SlideShare a Scribd company logo

What You Need to Know - Domain Name System (DNS)

Wes Morgan
Wes Morgan

A drinking-from-the-firehose introduction to the Domain Name System and the various behind-the-scenes records that make it work.

Internet
1 of 24
Download to read offline
© 2009 IBM Corporation IBM Collaboration Solutions What You Need to Know: Domain Name System (DNS) Wes Morgan WW ICS SWAT wes_morgan@us.ibm.com
© 2012 IBM Corporation November 8, 2016 Directory Assistance for TCP/IP Networks ● Humans don't “do” numerical addresses ● We like names ● More to the point, we like organized names ● DNS organizes hosts into domains, which it calls zones ● DNS can also organize/advertise services ● Zones may host other zones (aka “subdomains”) ● There is only ONE authoritative source for each zone ● DNS establishes a hierarchy of zones under a “root” zone Doing a “DNS lookup” simply means that we travel up, down, and/or across the hierarchy until we find the information we need
© 2012 IBM Corporation November 8, 2016 DNS Zones and Individual Hosts flamtap.lex.ky.us .us zone .ky.us zone lex.ky.us zone root zone .com .org .jp .edu .ny.us .ca.us .bg.ky.us .lou.ky.us ruff longroll Top-Level Domains (TLDs) Fully Qualified Domain Name (FQDN) Individual hosts booga
© 2012 IBM Corporation November 8, 2016 It's All About Resources... ● EVERYTHING in DNS is a resource ● DNS provides resource records (RRs) in response to queries ● So, a big part of “configuring DNS” is setting up RRs correctly ● As DNS has grown, so has the number of RRs supported ● We'll only touch upon the RRs we most frequently encounter: ● SOA – Start of Authority ● NS – Name Server ● A – Address (IPv4) ● AAAA – Address (IPv6) ● CNAME – Canonical Name ● MX – Mail eXchanger ● SRV – Service ● PTR – Pointer
© 2012 IBM Corporation November 8, 2016 SOA – Respect My Authority! ● Remember, there can be only one authority for each zone ● However, customers may have separate internal/external zones with the same name (aka “split horizon” DNS) with different authoritative name servers AND DIFFERENT DATA! ● The Start of Authority (SOA) record includes ● The authoritative server for the zone (aka “origin” or “primary name server”) ● The email address of the responsible party (without @) ● Other information used by secondary DNS servers in the zone
© 2012 IBM Corporation November 8, 2016 SOA Examples a ibm.com (external) ibm.com (internal)
© 2012 IBM Corporation November 8, 2016 NS Records – Nameservers ● NS records simply list all nameservers for a given zone ● This does NOT mean that all of them are up and running! ● Clients may send queries to any listed nameserver
© 2012 IBM Corporation November 8, 2016 A & AAAA Records – Give Me An IP Address! ● Almost all DNS queries lead to an actual Address (A/AAAA) record ● A records provide IPv4 address, while AAAA records are IPv6
© 2012 IBM Corporation November 8, 2016 A & AAAA Records – There Might Be More Than One! ● Multiple Address records may be provided for a single name ● Usually indicates a clustered server environment ● Address records are not prioritized; multiple Address records returned in rotating order (aka “round-robin”) ● Clients will attempt to reach addresses in the order provided } } Note different order of responses between the two queries
© 2012 IBM Corporation November 8, 2016 CNAME – What's the REAL Name? ● End users like easy-to-remember names, but admins have to deal with real system names ● Canonical Name (CNAME) records specify the “real name” of the system queried ● In other words, it lets us create aliases ● CNAME records can reference other CNAMEs (i.e. an alias pointing to another alias) ● You may see this in queries whose responses change according to geography (e.g. cloud resources)
© 2012 IBM Corporation November 8, 2016 CNAME – Chained Example ● Multiple levels of CNAMEs usually indicate dynamic DNS ● May indicate geographic DNS ● Often seen with Akamai and other content delivery networks ● When you see this, have affected users do queries too! ● They may be sent to different destinations!
© 2012 IBM Corporation November 8, 2016 CNAME – Chained Example ● Multiple levels of CNAMEs usually indicate dynamic DNS ● May indicate geographic DNS ● Often seen with Akamai and other content delivery networks ● When you see this, have affected users do queries too! ● They may be sent to different destinations!
© 2012 IBM Corporation November 8, 2016 MX Records – Where Can I Deliver Email to You? ● Mail eXchanger (MX) records list the email server(s) for the zone ● Multiple systems can be designated as mail exchangers ● MX records are be prioritized (usually in increments of 10) ● Clients will try to use the highest-priority (lowest-numbered) host first
© 2012 IBM Corporation November 8, 2016 SPF – Who Can Deliver Mail for Me? ● Sender Policy Framework (SPF) uses TeXT records (TXT) to specify what hosts can deliver mail on behalf of a given domain ● SPF used in mail security – if SPF fails, delivery attempt rejected ● Example of leveraging DNS for application-layer information
