DNS is a distributed system that maps domain names to IP addresses. It uses a hierarchy of servers, with root servers at the top level responsible for top-level domains like .com and .org. DNS servers answer queries recursively or iteratively to lookup IP addresses. The Time-To-Live (TTL) field of DNS records determines how long caches store the records before refreshing from authoritative servers.
Computer Networks Module 1 - part 2.pdfShanthalaKV
18CS52 VTU Computer Network & Security
MODULE 1-Part 2
DNS; The Internet's Directory Service: Services Provided by DNS, Overview of How DNS Works, DNS Records and Messages, Peer-to-Peer Applications: P2P File Distribution, Distributed Hash Tables, Socket Programming: creating Network Applications: Socket Programming with UDP, Socket Programming with TCP.
Learn about the essentials of the Domain Name System (DNS), including name resolution, different record types, roots, zones, authority and recursion.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/intro-to-dns-webinar
Computer Networks Module 1 - part 2.pdfShanthalaKV
18CS52 VTU Computer Network & Security
MODULE 1-Part 2
DNS; The Internet's Directory Service: Services Provided by DNS, Overview of How DNS Works, DNS Records and Messages, Peer-to-Peer Applications: P2P File Distribution, Distributed Hash Tables, Socket Programming: creating Network Applications: Socket Programming with UDP, Socket Programming with TCP.
Learn about the essentials of the Domain Name System (DNS), including name resolution, different record types, roots, zones, authority and recursion.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/intro-to-dns-webinar
The Domain Name System (DNS) provides a way to map or translate an unfriendly numerical IP address into a people-friendly format. Although this translation isn’t mandatory, it does make the network much more useful and easy to work with for humans.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F18.shtml
A complete Coverage of DNS and its features. This ppt deals with well balanced practical and theoretical aspects of DNS. The best ppt for a novice learner.
The Domain Name System (DNS) provides a way to map or translate an unfriendly numerical IP address into a people-friendly format. Although this translation isn’t mandatory, it does make the network much more useful and easy to work with for humans.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F18.shtml
A complete Coverage of DNS and its features. This ppt deals with well balanced practical and theoretical aspects of DNS. The best ppt for a novice learner.
Can AI do good? at 'offtheCanvas' India HCI preludeAlan Dix
Invited talk at 'offtheCanvas' IndiaHCI prelude, 29th June 2024.
https://www.alandix.com/academic/talks/offtheCanvas-IndiaHCI2024/
The world is being changed fundamentally by AI and we are constantly faced with newspaper headlines about its harmful effects. However, there is also the potential to both ameliorate theses harms and use the new abilities of AI to transform society for the good. Can you make the difference?
Unleash Your Inner Demon with the "Let's Summon Demons" T-Shirt. Calling all fans of dark humor and edgy fashion! The "Let's Summon Demons" t-shirt is a unique way to express yourself and turn heads.
https://dribbble.com/shots/24253051-Let-s-Summon-Demons-Shirt
Between Filth and Fortune- Urban Cattle Foraging Realities by Devi S Nair, An...Mansi Shah
This study examines cattle rearing in urban and rural settings, focusing on milk production and consumption. By exploring a case in Ahmedabad, it highlights the challenges and processes in dairy farming across different environments, emphasising the need for sustainable practices and the essential role of milk in daily consumption.
Hello everyone! I am thrilled to present my latest portfolio on LinkedIn, marking the culmination of my architectural journey thus far. Over the span of five years, I've been fortunate to acquire a wealth of knowledge under the guidance of esteemed professors and industry mentors. From rigorous academic pursuits to practical engagements, each experience has contributed to my growth and refinement as an architecture student. This portfolio not only showcases my projects but also underscores my attention to detail and to innovative architecture as a profession.
Dive into the innovative world of smart garages with our insightful presentation, "Exploring the Future of Smart Garages." This comprehensive guide covers the latest advancements in garage technology, including automated systems, smart security features, energy efficiency solutions, and seamless integration with smart home ecosystems. Learn how these technologies are transforming traditional garages into high-tech, efficient spaces that enhance convenience, safety, and sustainability.
Ideal for homeowners, tech enthusiasts, and industry professionals, this presentation provides valuable insights into the trends, benefits, and future developments in smart garage technology. Stay ahead of the curve with our expert analysis and practical tips on implementing smart garage solutions.
1. Overview
• Last Lecture
– Scheduled tasks and log management
• This Lecture
– DNS and BIND
– Reference: DNS and BIND, 4th Edition,
O’Reilly
• Next Lecture
– Address assignment (DHCP)
1
2. 2
Problem
• How to get the IP address with an IP name?
– Mapping between IP addresses and IP names
• Simple solution
– Central database, like /etc/hosts or Sun
Microsystems’ NIS (Network Information
Service) or Windows’ WINS for LAN.
• Domain Name Service (DNS)
– A distributed solution
– BIND is an implementation, an acronym for
Berkeley Internet Name Domain
3. 3
How DNS works?
