SlideShare a Scribd company logo

DNS Fundamentals Presentation_PANDI-2022.pdf

R
roemahtoedjoeh

DNS Fundamentals for IDNIC Training

Software
1 of 38
Download to read offline
DNS Fundamental
Andy Hidayat FreeBSD SysAdmin
❖ What is DNS ? ❖ DNS Characteristics ❖ DNS Components ➢ Root Servers ➢ Domain and Namespaces ➢ Delegation and Zones ➢ Nameservers ➢ Resolvers Overview ❖ DNS Resources Record ❖ DNS Query ❖ DNS Evolution
What is DNS ? ❖ Think of Phonebook of Internet ❖ Distributed Hierarchical System for Translating Objects ❖ One of the Foundations of the Internet ❖ Critical Piece of the Internet Infrastructure ❖ Database of Internet Domain Names
Distributed Hierarchical System for Translating Objects
One of the Foundations of the Internet
Critical Piece of the Internet Infrastructure
DNS Characteristics
DNS Characteristics Globally Distributed Multiple DNS servers managed by different operators Loosely Coherent Even it’s distributed, they’re still part of single global DNS system Scalable The system can be scaled up and multiple servers can be added Reliable Critical to the function of the Internet, so it must be reliable Dynamic Anyone can add domains and records without causing outage
RFC 1032 RFC 1034 More about DNS Characteristics ❖ DNS is a client-server application ➢ Client (resolvers) must initiate request ➢ DNS server will responds with requested record information ❖ Requests and responses are normally sent via UDP port 53 ❖ Occasionally uses TCP port 53 for alternative ❖ Also use TCP for larger requests ➢ Eg. Zone transfers
DNS Components
❖ The top of the DNS hierarchy ❖ The root servers contain global list of top level domains (TLD) ➢ Generic top level domains (gTLD): .com, .net, .org ➢ Country top level domains (cTLD): .us, .id, .au ❖ There are 13 root name servers operated around the world [a-m].root-servers.net ❖ Actually there are more than 13 physical root nameservers ➢ Each has an instance deployed via anycast ➢ As of 2021, there are more than 1300 instances DNS Server Components: Root Servers
Domains are “namespaced” DNS Server Components: Domains
DNS Server Components: Zones idnic.net zone doesn’t include kadabra.idnic.net since it has been “delegated”
DNS Server Components: Delegation ❖ Administrators can create subdomains to group of hosts ❖ Administrators can delegate responsibility for managing a subdomain to someone else ❖ The parent domain retains links to the delegated subdomain ❖ Delegation is done by adding NS records
DNS Server Components: Zones ❖ Zones are “administrative spaces” ❖ Zone administrators are responsible for portion of a domain’s namespace ❖ Multiple zones can exists on the same DNS Server ❖ Authority is delegated from parent to child
DNS Server Components: Name Servers ❖ Name servers answer DNS Questions / Query ❖ Several types of name servers ➢ Authoritative Servers ■ Primary ■ Secondary ➢ Recursive Servers ■ Caching forwarders ❖ Mixture of functions
More about Authoritative Nameserver ❖ Authorized to provide an answer for particular domain ➢ Can be more than one server ❖ Management method types ➢ Primary ( Master ) ➢ Secondary ( Slave ) ❖ Only one primary nameserver ➢ All changes should be done in the primary ❖ Secondary name servers will retrieve the zone file from primary server periodically ❖ Primary server can “notify” the secondary servers
More about Recursive Nameserver ❖ Locate the authoritative nameserver to get back the answer ❖ The process is iterative - starts at the root ❖ Recursive nameservers are also usually caching servers ➢ Cache the answer locally ❖ Prefer a nearby cache ➢ Minimizes latency issues ➢ Reduce traffic
DNS Client Components: Resolvers ❖ Part of OS which formats the DNS request into UDP packets ➢ getaddrinfo, gethostbyname ❖ Every OS or host needs resolver ➢ In Linux, this is in /etc/resolv.conf ➢ Generally can be more than one address ❖ Stub Resolver ➢ Tiny DNS proxy server ➢ Doesn't do DNS resolution on it's own, only forward the query
DNS Resources Record
DNS Resources Record: Zone file entries Resources Record Function LABEL Name substitution for FQDN TTL Timing parameter, an expiration limit CLASS IN for Internet, CH for Chaos TYPE RR Type (A, AAAA, MX, PTR) for different purposes RDATA Anything after the Type identifier, additional data event.idnic.net. 300 IN A 116.193.189.4 LABEL TTL CLASS TYPE RDATA
DNS Resources Record: Record Types Record Types Function A Maps domain to IPv4 Address idnic.net ⮕ 116.193.189.4 AAAA Maps domain to IPv6 Address idnic.net ⮕ 2406:6cc0:a100:4622:116:193:189:4 MX Defines where to deliver mail for user @ domain NS Delegating zone to another nameserver PTR Reverse mapping, IP Address to domain TXT General purpose contains text information CNAME Map an alias to domain
DNS Query
DNS Query: Lookup Flow
❖ DNS requests that forwarded to a designated DNS server for resolution ❖ Forward DNS maps domain names into numeric IP address ➢ idnic.net ⮕ 116.193.189.4 ➢ google.com ⮕ 2404:6800:4003:c05::64 ❖ Each of DNS Forwarder usually also caching its requests and responses DNS Query: Forward DNS
❖ Opposite of Forward DNS, maps numeric IP address into names ➢ 8.8.8.8 ⮕ 8.8.8.8.in-addr.arpa ⮕ dns.google. ➢ 1.1.1.1 ⮕ 1.1.1.1.in-addr.arpa ⮕ one.one.one.one. ➢ 2001:4860:4860::8888 ⮕ 8.8.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arp a ⮕ dns.google. ❖ Service Denial: Allow access when fully reverse delegated ❖ Spam Identification ❖ Registration responsibilities DNS Query: Reverse DNS
❖ AAAA IPv6 Record lookup into IPv4 DNS Server run just fine ➢ AAAA Record is same thing with other record ❖ Most of software/client also lookup for AAAA along with A record DNS Query: IPv6
DNS Query
DNS Query
DNS Evolutions
DNS Evolutions: DNSSEC ❖ DNS by itself is not secure ❖ DNSSEC adds a layer of trust on top of DNS by providing authentication. ❖ DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. ❖ DNSSEC adds two important features to the DNS protocol ➢ Data origin authentication ➢ Data integrity protection
DNS Evolutions: DoT (DNS over TLS) ❖ Encrypt DNS queries and answers via SSL/TLS protocol ❖ It is TCP not UDP ❖ Similar to HTTP ⮕ HTTPS, SMTP ⮕ SMTPS ❖ It also has Authoritative DNS-over-TLS ( ADoT ) and Zone Transfer-over-TLS ( xfr-over-TLS ) ❖ Supported on most of DNS Software ❖ Supported on Android since Android 9 Pie (Private DNS)
DNS Evolutions: DoH (DNS over HTTPS) ❖ Run on top of other protocol ( HTTPS ) ❖ It has all advantage of the HTTPS protocol ❖ Somewhat more popular than DoT ❖ Some browsers have a built-in DoH client implementation ❖ Supported on most of DNS Software
DNS Playground ★ https://messwithdns.net/ ★ https://toolbox.googleapps.com/apps/dig/ ★ https://dnschecker.org/ ★ https://dnsdumpster.com/ ★ https://intodns.com/
Questions?
APNIC Academy https://s.id/1cwsb
#JagaTAUHID&StayNGOPREK Thank You