© 2012 IBM Corporation November 8, 2016 SRV Records – Services of All Sorts ● Service (SRV) records announce specific services via DNS ● General format is _service._protocol.dnsdomainname ● Heavily used in Active Directory environments _ldap._tcp.<DNSdomainName> – LDAP server for DNS domain _ldap._tcp.pdc._msdcs.<DNSdomainName> - Primary DC _kerberos._tcp.dc._msdcs.<DNDDomainName> - Kerberos DC ● Also seen in SIP and XMPP environments
© 2012 IBM Corporation November 8, 2016 PTR Records – I Have the Number, I Want the NAME! ● Pointer (PTR) records associate numbers back to names ● Commonly called “reverse DNS” ● Reverses the IP address & uses a pseudo-domain of “in-addr.arpa” ● Many mail security systems require valid reverse DNS before accepting email from a given host ● Not generally required, but can be useful
© 2012 IBM Corporation November 8, 2016 So, What Actually Happens When I Send a Query to DNS? ● Most DNS servers are recursive ● They will follow the trail until they have your answer ● Your client doesn't do the legwork ● Almost all DNS servers cache responses ● Cache lifetime (aka time-to-live or TTL) of each RR is set by its authoritative server (in seconds) ● So, you give a command like “ping -c 2 www.facebook.com” and it executes against an IP address, like so: ...but how did DNS get me from 'www.facebook.com' to 157.240.2.35?
© 2012 IBM Corporation November 8, 2016 Behind the Scenes on the DNS Server ● Assuming that no cached information was available, the DNS server took your query for 'www.facebook.com' and started working backwards ● It went to the root zone nameservers and asked for .com NS ● It went to a .com name server and asked about facebook.com NS ● It went to a .facebook.com name server and asked about www.faceboook.com ● It got a CNAME RR in response, so it had to ask a .facebook.com nameserver about the canonical name ● It had valid cached info for .com and .facebook.com, so it didn't have to repeat those queries ● It finally received an A record, which it returned to your client If you want to see what this process looks like for any FQDN, check out http://simpledns.com/lookup-dg.aspx (It's a good thing that we have caching servers and TTLs, huh?)
© 2012 IBM Corporation November 8, 2016 A Food-for-Thought Exercise
© 2012 IBM Corporation November 8, 2016 Easing the Burden – Forwarding DNS Servers ● Going all the way to the root zone for every query would be prohibitively slow/costly and consume significant resources ● Use of forwarding servers spreads the work ● Forwarding DNS servers are NOT recursive; they pass queries for which they have no answers cached to the “next server up” ● As queries and responses are sent up and down the line, each server caches the responses (according to its TTL) ● Clients do not know if forwarding servers are used ● Responses might be from the forwarded server's perspective! ● Most ISPs offer forwarding DNS services, but don't require customers to use them dns.ap.company1.com dns.na.company1.com dns.eu.company1.com Internet
© 2012 IBM Corporation November 8, 2016 Troubleshooting Connectivity? ALWAYS Check DNS! ● If DNS is wrong, NOTHING will work! ● Do NOT trust, use, or recommend “hosts files” ● “Hosts files” supplant DNS – DNS won't be queried if the “hosts file” has a matching entry ● Many customer issues caused by outdated hosts file entries ● Don't use IP addresses in configurations – use FQDNs! ● FQDNs in configuration + working DNS survives server/address changes ● Use of VPN may change DNS servers! ● Presence of round-robin DNS = no load balancers in use ● Single A record for FQDN of a cluster = load balancer in use ● Different answers internal/external may indicate split horizon DNS or (with cloud) content delivery networks (e.g. Akamai) ● Other names might be yielding different answers, too! ● Different answers within an enterprise may indicate Global Load Balancing (GLB) in use ● Using tcpdump/Wireshark? DNS query/response is udp/53, server/server (zone transfer) is tcp/53
© 2012 IBM Corporation November 8, 2016 DNS Tools ● nslookup – built-in tool for Windows, Macintosh, AIX, Linux ● Uses system's DNS server as default ● Use “server A.B.C.D” to send queries to specific DNS server ● Use “set type=<RR type>” to query specific records ● Use “set type=ANY” to see all records associated with name ● dig – part of the BIND reference implementation of DNS ● Open-source package from Internet Systems Consortium ● BIND is (by FAR) the most widely used DNS server ● Built-in for Macintosh and many Linux distributions ● https://www.isc.org/downloads/bind/ for Windows binaries and Linux source code ● Windows: install “Tools Only” unless you want to run your own DNS server ● Allows quick command-line queries, e.g. “dig ns google.com” ● Allows “any” keyword to see all records, e.g. “dig any ibm.com”
© 2012 IBM Corporation November 8, 2016 Closing Exercise – What Do You See?
© 2012 IBM Corporation November 8, 2016 Questions & Answers

