ; refresh type 14 ; retry (address) ; expire 0 ; negative cache appended) ttl IN NS dnslug.lugroma3.org. dnslug IN A IN A dnslug:~# two machines in in this zone: dnslug.lugroma3.org.lugroma3.org (the (the origin name is is automatically

31 step 2 exploring the configuration configuration on the name servers may specify an authority for a subdomain dnsorg dnsorg:~# cat /etc etc/bind bind/db.org db.org $TTL IN SOA dnsorg.org. root.dnsorg.org. ( ; serial zone (org) ; refresh ; retry ; expire 0 ; negative cache ttl IN NS dnsorg.org. dnsorg IN A dnsorg.org is is the authority for for this zone (org) dnslug.lugroma3.org is is the authority for for zone lugroma3(.org) lugroma3 IN NS dnslug.lugroma3.org. dnslug.lugroma3 IN A dnsorg:~#

32 step 3 experiment setting :~# ping pc2.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24

33 pc2 step 3 the sniffer output pc2:~# tcpdump n t port domain no no timestamps needed capture packets to/from port domain (port 53) ip ipnumbers instead of of host names; port numbers instead of of service names

34 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) query id id (+=recursion desired) query type (address) query value packet size (not (not including UDP UDP and and IP IP headers)

35 pc2 step 3 the sniffer output pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) the query carries a response with an an additional record (an (an OPT OPT record, containing information about the the capabilities of of the the querier) query answer dnslug.lugroma3.org ( ) asks the root server ( ) last update: Computer Networks Apr 2007

36 pc2 step 3 the sniffer output query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) the root server ( ) answers with: 0 answers 1 authority (=name server) record (dnsnet.net) 2 additional records (dnsnet.net s IP IP address , and an an OPT record)

37 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) the query carries an an additional OPT record dnslug.lugroma3.org ( ) asks dnsnet.net ( )

38 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) dnsnet.net ( ) answers with: 0 answers 1 authority (=name server) record (dnsnano.nanoinside.net) 2 additional records (dnsnano.nanoinside.net s IP IP address , and an OPT record) , and netkit an OPT [ lab: record) dns ]

39 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) IP > : [1au] A? pc2.nanoinside.net. (47) the the query carries an an additional OPT OPT record dnslug.lugroma3.org ( ) asks asks dnsnano.nanoinside.net ( )

40 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on dnsnano.nanoinside.net eth0, link-type EN10MB (Ethernet), ( ) capture size answers 96 bytes with: IP > : 1 answer (pc2.nanoinside.net s IP A? pc2.nanoinside.net. IP address ) (36) IP authority (=name server) > : record (dnsnano.nanoinside.net) 2 additional records (dnsnano.nanoinside.net s [1au] A? pc2.nanoinside.net. IP IP address (47) IP , > : and and an an OPT OPT record) /1/2 (84) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : /1/2 (85) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : 64854* 1/1/2 A (101)

41 step 3 the sniffer output pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode dnslug.lugroma3.org listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : ( ) answers with: A? pc2.nanoinside.net. (36) IP > : IP IP address ) [1au] A? pc2.nanoinside.net. (47) IP > : 1 authority (=name server) record /1/2 (dnsnano.nanoinside.net) (84) IP > : 1 additional record [1au] (dnsnano.nanoinside.net s A? pc2.nanoinside.net. (47) IP IP > : address /1/2 (85) ) IP > : [1au] A? pc2.nanoinside.net. (47) IP > : 64854* 1/1/2 A (101) IP > : /1/1 (108) ( ) answers with: 1 answer (pc2.nanoinside.net s (dnsnano.nanoinside.net s IP

42 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

43 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

44 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

45 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

46 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

47 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

48 step 3 exchanged messages dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

49 step 3 exchanged messages recursive behavior dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

50 step 4 repeating the experiment :~# ping pc2.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24

51 step 4 repeating the experiment pc2 query answer pc2:~# tcpdump n t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pc2.nanoinside.net. (36) IP > : /1/1 A (90) the name server cache helps reducing traffic

52 step 4 repeating the experiment dnsroot.5 abc machine name dnsorg dnsnet.1.2 dnslug dnsnano pc /24

53 step 5 restarting the name server the restart operation cleans up caches a new client query triggers the complete sequence of iterative queries dnslug dnslug:~# /etc/init.d/bind restart Stopping domain name service: named. Starting domain name service: named. dnslug:~# upon startup, the name server checks its root server configuration pc2 pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : [1au] NS?. (28) IP > : 15318* 1/0/2 NS ROOT-SERVER. (68)

54 step 6 non-existent target :~# ping pluto.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24

55 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : /1/2 (86) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...

