Basic DNS Course Module 1 Ron Aitchison ZYTRAX, Inc. Page 1 of 24
The following are the slides used in this Module of the course. Some but not all slides have additional notes that you may find useful. You are encouraged to add you own notes. Basic DNS Course Lecturer: Ron Aitchison Module 1 Page 2 of 24
Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries The objectives of the section are to provide a thorough background and understanding of the principles and operation of Name Servers. DNS is a specific implementation of the generic Name Server concept initially defined by RFCs 1034 and 1035. The DNS s unique capabilities are optimized for use within large networks such as the Internet. Page 3 of 24
Name Server Function The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource. While the ultimate goal of the DNS is to translate a name into a network address there are many cases where a name is translated into another name, which is finally translated into an address. An example of such a process is when looking up a mail server. In the first DNS operation (known as a query) the name of the mail server is obtained and in the second DNS operation the address of the mail server is obtained. Why not use an address? Names are easier to remember (google.com vs 206.23.9.4) Multiple addressing schemes can be used (IPv4 and IPv6) We can relocate the resource without affecting the user's view of the network We can duplicate the resource for resilience Page 4 of 24
History of Name Servers Historically used files to name local devices 1974'ish IBM's SNA contained name translation capabilities 1978 Open system Interconnect (OSI) Model Name/Address Translation (L4) 1984 NetBIOS Name Server -> WINS 1981 1987 RFC 1034/1034 DNS Name Server becomes Critical No Name Server = no network access Resilience Performance Number of Names LANS 10s ->1,000s of addresses WANs (Internet) 1,000s -> millions Frequency of Change Since the Name Server (DNS) is used in every operation - to translate the requested name to the address - it becomes a critical resource. Without the translation capability no network resources can be accessed, hence there is effectively no Page 5 of 24
network access. Resilience and performance become becomes essential to ensure timely access to network resources. Domain Name System (DNS) Multiple Name Servers Performance Resilience Hierarchy of names (Domains) volume of names frequency of changes performance The DNS is a specific implementation, optimized to Internet requirements, of the general Name Server concept. It introduces the unique Internet naming hierarchy with which we are all familiar. DNS Name Hierarchy Organized into tree hierarchy Top of the tree is called the root Each branch is called a Domain Any number of branches or levels Top Level Domain (TLD), Second Level Domain (SLD) Responsibility for Domain is Delegated Each Level is Authoritative Page 6 of 24
The responsibility for operation of each level in the hierarchy is delegated to that level. Each level is said to be authoritative, which means it responsible for the content at that level and will supply what is called authoritative data when requested. DNS Hierarchy Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce. The Memorandum of Understanding (MOU) became contentious during 2006 when the US administration, which had historically adopted a hands-off approach to its oversight responsibilities, suddenly adopted a more activist position. On going oversight responsibility is being studied by an inter-governmental group under a UN umbrella. While the outcome is currently uncertain all that can safely said is that it will take a long time to reach some form of consensus. Page 7 of 24
The authority at each level in the hierarchy may in turn delegate to another party or owner. The responsibility to supply authoritative data is also delegated. The.arpa domain (Assigned Resource and Parameter Area) is managed by IANA (Internet Assigned Number Authority) which is owned by ICANN and is managed jointly with the Internet Advisory Board (IAB), the parent of the Internet Engineering Task Force (IETF) which sets Internet standards through the RFC process. Page 8 of 24
.arpa (Address and Routing Parameter Area) is used for Internet infrastructure including reverse mapping and ENUM. Page 9 of 24
While all country code (cctlds) are two characters there is one (currently) exception which is.cat (Catalonia in Spain) which is an administrative region within the country of Spain (.es). It has provoked much envy within Quebec and Scotland who demand the same rights! Page 10 of 24
