Lesson 06 The Domain Name System



Similar documents
DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Internet-Praktikum I Lab 3: DNS

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

How to Add Domains and DNS Records

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

- Domain Name System -

DNS. Computer Networks. Seminar 12

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Application Protocols in the TCP/IP Reference Model

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

ECE 4321 Computer Networks. Network Programming

Introduction to Network Operating Systems

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

DNS Domain Name System

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

FAQ (Frequently Asked Questions)

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

The Domain Name System

Copyright

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Understanding DNS (the Domain Name System)

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Domain Name System (DNS)

Networking Domain Name System

How To Guide Edge Network Appliance How To Guide:

Use Domain Name System and IP Version 6

Installing and Setting up Microsoft DNS Server

The Use of DNS Resource Records

DNS Basics. DNS Basics

Computer Networks: Domain Name System

THE DOMAIN NAME SYSTEM DNS

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

Networking Domain Name System

CS3250 Distributed Systems

How to Configure DNS Zones

How to Configure the Windows DNS Server

The Domain Name System

Understand Names Resolution

19 Domain Name System (DNS)

Domain Name System. CS 571 Fall , Kenneth L. Calvert University of Kentucky, USA All rights reserved

Domain Name System (DNS) Fundamentals

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

Domain Name System. 188lecture12.ppt. Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

The Domain Name System (DNS)

IPv6 support in the DNS

Chapter 23 The Domain Name System (DNS)

Networking Domain Name System

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

DNS at NLnet Labs. Matthijs Mekking

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 22. Naming Paul Krzyzanowski. Rutgers University. Fall 2013

The Domain Name System (DNS)

Introduction to DNS CHAPTER 5. In This Chapter

Forouzan: Chapter 17. Domain Name System (DNS)

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Introduction to the Domain Name System

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Windows 2008 Server. Domain Name System Administración SSII

How to set up the Integrated DNS Server for Inbound Load Balancing

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

The Domain Name System (DNS) Jason Hermance Nerces Kazandjian Long-Quan Nguyen

DNS : Domain Name System

Goal of this session

Glossary of Technical Terms Related to IPv6

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

The Domain Name System

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

Domain Name System. Heng Sovannarith

DNS + DHCP. Michael Tsai 2015/04/27

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

Reverse DNS considerations for IPv6

ICS 351: Today's plan. DNS WiFi

Domain Name System Richard T. B. Ma

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Domain Name System (DNS) RFC 1034 RFC

Domain Name System (DNS)

API of DNS hosting. For DNS-master and Secondary services Table of contents

Internetworking with TCP/IP Unit 10. Domain Name System

DNS and BIND. David White

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

DNSSEC. Introduction. Domain Name System Security Extensions. AFNIC s Issue Papers. 1 - Organisation and operation of the DNS

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Georgia College & State University

My Services Online Service Support. User Guide for DNS and NTP services

Domain Name Server. Training Division National Informatics Centre New Delhi

DNSSEC Applying cryptography to the Domain Name System

Talk-101 User Guide. DNSGate

Automated domain name registration: DNS background information

DNS - Domain Name System

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

DNS. DNS Fundamentals. Goals of this lab: Prerequisites: LXB, NET

Module 2. Configuring and Troubleshooting DNS. Contents:

Monitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Transcription:

Lesson 06 The Domain Name System julien.cervelle@polytechnique.edu Introduction What is the IP address of your casert s computer? Most geeks know What is the IP address of Frankiz? Some of the geeks know What is the IP address of Google? Dunno, chrome knows it What is the IP address of the rest of the world?

Dunno, Google knows it Regular people do not know the IP addresses of the server they are talking to One need to give names to IP addresses File /etc/hosts YP/NIS database Neither scalable nor up to date Functional specification: Goal of DNS From a name returns an IP address From a domain, returns the mail exchanger This specification has not been extended to other services for which canonical (but not normalized) server name are used (thus a A record): www, smtp, In Java:

InetAddress address = InetAddress.getByName("polytechnique.academy"); For lower level access, see JNDI/DNS: InitialDirContext context = new InitialDirContext(); Attributes att = context.getattributes( "dns:/polytechnique.fr"); DNS is worldwide so it is managed worldwide Relevance to business sphere The global entity responsible of DNS is the ICANN (Internet corporation for assigned names and numbers) Each gtld (global top-level domain, see below) is managed by an organization: o AFNIC for.fr

o EURID for.eu o icmregistry for.xxx o MuseDoma for.museum End users ask for a domain name to a registrar which acts as intermediary between them and the above mentioned organizations Usual policy for assigning domain if on a first come, first served basis When a new gtld opens, trademark holder can get priority Some gtld has requirements Assigning domains policy.ca requires to be Canadian or a Canadian company.fr was reserve for business (KBIS or trademark was required) and.nom.fr for people now freely opened and full

