• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Dns
 

Dns

on

  • 2,117 views

Discussion of the Domain Name Space

Discussion of the Domain Name Space

Statistics

Views

Total Views
2,117
Views on SlideShare
2,116
Embed Views
1

Actions

Likes
1
Downloads
73
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Dns Dns Presentation Transcript

    • DNS Domain Name System February 13,2001 Professor Tom Mavroidis
    • DNS
      • On all Linux systems, domain name service(DNS) is implemented with the Berkley Internet Name Domain (BIND) software
      • BIND 8 is the most recent version
      • BIND DNS is a client/server system
    • Client/Server
      • Client is called the resolver
        • it forms the queries and sends them to the name server
        • not a distinct process but a library of software routines
        • every computer on network runs a resolver
    • Server Side
      • Answers Queries that come form the resolver
      • The name server daemon is called named
      • Not necessary to run named on every computer, only the name server
    • Why are name services used?
      • A name service is a network information services that maps names to addresses.
      • The service is accessed transparently
      • The user is unaware of the procedures used to find the IP address
      • www.yahoo.com => 216.32.74.50
    • Why use domain names?
      • Names are easier to remember than IP addresses
      • Less chance of entering in an incorrect name
      • If a site is moved to a new IP address the name can remain the same
    • In the beginning…
      • Host names were administered by a central authority
      • A new host would be added to the hosts.txt file located at the Network Information Center (NIC)
      • The entire hosts.txt file would be propagated to every site in the Internet using FTP
    • Problems included...
      • A high probability of naming conflicts
      • Central name administration was a problem with the community in general
      • Distribution Problems increased dramatically
      • Maintaining Consistency was impossible
    • DNS is...
      • A database which maps names to addresses
      • The database is distributed across the entire internet
      • It is independent of network topology
    • DNS Goals
      • Hosts need not download huge hosts.txt files
      • You do not need to notify a central agency if you add a new machine to the network
    • Flat Namespace
      • Host are organized into a single tree
      • Naming hierarchy is independent of physical networks
      • Hosts are addressed by IP address
      • Namespace refers to the set of all possible names
      • flat namespace limits this set
    • Hierarchical Namespace
      • Allows for an almost unlimited choice of names
      • A domain is best described as a subtree of the namespace
      • Each node in the subtree is named by a label
    • Conventions
      • Two conventions are being used when domains are chosen
      • Organizational and geographical
      • Organizational = .com .edu .gov .mil .net .org .int
      • Geographical = .fr .nl .ca .gb (follow ISO-3166)
    • Lables
      • May be both upper and lower case
      • Case is ignored Yahoo = yahoo
      • Must start with a letter, may end with a letter or number, and may contain letters, digits, or hyphens
      • Maximum length = 255 characters
    • Fully Qualified Domain Name FQDN
      • Made up of all labels from the root
      • Written from left to right
      • Labels must be unique within its parent domain
      • May be absolute or relative -(see next slide)
    • Names
      • Absolute - expressed relative to the root i.e. senecac.on.ca .
      • Relative - represent the lower labels of an incomplete domain name cs.senecac.on.ca
    • Name Servers
      • Repositories of information that make up the database
      • holds information for some parts of the namespace
      • Parts of the namespace that is managed and has complete information is said to be authoritative
    • Zones
      • Information is organized into units called zones
      • Zones contain all of the information about a domain.
    • Internet Domains
      • Need to be supported by at least two nameservers for reasons of reliability
      • These are known as Primary and Secondary Nameservers
      • Zones are replicated across both nameservers
    • Primary Nameservers
      • Sometimes called master servers
      • Master files are updated by local system administrators
      • Zone changes are made at the primary server
      • Secondary servers maintains a copy of the data for a zone and periodically updates its data from the primary
    • Resource Records
      • All data is stored in a standard format called a Resource Record (RR) which consists of four parts
      • Domain, Class, Type, Information
    • Resource Record
      • Domain - Name of the Domain
      • Class - class of record (IN for Internet)
      • Type - type of record, what it is used for
      • Information - data for the record
    • Resource Record Types
      • A = (IPv4 address)
      • AAAA =(IPv6 address)
      • NS = nameserver
      • SOA = Start of Authority
      • PTR = Pointer used to map names to addresses
