Dns

2,448 views

Published on

Discussion of the Domain Name Space

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,448
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
116
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Dns

  1. 1. DNS Domain Name System February 13,2001 Professor Tom Mavroidis
  2. 2. DNS <ul><li>On all Linux systems, domain name service(DNS) is implemented with the Berkley Internet Name Domain (BIND) software </li></ul><ul><li>BIND 8 is the most recent version </li></ul><ul><li>BIND DNS is a client/server system </li></ul>
  3. 3. Client/Server <ul><li>Client is called the resolver </li></ul><ul><ul><li>it forms the queries and sends them to the name server </li></ul></ul><ul><ul><li>not a distinct process but a library of software routines </li></ul></ul><ul><ul><li>every computer on network runs a resolver </li></ul></ul>
  4. 4. Server Side <ul><li>Answers Queries that come form the resolver </li></ul><ul><li>The name server daemon is called named </li></ul><ul><li>Not necessary to run named on every computer, only the name server </li></ul>
  5. 5. Why are name services used? <ul><li>A name service is a network information services that maps names to addresses. </li></ul><ul><li>The service is accessed transparently </li></ul><ul><li>The user is unaware of the procedures used to find the IP address </li></ul><ul><li>www.yahoo.com => 216.32.74.50 </li></ul>
  6. 6. Why use domain names? <ul><li>Names are easier to remember than IP addresses </li></ul><ul><li>Less chance of entering in an incorrect name </li></ul><ul><li>If a site is moved to a new IP address the name can remain the same </li></ul>
  7. 7. In the beginning… <ul><li>Host names were administered by a central authority </li></ul><ul><li>A new host would be added to the hosts.txt file located at the Network Information Center (NIC) </li></ul><ul><li>The entire hosts.txt file would be propagated to every site in the Internet using FTP </li></ul>
  8. 8. Problems included... <ul><li>A high probability of naming conflicts </li></ul><ul><li>Central name administration was a problem with the community in general </li></ul><ul><li>Distribution Problems increased dramatically </li></ul><ul><li>Maintaining Consistency was impossible </li></ul>
  9. 9. DNS is... <ul><li>A database which maps names to addresses </li></ul><ul><li>The database is distributed across the entire internet </li></ul><ul><li>It is independent of network topology </li></ul>
  10. 10. DNS Goals <ul><li>Hosts need not download huge hosts.txt files </li></ul><ul><li>You do not need to notify a central agency if you add a new machine to the network </li></ul>
  11. 11. Flat Namespace <ul><li>Host are organized into a single tree </li></ul><ul><li>Naming hierarchy is independent of physical networks </li></ul><ul><li>Hosts are addressed by IP address </li></ul><ul><li>Namespace refers to the set of all possible names </li></ul><ul><li>flat namespace limits this set </li></ul>
  12. 12. Hierarchical Namespace <ul><li>Allows for an almost unlimited choice of names </li></ul><ul><li>A domain is best described as a subtree of the namespace </li></ul><ul><li>Each node in the subtree is named by a label </li></ul>
  13. 13. Conventions <ul><li>Two conventions are being used when domains are chosen </li></ul><ul><li>Organizational and geographical </li></ul><ul><li>Organizational = .com .edu .gov .mil .net .org .int </li></ul><ul><li>Geographical = .fr .nl .ca .gb (follow ISO-3166) </li></ul>
  14. 14. Lables <ul><li>May be both upper and lower case </li></ul><ul><li>Case is ignored Yahoo = yahoo </li></ul><ul><li>Must start with a letter, may end with a letter or number, and may contain letters, digits, or hyphens </li></ul><ul><li>Maximum length = 255 characters </li></ul>
  15. 15. Fully Qualified Domain Name FQDN <ul><li>Made up of all labels from the root </li></ul><ul><li>Written from left to right </li></ul><ul><li>Labels must be unique within its parent domain </li></ul><ul><li>May be absolute or relative -(see next slide) </li></ul>
  16. 16. Names <ul><li>Absolute - expressed relative to the root i.e. senecac.on.ca . </li></ul><ul><li>Relative - represent the lower labels of an incomplete domain name cs.senecac.on.ca </li></ul>
  17. 17. Name Servers <ul><li>Repositories of information that make up the database </li></ul><ul><li>holds information for some parts of the namespace </li></ul><ul><li>Parts of the namespace that is managed and has complete information is said to be authoritative </li></ul>
  18. 18. Zones <ul><li>Information is organized into units called zones </li></ul><ul><li>Zones contain all of the information about a domain. </li></ul>