Recommended

2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Netgate
 
Session 4.1 Roy Arends
Session 4.1 Roy ArendsSession 4.1 Roy Arends
Session 4.1 Roy ArendsCommonwealth Telecommunications Organisation
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleLuis Garay
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 
Lecture 5- url-dns
Lecture 5- url-dnsLecture 5- url-dns
Lecture 5- url-dnsSaman M. Almufti
 

Recommended

2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Netgate
 
Session 4.1 Roy Arends
Session 4.1 Roy ArendsSession 4.1 Roy Arends
Session 4.1 Roy ArendsCommonwealth Telecommunications Organisation
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleLuis Garay
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 
Lecture 5- url-dns
Lecture 5- url-dnsLecture 5- url-dns
Lecture 5- url-dnsSaman M. Almufti
 
Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsWebSniffer
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An OverviewGraham Hayes
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01velimamedov
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
dnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdfdnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdfsamarth97
 
Domain Name Service
Domain Name ServiceDomain Name Service
Domain Name Servicewebhostingguy
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07gameaxt
 
Understanding DNS Security
Understanding DNS SecurityUnderstanding DNS Security
Understanding DNS SecurityNihal Pasham, CISSP
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Bangladesh Network Operators Group
 
Dns
DnsDns
DnsMd Shihab
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
 
23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view 23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view APNIC
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03Bibekananada Jena
 
Wintel
WintelWintel
WintelAnandharaj007
 
Monitoring DNS Records and Servers
Monitoring DNS Records and ServersMonitoring DNS Records and Servers
Monitoring DNS Records and ServersThousandEyes
 