56 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : [1au] A? pluto.nanoinside.net. all (49) all the iterative queries IP > : /1/2 (86) are performed again IP > : because of of the cache [1au] A? pluto.nanoinside.net. (49) IP > : flush /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...

57 step 6 non-existent target pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : the requested domain [1au] (pluto.nanoinside.net) A? pluto.nanoinside.net. (49) IP > : /1/2 does (86) not exist (NXDomain) IP > : [1au] A? *=authoritative pluto.nanoinside.net. answer (49) IP > : /1/2 (87) IP > : [1au] A? pluto.nanoinside.net. (49) IP > : NXDomain* 0/1/1 (98) IP > : NXDomain 0/1/0 (101)...

58 step 6 non-existent target (cont d) pc2 query answer... IP > : A? pluto.nanoinside.net.lugroma3.org. (51) IP > : NXDomain* 0/1/0 (99) since the query has failed, tries once more with the domain search path configured inside its its /etc/resolv.conf: nameserver search lugroma3.org

59 step 6 repeating the experiment :~# ping pluto.nanoinside.net pc2 pc2:~# tcpdump n t port domain dnsroot.5 dnsorg dnsnet.1.2 dnslug dnsnano pc /24

60 step 6 repeating the experiment pc2 query answer pc2:~# tcpdump -n -t port domain tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes IP > : A? pluto.nanoinside.net. (38) IP > : 2449 NXDomain 0/1/0 (87) IP > : A? pluto.nanoinside.net.lugroma3.org. (51) IP > : 2450 NXDomain* 0/1/0 (99) the name server negative cache has stored the negative answer

61 step 7 advanced queries resource records can be searched by using dig highly customizable queries detailed responses :~# dig pc2.nanoinside.net

62 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90

63 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A answer ;; ANSWER SECTION: flags: pc2.nanoinside.net IN A qr: qr: query response rd: rd: recursion desired (the (the user user asked for for a recursive lookup) ra: ra: recursion available (the (the server allows recursive lookups) ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90

64 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A these sections correspond to to those contained in in DNS packets ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90

65 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: 90 records being searched (class: IN, type: A address records) a dns dns message never contains more than than one one question section

66 step 7 advanced queries :~# dig pc2.nanoinside.net records that form the answer to to the question ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 may may be be more than than one one ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 14:49: ;; MSG SIZE rcvd: in 90 in /etc/resolv.conf) time time to to live live of of a resource record that that is is cached on on the the server try try invoking dig digonce more to to see see it it decreasing constant if if the the record is is not not cached (i.e., (i.e., it it is is stored on on the the name server being queried by by default the the one one configured

67 step 7 advanced queries :~# dig pc2.nanoinside.net ; <<>> DiG <<>> pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 records describing authoritative name servers are returned here ;; QUESTION SECTION: ;pc2.nanoinside.net. IN A ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; ADDITIONAL SECTION: dnsnano.nanoinside.net IN A ;; Query time: 129 msec ;; SERVER: #53( ) ;; additional WHEN: Tue Apr records 17 14:49: ;; MSG SIZE rcvd: 90 are returned here

68 step 8 an iterative query :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et avoid displaying question and additional sections disable recursion

69 step 8 an iterative query :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: IN NS ROOT-SERVER. ;; Query time: 21 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:07: ;; MSG SIZE rcvd: 76 :~# the server answers by by specifying the authoritative name server to to be be contacted to to get the desired information

70 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: server (dnsroot) ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: net IN NS dnsnet.net. query a specific name ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:14: ;; MSG SIZE rcvd: 73 :~# dnsnet.net is is the authoritative name server for for zone net

