DNS Service on Linux. Supawit Wannapila CCNA, RHCE
|
|
- Alice May
- 8 years ago
- Views:
Transcription
1 DNS Service on Linux Supawit Wannapila CCNA, RHCE
2 Host Name Resolution Common Host Name Service Files (/etc/hosts and /etc/networks) DNS (/etc/resolv.conf) Multiple client-side resolvers: nslookup dig 2
3 The Stub Resolver Read /etc/nsswitch.conf to determine the order in which to query name services, as shown here for the default configuration hosts: files dns 3
4 DNS-Specific Resolver dig Never reads /etc/nsswitch.conf By default, looks only at the nameserver line in /etc/resolv.conf Output is in RFC-standard zone file format, the format used by DNS servers, which makes dig particularly useful for exploring DNS resolution 4
5 Trace a DNS Query with dig dig +trace cmu.ac.th Reads /etc/resolv.conf to determine nameserver Queries for root name servers Chases referals to find name records(answer) This is known as an iterative query Initial Observations: Name are organized in an inverted tree with root (.) at top The name hierarchy allows DNS to cross organizational boundaries Name in records end with a dot when fully-qualified 5
6 Other Observation Answer in the previous trace are in the form of resource records Each resource record has five fields: domain the domain or subdomain being queried ttl how long the record should be cache in second class record classification (usually IN) type record type, such as A or NS rdata resource data to which the domain maps 6
7 ; <<>> DiG P1-RedHat P1.el5 <<>> +trace cmu.ac.th ;; global options: printcmd IN NS d.root-servers.net IN NS e.root-servers.net IN NS f.root-servers.net IN NS g.root-servers.net IN NS h.root-servers.net IN NS i.root-servers.net IN NS j.root-servers.net IN NS k.root-servers.net IN NS l.root-servers.net IN NS m.root-servers.net IN NS a.root-servers.net IN NS b.root-servers.net IN NS c.root-servers.net. ;; Received 449 bytes from #53( ) in 47 ms th IN NS dns1.thnic.co.th. th IN NS ns-th.ripe.net. th IN NS ns.thnic.net. th IN NS ams.sns-pb.isc.org. th IN NS ns-a.thnic.co.th. th IN NS sfba.sns-pb.isc.org. ;; Received 328 bytes from #53(d.root-servers.net) in 104 ms cmu.ac.th IN NS teal.cat.net.th. cmu.ac.th IN NS ns.cmu.ac.th. ;; Received 87 bytes from #53(dns1.thnic.co.th) in 20 ms cmu.ac.th IN SOA ns.cmu.ac.th. postmaster.ns.cmu.ac.th ;; Received 77 bytes from #53(teal.cat.net.th) in 7 ms 7
8 Other Observation(cont) Conceptually, one queries against the domain(name), which is mapped to the rdata for an answer In the trace example, The NS(name server) records are referrals The A(address) record in the final answer and is the default query type for dig 8
9 Summary of common record type domain Class Record Type rdata canonical name IN A IPv4 canonical name IN AAAA IPv6 alias IN CNAME canonical name origin IN MX canonical name for mail exchanger origin IN NS canonical name for nameserver reserved IP address IN PTR canonical name origin IN SOA authoritative info origin refers to the name of a domain or subdomain as it is managed by a particular server canonical means the usual or real name of the host 9
10 Forward Lookups dig ; <<>> DiG P1-RedHat P1.el5 <<>> ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: IN A ;; Query time: 7 msec ;; SERVER: #53( ) ;; WHEN: Wed Sep 8 12:23: ;; MSG SIZE rcvd: 47 10
11 Reverse Lookups dig -x ; <<>> DiG P1 <<>> -x ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ; in-addr.arpa. IN PTR ;; ANSWER SECTION: in-addr.arpa. 600 IN PTR host redhat.com. ;; AUTHORITY SECTION: in-addr.arpa. 600 IN in-addr.arpa. 600 IN in-addr.arpa. 600 IN NS ns1.redhat.com. NS ns2.redhat.com. NS ns3.redhat.com. ;; Query time: 530 msec ;; SERVER: #53( ) ;; WHEN: Sun Sep 12 17:55: ;; MSG SIZE rcvd:
12 Mail Exchanger Lookups dig -t mx cmu.ac.th ; <<>> DiG P1-RedHat P1.el5 <<>> -t mx cmu.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;cmu.ac.th. IN MX ;; ANSWER SECTION: cmu.ac.th IN MX 20 mx.cmu.ac.th. ;; ADDITIONAL SECTION: mx.cmu.ac.th IN A ;; Query time: 12 msec ;; SERVER: #53( ) ;; WHEN: Wed Sep 8 12:31: ;; MSG SIZE rcvd: 62 12
13 SOA Lookups dig -t soa cmu.ac.th ; <<>> DiG P1-RedHat P1.el5 <<>> -t soa cmu.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;cmu.ac.th. IN SOA ;; ANSWER SECTION: cmu.ac.th IN SOA ns.cmu.ac.th. postmaster.ns.cmu.ac.th ;; ADDITIONAL SECTION: ns.cmu.ac.th IN A ;; Query time: 9 msec ;; SERVER: #53( ) ;; WHEN: Wed Sep 8 12:32: ;; MSG SIZE rcvd: 93 13
14 SOA rdata Master nameserver's FQDN Contact Serial number Refresh delay before checking serial number Retry interval for slave servers Expiration for records when the slave cannot contact its master(s) Minimum TTL for negative answers ( no such host ) 14
15 SOA rdata (cont) serial number in common practice based on ISO dates all time are in seconds by default. However, may be used: W=weeks D=days H=Hours M=Minutes Must use capital letters, no space between the number and the unit is allowed 15