This slide illustrates the freedom that comes with ownership at any level in the hierarchy. Page 11 of 24
DNS Domain Name www.example.com. Contrast the normal domain name above with the one below. DNS Domain Name www.example.com. With the ending dot Fully Qualified Domain Name (FQDN) unambiguously defines a name to the root the dot (.) is the root and is normally silent Page 12 of 24
A Fully Qualified Domain Name technically always has a terminating dot, indicating the normally silent root, and which indicates it be an unambiguous definition. Unfortunately, the term is widely misused to describe any domain name, without or without the dot. Domain Names www.example.md.us www.guardian.co.uk www.bancobrasil.com.br ftp.example.org www.nashville.tn.us www.br.example.net www.un.int While the above examples for the.us domain are still valid, the.us (and Canada -.ca) are both moving toward a flat (non-hierarchical) namespace. Page 13 of 24
Module 1 DNS Operations and Protocol DNS - Operations/Protocol Authoritative DNS at every level in name hierarchy DNS is interrogated using queries Port 53 UDP (mostly) 512 byte blocks Other Operations TCP on port 53 Configuration parameters allow the user to define alternative ports for some or all operations (covered in Module 4). Page 14 of 24
Page 15 of 24
DNS Operations root DNS Servers TLD DNS Servers www.example.com Query Referral Query Referral user DNS Servers (example.com) Queries Query Answer DNS Operations Authoritative Name Server at every level in domain name Name lookup asks (Queries) each level in hierarchy If Name Server not authoritative it returns a referral to next level If Name Server authoritative it returns an answer Page 16 of 24
DNS - Operations 13 root servers a.root-servers.net m.root-servers.net gtld/cctld servers variable.com = 12.net = 12.org = 6 User servers variable 2 minimum (Microsoft 5, Google 4) DNS Operations www.example.com root DNS Servers caching DNS Server TLD DNS Servers Queries Resolver user DNS Servers (example.com) Page 17 of 24
DNS Servers and Resolvers DNS (name) servers are: Authoritative Caching Combinations Resolvers are: Never Authoritative Full Function (follows referrals) Stub-Resolver (cannot follow referrals) Caching Stub-Resolver All PCs have a stub-resolver and since around 2003 they are almost always caching stub-resolvers. Authoritative DNS May be a Master or Slave Sometimes called Primary and Secondary Responds authoritatively to a query for the complete address example.com authoritative server will respond to www.example.com Page 18 of 24
Page 19 of 24
DNS Zone Transfers Passive Slave Initiated Slave reads zone record (SOA) periodically Full Transfer (AXFR) Incremental Transfer (IXFR) Uses TCP on port 53 Active - Master sends NOTIFY Slave reads SOA on receipt of NOTIFY AXFR or IXFR Speeds up zone change propagation to slaves NOTIFY is the default behavior (to all defined name servers for the domain). Configuration parameters can be used to inhibit or modify NOTIFY behavior. Page 20 of 24
DNS Queries Recursive Queries requested server will provide answer Optional Iterative (non-recursive) Queries Server will provide answer if available Else sends referral Mandatory Page 21 of 24
DNS - Queries Locally configured DNS (properties) will always point to a recursive (caching) name server PC have stub-resolvers (cannot follow referrals) Windows have caching resolver stub-resolver cache for performance Page 22 of 24
Quick Quiz The Quick Quiz is designed partly for fun, partly to wake you up and partly to ensure that you have understood the section. It does not count as part of any formal student assessment. There are usually many possible answers so please do not be afraid to take a risk in answering. First you may be correct and secondly a wrong answer may be useful to the lecturer because it may indicate that a concept was not well explained. Quick Quiz Who controls the domain name space? What is www.ny.us.example.com.br? How many DNS servers may be involved in the above? One method to speed up name changes? Will an iterative query give me answer? What type of resolver is on your PC? You may find it useful to write down the correct answers together with any associated notes. Who controls the domain name space? What is www.ny.us.example.com.br? How many DNS servers may be involved in the above? Page 23 of 24
One method to speed up name changes? (Changes to the speed which master - slave transfers take place two possible answers and multiple variations) Will an iterative query give me answer? (Assume that I want the IP address of, say, www.example.com) What type of resolver is on your PC? Page 24 of 24