• Terms: domain name, domain name space,
domain, Fully Qualified Domain Name (FQDN)
• The name space is divided into zones
– At least one server in each zone
– Zones are /(root), net, org, nz
– Can have sub-zones in a zone, e.g. co.nz
• The servers in a zone are responsible for
answering queries about the zone
• Zones are organized hierarchically so that servers
of a zone can be traced from /(root) servers
5. 5
DNS client
• The DNS clients use the resolver library
– Resolver is a collection of C functions. The central
routines are gethostbyname and gethostbyaddr
• DNS queries are divided into two kinds
– Recursive: get the final answer of the query
– Iterative: may get redirected to another server
• There are two important files used by those
routines: host.conf and nsswitch.conf
6. 6
DNS client (cont.)
– /etc/host.conf: used by older Linux standard library
libc
• Order: use hosts file, or dns or nis
• Multi: allow to have several IP addresses for a host in /etc/
hosts
• Nospoof: check for spoofing
• Alert: syslog for spoofing
– /etc/nsswitch.conf: used by GNU standard library glibc
• Can specify the order of how to retrieve each info field such as
hosts and networks
• The retrieve methods are dns, nis, files, etc
7. 7
DNS server
• Types of servers
– Primary (master) server: data is stored in
authoritative source files and maintained by
system administrators
– Secondary (slave) server: mirrors the data
in the primary server and downloads its
data second-hand from a primary server at
regular intervals
• The name servers are specified in the
file resolv.conf in a client machine
8. 8
DNS server (cont.)
• To configure a name server, there are several
important files
– /etc/named.conf: specify where to find files for lookups and
reverse lookups at the local domain, where to forward
requests for outside of the domain
– Database files for each local domain and local subnets
• Often under pz or sz, but not required
• Get a template to create them
– named.cache or named.root
• Contains the names of root servers
• The name server needs them when a request is out of its
knowledge
• To start up name server simply type
– /usr/sbin/named
9. 9
Resource record
• Resource record format for named server
– Domain [ttl] [class] type data
– Domain: to which domain this entry applies
– ttl: force resolvers to discard info after a certain time
– Class: IN for IP addresses (Internet), other classes like Hesiod is
mostly confined to MIT)
– Record type: A, AAAA, SOA, PTR, NS, and MX
– Data: depends on type
• Best practices
– Set proper ttl field for RR
– Create PTR records (reverse mapping records) for verifying IP
addresses with IP names
10. 10
RR types
• Types of records in DNS database
– SOA: indicates the start of authority for this domain
– NS: lists a name server for this domain or sub-domain
– MX: lists a mail exchanger for this domain with
priority
– A: defines the canonical name of a host with a given IP
address; AAAA for IPv6
– CNAME: associates an alias with a canonical name
– PTR: for reverse lookup (IP address to name)
– HINFO: advertises host info, CPU and OS
– TXT: description
11. – rndc: talk with named through a TCP connection
11
Advanced features
• Caching makes DNS more efficient
– Store what the server has learnt
– TTL is important parameter for caching
• Delegation of sub-domains
– Forward requests to servers in sub-domains
– Needs to specify a server for each sub-domain
– The delegated sub-domain is called a zone in the
domain. The domain itself is a zone as well.
• Forwarders
– Reduce offsite DNS traffic
• Reverse mapping: address to name mapping
• Remote control of name server
12. your network; use secure DNS
12
Security issues
• DNS cache poisoning
– The attacker sends DNS queries to the victim DNS
server and collects the query of the server
– If the server uses static port for sending query, the
vulnerability can be exploited.
– The attacker causes the victim to send a query. Then it
send a forged answer to the victim, which makes the
forged answer into its cache. Therefore, the cache is
poisoned
– The attacker can take advantage of the poisoned cache
to impersonate a trusted host.
– Solution: don’t allow recursive query outside
13. 11: DNS 13
DNS cache poisoning
http://www.youtube.com/watch?v=1d1tUefYn4U
14. 14
Other DNS cache poisoning
• Request: what are the address records for
subdomain.attacker.example?
• Attacker's response:
– Answer:
• (no response)
• Authority section: attacker.example. 3600 IN NS
ns.kiwi_bank.co.nz.
• Additional section: ns.kiwi_bank.co.nz. IN A w.x.y.z (an IP
address controlled by the attacker)
• A vulnerable server would cache the additional A-record
(IP address) for ns.kiwi_bank.co.nz, allowing the attacker
to resolve queries to the entire kiwi_bank.co.nz domain.
15. 15
Bit-squatting
At Black Hat 2011,Artem Dinaburg introduced
a “bit-squatting” attack against DNS where an
attacker registers new domain names that differ
by one bit from popular ones, in order to collect
traffic intended for those names when bit errors
occur during communications or storage.
DNSSEC has begun to be established as a mechanism
for securing information distributed in DNS records.
The new DANE protocol being developed in the IETF
leverages DNSSEC to enable a domain name owner to
inform relying parties which certificates and certificate
authorities it trusts.
16. 16
Security issues (cont.)
• DNS-SEC: DNS Security Extensions
– origin authentication of DNS data
– data integrity
– authenticated denial of existence
– No confidentiality of data (no encryption)
– No protection against DDoS (Distributed Denial of
Service)
• DNS-TSIG
– Secret Key Transaction Authentication for DNS
18. 18
Summary
• The general understanding of how DNS
works in a distributed system.
• Recursive and iterative queries
• The impact of the TTL field of a DNS
record