16 Being Authoritative The SOA record merely indicates the master server for the origin(domain) A server is authoritative if it has: Delegation from the parent domain: NS record plus A record A local copy of the domain data, including the SOA record 16
17 The Everything Lookups dig -t axfr Observations All records for the zone are transferred Records reveal much inside knowledge of the network Response is too big for UDP, so transfers use TCP Most servers restrict zone transfers to a select few hosts(usually the slave nameservers) Use this command from a slave to test permissions on the master 17
18 Service Profile: DNS Packages: bind, bind-utils, bind-chroot Daemons: /usr/sbin/named Script: /etc/init.d/named Ports: 53 (udp & tcp) Configuration: (Under /var/named/chroot/) /etc/named.conf, /var/named/* Related: caching-nameserver 18
19 Getting Started with BIND Install packages bind for core binaries bind-chroot for security caching-nameserver for an initial configuration Configure startup service named configtest service named start chkconfig named on Proceed with essential named configuration 19
20 Essential named Configuration Configure the stub resolver Define access control in /etc/named.conf Declare client match lists Server interfaces: listen-on and listen-on-v6 What queries should be allowed? Iterative: allow-query { match-list; }; Recursive: allow-recursion { match-list; }; Transfers: allow-transfer { match-list; }; Add data via zone files Test! 20
21 Configure the Stub Resolver On the nameserver: Edit /etc/resolv.conf to specify nameserver Edit /etc/sysconfig/network-scripts/ifcfg-* to specify PEERDNS=no Advantages: Ensure consistent lookups for all applications Simplifies access controls and troubleshooting 21
22 bind-chroot Package Install a chroot environment under /var/named/chroot Move existing config files into the chroot environment, replacing the original files with symlinks Updates /etc/sysconfig/named with a named option: ROOTDIR=/var/named/chroot Tips Insprct /etc/sysconfig/named after installing bindchroot Run ps -ef grep named after starting named to verify startup options 22
23 caching-nameserver Package Provides Tips named.caching-nameserver.conf named.ca containing root server 'hints' Forward and reverse lookup zone files for machinelocal name and IP addresses(e.g., localhost.localdomain) copy named.caching-nameserver.conf to named.conf change ownership to root:named Edit named.conf 23
24 Address Match List A semicolon-seperated list of IP address or subnets used with security directives for host-based access control Format IP address: Trailing dot: CIDR: /24 Use a bang (!) to denote inversion A match list is checked in order, stopping on first match Example: { ; ;! /24; }; 24
25 Access Control List(ACL) In its simplest form, an ACL assigns a name to an address match list Can generally be used in place of a match list (nesting is allowed!) Best practice is to define ACL's at the top of /etc/named.conf Example declarations acl trusted { ; }; acl classroom { /24; trusted; }; acl cracker { /24; }; acl mymasters { ; }; acl myaddress { ; ; }; 25
26 Built-In ACL's BIND pre-defines four ACL's none any localhost localnets - No IP address matches - All IP address matches - Any IP address of the name server matches - Directly-connected networks matches 26
27 Server Interfaces Option: listen-on port 53 { match-list; }; Binds named to specific interfaces Example listen-on port 53 { myaddress; }; listen-on-v6 port 53 { ::1; }; Restart an verify: netstat -tulpn grep named Default: if listen-on is missing, named listens on all interfaces 27
28 Allowing Queries Option: allow-query { match-list; }; Server provide both authoritative and cached answers to clients in match-list Example: allow-query { classroom; cracker; }; Default: if allow-query is missing, named allows all 28
29 Allowing Recursion Option: allow-recursion { match-list; }; Server chases referrals on behalf of clients in the match-list Example: allow-recursion { classroom;!cracker; }; Default: if allow-recursion is missing, named allows all 29
30 Allowing Transfer Option: allow-transfer { match-list; }; Client in the match-list are allowed to act as slave servers Example: allow-transfer {!cracker; classroom; }; Default: if allow-transfer is missing, named allows all 30
31 Modifying BIND Behavior Option: forwarders { match-list; }; Modifier: forward first only; Direct named to recursively query specified servers before or instead of chasing referrals Example: forwarders { mymaster; }; forward only; If the forward modifier is missing, named assumes first 31
