Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Let ’s talk DNS
1
History
• Once upon a time …
• computers were very expensive
• computers were very large
• computers were isolated, didn’t...
Early Internet Era - ARPANET
• Later, they started getting connected with others* like ARPANET which
• contains few ~100 n...
4
Early Internet Era - ARPANET
• Later, they started getting connected with others* like ARPANET which
• contains few ~100 n...
Sample hosts.txt
6
Early Internet Era - ARPANET
• Later, they started getting connected with others* like ARPANET which
• contains few ~100 n...
Issues with ARPANET
• ARPANET worked for a while, but not for long as
• hosts.txt files became extremely large (in size)
• ...
Requirements
• Essentially we need a system which
• can store numbers(IP) with names mapping (database service at core)
• ...
DNS
• Is in use since 1980
• Defined in RFC 882 and RFC 883 in 1983
• Superseded in RFC 1034 and RFC 1035 in 1987
10
DNS
• Async protocol
• Stateless (UDP)
• A very simple packet format
• Compatible with IP suite protocols
• Aggressive cac...
DNS - In reality
• Data is indexed by domain names
• Domain name is a sequence of labels
• Labels are separated by dots (“...
Root and TLDs
• Top level domains
• GTLD: Generic top-level domain (.com, .org ..)
• ccTLD (.in, .eu, .uk …)
• New TLDs (....
Root and TLDs
14
13 Root TLDs
Hostname IP Addresses Manager
• a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc.
• b.root-se...
Delegation: domains and zone
• Domain: entire subtree
• Zone: part of domain administered by an entity (smaller, more mana...
DNS: Operation of the protocol
• Server respond to queries
• Clients recursively query servers
• Responses are cached ever...
DNS Actors
query?
response recursive
resolver
name server
authoritative server /
root server
stub
resolver
18
DNS Actors
1. Clients configure recursive
resolver, read from /etc/resolv.conf
19
DNS Actors
1. Clients configure recursive
resolver, read from /etc/resolv.conf
2. Recursive resolver find answers
on behalf ...
DNS Actors
1. Clients configure recursive
resolver, read from /etc/resolv.conf
2. Recursive resolver find answers on
behalf ...
DNS Actors
• Records are in its zone file
• Type A, AAAA, MX, CNAME etc
• Only Answer queries for data under their authorit...
DNS Flow - Example
23
Different type of servers
• Authoritative-only DNS Servers
• Authoritative severs can also be caching servers
• Recursive ...
Queries, Responses & Flags
25
x
• Every DNS query consists of following:
• qname: a domain name(popularly know as URLs)
• qtype: A, AAAA, MX etc denotes...
Types of DNS queries
• Forward DNS query
• Look up host’s IP-address by name
• for example - yahoo.com has 98.138.253.109 ...
DNS Flags
• qr — query response (A)
• rd — recursion desired (A) (Q)
• ra — recursion available (A)
• aa — authoritative a...
Sample DNS Query In Action
query?
response recursive
resolver
root server “.”
stub
resolver
TLD server “.com”
Host server
...
Sample DNS dig response
30
DNS Record Types
• A, AAAA IPv4, IPv6 address
• NS NameServer
• CNAME Canonical name
• MX Mail Exchanger
• PTR Reverse inf...
Record Types - A, AAAA
• A denotes IPv4 records
• divided into 4 octets/classes
• each octet is of 8 bits
• maximum 2*32 c...
Record Types - NS
• Name Server Record
• Used to delegate a subdomain to a set of name servers
• Generally we publish NS r...
Record Types - CNAME
• Canonical Name Record
• rdata contains mapped domain name
• Must always point to another domain-nam...
Record Types - MX
• Mail Exchanger Record
• Defines host which will be receiving emails
• rdata contains the preference fiel...
Record Types - SRV
• Used for specifying hostname and port-number of servers for specified
services
• Service record: “gene...
Record Types - SOA
• Stored in a every DNS zone, specifies information about DNS zone, defined at the start of a new
zone
• ...
?
Thanks
Abhinav Mehta
@mehta_
38
Upcoming SlideShare
Loading in …5
×

