2. WHAT IS DNS?
Internet Directory Service.
A client-server application that maps host
names into their corresponding IP addresses.
Mapping host names into their corresponding
IP addresses is called name resolution or
name translation or name mapping or
Address Resolution.
2
3. WHY WE NEED DNS?
As the system grew, HOSTS.TXT had problems
with:
Scalability (traffic and load)
Reliability
Dynamicity
Name collisions
Consistency
3
4. WHY WE NEED TO USE NAME
INSTEAD OF IP NUMBERS?
IP addresses are difficult to remember
IP addresses can change
•Problem:
Network only understands numeric addresses
•Solution:
Use alpha numeric names to refer to hosts
Add a distributed, hierarchical protocol (called
DNS) to map between alpha numeric host
names and IP addresses.
4
5. THE DNS NAME SPACE
The Internet is divided into more than 200 top-level
domains
Domain: It is sub tree of the domain name space
and consists of group of hosts that are under the
administrative control of a single entity such as a
company or a government agency
Each domain is sub divided into sub domains
The leaves represent domains that have no sub
domains
A leaf domain may contain a single host, or
represent a company with thousands of hosts
5
6. THE DNS NAME SPACE
Top level domains
A portion of the Internet domain name space 6
7. DOMAIN
Domain is a sub tree of domain name space
Root node is empty
Domain is divided into sub-domains
Domain name is the domain name of the node at
the top of the sub tree
7
Sub
Sub
Sub
8. HIERARCHY OF NAME SERVERS
DNS is a distributed data base system
Uses a large number of computers called name servers
Organized in a hierarchical way and distributed all over
the world
No single host has all the exact mappings for all the
hosts in the Internet
8
9. HOW DNS WORKS
A network host is configured with an initial cache (so
called hints) of the known addresses of the root name
servers. Such a hint file is updated periodically by an
administrator from are liable source.
DNS zone is loaded on authoritative servers keep in sync
using information in SOA RR via AXFR, IXFR or other
means.
DNS caches only store data for a short time.
DNS Recursive Resolvers start at “longest match” on
query name they have when looking for data, and follow
delegations until an answer or a negative answer is
received. 9
11. ADVANCED DNS PROTECTION
DNS is one of the fastest growing attack vectors.
DNS is now tied with http as the top targeted
service of application layer attacks and is the
number one protocol used in reflection/
amplification attacks. DNS-based attacks can bring
down the network or redirect users away from your
website.
11