32 Access Controls: Putting it Together Sample /etc/named.conf with essential access control options: // acl's make security directive easier to read acl ''myaddress'' { ; ; }; acl ''trusted'' { ; }; acl ''classroom'' { /24; trusted; }; acl ''cracker'' { /24; }; options { #bind to specific interfaces listen-on port 53 { myaddress; }; listen-on-v6 port 53 { ::1; }; # make sure I can always query myself for troubleshooting allow-query { localhost; classroom;!cracker; }; allow-recursion { localhost; classroom;!cracker; }; /* don't let cracker (even trusted) do zone transfers */ allow-transfer { localhost; clasroom;!cracker; }; }; # use a recursive, upstream nameserver forwarders { ; }; forward only; 32
33 Slave Zone Declaration zone ''example.com'' IN { }; type slave; masters { mymasters; }; file ''slaves/example.com.zone'' Sample zone declaration directs the server to: Act as an authoritative nameserver for example.com, where example.com is the origin as specified in the SOA record's domain field Be a slave for this zone Perform zone transfer (AXFR and IXFR) against the hosts in the masters option Store the transferred data in /var/named/chroot/var/named/slaves/example.com.zone Reload named to automatically create the file 33
34 Master Zone Declaration zone ''example.com'' IN { }; type master; file ''example.com.zone''; Sample zone declaration directs the server to: Act as an authoritative nameserver for example.com, where example.com is the origin as specified in rg SOA record's domain field Be a master of this zone Read the master data from /var/named/chroot/var/named/example.com.zone Manually create the master file before reloading named 34
35 Zone File Creation Content of a zone file: A collection of record, beginning with the SOA record symbol is a variable representing the zone's origin as specified in the zone declaration from /etc/named.conf Comments are assembly-style (;) Precautions: BIND append the domain's origin to any name that is not properly dot-terminated If the domain field is missing from a record, BIND uses the value from the previous record Remember to increment the serial number and reload named after modifying a zone file 35
36 Tips for Zone Files Shortcuts: Do not start from scratch copy an exiting zone file installed by the caching-nameserver package To save typing, put $TTL as the first line of a zone file, then omit the TTL from individual records BIND allows you to split multi-valued rdata across lines when enclosed within parentheses () Choose a filename for your zone file that reflects the origin in some way 36
37 Example of multi-line IN SOA server1.example.com. root ( 46 ; serial 3H ; refresh 15M ; retry 1W ; expire authority 1D) ; minimum for negative answers 37
38 Testing Operation Select one of dig or nslookup, and use it expertly to verify the operation of your DNS server Run tail -f /var/log/messages in a separate shell when restarting services Configuration BIND will fail to start for syntax error, so always run service named configtest after editing config file configtest runs two syntax utilities against files specified in your configuration, but the syntax utilities may be run separately against files outside your configuration 38
39 BIND Syntax utilities named-checkconf -t ROOTDIR /path/to/named.conf Inspects /etc/named.conf by default (which will be the wrong file if the -t options is missing) Example: named-checkconf -t /var/named/chroot named-checkzone origin /path/to/zonefile Inspects a specific zone configuration Example: named-checkzone cmu.ac.th /var/named/chroot/var/named/cmu.ac.th.zone 39
40 Delegating Subdomains Steps On the child, create a zone file to hold the subdomain's data On the parent, add an NS record On the parent, add an A record to complete the delegation Glue Records If the child's canonical name is in the subdomain it manages, the A record is called a glue record 40
41 View and Split DNS Answering queries differently based on who is asking match-clients and match-destinations Option and zones defined within a view Any view statement means that all zone definitions must be inside a view Any view statement means that all zone definitions must be inside a view 41
42 View Example view ''internal'' { match-clients { /24; }; recursion yes; zone ''example.com'' { type master; file "example-internal.zone"; }; }; view ''external'' { match-clients { any; }; recursion no; zone ''example.com'' { type master; file "example-external.zone"; }; }; 42
43 Demo 1:Implement a Minimal DNS Server Install package bind bind-utils bind-chroot caching-nameserver yum install bind bind-utils bind-chroot cahcing-nameserver 43
44 Demo 1:Implement a Minimal DNS Server Verify chroot grep ROOTDIR /etc/sysconfig/named ROOTDIR=/var/named/chroot Copy a convenient starting configuration Test cd /var/named/chroot/etc cp named.caching-nameserver.conf named.conf chgrp named named.conf service named configtest Start named at boot time chkconfig named on 44