71 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:21: ;; MSG SIZE rcvd: 74 :~# query a specific name server (dnsnet.net) dnsnano.nanoinside.net is is the authoritative name server for for zone nanoinside.net

72 step 8 an iterative query :~# dig +noquestion +noadditional pc2.nanoinside.net ; <<>> DiG <<>> +noquestion +noadditional pc2.nanoinside.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; ANSWER SECTION: pc2.nanoinside.net IN A ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 24 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:23: ;; MSG SIZE rcvd: 90 query a specific name server (dnsnano.nanoinside.net)

73 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# a recursive query (default behavior of of dig)

74 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et an an iterative query

75 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et ; <<>> DiG <<>> +noquestion +noadditional +norecurse pc2.nanoinside.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 19 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:45: ;; MSG SIZE rcvd: 74

76 step 8 an iterative query just to confirm that name servers cache information during recursive queries... :~# dig +noquestion +noadditional pc2.nanoinside.net [...] :~# dig +noquestion +noadditional +norecurse pc2.nanoinside.net et the ttl ttl is is expiring ; <<>> DiG <<>> +noquestion +noadditional +norecurse pc2.nanoinside.net ;; global ( this options: is is a cached printcmd ;; Got answer: information) ;; ->>HEADER<< >>HEADER<<- opcode: QUERY, status: NOERROR, the id: ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: recursive query 1, ADDITIONAL: 1 dnslug.lugroma3.org immediately answers with the authoritative name server for for zone nanoinside.net, which it it has learned during ;; AUTHORITY SECTION: nanoinside.net IN NS dnsnano.nanoinside.net. de.net. ;; Query time: 19 msec ;; SERVER: #53( ) ;; WHEN: Tue Apr 17 16:45: ;; MSG SIZE rcvd: 74

netkit lab Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

netkit lab Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1. Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab walkthrough Version 1.3 Author(s) Massimo Rimondini E-mail Web Description contact@netkit.org

More information

walkthrough Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

walkthrough Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1. Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab walkthrough Version 1.2 Author(s) Massimo Rimondini E-mail Web Description contact@netkit.org

More information

Domain Name System (DNS) Fundamentals

Domain Name System (DNS) Fundamentals Domain Name System (DNS) Fundamentals Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International

More information

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com Domain Name System (DNS) Session-1: Fundamentals Ayitey Bulley abulley@ghana.com Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved between

More information

netkit lab two-hosts Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

netkit lab two-hosts Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab two-hosts Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,

More information

netkit lab static-routing Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

netkit lab static-routing Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab static-routing Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,

More information

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace Motivation Domain Name System (DNS) IP addresses hard to remember Meaningful names easier to use Assign names to IP addresses Name resolution map names to IP addresses when needed Namespace set of all

More information

Goal of this session

Goal of this session DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:

More information

Internet-Praktikum I Lab 3: DNS

Internet-Praktikum I Lab 3: DNS Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans

More information

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1 SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,

More information

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s) netkit lab load balancer dns Version Author(s) 1.2 Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A lab showing how to perform simple load balancing on a set of web

More information

DNS : Domain Name System

DNS : Domain Name System 1/30 DNS : Domain Name System Surasak Sanguanpong nguan@.ac.th http://www...ac.th/~nguan Last updated: May 24, 1999 Outline 2/30 DNS basic name space name resolution process protocol configurations Why

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30) DNS Some advanced topics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.6, 2013/09/19 10:55:30) Friday, September 13, 2013 Karst Koymans (with Niels Sijm) (UvA)

More information

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works

More information

THE DOMAIN NAME SYSTEM DNS

THE DOMAIN NAME SYSTEM DNS Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace

More information

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12 DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and

More information

Creating a master/slave DNS server combination for your Grid Infrastructure

Creating a master/slave DNS server combination for your Grid Infrastructure Creating a master/slave DNS server combination for your Grid Infrastructure When doing a Grid Infrastructure installation, a DNS server is needed to resolve addresses for the cluster- scan addresses. In

More information

Introduction to DNS CHAPTER 5. In This Chapter

Introduction to DNS CHAPTER 5. In This Chapter 297 CHAPTER 5 Introduction to DNS Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The following sections describe

More information

DNS. Computer Networks. Seminar 12

DNS. Computer Networks. Seminar 12 DNS Computer Networks Seminar 12 DNS Introduction (Domain Name System) Naming system used in Internet Translate domain names to IP addresses and back Communication works on UDP (port 53), large requests/responses

More information

How to Add Domains and DNS Records

How to Add Domains and DNS Records How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.