      • and many more
    • Resolvers
      • Clients process’s entry into the database
      • extracts information in response to the clients request
    • Steps necessary to extract an address
      • Resolver function sends a query to its local nameserver (entered during configuration on the local machine)
      • Local nameserver checks its own information (hosts.txt)
      • If failed, request is sent to the root server
    • ...continued
      • If failed returns a referral to a server closer to the domain of interest I.e. the .com dns server.
      • If failed returns a referral to the server for the domain root I.e. .senecac.on.ca
      • If failed returns a domain not found otherwise returns the address to the requested domain
    • Caching
      • Improves performance by maintaining a copy of recent request in memory
      • Data may be out of date if changes have occurred since last cache
      • Cached data is termed nonauthoritative
      • Primary and secondary nameservers return authoritative answers only since they are originators for the zone
    • …Caching Continued
      • Cached data is eventually discarded by a timeout (TTL) field
    • Mapping Addresses to Names
      • Domain IN-ADDR.ARPA is set up for mapping addresses to names
      • 142.204.1.1 => senecac.on.ca
      • Some applications require this service I.e. HTTPS
    • Dynamic Updates
      • Update request message is sent form a client to its local server
      • Message is forwarded to the Primary Master Server
      • Primary master checks prerequisites and the requestor is validated
      • Data is written to storage in client
      • Server can send DNS notify messages to slave servers RFC 1996
    • Alternate Naming Services
      • WINS - Windows Internet Naming Service
      • Usually found on Microsoft clients and servers
      • Resolves LAN requests for IP address’s same as DNS
    • Alternate Naming Services
      • ACAP - Application Configuration Access Protocol
      • Developed by the Internet Engineering Task Force (IETF)
      • Gives applications access to services such as address books
    • Alternate Naming Services
      • LDAP - Lightweight Directory Access Protocol
      • Provides ACAP with a directory structure
      • Uses the OSI X.500 specifications
    • Setting up a Nameserver
      • Three components are needed
      • Nameserver software, nameserver boot file (not required in all systems), and the master files (data files)
      • the software Linux uses is called “named”
    • named daemon
      • Also known as BIND (Berkely Internet Name Daemon)
      • Has become the de facto nameserver
      • The Internet Software Consortium (ISC) controls BIND and its improvements
      • named uses a boot file and local data files
    • Back to the Resolver
      • The resolver is configured by the /etc/resolv.conf file
      • The /etc/resolv.conf file is read each time it need to resolve an address
        • this means you need not restart a service when changes are made
    • Nameserver address
      • Nameserver address - defines the IP address of the nameserver the resolver should use
      • Up to three nameserver addresses can be used
      • The second address is only queried if the first server cannot be reached and the third only if the first two fail
    • Domain domainname
      • Defines the local domain which is used to expand the host name in a query before it is sent to the nameserver
      • If not defined the values in the search command are used
    • Search searchlist
      • Defines a list of domains that are used to expand a host name before it is sent to the nameserver
      • Contains up to six domain names separated by spaces
      • Each domain is searched until the query is answered
    • Options option
      • Debug - turns on debugging
      • timeout:n - initial query timeoutfor the resolver (default 5 seconds)
      • attempts:n - the number of times the resolver retries a query (default 2)
      • rotate - round robin selection of nameservers
    • Options (cont)
      • No-check-names - disables checking of domain names for RFC952 compliance
      • inet6 - query for IPv6 addresses
    • Search List
      • Say you entered “search senecac.on.ca”
      • if a user enters “titanic” instead of titanic.senecac.on.ca
        • the senecac.on.ca is automatically extended to it
    • Linux supports three basic name server configurations
      • Master (primary) - the main DNS domain - loads from disk - considered authoritative
      • Slave (secondary) - copy of the primary - also authoritative
      • Caching server - nonauthoritative - gets its answers from other DNS servers - used to speed up resolutions
    • To verify your DNS server is installed correctly
      • You need root authority
      • type “which named” - response should be /usr/sbin/named
      • or type rpm -q bind8 - response should be bind8-8.2.2-?? Or close
    • To start, test, and stop
      • To start Type “NDC start” press enter
      • To test Type “ nslookup” press enter
      • Type “server 127.0.0.1” press enter
      • ask for the address of any name, if an IP address is returned than it is working
      • To stop Type “NDC stop”
    • Configuration files