45 Demo 1:Implement a Minimal DNS Server Modify iptables insert this following line after ESTABLISHED, RELATED line in /etc/sysconfig/iptables -A RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT Reload iptables service iptables restart 45
46 Demo 1:Implement a Minimal DNS Server Edit named.conf to modify and/or add the following app-specific controls in the global options section listen-on port 53 { localhost; }; allow-query { localhost; /24; }; allow-query-cache { localhost; /24; }; allow-transfer { localhost; ; }; forwarders { ; }; forward first; Edit named.conf again, modify the default view's match-clients match-clients { localhost; /24; }; 46
47 Demo 1:Implement a Minimal DNS Server Test configuration and reload named service named configtest service named restart Change DND name solver point to localhost, edit file /etc/resolv.conf search example.com nameserver Test resolve dig dig 47
48 Demo2: Add Data to the Name Server Declare a forward lookup zone: Edit named.conf put the following line above include statement in view section zone ''example.com'' IN { }; type master; file ''example.com.zone''; allow-update { none; }; forwarders { }; Test but have a error ''file not found'' service named configtest 48
49 Demo2: Add Data to the Name Server Create a zone file: Copy an exiting zone file with original permission cd /var/named/chroot/var/named cp -a localdomain.zone example.com.zone Edit SOA IN SOA ns root ( IN SOA ns.example.com. noc.example.com. ( Increment the serial number 49
50 Demo2: Add Data to the Name Server Edit NS IN NS ns Add some IN MX 10 mx ns IN A server IN A mx IN CNAME server station IN A station1 IN A
51 Demo2: Add Data to the Name Server Test configuration and reload service named configtest service named restart Test resolve on localhost and other dig -t axfr example.com ping station1 ping server ping mx 51
52 Demo2: Add Data to the Name Server Declare a inverse lookup zone: Edit named.conf put the following line above include statement in view section zone '' in-addr.arpa'' IN { type master; file '' zone''; allow-update { none; }; forwarders { }; }; Test but have a error ''file not found'' service named configtest 52
53 Demo2: Add Data to the Name Server Create a zone file: Copy an exiting zone file with original permission cd /var/named/chroot/var/named cp -a named.local zone Edit SOA IN SOA ns.example.com. root.example.com. ( Increment the serial number 53
54 Demo2: Add Data to the Name Server Edit NS IN NS ns.example.com. Add some record 101 IN PTR ns.example.com. 102 IN PTR server.example.com. 103 IN PTR station.example.com. 54
55 Demo2: Add Data to the Name Server Test configuration and reload service named configtest service named restart Test resolve on localhost and other dig -x dig -x dig -x dig -t axfr in-addr.arpa 55
56 Demo3: Add slave DNS Repeat step on Demo1 to implement a minimal DNS on the slave server Declare a slave zone: Edit named.conf put the following line above include statement in view section zone ''example.com'' IN { type slave; masters { ; }; file ''slaves/example.com.zone''; forwarders { }; }; Test and reload named service named configtest service named restart 56
57 Demo3: Add slave DNS Inspect file what transferred ls -l /var/named/chroot/var/named/slaves/ Test local resolver dig -t axfr example.com dig station.example.com 57
58 Thank you and have a great day 58
Creating a master/slave DNS server combination for your Grid Infrastructure
Creating a master/slave DNS server combination for your Grid Infrastructure When doing a Grid Infrastructure installation, a DNS server is needed to resolve addresses for the cluster- scan addresses. In
More informationDomain Name Server. Training Division National Informatics Centre New Delhi
Domain Name Server Training Division National Informatics Centre New Delhi Domain Name Service (DNS) I. History of DNS II. DNS structure and its components III. Functioning of DNS IV. Possible Configurations
More informationDNS : Domain Name System
1/30 DNS : Domain Name System Surasak Sanguanpong nguan@.ac.th http://www...ac.th/~nguan Last updated: May 24, 1999 Outline 2/30 DNS basic name space name resolution process protocol configurations Why
More informationConfiguring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files
Configuring DNS BIND: UNIX Name Service Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files Zone: a collection of domain information contained
More informationZimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog
Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog Introduction Configuring BIND and Zimbra on the same machine is a hot topic over in the forums. Zimbra checks to make
More informationnetkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab dns Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani, M.