More information

Networking Domain Name System

Networking Domain Name System System i Networking Domain Name System Version 5 Release 4 System i Networking Domain Name System Version 5 Release 4 Note Before using this information and the product it supports, read the information

More information

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin Domain Name System: DNS Objective: map names to IP addresses (i.e., high level names to low level names) Original namespace was flat, didn t scale.. Hierarchical naming permits decentralization by delegating

More information

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s) netkit lab MPLS VPNs with overlapping address spaces Version Author(s) 1.0 S.Filippi, L.Ricci, F.Antonini E-mail Web Description silvia.filippi@kaskonetworks.it http://www.kaksonetworks.it/ A lab showing

More information

DNS at NLnet Labs. Matthijs Mekking

DNS at NLnet Labs. Matthijs Mekking DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the

More information

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names. Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names

More information

Networking Domain Name System

Networking Domain Name System System i Networking Domain Name System Version 6 Release 1 System i Networking Domain Name System Version 6 Release 1 Note Before using this information and the product it supports, read the information

More information

Domain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved

Domain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction

More information

DNS Conformance Test Specification For Client

DNS Conformance Test Specification For Client DNS Conformance Test Specification For Client Revision 1.0 Yokogawa Electric Corporation References This test specification focus on following DNS related RFCs. RFC 1034 DOMAIN NAMES - CONCEPTS AND FACILITIES

More information

netkit lab bgp: multi-homed Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

netkit lab bgp: multi-homed Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab bgp: multi-homed Version Author(s) E-mail Web Description 2.0 G. Di Battista, M. Patrignani,

More information

Enabling DNS for IPv6 CSD Fall 2011

Enabling DNS for IPv6 CSD Fall 2011 Enabling DNS for IPv6 CSD Fall 2011 Team members: Bowei Dai daib@kth.se 15 credits Elis Kullberg elisk@kth.se 18 credits Hannes Junnila haju@kth.se 15 credits Nur Mohammad Rashed nmrashed@kth.se 15 credits

More information

How to Configure DNS Zones

How to Configure DNS Zones How to Configure DNS Zones The Barracuda NG Firewall DNS configuration object contains two predefined zones: _template and. To be able to edit and specify DNS zones within the Barracuda NG Firewall DNS

More information

Copyright 2012 http://itfreetraining.com

Copyright 2012 http://itfreetraining.com In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the

More information

Networking Domain Name System

Networking Domain Name System IBM i Networking Domain Name System Version 7.2 IBM i Networking Domain Name System Version 7.2 Note Before using this information and the product it supports, read the information in Notices on page

More information

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved DNS ActiveX Control for Microsoft Windows Copyright Magneto Software All rights reserved 1 DNS Overview... 3 1.1 Introduction... 3 1.2 Usage... 3 1.3 Property... 4 1.4 Event... 4 1.5 Method... 4 1.6 Error

More information

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.

More information

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 Sincan 06935 Ankara, Turkey Version Table Manual Version/Date AAA/22.03.2011

More information

DNS Service on Linux. Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th

DNS Service on Linux. Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th DNS Service on Linux Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th Host Name Resolution Common Host Name Service Files (/etc/hosts and /etc/networks) DNS (/etc/resolv.conf) Multiple client-side resolvers:

More information

The Domain Name System

The Domain Name System DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),

More information

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. . Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name

More information

DNS Pharming Attack Lab

DNS Pharming Attack Lab CNT 5410 - Fall 2014 1 DNS Pharming Attack Lab (This is a modified version of the exercise listed below. Modifications are to provide tighter configuration so as to minimize the risk of traffic leaving

More information

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management Protocols of the application layer are common communication

More information

Domain Name System Security

Domain Name System Security Abstract Domain Name System Security Ladislav Hagara hgr@vabo.cz Department of Automated Command Systems and Informatics Military Academy in Brno Brno, Czech Republic Domain Name System (DNS) is one of