  19. 19. Internet Domains <ul><li>Need to be supported by at least two nameservers for reasons of reliability </li></ul><ul><li>These are known as Primary and Secondary Nameservers </li></ul><ul><li>Zones are replicated across both nameservers </li></ul>
  20. 20. Primary Nameservers <ul><li>Sometimes called master servers </li></ul><ul><li>Master files are updated by local system administrators </li></ul><ul><li>Zone changes are made at the primary server </li></ul><ul><li>Secondary servers maintains a copy of the data for a zone and periodically updates its data from the primary </li></ul>
  21. 21. Resource Records <ul><li>All data is stored in a standard format called a Resource Record (RR) which consists of four parts </li></ul><ul><li>Domain, Class, Type, Information </li></ul>
  22. 22. Resource Record <ul><li>Domain - Name of the Domain </li></ul><ul><li>Class - class of record (IN for Internet) </li></ul><ul><li>Type - type of record, what it is used for </li></ul><ul><li>Information - data for the record </li></ul>
  23. 23. Resource Record Types <ul><li>A = (IPv4 address) </li></ul><ul><li>AAAA =(IPv6 address) </li></ul><ul><li>NS = nameserver </li></ul><ul><li>SOA = Start of Authority </li></ul><ul><li>PTR = Pointer used to map names to addresses </li></ul><ul><li>and many more </li></ul>
  24. 24. Resolvers <ul><li>Clients process’s entry into the database </li></ul><ul><li>extracts information in response to the clients request </li></ul>
  25. 25. Steps necessary to extract an address <ul><li>Resolver function sends a query to its local nameserver (entered during configuration on the local machine) </li></ul><ul><li>Local nameserver checks its own information (hosts.txt) </li></ul><ul><li>If failed, request is sent to the root server </li></ul>
  26. 26. ...continued <ul><li>If failed returns a referral to a server closer to the domain of interest I.e. the .com dns server. </li></ul><ul><li>If failed returns a referral to the server for the domain root I.e. .senecac.on.ca </li></ul><ul><li>If failed returns a domain not found otherwise returns the address to the requested domain </li></ul>
  27. 27. Caching <ul><li>Improves performance by maintaining a copy of recent request in memory </li></ul><ul><li>Data may be out of date if changes have occurred since last cache </li></ul><ul><li>Cached data is termed nonauthoritative </li></ul><ul><li>Primary and secondary nameservers return authoritative answers only since they are originators for the zone </li></ul>
  28. 28. …Caching Continued <ul><li>Cached data is eventually discarded by a timeout (TTL) field </li></ul>
  29. 29. Mapping Addresses to Names <ul><li>Domain IN-ADDR.ARPA is set up for mapping addresses to names </li></ul><ul><li>142.204.1.1 => senecac.on.ca </li></ul><ul><li>Some applications require this service I.e. HTTPS </li></ul>
  30. 30. Dynamic Updates <ul><li>Update request message is sent form a client to its local server </li></ul><ul><li>Message is forwarded to the Primary Master Server </li></ul><ul><li>Primary master checks prerequisites and the requestor is validated </li></ul><ul><li>Data is written to storage in client </li></ul><ul><li>Server can send DNS notify messages to slave servers RFC 1996 </li></ul>
  31. 31. Alternate Naming Services <ul><li>WINS - Windows Internet Naming Service </li></ul><ul><li>Usually found on Microsoft clients and servers </li></ul><ul><li>Resolves LAN requests for IP address’s same as DNS </li></ul>
  32. 32. Alternate Naming Services <ul><li>ACAP - Application Configuration Access Protocol </li></ul><ul><li>Developed by the Internet Engineering Task Force (IETF) </li></ul><ul><li>Gives applications access to services such as address books </li></ul>
  33. 33. Alternate Naming Services <ul><li>LDAP - Lightweight Directory Access Protocol </li></ul><ul><li>Provides ACAP with a directory structure </li></ul><ul><li>Uses the OSI X.500 specifications </li></ul>
  34. 34. Setting up a Nameserver <ul><li>Three components are needed </li></ul><ul><li>Nameserver software, nameserver boot file (not required in all systems), and the master files (data files) </li></ul><ul><li>the software Linux uses is called “named” </li></ul>
  35. 35. named daemon <ul><li>Also known as BIND (Berkely Internet Name Daemon) </li></ul><ul><li>Has become the de facto nameserver </li></ul><ul><li>The Internet Software Consortium (ISC) controls BIND and its improvements </li></ul><ul><li>named uses a boot file and local data files </li></ul>