More informationGoal of this session
DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:
More informationMotivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace
Motivation Domain Name System (DNS) IP addresses hard to remember Meaningful names easier to use Assign names to IP addresses Name resolution map names to IP addresses when needed Namespace set of all
More informationDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,
More informationDNS zone transfers from FreeIPA to non-freeipa slave servers
FreeIPA Training Series DNS zone transfers from FreeIPA to non-freeipa slave servers FreeIPA 3.0 and bind-dyndb-ldap 2.3 Petr Špaček 01-03-2013 Text file based
More informationThe Domain Name System
DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),
More informationDomain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com
Domain Name System (DNS) Session-1: Fundamentals Ayitey Bulley abulley@ghana.com Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved between
More informationDomain Name System Security
Abstract Domain Name System Security Ladislav Hagara hgr@vabo.cz Department of Automated Command Systems and Informatics Military Academy in Brno Brno, Czech Republic Domain Name System (DNS) is one of
More informationServices: DNS domain name system
Services: DNS domain name system David Morgan Buying numbers and names numbers are IP addresses you buy them from an ISP the ISP makes sure those addresses go to your place the names are domain names you
More informationDNS. Computer Networks. Seminar 12
DNS Computer Networks Seminar 12 DNS Introduction (Domain Name System) Naming system used in Internet Translate domain names to IP addresses and back Communication works on UDP (port 53), large requests/responses
More informationEnabling DNS for IPv6 CSD Fall 2011
Enabling DNS for IPv6 CSD Fall 2011 Team members: Bowei Dai daib@kth.se 15 credits Elis Kullberg elisk@kth.se 18 credits Hannes Junnila haju@kth.se 15 credits Nur Mohammad Rashed nmrashed@kth.se 15 credits
More informationSecuring an Internet Name Server
Securing an Internet Name Server Cricket Liu cricket@verisign.com Securing an Internet Name Server Name servers exposed to the Internet are subject to a wide variety of attacks: Attacks against the name
More informationCopyright International Business Machines Corporation 2001. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure
iseries DNS iseries DNS Copyright International Business Machines Corporation 2001. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule
More informationDNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .
Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name
More informationHow-to: DNS Enumeration
25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS
More informationRed Hat system-config-bind BIND (Berkeley Internet Name Domain) DNS ( Domain Name System)
Red Hat system-config-bind BIND (Berkeley Internet Name Domain) DNS ( Domain Name System) Configuration tool User Guide and Manual Jason Vas Dias Copyright ( ) Red Hat Inc. 2005 Table
More informationCSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)
CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS) By Michael Olan, Richard Stockton College (last update: March 2012) Purpose At this point, all hosts should be communicating
More informationDNS and BIND. David White
DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind
More informationNetworking Domain Name System
System i Networking Domain Name System Version 6 Release 1 System i Networking Domain Name System Version 6 Release 1 Note Before using this information and the product it supports, read the information
More information- Domain Name System -
1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize
More informationwhat s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference
what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference whoami work for robert morris university, pittsburgh, pa primarily mac and voip admin @mboylan
More informationBuilding a Linux IPv6 DNS Server
Building a Linux IPv6 DS Server By David Gordon and Ibrahim Haddad Open Systems Lab Ericsson Research Corporate Unit This article presents a tutorial on building an IPv6 DS Linux server that provides IPv6
More informationKAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10
KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10 Sincan 06935 Ankara, Turkey Version Table Manual Version/Date AAA/22.03.2011
More informationThe role of JANET CSIRT
The role of JANET CSIRT Bradley Freeman JANET(UK) CSIRT Member UKNOF 15 21 st January 2010 bradley.freeman@ja.net Copyright JNT Association 2009 1 What to expect Overview of how we detect and deal with
More informationLab 4 Domain Name System - DNS CMPE 150
Lab 4 Domain Name System - DNS CMPE 150 Lab Report Reports must be written and submitted individually as PDFs. Submission Instructions: Submit your report on the ecommons by 11:55 PM on the day of your
More informationDNS Domain Name System
DNS Domain Name System Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric names for IP addresses e.g., neon.cs.virginia.edu,
More informationDomain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin
Domain Name System: DNS Objective: map names to IP addresses (i.e., high level names to low level names) Original namespace was flat, didn t scale.. Hierarchical naming permits decentralization by delegating
More informationForouzan: Chapter 17. Domain Name System (DNS)
Forouzan: Chapter 17 Domain Name System (DNS) Domain Name System (DNS) Need System to map name to an IP address and vice versa We have used a host file in our Linux laboratory. Not feasible for the entire
More informationDomain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works
More informationDeploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7. Kirk Farquhar
Deploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7 Kirk Farquhar 1 Content Introduction Bind 8 & Bind 9 Administering a DNS Server H2N Using DNS Manager The SCO Resolvers Firewall Issues
More informationCopyright 2012 http://itfreetraining.com
In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the
More informationDNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a subdomain? In principle straightforward: just insert NS records for the subdomain, pointing at someone else's
More informationDNS. Computer networks - Administration 1DV202. fredag 30 mars 12
DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and
More informationUsing Webmin and Bind9 to Setup DNS Sever on Linux
Global Open Versity Systems Integration Hands-on Labs Training Manual Using Webmin and Bind9 to Setup DNS Sever on Linux By Kefa Rabah, krabah@globalopenversity.org March 2008 Installing and Configuring
More informationDNS using BIND 9. TELE301 Laboratory Manual. 1 Using Dig... 1. 2 Basic Configuration... 4. 3 The Master Bind Configuration File...