Domain name system
Domain name systemDomain name system
Domain name systemmahakant sharma
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 

More Related Content

Similar to DNS Fundamentals Presentation_PANDI-2022.pdf

Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsWebSniffer
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An OverviewGraham Hayes
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01velimamedov
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
dnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdfdnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdfsamarth97
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07gameaxt
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
 
23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view 23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view APNIC
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Monitoring DNS Records and Servers
Monitoring DNS Records and ServersMonitoring DNS Records and Servers
Monitoring DNS Records and ServersThousandEyes
 

Similar to DNS Fundamentals Presentation_PANDI-2022.pdf (20)

Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introduction
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An Overview
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution process
 
dnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdfdnsppt-130413003933-phpapp02.pdf
dnsppt-130413003933-phpapp02.pdf
 
Domain Name Service
Domain Name ServiceDomain Name Service
Domain Name Service
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07
 
Understanding DNS Security
Understanding DNS SecurityUnderstanding DNS Security
Understanding DNS Security
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time
 
Dns
DnsDns
Dns
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid Scenarios
 
Private DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid ScenariosPrivate DNS Infrastructure Support in Hybrid Scenarios
Private DNS Infrastructure Support in Hybrid Scenarios
 
23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view 23rd PITA AGM and Conference: DNS Security - A holistic view
23rd PITA AGM and Conference: DNS Security - A holistic view
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03
 
Wintel
WintelWintel
Wintel
 
Monitoring DNS Records and Servers
Monitoring DNS Records and ServersMonitoring DNS Records and Servers
Monitoring DNS Records and Servers
 
Domain name system
Domain name systemDomain name system
Domain name system
 

Recently uploaded

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 

Recently uploaded (20)