Lets talk dns

598 views

Published on

Primer to DNS

Published in: Technology
  • Be the first to comment

Lets talk dns

  1. 1. Let ’s talk DNS 1
  2. 2. History • Once upon a time … • computers were very expensive • computers were very large • computers were isolated, didn’t talk to each other 2
  3. 3. Early Internet Era - ARPANET • Later, they started getting connected with others* like ARPANET which • contains few ~100 nodes • contains name to address mapping on hosts.txt file • each host obtains copies of the master hosts.txt file • files use to be replaced over FTP • *thanks to packet-switching network era 3
  4. 4. 4
  5. 5. Early Internet Era - ARPANET • Later, they started getting connected with others* like ARPANET which • contains few ~100 nodes • contains name to address mapping on hosts.txt file • each host obtains copies of the master hosts.txt file • files use to be replaced over FTP • *thanks to packet-switching network era 5
  6. 6. Sample hosts.txt 6
  7. 7. Early Internet Era - ARPANET • Later, they started getting connected with others* like ARPANET which • contains few ~100 nodes • contains name to address mapping on hosts.txt file • each host obtains copies of the master hosts.txt file • files use to be replaced over FTP • *thanks to packet-switching network era 7
  8. 8. Issues with ARPANET • ARPANET worked for a while, but not for long as • hosts.txt files became extremely large (in size) • exponential bandwidth requirements • unscalable to the needs of emerging network requirements for hosts mapping • and remember, this is decades before rsync • Problem with hosts.txt • consistency • name collision (there was no Git for conflict management) 8
  9. 9. Requirements • Essentially we need a system which • can store numbers(IP) with names mapping (database service at core) • can be able to handle changes of associations • can be distributed in nature - so no single point of failure • can be hierarchical in nature, if someone doesn't know the binding, it goes up the hierarchy • can delegate responsibility - should support a tree structure delegation 9
  10. 10. DNS • Is in use since 1980 • Defined in RFC 882 and RFC 883 in 1983 • Superseded in RFC 1034 and RFC 1035 in 1987 10
  11. 11. DNS • Async protocol • Stateless (UDP) • A very simple packet format • Compatible with IP suite protocols • Aggressive caching • response message specifies TTL • servers respond to queries with additional information • First Unix name server implementation is popularly known as BIND, written in 1984 and was first ported to Windows NT
 11
  12. 12. DNS - In reality • Data is indexed by domain names • Domain name is a sequence of labels • Labels are separated by dots (“.”) and form a tree • Domain names are case insensitive ASCII • DNS administration is share • Authority is delegated • No single entity in charge • Top to bottom approach • 13 root servers • “Empty label” covers the “.” zone 12
  13. 13. Root and TLDs • Top level domains • GTLD: Generic top-level domain (.com, .org ..) • ccTLD (.in, .eu, .uk …) • New TLDs (.tourism, .india, .book …) • IDN (‫.ایران‬ .МОСКВА) 13
  14. 14. Root and TLDs 14
  15. 15. 13 Root TLDs Hostname IP Addresses Manager • a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc. • b.root-servers.net 192.228.79.201, 2001:500:84::b University of Southern California (ISI) • c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications • d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland • e.root-servers.net 192.203.230.10 NASA (Ames Research Center) • f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc. • g.root-servers.net 192.112.36.4 US Department of Defense (NIC) • h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab) • i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod • j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 VeriSign, Inc. • k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC • l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN • m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project NOTE Generally these 13 well known root servers are compiled in or configured Also many resolvers choose to cache “.” locally 15
  16. 16. Delegation: domains and zone • Domain: entire subtree • Zone: part of domain administered by an entity (smaller, more manageable units by delegation) 16
  17. 17. DNS: Operation of the protocol • Server respond to queries • Clients recursively query servers • Responses are cached everywhere Fundamental Concept - Keep asking the same question until you get a reply or until you get bored waiting. 17