DNS using BIND 9 TELE301 Laboratory Manual Contents 1 Using Dig.................................. 1 2 Basic Configuration............................ 4 3 The Master Bind Configuration File....................
More informationRecursive Name Server. CNNIC Zhang Cuiling
Recursive Name Server 2013-9-16 16 CNNIC Zhang Cuiling Outlines 1 Setup Root Hints File 2 ACL for Recursive Name Server 3 Setup an Experimental DNS System Review Recursive/Caching nameservers act as query
More informationNetworking Domain Name System
System i Networking Domain Name System Version 5 Release 4 System i Networking Domain Name System Version 5 Release 4 Note Before using this information and the product it supports, read the information
More informationAgenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS
Agenda Network Services Domain Names & DNS Domain Names Domain Name System Internationalized Domain Names Johann Oberleitner SS 2006 Domain Names Naming of Resources Problems of Internet's IP focus IP
More informationHow to Add Domains and DNS Records
How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.
More informationDNS + DHCP. Michael Tsai 2015/04/27
DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration
More informationDNS HOWTO Nicolai Langfeldt (
Table of Contents DNS HOWTO...1 Nicolai Langfeldt (dns howto(at)langfeldt.net), Jamie Norrish and others...1 1. Preamble...1 2. Introduction...1 3. A resolving, caching name server...1 4. Forwarding...1
More informationDNS Networks - Avoiding BIND Attack
Securing an Internet Name Server CERT Coordination Center Allen Householder, CERT/CC Brian King, CERT/CC In collaboration with Ken Silva, Verisign Based in part on a presentation originally created by
More informationDNS Pharming Attack Lab
CNT 5410 - Fall 2014 1 DNS Pharming Attack Lab (This is a modified version of the exercise listed below. Modifications are to provide tighter configuration so as to minimize the risk of traffic leaving
More informationHow to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection.
How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection. Table of Contents 1) Host, Guest and VBox version.... 2 2) Check your current Host and Guest Details... 3 3) Now
More informationThe Domain Name System: An Integral Part of the Internet. By Keiko Ishioka
The Domain Name System: An Integral Part of the Internet By Keiko Ishioka The Domain Name System (otherwise known as the Domain Name Server system) (DNS) is a distributed database that is accessed by anyone
More informationTHE DOMAIN NAME SYSTEM DNS
Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace
More informationIntroduction to DNS and Application Issues related to DNS. Kirk Farquhar
Introduction to DNS and Application Issues related to DNS Kirk Farquhar 1 Content What is DNS? How it all works Setting up your domain Creating your nameserver files The Resolver Testing Firewall configuration
More informationBIND versus DJBDNS: A Comparison of Performance, Ease of Configuration, and Security
versus : A Comparison of Performance, Ease of Configuration, and Security John J. Steniger ABSTRACT DNS (Domain Name Service) provides IP to name mapping for hosts that access the Internet and the vast
More informationDNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)
DNS Some advanced topics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.6, 2013/09/19 10:55:30) Friday, September 13, 2013 Karst Koymans (with Niels Sijm) (UvA)
More informationInternet-Praktikum I Lab 3: DNS
Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans
More informationDomain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved
Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction
More informationDomain Name System. Overview. Domain Name System. Domain Name System
Overview Domain Name System We look first at how the Domain Name System (DNS) is implemented and the role it plays in the Internet We examine some potential DNS vulnerabilities and in particular we consider
More informationECE 4321 Computer Networks. Network Programming
ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet
More informationDNS - Domain Name System
DNS - Domain Name System TCP/IP class 1 outline introduction naming scheme protocol format record types how it works reverse lookup implementation - named config files summary - futures 2 bibliography
More informationNetworking Domain Name System
IBM i Networking Domain Name System Version 7.2 IBM i Networking Domain Name System Version 7.2 Note Before using this information and the product it supports, read the information in Notices on page
More informationIntroduction to DNS CHAPTER 5. In This Chapter