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 

DNS Fundamentals Presentation_PANDI-2022.pdf

  • 3. ❖ What is DNS ? ❖ DNS Characteristics ❖ DNS Components ➢ Root Servers ➢ Domain and Namespaces ➢ Delegation and Zones ➢ Nameservers ➢ Resolvers Overview ❖ DNS Resources Record ❖ DNS Query ❖ DNS Evolution
  • 4. What is DNS ? ❖ Think of Phonebook of Internet ❖ Distributed Hierarchical System for Translating Objects ❖ One of the Foundations of the Internet ❖ Critical Piece of the Internet Infrastructure ❖ Database of Internet Domain Names
  • 5. Distributed Hierarchical System for Translating Objects
  • 6. One of the Foundations of the Internet
  • 7. Critical Piece of the Internet Infrastructure
  • 9. DNS Characteristics Globally Distributed Multiple DNS servers managed by different operators Loosely Coherent Even it’s distributed, they’re still part of single global DNS system Scalable The system can be scaled up and multiple servers can be added Reliable Critical to the function of the Internet, so it must be reliable Dynamic Anyone can add domains and records without causing outage
  • 10. RFC 1032 RFC 1034 More about DNS Characteristics ❖ DNS is a client-server application ➢ Client (resolvers) must initiate request ➢ DNS server will responds with requested record information ❖ Requests and responses are normally sent via UDP port 53 ❖ Occasionally uses TCP port 53 for alternative ❖ Also use TCP for larger requests ➢ Eg. Zone transfers
  • 12. ❖ The top of the DNS hierarchy ❖ The root servers contain global list of top level domains (TLD) ➢ Generic top level domains (gTLD): .com, .net, .org ➢ Country top level domains (cTLD): .us, .id, .au ❖ There are 13 root name servers operated around the world [a-m].root-servers.net ❖ Actually there are more than 13 physical root nameservers ➢ Each has an instance deployed via anycast ➢ As of 2021, there are more than 1300 instances DNS Server Components: Root Servers
  • 13. Domains are “namespaced” DNS Server Components: Domains
  • 14. DNS Server Components: Zones idnic.net zone doesn’t include kadabra.idnic.net since it has been “delegated”
  • 15. DNS Server Components: Delegation ❖ Administrators can create subdomains to group of hosts ❖ Administrators can delegate responsibility for managing a subdomain to someone else ❖ The parent domain retains links to the delegated subdomain ❖ Delegation is done by adding NS records
  • 16. DNS Server Components: Zones ❖ Zones are “administrative spaces” ❖ Zone administrators are responsible for portion of a domain’s namespace ❖ Multiple zones can exists on the same DNS Server ❖ Authority is delegated from parent to child
  • 17. DNS Server Components: Name Servers ❖ Name servers answer DNS Questions / Query ❖ Several types of name servers ➢ Authoritative Servers ■ Primary ■ Secondary ➢ Recursive Servers ■ Caching forwarders ❖ Mixture of functions
  • 18. More about Authoritative Nameserver ❖ Authorized to provide an answer for particular domain ➢ Can be more than one server ❖ Management method types ➢ Primary ( Master ) ➢ Secondary ( Slave ) ❖ Only one primary nameserver ➢ All changes should be done in the primary ❖ Secondary name servers will retrieve the zone file from primary server periodically ❖ Primary server can “notify” the secondary servers
  • 19. More about Recursive Nameserver ❖ Locate the authoritative nameserver to get back the answer ❖ The process is iterative - starts at the root ❖ Recursive nameservers are also usually caching servers ➢ Cache the answer locally ❖ Prefer a nearby cache ➢ Minimizes latency issues ➢ Reduce traffic
  • 20. DNS Client Components: Resolvers ❖ Part of OS which formats the DNS request into UDP packets ➢ getaddrinfo, gethostbyname ❖ Every OS or host needs resolver ➢ In Linux, this is in /etc/resolv.conf ➢ Generally can be more than one address ❖ Stub Resolver ➢ Tiny DNS proxy server ➢ Doesn't do DNS resolution on it's own, only forward the query
  • 22. DNS Resources Record: Zone file entries Resources Record Function LABEL Name substitution for FQDN TTL Timing parameter, an expiration limit CLASS IN for Internet, CH for Chaos TYPE RR Type (A, AAAA, MX, PTR) for different purposes RDATA Anything after the Type identifier, additional data event.idnic.net. 300 IN A 116.193.189.4 LABEL TTL CLASS TYPE RDATA
  • 23. DNS Resources Record: Record Types Record Types Function A Maps domain to IPv4 Address idnic.net ⮕ 116.193.189.4 AAAA Maps domain to IPv6 Address idnic.net ⮕ 2406:6cc0:a100:4622:116:193:189:4 MX Defines where to deliver mail for user @ domain NS Delegating zone to another nameserver PTR Reverse mapping, IP Address to domain TXT General purpose contains text information CNAME Map an alias to domain
  • 26. ❖ DNS requests that forwarded to a designated DNS server for resolution ❖ Forward DNS maps domain names into numeric IP address ➢ idnic.net ⮕ 116.193.189.4 ➢ google.com ⮕ 2404:6800:4003:c05::64 ❖ Each of DNS Forwarder usually also caching its requests and responses DNS Query: Forward DNS
  • 27. ❖ Opposite of Forward DNS, maps numeric IP address into names ➢ 8.8.8.8 ⮕ 8.8.8.8.in-addr.arpa ⮕ dns.google. ➢ 1.1.1.1 ⮕ 1.1.1.1.in-addr.arpa ⮕ one.one.one.one. ➢ 2001:4860:4860::8888 ⮕ 8.8.8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.8.4.0.6.8.4.1.0.0.2.ip6.arp a ⮕ dns.google. ❖ Service Denial: Allow access when fully reverse delegated ❖ Spam Identification ❖ Registration responsibilities DNS Query: Reverse DNS
  • 28. ❖ AAAA IPv6 Record lookup into IPv4 DNS Server run just fine ➢ AAAA Record is same thing with other record ❖ Most of software/client also lookup for AAAA along with A record DNS Query: IPv6
  • 32. DNS Evolutions: DNSSEC ❖ DNS by itself is not secure ❖ DNSSEC adds a layer of trust on top of DNS by providing authentication. ❖ DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. ❖ DNSSEC adds two important features to the DNS protocol ➢ Data origin authentication ➢ Data integrity protection
  • 33. DNS Evolutions: DoT (DNS over TLS) ❖ Encrypt DNS queries and answers via SSL/TLS protocol ❖ It is TCP not UDP ❖ Similar to HTTP ⮕ HTTPS, SMTP ⮕ SMTPS ❖ It also has Authoritative DNS-over-TLS ( ADoT ) and Zone Transfer-over-TLS ( xfr-over-TLS ) ❖ Supported on most of DNS Software ❖ Supported on Android since Android 9 Pie (Private DNS)
  • 34. DNS Evolutions: DoH (DNS over HTTPS) ❖ Run on top of other protocol ( HTTPS ) ❖ It has all advantage of the HTTPS protocol ❖ Somewhat more popular than DoT ❖ Some browsers have a built-in DoH client implementation ❖ Supported on most of DNS Software
  • 35. DNS Playground ★ https://messwithdns.net/ ★ https://toolbox.googleapps.com/apps/dig/ ★ https://dnschecker.org/ ★ https://dnsdumpster.com/ ★ https://intodns.com/