  18. 18. DNS Actors query? response recursive resolver name server authoritative server / root server stub resolver 18
  19. 19. DNS Actors 1. Clients configure recursive resolver, read from /etc/resolv.conf 19
  20. 20. DNS Actors 1. Clients configure recursive resolver, read from /etc/resolv.conf 2. Recursive resolver find answers on behalf of clients. They query the DNS from the root until they find the answer. RESOLVER - 1. stub-resolver queries to resolve names 2. queries the authoritative servers for the answer and serve it back 3. results are cached based on TTL 20
  21. 21. DNS Actors 1. Clients configure recursive resolver, read from /etc/resolv.conf 2. Recursive resolver find answers on behalf of clients. They query the DNS from the root until they find the answer. 3. Authoritative server replies authoritatively to queries. 21
  22. 22. DNS Actors • Records are in its zone file • Type A, AAAA, MX, CNAME etc • Only Answer queries for data under their authority • (only if they have internal copy of the data) • If can’t answer, it points to authority • but doesn't query recursively 22
  23. 23. DNS Flow - Example 23
  24. 24. Different type of servers • Authoritative-only DNS Servers • Authoritative severs can also be caching servers • Recursive Caching DNS Servers • Forwarding DNS Servers • Primary & Slave Servers 24
  25. 25. Queries, Responses & Flags 25
  26. 26. x • Every DNS query consists of following: • qname: a domain name(popularly know as URLs) • qtype: A, AAAA, MX etc denotes type of record • qclass: IN or CH (mostly IN is used) • Flags: QR, RD, DO, AD, EDNS Opt etc dig +short A IN google.com Flags Type Class Name 26
  27. 27. Types of DNS queries • Forward DNS query • Look up host’s IP-address by name • for example - yahoo.com has 98.138.253.109 address • Reverse DNS query • Look up host’s name by IP-address • for example - 98.138.253.109 belongs to yahoo.com 27
  28. 28. DNS Flags • qr — query response (A) • rd — recursion desired (A) (Q) • ra — recursion available (A) • aa — authoritative answer (A) 28
  29. 29. Sample DNS Query In Action query? response recursive resolver root server “.” stub resolver TLD server “.com” Host server 1. Do I know me.com? — No! 2. Do I know .com? — No! 3. Send query to resolver .. wait 4.Same(1,2) questions will be asked by recursive resolver 5. Do I know me.com? — No! 6. Send query to root server .. wait 29
  30. 30. Sample DNS dig response 30
  31. 31. DNS Record Types • A, AAAA IPv4, IPv6 address • NS NameServer • CNAME Canonical name • MX Mail Exchanger • PTR Reverse info (IP to host) • SRV Service (host + port number) • SOA Start of authority 31
  32. 32. Record Types - A, AAAA • A denotes IPv4 records • divided into 4 octets/classes • each octet is of 8 bits • maximum 2*32 combinations • AAAA denotes IPv6 records • 128 bit string • maximum 2*128 combinations 216.58.220.46 32 2404:6800:4007:800::200e
  33. 33. Record Types - NS • Name Server Record • Used to delegate a subdomain to a set of name servers • Generally we publish NS records in our authoritative name-servers for domains we are authoritative for • Appears in master and child zones 33
  34. 34. Record Types - CNAME • Canonical Name Record • rdata contains mapped domain name • Must always point to another domain-name and not to an IP address Sample example - Name Type Value bar.example.com CNAME foo.example.com 34
  35. 35. Record Types - MX • Mail Exchanger Record • Defines host which will be receiving emails • rdata contains the preference field and the hostname of the mail receiver • Lower preference == Higher priority 35
  36. 36. Record Types - SRV • Used for specifying hostname and port-number of servers for specified services • Service record: “generic” description of service • SIP and XMPP often require SRV support Sample Example - 36
  37. 37. Record Types - SOA • Stored in a every DNS zone, specifies information about DNS zone, defined at the start of a new zone • Always appears at the beginning of the zone • Each zone contains a single SOA record • Generally it contains • name of the server, that supplied the data • administrator of the zone • current version of data-zone file • number of seconds a secondary name server should wait before retrying a failed zone transfer • default TTL, etc. 37
  38. 38. ? Thanks Abhinav Mehta @mehta_ 38

×