      • Up to five different files are required for a named configuration
        • named.conf
        • hints file
        • local host file
        • zone file
        • reverse zone file
    • Named.conf
      • Defines the basic parameters and points to the sources of domain database information
      • usually in the /etc directory
    • Hints file
      • Also known as cache
      • Provides the names and addresses of the root DNS server that are authoritative for the top level domains of the DNS hierarchy like .com .edu .org
      • usually in the /var/named directory
    • Local host file
      • Local zone file for resolving the loopback address to the host name localhost
    • Zone file
      • Defines most of the information
      • maps host names to addresses
      • identifies mail servers
      • usually in the /var/named directory
    • Reverse zone file
      • Maps IP addresses to host names
      • Opposite of the zone file
      • Usually in the /var/named directory
    • Named.conf
      • Seven valid configuration statements
        • acl - access control list of IP addresses
        • include - includes another file into config
        • key - defines security keys
        • logging - what is logged and where stored
        • options - global config options
        • server - remote servers characteristics
        • zone - defines a zone
    • Options statement
      • Defines global parameters and sets defaults
      • Only one is allowed
      • options {
        • directory “var/named”;
        • };
    • Zone statement
      • Defines a zone services by this nameserver
      • defines the type of name server (primary or secondary) can include different types
      • defines source of domain info, data can be loaded from disk or transferred from master
    • Example zone statement
      • Zone “senecac.on.ca” in {
        • type master;
        • file “senecac.hosts”;
        • };
        • in keyword means this zones contains IP addresses and Internet domain names
        • type master means master server for the domain
        • File senecac.hosts pointes to the file that contains the domain database information
    • Caching-Only Configuration
      • All servers cache information
      • zone “.” {
        • type hint;
        • file “named.ca”;
        • };
        • zone “0.0.127.in-addr.arpa” {
        • type master;
        • file “named.local”;
        • };
        • hint file helps the server locate the root servers during startup
        • second zone make the server the master for its own loopback address
    • Hints file
      • Contains the names and addresses of the root name servers
      • helps the local server locate a root server during the startup
      • once located an authoritative list of root server is downloaded form that server
      • named.conf points to the location of the hints file (common names are named.ca, named.root and root cache)
    • Local hosts file
      • Is a reverse domain
      • maps the loopback address 127.0.0.1 to the local name localhost
      • the most common name for the local host file is named.local but it is sometimes called 127.0.0.zone
    • Secondary or slave
        • zone “senecac.on.ca” {
        • type slave;
        • file “senecac.on.ca.zone”;
        • masters {192.168.1.1; };
        • };
        • file is the name of a text file the information is to be stored in automatically
        • master is the name of the primary server the info is to come from
    • Zone directives
      • First record in a zone file
      • $TTL 1d
      • specifies the time this record will be cached on other servers, from our entry one day
    • SOA record (start of authority)
      • @ IN SOA senecac.onca. Admin.senecac.on.ca. (
        • 2000021222 ; serial
        • 216000 ; refresh
        • 1800 ; retry
        • 4w ; expire
        • 1h ; negative cache TTL
        • @ - Refers to the domain name defined in the zone statement
        • senecac.on.ca = host name of the master server for this zone
        • admin.senenca.on.ca = email of person responsible for this domain
    • SOA record (start of authority)
      • Serial - if master is > slave’s then entire zone is transferred
      • refresh is length of refresh cycle
      • retry is length or retry cycle if master is busy
      • expire is time the slave should continue caching data when primary is no longer responding
      • neg cache - time remember drops
    • MX records (Mail server)
      • IN MX 10 titanic.senecac.on.ca.
      • IN MX 20 mail.senecac.on.ca.
      • First record says that titanic is the mail server for the senecac.on.ca domain
      • second entry says that if titanic is unavailable than send mail to mail.senecac.on.ca
    • Reverse Zone File
      • Maps IP addresses to host names
      • Some sites will deny access if it cannot do a reverse loolkup (HTTPS)
      • all IP addresses for the host are written in reverse ie. 192.168.1 is 1.168.192.in-addr.arpa
      • contain same fields as forward zone file and provide same service in reverse
    • Automating DNS startup
      • Change to the runlevel’s directory cd /etc/rc.d/rc3.d
      • create a link to start bind
      • ln -s /etc/rc.d/init.d/ndc