The Domain Name System (DNS)



Similar documents
Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

DNS : Domain Name System

Domain Name System. CS 571 Fall , Kenneth L. Calvert University of Kentucky, USA All rights reserved

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Application Protocols in the TCP/IP Reference Model

THE DOMAIN NAME SYSTEM DNS

DNS Domain Name System

The Domain Name System

The Domain Name System (DNS)

TCP/IP Gateways and Firewalls

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Introduction to the Domain Name System

Domain Name System (DNS)

Introduction to DNS CHAPTER 5. In This Chapter

DNS Conformance Test Specification For Client

Internetworking with TCP/IP Unit 10. Domain Name System

Domain Name System. 188lecture12.ppt. Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo

19 Domain Name System (DNS)

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

The Domain Name System

ECE 4321 Computer Networks. Network Programming

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

Internet-Praktikum I Lab 3: DNS

DNS - Domain Name System

SNMP Reference Guide for Avaya Communication Manager

Understand Names Resolution

CS640: Computer Networks. Naming /ETC/HOSTS

Domain Name System (DNS) Fundamentals

Applications and Services. DNS (Domain Name System)

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Advanced ColdFusion 4.0 Application Development Server Clustering Using Bright Tiger

Automated domain name registration: DNS background information

Teldat Router. DNS Client

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

Forouzan: Chapter 17. Domain Name System (DNS)

DNS. Computer Networks. Seminar 12

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

CS 348: Computer Networks. - DNS; 22 nd Oct Instructor: Sridhar Iyer IIT Bombay

Introduction BIND. The DNS Protocol. History (1) DNS. History (2) Agenda

CS3250 Distributed Systems

- Domain Name System -

Subverting BIND s SRTT algorithm Derandomizing NS selection

1 DNS Packet Structure

Coordinación. The background image of the cover is desgned by GUIDE TO DNS SECURITY 2

The Domain Name System (DNS)

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Domain Name Server. Training Division National Informatics Centre New Delhi

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

APNIC elearning: Reverse DNS for IPv4 and IPv6

The Application Layer. CS158a Chris Pollett May 9, 2007.

Introduction to Network Operating Systems

More Internet Support Protocols

Motivation. Users can t remember IP addresses. Implemented by library functions & servers. - Need to map symbolic names (

Domain Name System WWW. Application Layer. Mahalingam Ramkumar Mississippi State University, MS. September 15, 2014.

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)

Chapter 24 The Domain Name System (DNS)

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

How to Add Domains and DNS Records

Networking Domain Name System

Use Domain Name System and IP Version 6

Lecture 7 Datalink Ethernet, Home. Datalink Layer Architectures

Computer Networks Prof. S. Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture - 34 DNS & Directory

Networking Domain Name System

Goal of this session

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

IPv6 support in the DNS

DNS + DHCP. Michael Tsai 2015/04/27

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference

Domain Name System (DNS) RFC 1034 RFC

The Domain Name System

Chapter 8. Configuring the DNS Server

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

IP addresses have hierarchy (network & subnet) Internet names (FQDNs) also have hierarchy. and of course there can be sub-sub-!!

Overview. Principles Creating reverse zones Setting up nameservers Reverse delegation procedures IPv6 Reverse DNS

Domain Name System Richard T. B. Ma

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

DNS and DHCP. 14 October 2008 University of Reading

How do I get to

Networking Domain Name System

Avaya Remote Feature Activation (RFA) User Guide

DNS: Domain Name System

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

A short guide to making a medical negligence claim

Names vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System

Chapter 9: Name Services. 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory services 9.6 Summary

NET0183 Networks and Communications

How to Configure DNS Zones

416 Distributed Systems. Feb 24, 2016 DNS and CDNs

A guide to understanding Childcare Proceedings

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Windows 2008 Server. Domain Name System Administración SSII

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Application-layer Protocols

KB Windows 2000 DNS Event Messages 1 Through 1614

Module 2. Configuring and Troubleshooting DNS. Contents:

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

Transcription:

D 1 The Domain Name System (D) Prof. Jean-Yves Le Boudec Prof. ndrzej Duda IC, EPFL CH-1015 Ecubens http://cawww.epf.ch o o Domain Name System: D Objective of D support user friendy naming of resources: computers, printers, maiboxes, hide IP address changes distribute naming authority distribute the database used primariy for system names and emai Names and addresses domain name : high eve identifier; eg. rcsuns ssc.epf.ch IP address : ow eve identifier reated to routing, physica topoogy eve 2 addresses : ow eve identifiers MC address: seria number of communication interface TM address: combination of MC and route reated address emai address : high eve address used for emai eg. gwen.nedeeg@ssc.epf.ch emai addresses are mapped to domain names: gwen.nedeeg@ssc.epf.ch -> gwen\.nedeeg.ssc.epf.ch 2