More information

Application Protocols in the TCP/IP Reference Model

Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management WWW Virtual Terminal Name Service File Transfer HTTP FTP Telnet SMTP DNS SNMP TFTP Internet protocols TCP UDP

More information

The Domain Name System (DNS)

The Domain Name System (DNS) The Domain Name System (DNS) Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 24-1 Overview Naming hierarchy hierarchy Name resolution Other information in name servers 24-2

More information

API of DNS hosting. For DNS-master and Secondary services Table of contents

API of DNS hosting. For DNS-master and Secondary services Table of contents API of DNS hosting. For DNS-master and Secondary services Table of contents API of DNS hosting. For DNS-master and Secondary services... 1 1. Introduction... 3 2. Setting access area of application for

More information

DNS Resolving using nslookup

DNS Resolving using nslookup DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based

More information

netkit lab single-host Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

netkit lab single-host Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab single-host Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,

More information

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files Configuring DNS BIND: UNIX Name Service Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files Zone: a collection of domain information contained

More information

ECE 4321 Computer Networks. Network Programming

ECE 4321 Computer Networks. Network Programming ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet

More information

Version Author(s) E-mail Web Description

Version Author(s) E-mail Web Description Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Netkit The poor man s system for experimenting computer networking Version Author(s) E-mail Web

More information

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS Agenda Network Services Domain Names & DNS Domain Names Domain Name System Internationalized Domain Names Johann Oberleitner SS 2006 Domain Names Naming of Resources Problems of Internet's IP focus IP

More information

CS3250 Distributed Systems

CS3250 Distributed Systems CS3250 Distributed Systems Lecture 4 More on Network Addresses Domain Name System DNS Human beings (apart from network administrators and hackers) rarely use IP addresses even in their human-readable dotted

More information

Some advanced topics. Karst Koymans. Friday, September 11, 2015

Some advanced topics. Karst Koymans. Friday, September 11, 2015 DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 Karst Koymans (UvA) DNS Friday, September 11, 2015 1 /

More information

Understanding DNS (the Domain Name System)

Understanding DNS (the Domain Name System) Understanding DNS (the Domain Name System) A white paper by Incognito Software January, 2007 2007 Incognito Software Inc. All rights reserved. Understanding DNS (the Domain Name System) Introduction...2

More information

DNS SECURITY TROUBLESHOOTING GUIDE

DNS SECURITY TROUBLESHOOTING GUIDE DNS SECURITY TROUBLESHOOTING GUIDE INTERNET DEPLOYMENT OF DNS SECURITY 27 November 2006 Table of Contents 1. INTRODUCTION...3 2. DNS SECURITY SPECIFIC FAILURE MODES...3 2.1 SIGNATURES...3 2.1.1 Signature

More information

Building a Linux IPv6 DNS Server

Building a Linux IPv6 DNS Server Building a Linux IPv6 DS Server By David Gordon and Ibrahim Haddad Open Systems Lab Ericsson Research Corporate Unit This article presents a tutorial on building an IPv6 DS Linux server that provides IPv6

More information

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS) CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS) By Michael Olan, Richard Stockton College (last update: March 2012) Purpose At this point, all hosts should be communicating

More information

19 Domain Name System (DNS)

19 Domain Name System (DNS) CHAPTER 9 Domain Name System (DNS) I n this chapter, we discuss the second application program, Domain Name System (DNS). DNS is a client/server application program used to help other application programs.

More information

Bulk DNS Update CSV File

Bulk DNS Update CSV File Bulk DNS Updates Bulk DNS Update CSV File Each line in the comma-separated value (CSV) file represents a resource record. A line break must follow each line, and the file may contain up to 5000 lines.