297 CHAPTER 5 Introduction to DNS Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The following sections describe
More informationThe Use of DNS Resource Records
International Journal of Advances in Electrical and Electronics Engineering 230 Available online at www.ijaeee.com & www.sestindia.org/volume-ijaeee/ ISSN: 2319-1112 Simar Preet Singh Systems Engineer,
More informationConfiguring DNS on Cisco Routers
Configuring DNS on Cisco Routers Document ID: 24182 Contents Introduction Prerequisites Requirements Components Used Conventions Setting Up a Router to Use DNS Lookups Troubleshooting You Can Ping a Web
More informationModule 2. Configuring and Troubleshooting DNS. Contents:
Configuring and Troubleshooting DNS 2-1 Module 2 Configuring and Troubleshooting DNS Contents: Lesson 1: Installing the DNS Server Role 2-3 Lesson 2: Configuring the DNS Server Role 2-9 Lesson 3: Configuring
More informationUnbound a caching, validating DNSSEC resolver. Do you trust your name server? Configuration. Unbound as a DNS cache (SEC-less)
Unbound a caching, validating DNSSEC resolver UKUUG Spring 2011 Conference Leeds, UK March 2011 Jan-Piet Mens $ dig 1.1.0.3.3.0.8.1.7.1.9.4.e164.arpa naptr Do you trust your name server? DNS clients typically
More informationApplication Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System
Application Protocols in the TCP/IP Reference Model Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management Protocols of the application layer are common communication
More informationnetkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)
netkit lab load balancer dns Version Author(s) 1.2 Massimo Rimondini E-mail Web Description contact@netkit.org http://www.netkit.org/ A lab showing how to perform simple load balancing on a set of web
More informationApplication Protocols in the TCP/IP Reference Model
Application Protocols in the TCP/IP Reference Model File Transfer E-Mail Network Management WWW Virtual Terminal Name Service File Transfer HTTP FTP Telnet SMTP DNS SNMP TFTP Internet protocols TCP UDP
More informationTable of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.
Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names
More informationHTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide
HTG X XROADS NETWORKS Network Appliance How To Guide: EdgeDNS How To Guide V 3. 2 E D G E N E T W O R K A P P L I A N C E How To Guide EdgeDNS XRoads Networks 17165 Von Karman Suite 112 888-9-XROADS V
More informationDNS at NLnet Labs. Matthijs Mekking
DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the
More informationTunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer
Tunnel Client FAQ Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer Table of Contents A. Tunnelling 1 How does tunnelling work? 2 What operating systems are supported? 3 Where can I get
More informationThe Root of the Matter: Hints or Slaves
The Root of the Matter: Hints or Slaves David Malone October 21, 2003 Abstract We consider the possibility of having a name server act as a slave to the root zone, rather than caching
More informationBIND 9 Administrator Reference Manual
BIND 9 Administrator Reference Manual Copyright c 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Internet Systems Consortium, Inc. ( ISC ) Copyright c 2000, 2001, 2002, 2003 Internet Software
More informationDNS SECURITY TROUBLESHOOTING GUIDE
DNS SECURITY TROUBLESHOOTING GUIDE INTERNET DEPLOYMENT OF DNS SECURITY 27 November 2006 Table of Contents 1. INTRODUCTION...3 2. DNS SECURITY SPECIFIC FAILURE MODES...3 2.1 SIGNATURES...3 2.1.1 Signature
More informationDNS/DHCP Administration Guide for Linux
www.novell.com/documentation DNS/DHCP Administration Guide for Linux Open Enterprise Server 2 SP3 July 31, 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents
More informationDNS Resolving using nslookup
DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based
More informationCS 638 Lab 2: End Host Tools and DNS
CS 638 Lab 2: End Host Tools and DNS Joe Chabarek, Kevin Springborn, Mike Blodgett and Paul Barford University of Wisconsin Madison jpchaba,springbo,mblodget,pb@cs.wisc.edu Managing and troubleshooting
More informationWindows 2008 Server. Domain Name System Administración SSII
Windows 2008 Server Domain Name System Administración SSII Contenidos Introducción Configuración DNS Transferencia de zona Herramientas DNS Introducción Domain Name System is a hierarchical distributed
More informationUnderstanding DNS (the Domain Name System)
Understanding DNS (the Domain Name System) A white paper by Incognito Software January, 2007 2007 Incognito Software Inc. All rights reserved. Understanding DNS (the Domain Name System) Introduction...2