D tenet disun3 1 rcsuns appication program name resover D Exampe IP dest addr 129.178.15.7 protoco UDP source port 1267 dest port 53 stisun1 D message header query, question (QNME disun3.epf.ch. QTYPE) D query 2 3 D answer name server IP dest addr 129.178.156.24 protoco UDP source port 53 dest port 1267 D message header response, question (QNME disun3.epf.ch. QTYPE) answer (disun3.epf.ch. TTL TYPE 128.178.79.9) 3 resov.conf nameserver 129.178.15.7 nameserver 129.178.15.8 domain epf.ch RR type IPv4 addr IPv6 addr Resource Records (RRs) keyed by domain names zone data (authoritative data) disun3.epf.ch. 128.178.79.9 in-inr.epf.ch. 128.178.156.1 128.178.182.5 cached data (non-authoritative data) ezinfo.ethz.ch. 1770 129.132.2.72 Domain Name Tree 4 generic domains root top eve domains country domains arpa int com edu gov mi net org firm store web arts rec info nom ch us za in-addr IP6 128 ibm 178 zurich 156 www 24 24.156.178.128.in-addr.arpa 2nd eve domains ethz epf ee rcsuns ssc tik gwen\.nedeeg jachen\.carigiet rcsuns.epf.ch every node on the tree represents one or a set of resources every node on the tree has a abe (rcsuns) and a domain name (rcsuns.epf.ch) domain name sequence of abes, 64 bytes per abe exampes: www.zurich.ibm.com, rcsuns.epf.ch, ezinfo.ethz.ch, ee.ethz.ch names have the same syntax for subdomains or individua resources

D Name uthority 5 o hierarchica name authority o zones: top eve: Internic any organization can appy to become authority for a subdomain exampes: SWITCH for ch. and i. EPFL for epf.ch. any authority can create subdomains and deegate recursivey uniateray definition: zone a connected subset of nodes property: a zone has one singe node cosest to the root (top node, used to name the zone)) definition: zone Z1 is a subzone (or chid) of zone Z0 iff the top node of Z1 is connected to a node in Z0; name authority matches zone boundaries: names and subzones, can be created and deeted by the authority responsibe for a zone; exampes: zurich.ibm.com is a subzone of ibm.com zone zurich.ibm.com. has authority deegation from ibm.com. Fuy Quaified Domain Names 6 compete domain name fuy quaified domain name (FQDN) ends with a period (. ) traiing period usuay hidden by the user interface software incompete names are competed by oca resover add period: www.zurich.ibm.com -> www.zurich.ibm.com. or add oca domain suffix: rcsuns -> rcsuns.epf.ch.

D The D distributed database 7 o D offers one distributed word-wide database distributed according to the zone concept: every zone has a master fie describing a records under the zone s authority name servers hod their part of the database for one zone, at east two name servers have the zone information, copied from master fie exampe: stisun1.epf.ch, stisun2.epf.ch; dns1.ethz.ch, dns2.ethz.ch zone information hed by the name server is caed authoritative data one name server may hod zone data for one or more zones zone data contains pointers to name servers hoding authoritative data for subzones a name servers know IP addresses of root servers (name servers for the top eve zones) Query Processing and Cached Data 8 o query processing resover associated with an appication sends a query to a name server name server responds with answer or with pointer to another server exampe: question www.zurich.ibm.com. from a node at EPFL; response is a pointer to a name server responsibe for zone ibm.com. o query processing can be iterative recursive: server responds with fina answer server acts as an intermediate resover recursive operation ony if requested in query and server accepts it root servers never support recursive operation o name servers usuay cache some information for nodes outside their zones recenty obtained informationis cached when acting recursivey every record has a TTL fied (ex: 1 day) used for cache management cached data is not authoritative

D Exampe: Query Processing 1 2,4 3 rcsuns resover 1 2 stisun1 3 name server 4 6 query, RDyes question www.zurich.ibm.com. query, RDno question www.zurich.ibm.com. answer question www.zurich.ibm.com. answer autority ibm.com. watson.ibm.com. ns.austin.ibm.com. ns.amaden.ibm.com. additiona watson.ibm.com. 192.35.232.34 ns.austin.ibm.com. 129.34.139.4 ns.amaden.ibm.com 198.4.83.134 5 root name server watson ibm.com. 9 5,6 answer question www.zurich.ibm.com. answer www.zurich.ibm.com. 193.5.61.131 Repication 10 o zone data is repicated in severa servers responsibe for the zone primary server hods master fie on disk secondary servers po primary servers (ex: every 3 hours) using the SERIL fied in zone data copying is caed zone transfer; uses TCP (queries usuay use UDP) changes in zone data by system manager: update master fie signa primary name server to reoad; new vaue of SERIL fied automaticay created secondary servers wi discover the change automaticay zone data in secondary servers is authoritative exampe: in which name servers can these RRs appear as zone or cache data: disun3.epf.ch. 128.178.79.9