More information

- Domain Name System -

- Domain Name System - 1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize

More information

The Domain Name System: An Integral Part of the Internet. By Keiko Ishioka

The Domain Name System: An Integral Part of the Internet. By Keiko Ishioka The Domain Name System: An Integral Part of the Internet By Keiko Ishioka The Domain Name System (otherwise known as the Domain Name Server system) (DNS) is a distributed database that is accessed by anyone

More information

Domain Name System (DNS)

Domain Name System (DNS) Chapter 18 CSC465 Computer Networks Spring 2004 Dr. J. Harrison These slides are based on the text TCP/IP Protocol Suite (2 nd Edition) Domain Name System (DNS) CONTENTS NAME SPACE DOMAIN NAME SPACE DISTRIBUTION

More information

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS Hostnames CSCE 515: Computer Network Programming ------ Address Conversion Function and DNS RFC 1034, RFC 1035 Wenyuan Xu http://www.cse..edu/~wyxu/ce515f07.html Department of Computer Science and Engineering

More information

DNS Domain Name System

DNS Domain Name System Domain Name System DNS Domain Name System The domain name system is usually used to translate a host name into an IP address Domain names comprise a hierarchy so that names are unique, yet easy to remember.

More information

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers Domain Name Servers COMP76 Networked Computer Systems Internet Names Hierarchical starting from the right host.subnet.organization.type Names are case insensitive and can be in either upper or lower case.

More information

Automated domain name registration: DNS background information

Automated domain name registration: DNS background information IBM eserver Automated domain name registration: DNS background information ^business on demand software ADNRbackground.ppt Page 1 of 14 Overview of z/os DNS solutions Two z/os name servers supported ƒdns

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management Protocols of the application layer are common communication

More information

The Root of the Matter: Hints or Slaves

The Root of the Matter: Hints or Slaves The Root of the Matter: Hints or Slaves David Malone October 21, 2003 Abstract We consider the possibility of having a name server act as a slave to the root zone, rather than caching

More information

netkit lab bgp: prefix-filtering Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

netkit lab bgp: prefix-filtering Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab bgp: prefix-filtering Version Author(s) E-mail Web Description 2.1 G. Di Battista,

More information

Forouzan: Chapter 17. Domain Name System (DNS)

Forouzan: Chapter 17. Domain Name System (DNS) Forouzan: Chapter 17 Domain Name System (DNS) Domain Name System (DNS) Need System to map name to an IP address and vice versa We have used a host file in our Linux laboratory. Not feasible for the entire

More information

DNS and LDAP persistent search

DNS and LDAP persistent search FreeIPA Training Series DNS and LDAP persistent search FreeIPA 3.0 and bind-dyndb-ldap 2.3 Petr Špaček 01-14-2013 FreeIPA DNS integration FreeIPA is able to store

More information

Domain Name Server. Training Division National Informatics Centre New Delhi

Domain Name Server. Training Division National Informatics Centre New Delhi Domain Name Server Training Division National Informatics Centre New Delhi Domain Name Service (DNS) I. History of DNS II. DNS structure and its components III. Functioning of DNS IV. Possible Configurations

More information

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Lab Exercise DNS Objective DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Step 1: Analyse the supplied DNS Trace Here we examine the supplied trace of a

More information

Secure DNS / DNSsec. Dresden, May 8th, Garbacz, Jan Eisfeld, Martin Gebhardt, Ralf Lu, Yi Mochaourab, Rami Knechtel, Martin

Secure DNS / DNSsec. Dresden, May 8th, Garbacz, Jan Eisfeld, Martin Gebhardt, Ralf Lu, Yi Mochaourab, Rami Knechtel, Martin Department of Computer Science Institute for System Architecture, Chair of Computer Networks Secure DNS / DNSsec Garbacz, Jan Eisfeld, Martin Gebhardt, Ralf Lu, Yi Mochaourab, Rami Knechtel, Martin Dresden,

More information

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference whoami work for robert morris university, pittsburgh, pa primarily mac and voip admin @mboylan

More information

The Use of DNS Resource Records

The Use of DNS Resource Records International Journal of Advances in Electrical and Electronics Engineering 230 Available online at www.ijaeee.com & www.sestindia.org/volume-ijaeee/ ISSN: 2319-1112 Simar Preet Singh Systems Engineer,

More information

NET0183 Networks and Communications

NET0183 Networks and Communications NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/2009 1 NET0183 Networks and Communications by Dr Andy Brooks DNS is a distributed database implemented in a hierarchy of many

More information

Use Domain Name System and IP Version 6

Use Domain Name System and IP Version 6 Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)

More information

Configuring DNS. Finding Feature Information

Configuring DNS. Finding Feature Information The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname.