  36. 36. Back to the Resolver <ul><li>The resolver is configured by the /etc/resolv.conf file </li></ul><ul><li>The /etc/resolv.conf file is read each time it need to resolve an address </li></ul><ul><ul><li>this means you need not restart a service when changes are made </li></ul></ul>
  37. 37. Nameserver address <ul><li>Nameserver address - defines the IP address of the nameserver the resolver should use </li></ul><ul><li>Up to three nameserver addresses can be used </li></ul><ul><li>The second address is only queried if the first server cannot be reached and the third only if the first two fail </li></ul>
  38. 38. Domain domainname <ul><li>Defines the local domain which is used to expand the host name in a query before it is sent to the nameserver </li></ul><ul><li>If not defined the values in the search command are used </li></ul>
  39. 39. Search searchlist <ul><li>Defines a list of domains that are used to expand a host name before it is sent to the nameserver </li></ul><ul><li>Contains up to six domain names separated by spaces </li></ul><ul><li>Each domain is searched until the query is answered </li></ul>
  40. 40. Options option <ul><li>Debug - turns on debugging </li></ul><ul><li>timeout:n - initial query timeoutfor the resolver (default 5 seconds) </li></ul><ul><li>attempts:n - the number of times the resolver retries a query (default 2) </li></ul><ul><li>rotate - round robin selection of nameservers </li></ul>
  41. 41. Options (cont) <ul><li>No-check-names - disables checking of domain names for RFC952 compliance </li></ul><ul><li>inet6 - query for IPv6 addresses </li></ul>
  42. 42. Search List <ul><li>Say you entered “search senecac.on.ca” </li></ul><ul><li>if a user enters “titanic” instead of titanic.senecac.on.ca </li></ul><ul><ul><li>the senecac.on.ca is automatically extended to it </li></ul></ul>
  43. 43. Linux supports three basic name server configurations <ul><li>Master (primary) - the main DNS domain - loads from disk - considered authoritative </li></ul><ul><li>Slave (secondary) - copy of the primary - also authoritative </li></ul><ul><li>Caching server - nonauthoritative - gets its answers from other DNS servers - used to speed up resolutions </li></ul>
  44. 44. To verify your DNS server is installed correctly <ul><li>You need root authority </li></ul><ul><li>type “which named” - response should be /usr/sbin/named </li></ul><ul><li>or type rpm -q bind8 - response should be bind8-8.2.2-?? Or close </li></ul>
  45. 45. To start, test, and stop <ul><li>To start Type “NDC start” press enter </li></ul><ul><li>To test Type “ nslookup” press enter </li></ul><ul><li>Type “server 127.0.0.1” press enter </li></ul><ul><li>ask for the address of any name, if an IP address is returned than it is working </li></ul><ul><li>To stop Type “NDC stop” </li></ul>
  46. 46. Configuration files <ul><li>Up to five different files are required for a named configuration </li></ul><ul><ul><li>named.conf </li></ul></ul><ul><ul><li>hints file </li></ul></ul><ul><ul><li>local host file </li></ul></ul><ul><ul><li>zone file </li></ul></ul><ul><ul><li>reverse zone file </li></ul></ul>
  47. 47. Named.conf <ul><li>Defines the basic parameters and points to the sources of domain database information </li></ul><ul><li>usually in the /etc directory </li></ul>
  48. 48. Hints file <ul><li>Also known as cache </li></ul><ul><li>Provides the names and addresses of the root DNS server that are authoritative for the top level domains of the DNS hierarchy like .com .edu .org </li></ul><ul><li>usually in the /var/named directory </li></ul>
  49. 49. Local host file <ul><li>Local zone file for resolving the loopback address to the host name localhost </li></ul>
  50. 50. Zone file <ul><li>Defines most of the information </li></ul><ul><li>maps host names to addresses </li></ul><ul><li>identifies mail servers </li></ul><ul><li>usually in the /var/named directory </li></ul>
  51. 51. Reverse zone file <ul><li>Maps IP addresses to host names </li></ul><ul><li>Opposite of the zone file </li></ul><ul><li>Usually in the /var/named directory </li></ul>
  52. 52. Named.conf <ul><li>Seven valid configuration statements </li></ul><ul><ul><li>acl - access control list of IP addresses </li></ul></ul><ul><ul><li>include - includes another file into config </li></ul></ul><ul><ul><li>key - defines security keys </li></ul></ul><ul><ul><li>logging - what is logged and where stored </li></ul></ul><ul><ul><li>options - global config options </li></ul></ul><ul><ul><li>server - remote servers characteristics </li></ul></ul><ul><ul><li>zone - defines a zone </li></ul></ul>
  53. 53. Options statement <ul><li>Defines global parameters and sets defaults </li></ul><ul><li>Only one is allowed </li></ul><ul><li>options { </li></ul><ul><ul><li>directory “var/named”; </li></ul></ul><ul><ul><li>}; </li></ul></ul>