D Resource Record Types and Message Formats TYPE CNME SO PTR HINFO MINFO MX TXT vaue and meaning 1 Ipv4 address 2 an authoritative name server 5 the canonica name for an aias 6 marks the start of a zone of authority 12 a domain name pointer 13 host information 14 maibox or mai ist information 15 mai exchange 16 text strings 28 IPv6 address Header Question the question for the name server nswer RRs answering the question uthority RRs pointing toward an authority dditiona RRs hoding additiona information 11 Exampes of Records 12 o MX records: used by emai appication exampe: possibe use :? di.epf.ch. MX 10 dimai.epf.ch. di.epf.ch. MX 20 disunmm2.epf.ch. o PTR records: inverse mapping IP addr -> domain name exampe: 5.182.178.128.in-addr.arpa PTR in-inr 1.156.178.128.in-addr.arpa PTR in-inr 6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.6.3.0.3.0.0.0.1.4.0.0.e.a.4.0 PTR rcpc3 used for verifying names zone date shoud contain PTR records for a systems in the zone o other records: ISDN number, TM address (proposed)

D Exampes: Queries/ nswers 1 2 $ nsookup www.zurich.ibm.com Server: stisun1.epf.ch ddress: 128.178.15.8 Non-authoritative answer: Name: www.zurich.ibm.com ddress: 193.5.61.131 $ nsookup -querytype zurich.ibm.com 129.34.139.4 Server: watson.ibm.com ddress: 129.34.139.4 zurich.ibm.com nameserver ns1.zurich.ibm.ch zurich.ibm.com nameserver watson.ibm.com ns1.zurich.ibm.ch internet address 193.5.61.131 watson.ibm.com internet address 129.34.139.4 13 3 $ nsookup -querytypeptr 193.5.61.131 Server: stisun1.epf.ch ddress: 128.178.15.8 131.61.5.193.in-addr.arpa name uetiberg.zurich.ibm.ch 61.5.193.in-addr.arpa nameserver ns1.zurich.ibm.ch 61.5.193.in-addr.arpa nameserver scsnms.switch.ch 61.5.193.in-addr.arpa nameserver swidir.switch.ch ns1.zurich.ibm.ch internet address 193.5.61.131 scsnms.switch.ch internet address 130.59.10.30 scsnms.switch.ch internet address 130.59.1.30 swidir.switch.ch internet address 130.59.72.10 Exampe of Zone Data (ch.) SO SO scsnms.switch.ch, scsnms.switch.ch, ch-zonecontact.switch.ch ch-zonecontact.switch.ch (seria (seria 1174 1174 refresh refresh 43200 43200 ;(12 ;(12 hours) hours) retry retry 7200 7200 ;(2 ;(2 hours) hours) expire expire 2592000 2592000 ;(30 ;(30 days) days) minimum ch minimum tt tt 345600 345600 ); ); (4 (4 days) days) scsnms.switch.ch scsnms.switch.ch swidir.switch.ch swidir.switch.ch epf ethz switch dxmon.cern.ch dxmon.cern.ch ns.eu.net ns.eu.net Ns Ns ns.uu.net ns.uu.net exercice: princeton.edu princeton.edu epf.ch. where are the servers epf.ch. stisun1.epf.ch stisun1.epf.ch stisun2.epf.ch stisun2.epf.ch responsibe for that zone? ethz.ch. ethz.ch. dns1.ethz.ch dns1.ethz.ch what are the data indicating bernina.ethz.ch bernina.ethz.ch switch.ch authority deegation? switch.ch 138200 138200 scsnms.switch.ch scsnms.switch.ch 138200 138200 swidir.switch.ch swidir.switch.ch what records are authoritative? stisun1.epf.ch. stisun1.epf.ch. 128.178.15.7 128.178.15.7 what woud change if ch. and 128.178.100.7 128.178.100.7 stisun2.epf.ch. switch.ch. were in the stisun2.epf.ch. 128.178.15.8 128.178.15.8 128.178.100.8 128.178.100.8 same zone? bernina.ethz.ch. bernina.ethz.ch. 129.132.1.11 129.132.1.11 what is the answer to a query 129.132.98.11 129.132.98.11 scsnms.switch.ch. scsnms.ethz.ch scsnms.switch.ch. 130.59.1.30 130.59.1.30 scsnms.switch.ch. scsnms.switch.ch. 130.59.10.30 130.59.10.30 14