More information

Unbound a caching, validating DNSSEC resolver. Do you trust your name server? Configuration. Unbound as a DNS cache (SEC-less)

Unbound a caching, validating DNSSEC resolver. Do you trust your name server? Configuration. Unbound as a DNS cache (SEC-less) Unbound a caching, validating DNSSEC resolver UKUUG Spring 2011 Conference Leeds, UK March 2011 Jan-Piet Mens $ dig 1.1.0.3.3.0.8.1.7.1.9.4.e164.arpa naptr Do you trust your name server? DNS clients typically

More information

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

This time. Digging into. Networking. Protocols. Naming DNS & DHCP This time Digging into Networking Protocols Naming DNS & DHCP Naming IP addresses allow global connectivity But they re pretty useless for humans! Can t be expected to pick their own IP address Can t be

More information

Domain Name System. Heng Sovannarith heng_sovannarith@yahoo.com

Domain Name System. Heng Sovannarith heng_sovannarith@yahoo.com Domain Name System Heng Sovannarith heng_sovannarith@yahoo.com Introduc:on to DNS Domain Name System is a distributed database system that can be serve as the founda:on for name resolu:on in a TCP/IP Network.

More information

Lab Exercise DNS. Objective. Requirements. Network Setup

Lab Exercise DNS. Objective. Requirements. Network Setup Lab Exercise DNS Objective DNS (Domain Name System) is the system and protocol that translates domain names to IP addresses and more. DNS is covered in 7.1 of your text. Review that section before doing

More information

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s) netkit lab load balancer web switch Version Author(s) 1.1 Giuseppe Di Battista, Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A lab showing the operation of a web switch

More information

Installing and Setting up Microsoft DNS Server

Installing and Setting up Microsoft DNS Server Training Installing and Setting up Microsoft DNS Server Introduction Versions Used Windows Server 2003 Setup Used i. Server Name = martini ii. Credentials: User = Administrator, Password = password iii.

More information

How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection.

How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection. How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection. Table of Contents 1) Host, Guest and VBox version.... 2 2) Check your current Host and Guest Details... 3 3) Now

More information

Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org

Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org TCP/IP Protocol Suite Application Layer DHCP DNS SNMP HTTP SMTP POP Transport Layer UDP TCP ICMP IGMP Network Layer IP Link Layer ARP ARP

More information

The Domain Name System

The Domain Name System Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose

More information

DNS and BIND. David White

DNS and BIND. David White DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind

More information

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a subdomain? In principle straightforward: just insert NS records for the subdomain, pointing at someone else's

More information

Domain Name System. 188lecture12.ppt. Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo

Domain Name System. 188lecture12.ppt. Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo Domain Name System 88lecture2.ppt Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo S-38.88 - Computer Networks - Spring 2003 Outline What and why? Structure of DNS Management of Domain Names Name Service in

More information

3. The Domain Name Service

3. The Domain Name Service 3. The Domain Name Service n Overview and high level design n Typical operation and the role of caching n Contents of DNS Resource Records n Basic message formats n Configuring/updating Resource Records

More information

Chapter 23 The Domain Name System (DNS)

Chapter 23 The Domain Name System (DNS) CSC521 Communication Protocols 網 路 通 訊 協 定 Chapter 23 The Domain Name System (DNS) 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Outline 1. Introduction 2. Names For Machines 3. Flat Namespace 4. Hierarchical Names 5.

More information

Services: DNS domain name system

Services: DNS domain name system Services: DNS domain name system David Morgan Buying numbers and names numbers are IP addresses you buy them from an ISP the ISP makes sure those addresses go to your place the names are domain names you

More information

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2

More information

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals

More information

netkit lab network address translation 1.0 Massimo Rimondini Version Author(s)

netkit lab network address translation 1.0 Massimo Rimondini Version Author(s) netkit lab network address translation Version Author(s) 1.0 Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A simple lab showing the operation of a NAT gateway using

More information

DNS + DHCP. Michael Tsai 2015/04/27

DNS + DHCP. Michael Tsai 2015/04/27 DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration

More information