  54. 54. Zone statement <ul><li>Defines a zone services by this nameserver </li></ul><ul><li>defines the type of name server (primary or secondary) can include different types </li></ul><ul><li>defines source of domain info, data can be loaded from disk or transferred from master </li></ul>
  55. 55. Example zone statement <ul><li>Zone “senecac.on.ca” in { </li></ul><ul><ul><li>type master; </li></ul></ul><ul><ul><li>file “senecac.hosts”; </li></ul></ul><ul><ul><li>}; </li></ul></ul><ul><ul><li>in keyword means this zones contains IP addresses and Internet domain names </li></ul></ul><ul><ul><li>type master means master server for the domain </li></ul></ul><ul><ul><li>File senecac.hosts pointes to the file that contains the domain database information </li></ul></ul>
  56. 56. Caching-Only Configuration <ul><li>All servers cache information </li></ul><ul><li>zone “.” { </li></ul><ul><ul><li>type hint; </li></ul></ul><ul><ul><li>file “named.ca”; </li></ul></ul><ul><ul><li>}; </li></ul></ul><ul><ul><li>zone “0.0.127.in-addr.arpa” { </li></ul></ul><ul><ul><li>type master; </li></ul></ul><ul><ul><li>file “named.local”; </li></ul></ul><ul><ul><li>}; </li></ul></ul><ul><ul><li>hint file helps the server locate the root servers during startup </li></ul></ul><ul><ul><li>second zone make the server the master for its own loopback address </li></ul></ul>
  57. 57. Hints file <ul><li>Contains the names and addresses of the root name servers </li></ul><ul><li>helps the local server locate a root server during the startup </li></ul><ul><li>once located an authoritative list of root server is downloaded form that server </li></ul><ul><li>named.conf points to the location of the hints file (common names are named.ca, named.root and root cache) </li></ul>
  58. 58. Local hosts file <ul><li>Is a reverse domain </li></ul><ul><li>maps the loopback address 127.0.0.1 to the local name localhost </li></ul><ul><li>the most common name for the local host file is named.local but it is sometimes called 127.0.0.zone </li></ul>
  59. 59. Secondary or slave <ul><ul><li>zone “senecac.on.ca” { </li></ul></ul><ul><ul><li>type slave; </li></ul></ul><ul><ul><li>file “senecac.on.ca.zone”; </li></ul></ul><ul><ul><li>masters {192.168.1.1; }; </li></ul></ul><ul><ul><li>}; </li></ul></ul><ul><ul><li>file is the name of a text file the information is to be stored in automatically </li></ul></ul><ul><ul><li>master is the name of the primary server the info is to come from </li></ul></ul>
  60. 60. Zone directives <ul><li>First record in a zone file </li></ul><ul><li>$TTL 1d </li></ul><ul><li>specifies the time this record will be cached on other servers, from our entry one day </li></ul>
  61. 61. SOA record (start of authority) <ul><li>@ IN SOA senecac.onca. Admin.senecac.on.ca. ( </li></ul><ul><ul><li>2000021222 ; serial </li></ul></ul><ul><ul><li>216000 ; refresh </li></ul></ul><ul><ul><li>1800 ; retry </li></ul></ul><ul><ul><li>4w ; expire </li></ul></ul><ul><ul><li>1h ; negative cache TTL </li></ul></ul><ul><ul><li>@ - Refers to the domain name defined in the zone statement </li></ul></ul><ul><ul><li>senecac.on.ca = host name of the master server for this zone </li></ul></ul><ul><ul><li>admin.senenca.on.ca = email of person responsible for this domain </li></ul></ul>
  62. 62. SOA record (start of authority) <ul><li>Serial - if master is > slave’s then entire zone is transferred </li></ul><ul><li>refresh is length of refresh cycle </li></ul><ul><li>retry is length or retry cycle if master is busy </li></ul><ul><li>expire is time the slave should continue caching data when primary is no longer responding </li></ul><ul><li>neg cache - time remember drops </li></ul>
  63. 63. MX records (Mail server) <ul><li>IN MX 10 titanic.senecac.on.ca. </li></ul><ul><li>IN MX 20 mail.senecac.on.ca. </li></ul><ul><li>First record says that titanic is the mail server for the senecac.on.ca domain </li></ul><ul><li>second entry says that if titanic is unavailable than send mail to mail.senecac.on.ca </li></ul>
  64. 64. Reverse Zone File <ul><li>Maps IP addresses to host names </li></ul><ul><li>Some sites will deny access if it cannot do a reverse loolkup (HTTPS) </li></ul><ul><li>all IP addresses for the host are written in reverse ie. 192.168.1 is 1.168.192.in-addr.arpa </li></ul><ul><li>contain same fields as forward zone file and provide same service in reverse </li></ul>
  65. 65. Automating DNS startup <ul><li>Change to the runlevel’s directory cd /etc/rc.d/rc3.d </li></ul><ul><li>create a link to start bind </li></ul><ul><li>ln -s /etc/rc.d/init.d/ndc </li></ul>

×