More informationDNS. DNS Fundamentals. Goals of this lab: Prerequisites: LXB, NET
DNS DNS Fundamentals Goals of this lab: Learn how the domain name system works Learn about tools to test and troubleshoot DNS Learn how to deploy a basic DNS service Prerequisites: LXB, NET REVISION: 2.0
More informationDNS and BIND Primer. Pete Nesbitt pete @ linux1.ca. April 2012
DNS and BIND Primer Pete Nesbitt pete @ linux1.ca April 2012 1 When we access the Internet we typically do so by accessing systems using a somewhat meaningful hostname often in the form of a web based
More information17 Administrative Services: DNS, FTP, and Logging
17 Administrative Services: DNS, FTP, and Logging CERTIFICATION OBJECTIVES 17.01 Basic Domain Name Service Organization 17.02 Minimal DNS Server Configurations 17.03 Set Up System Utilization Reports 17.04
More informationHow to Configure the Windows DNS Server
Windows 2003 How to Configure the Windows DNS Server How to Configure the Windows DNS Server Objective This document demonstrates how to configure domains and record on the Windows 2003 DNS Server. Windows
More informationThe Domain Name System
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose
More informationThe Domain Name System (DNS)
The Domain Name System (DNS) Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 24-1 Overview Naming hierarchy hierarchy Name resolution Other information in name servers 24-2
More informationBasic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24
Basic DNS Course Module 1 Ron Aitchison ZYTRAX, Inc. Page 1 of 24 The following are the slides used in this Module of the course. Some but not all slides have additional notes that you may find useful.
More informationConfiguring DNS. Finding Feature Information
The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname.
More informationHow To Guide Edge Network Appliance How To Guide:
How To Guide Edge Network Appliance How To Guide: ActiveDNS v 4.01 Edge Network Appliance How To Guide: ActiveDNS 2007 XRoads Networks 17165 Von Karman, Suite 112 888-9-XROADS v 4.01 updated 09/11/07 Table
More informationSet up and run your own Cesidian Root DNS server
Set up and run your own Cesidian Root DNS server How-to for Debian 6.0, bind9 and IPv4 Cesidian Root website http://cesidianroot.net/ Last change 13.02.2012 Author Contact Patrick Jansen Administrator
More informationDNS Conformance Test Specification For Client
DNS Conformance Test Specification For Client Revision 1.0 Yokogawa Electric Corporation References This test specification focus on following DNS related RFCs. RFC 1034 DOMAIN NAMES - CONCEPTS AND FACILITIES
More informationCS3250 Distributed Systems
CS3250 Distributed Systems Lecture 4 More on Network Addresses Domain Name System DNS Human beings (apart from network administrators and hackers) rarely use IP addresses even in their human-readable dotted
More informationLecture 2 CS 3311. An example of a middleware service: DNS Domain Name System
Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.
More informationTeldat Router. DNS Client
Teldat Router DNS Client Doc. DM723-I Rev. 10.00 March, 2003 INDEX Chapter 1 Domain Name System...1 1. Introduction...2 2. Resolution of domains...3 2.1. Domain names resolver functionality...4 2.2. Functionality
More informationModule 6: Managing and Monitoring Domain Name System
Module 6: Managing and Monitoring Domain Name System Contents Overview 1 Lesson: Managing DNS Records 2 Lesson: Testing the DNS Server Configuration 11 Lesson: Monitoring DNS Server Performance 24 Lab:
More informationSolaris Networking Guide. Stewart Watkiss. Volume. New User To Technical Expert Solaris Bookshelf. This document is currently under construction
Volume 3 New User To Technical Expert Solaris Bookshelf Stewart Watkiss This document is currently under construction This version is to be considered a preview only Solaris Networking Guide Copyright
More informationIPv6 support in the DNS
IPv6 support in the DNS How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of
More informationDomain Name System. Heng Sovannarith heng_sovannarith@yahoo.com
Domain Name System Heng Sovannarith heng_sovannarith@yahoo.com Introduc:on to DNS Domain Name System is a distributed database system that can be serve as the founda:on for name resolu:on in a TCP/IP Network.
More informationHTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide
HTG X XROADS NETWORKS Network Appliance How To Guide: DNS Delegation How To Guide DNS Delegation (The Simple Redundancy Solution) The key requirement when performing DNS based network redundancy and load
More information