To get a domain corresponding to your business is of utmost importance Domain name for a company Which gtld?.fr,.eu,.com,.org, all? o Leaving a gtld can cause a problem if you extend your business to another country (dropbox.fr was not DropBox, cybersquaters ) o ICANN has offered companies to register from their own gtld, only general purpose names seems to be accepted What if someone already has it? o Usually, has to pay a lot for it How much did onedrive.com cost to Microsoft? Yet Blizzard (Activision) were offered diablo3.com o Can sometimes go into trial milka.fr once belonged to a couturière Trial gave it back to Kraft Food who owned the trade mark but only for classes 5, 29, 30 and 32 (not sewing). Judge spoke of a marque notoire

Fully Qualified Domain Names A name is a Fully Qualified Domain Name (FQDN): www.enseignement.polytechnique.fr. see the dot? FQDN forms a tree:

A FQDN targets a unique node of the tree Edges are dots (.) Paths written right to left from the root The last dot can be omitted but is the configuration files of DNS zones where no dot means append the current domain name

DNS assigns several data types to FQDN: For hosts o A = an IPv4 address of the host o AAAA = an IPv6 address of the host o CNAME = alias to another name For domains o NS = the name server in charge of the domain (see below) o MX = the mail server in charge of email addresses ending in @domain o SOA = information about the domain owner o DNAME = alias to another domain, applied to all the subtree Other o TXT = some text DNS records DNS protocol

Based on the design pattern Chain of responsibility if I do not know the answer to a question, I know someone else to ask Each node (but leaves) is managed by a server, the name server of the domain Such servers know: All about the records of the domain The name server for the sub-domains Domain. is managed by the root servers (see root-servers.org) To get record A of domain a.b.c.d: Ask the root-servers what is the NS record of d. o Answer = ns.d. of IP address xxx Ask ns.d what is the NS record of c.d. o Answer = ns2.c.d. of IP address yyy DNS chain of queries

Ask ns2.c.d. what is the NS record of b.c.d. o Answer = sdn.b.c.d. of IP address zzz Ask sdn.b.c.d. what is the A record of a.b.c.d. o Answer = a.b.c.d. is a CNAME for t.u.v.w.x.y.z. Arrrrghhhh Based on the design pattern Proxy Cache system To prevent overloading servers and for faster answer of common queries, end-users configure (often via dhcp) a DNS server Accepts answer to recursive queries Finds the answer, possibly asking to other servers Usually, only your DNS servers accept recursive queries 8.8.8.8 is Google s recursive DNS server (what privacy statement?)

TTL Primary servers give a hint to other server for the time to live of answers to queries Servers are supposed to drop the answer after the TTL expires Regular server s TTL is a few days Dyndns.org server s TTL is a minute The SOA records give a TTL for negative answers DNS offers a way to get a name from an IP address Reverse DNS A special PTR record is used For IPv4 address 1.2.3.4, request PTR record of 4.3.2.1.in-addr.arpa. For IPv6 address 1.2.3 d.e.f, request PTR record of f.e.d 3.2.1.ip6.arpa. Some mail servers require clients to have a reverse DNS

Queries are a Question section Answers are: The question section repeated (UDP you know) An answer section (the possible answers to your query) An authority section (who to ask for authoritative answer) An additional section (not the answer to the question yet useful) o For instance, NS answer is a string, the IP address is in the addition section o Of course, some hackers find interesting to add false answers here (cache poisoning) Some bits of control o Authoritative or not o Recursion possible or not o DNSSEC validation or not o A section is: A list of records

DNS sec provides a way to sign records The mechanism relies on the same chain of responsibility design pattern DNSSEC The root servers tells how to check the records sent by the gtld Each server tell how to check the records managed by their sub-domains This is achieved by a PKI (public key infrastructure) o A public key can check the validity of a record (given by a node to clients for verifying sub-nodes answers) o A private key, only owned by the domain owner, can create a verifiable record DNS is deeply installed in the system A standard libc call, gethostbyname, asks for a DNS resolution DNS System-wise

Cascade of libraries: libc uses NSS uses resolv+ uses DNS How-to get a domain name Go for your favorite registrar (see http://www.icann.org/registrar-reports/accredited-list.html) See if the domain you like is available (e.g. cave-k.es) See if you meet the domain requirement (E.g..ca is only available for Canadians) Pay the fee (6 for cave-k.es, some hundreds of $ for premium domains) Configure the DNS NS record and its IP address in the registrar Of course, most registrar offer services: DNS server Web hosting Mail hosting VoIP

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information