D Exampe of Zone Data (epf.ch.) epf ch ethz switch exercice: where are the servers responsibe for that zone? what are the data indicating authority deegation? what records are authoritative? what is the answer to a query rcwww.epf.ch SO SO stisun1.epf.ch stisun1.epf.ch () () epf.ch. epf.ch. stisun1.epf.ch. stisun1.epf.ch. stisun2.epf.ch stisun2.epf.ch stisun1.epf.ch. stisun1.epf.ch. 128.178.15.7 128.178.15.7 128.178.100.7 128.178.100.7 stisun2.epf.ch. stisun2.epf.ch. 128.178.15.8 128.178.15.8 128.178.100.8 128.178.100.8 rcsuns.epf.ch rcsuns.epf.ch 128.178.156.24 128.178.156.24 rcwww.epf.ch rcwww.epf.ch CNME CNME rcsuns.epf.ch rcsuns.epf.ch rcftp.epf.ch rcftp.epf.ch CNME CNME rcsuns.epf.ch rcsuns.epf.ch ssc.epf.ch ssc.epf.ch MX MX 10 10 sicmai.epf.ch sicmai.epf.ch *.di.epf.ch *.di.epf.ch MX MX 10 10 sicmai.epf.ch sicmai.epf.ch 24.156.178.128.in-addr.arpa 24.156.178.128.in-addr.arpa PTR PTR rcsuns.epf.ch rcsuns.epf.ch (other (other records records ) ) 15 Name Server gorithm (1) RFC 1034 says: 1. Set or cear the vaue of recursion avaiabe in the response depending on whether the name server is wiing to provide recursive service. If recursive service is avaiabe and requested via the RD bit in the query, go to step 5, otherwise step 2. 2. Search the avaiabe zones for the zone which is the nearest ancestor to QNME. If such a zone is found, go to step 3, otherwise step 4. 3. Start matching down, abe by abe, in the zone. The matching process can terminate severa ways: a. If the whoe of QNME is matched, we have found the node. If the data at the node is a CNME, and QTYPE doesn't match CNME, copy the CNME RR into the answer section of the response, change QNME to the canonica name in the CNME RR, and go back to step 1. Otherwise, copy a RRs which match QTYPE into the answer section and go to step 6. b. If a match woud take us out of the authoritative data, we have a referra. This happens when we encounter a node with RRs marking cuts aong the bottom of a zone. Copy the RRs for the subzone into the authority section of the repy. Put whatever addresses are avaiabe into the additiona section, using gue RRs if the addresses are not avaiabe from authoritative data or the cache. Go to step 4. 16

D Name Server gorithm (2) c. If at some abe, a match is impossibe (i.e., the corresponding abe does not exist), ook to see if a the "*" abe exists. If the "*" abe does not exist, check whether the name we are ooking for is the origina QNME in the query or a name we have foowed due to a CNME. If the name is origina, set an authoritative name error in the response and exit. Otherwise just exit. If the "*" abe does exist, match RRs at that node against QTYPE. If any match, copy them into the answer section, but set the owner of the RR to be QNME, and not the node with the "*" abe. Go to step 6. 4. Start matching down in the cache. If QNME is found in the cache, copy a RRs attached to it that match QTYPE into the answer section. If there was no deegation from authoritative data, ook for the best one from the cache, and put it in the authority section. Go to step 6. 17 5. Using the oca resover or a copy of its agorithm (see resover section of this memo) to answer the query. Store the resuts, incuding any intermediate CNMEs, in the answer section of the response. 6. Using oca data ony, attempt to add other RRs which may be usefu to the additiona section of the query. Exit. Name Resoution 18 o ppication requests name resoution on oca host resover sends query to name server /etc/resov.conf on many systems points to the name server if no pointer, then oca host activates its own name server resover usuay requests recursive query response is processed unti an answer is found name server acting recursivey pays the roe of a resover for that query host resovers usuay do not cache responses (stub resovers), but name servers do (fu resovers)

D D Components Overview 19 stisun1 query query Foreign Name Server User Program resp. Fu Resover response rcsuns Stub Resover disun3 Stub Resover recursive query response recursive query response Master Fie cache addition reference Name Server Shared Database reference refresh query maintenance query/response response stisun2 Foreign Resover Other Name Server for same zone(s) References : D 20 o Hasa, chapter 13.2 o RFCs: 1032, 1033, 1034, 1035, 1591 o nsookup, host, resover, named

D NetBIOS 21 o Windows uses NetBIOS for transactions and distributed fie system o NetBIOS is a programming interface (as Sockets is) which uses NetBIOS names instead of (IP address, port number) exampe: ICRE, IC118PC29 o name resoution was done originay by LN broadcast o in modern instaations, done by NetBIOS name server WI D: Concusion 22 o high eve names goba word-wide decoupe names used by humans from IP addresses names not reated to routing decoupe ogica names from machine names o distributed database with simpe database mechanisms oose consistency in records strict hierarchica database with zone concept high survivabiity thanks to repication within one zone caching to improve performance o D has become a key component of the Internet survivabiity and security are key issues

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information