Recommended

EVCache: Lowering Costs for a Low Latency Cache with RocksDB
EVCache: Lowering Costs for a Low Latency Cache with RocksDBEVCache: Lowering Costs for a Low Latency Cache with RocksDB
EVCache: Lowering Costs for a Low Latency Cache with RocksDBScott Mansfield
 
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored Nodes
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored NodesAchieving HBase Multi-Tenancy with RegionServer Groups and Favored Nodes
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored NodesDataWorks Summit
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01velimamedov
 
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookTech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookThe Hive
 
Aws route 53
Aws route 53Aws route 53
Aws route 53Rafael Salerno de Oliveira
 
5 technical-dns-workshop-day3
5 technical-dns-workshop-day35 technical-dns-workshop-day3
5 technical-dns-workshop-day3DNS Entrepreneurship Center
 
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
HBaseCon 2015: Multitenancy in HBase
HBaseCon 2015: Multitenancy in HBaseHBaseCon 2015: Multitenancy in HBase
HBaseCon 2015: Multitenancy in HBaseHBaseCon
 

Recommended

EVCache: Lowering Costs for a Low Latency Cache with RocksDB
EVCache: Lowering Costs for a Low Latency Cache with RocksDBEVCache: Lowering Costs for a Low Latency Cache with RocksDB
EVCache: Lowering Costs for a Low Latency Cache with RocksDBScott Mansfield
 
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored Nodes
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored NodesAchieving HBase Multi-Tenancy with RegionServer Groups and Favored Nodes
Achieving HBase Multi-Tenancy with RegionServer Groups and Favored NodesDataWorks Summit
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01velimamedov
 
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookTech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookThe Hive
 
Aws route 53
Aws route 53Aws route 53
Aws route 53Rafael Salerno de Oliveira
 
5 technical-dns-workshop-day3
5 technical-dns-workshop-day35 technical-dns-workshop-day3
5 technical-dns-workshop-day3DNS Entrepreneurship Center
 
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
HBaseCon 2015: Multitenancy in HBase
HBaseCon 2015: Multitenancy in HBaseHBaseCon 2015: Multitenancy in HBase
HBaseCon 2015: Multitenancy in HBaseHBaseCon
 
MongoDB at eBay
MongoDB at eBayMongoDB at eBay
MongoDB at eBayMongoDB
 
1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Some key value stores using log-structure
Some key value stores using log-structureSome key value stores using log-structure
Some key value stores using log-structureZhichao Liang
 
Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)Samarth Shetty
 
HBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on MesosHBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on MesosHBaseCon
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compactionMIJIN AN
 
hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0HBaseCon
 
SPDY Talk
SPDY TalkSPDY Talk
SPDY TalkBojan Babic
 
Meet HBase 1.0
Meet HBase 1.0Meet HBase 1.0
Meet HBase 1.0enissoz
 
HBase Accelerated: In-Memory Flush and Compaction
HBase Accelerated: In-Memory Flush and CompactionHBase Accelerated: In-Memory Flush and Compaction
HBase Accelerated: In-Memory Flush and CompactionDataWorks Summit/Hadoop Summit
 
HBase Storage Internals
HBase Storage InternalsHBase Storage Internals
HBase Storage InternalsDataWorks Summit
 
HBase: Extreme Makeover
HBase: Extreme MakeoverHBase: Extreme Makeover
HBase: Extreme MakeoverHBaseCon
 
Scaling HBase for Big Data
Scaling HBase for Big DataScaling HBase for Big Data
Scaling HBase for Big DataSalesforce Engineering
 
Facebook keynote-nicolas-qcon
Facebook keynote-nicolas-qconFacebook keynote-nicolas-qcon
Facebook keynote-nicolas-qconYiwei Ma
 
HBase Sizing Guide
HBase Sizing GuideHBase Sizing Guide
HBase Sizing Guidelarsgeorge
 
HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014larsgeorge
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detailMIJIN AN
 
Operating and supporting HBase Clusters
Operating and supporting HBase ClustersOperating and supporting HBase Clusters
Operating and supporting HBase Clustersenissoz
 
HBase Advanced - Lars George
HBase Advanced - Lars GeorgeHBase Advanced - Lars George
HBase Advanced - Lars GeorgeJAX London
 
HBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ SalesforceHBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ SalesforceHBaseCon
 
DNS - Jaringan Komputer
DNS - Jaringan KomputerDNS - Jaringan Komputer
DNS - Jaringan KomputerImam Suharjo
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 

More Related Content

What's hot

MongoDB at eBay
MongoDB at eBayMongoDB at eBay
MongoDB at eBayMongoDB
 
Some key value stores using log-structure
Some key value stores using log-structureSome key value stores using log-structure
Some key value stores using log-structureZhichao Liang
 
Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)Samarth Shetty
 
HBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on MesosHBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on MesosHBaseCon
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compactionMIJIN AN
 
hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0HBaseCon
 
Meet HBase 1.0
Meet HBase 1.0Meet HBase 1.0
Meet HBase 1.0enissoz
 
HBase: Extreme Makeover
HBase: Extreme MakeoverHBase: Extreme Makeover
HBase: Extreme MakeoverHBaseCon
 
Facebook keynote-nicolas-qcon
Facebook keynote-nicolas-qconFacebook keynote-nicolas-qcon
Facebook keynote-nicolas-qconYiwei Ma
 
HBase Sizing Guide
HBase Sizing GuideHBase Sizing Guide
HBase Sizing Guidelarsgeorge
 
HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014larsgeorge
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detailMIJIN AN
 
Operating and supporting HBase Clusters
Operating and supporting HBase ClustersOperating and supporting HBase Clusters
Operating and supporting HBase Clustersenissoz
 
HBase Advanced - Lars George
HBase Advanced - Lars GeorgeHBase Advanced - Lars George
HBase Advanced - Lars GeorgeJAX London
 
HBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ SalesforceHBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ SalesforceHBaseCon
 

What's hot (20)

MongoDB at eBay
MongoDB at eBayMongoDB at eBay
MongoDB at eBay
 
1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1
 
Some key value stores using log-structure
Some key value stores using log-structureSome key value stores using log-structure
Some key value stores using log-structure
 
Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)Riding the Stream Processing Wave (Strange loop 2019)
Riding the Stream Processing Wave (Strange loop 2019)
 
HBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on MesosHBaseCon 2015: Elastic HBase on Mesos
HBaseCon 2015: Elastic HBase on Mesos
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compaction
 
hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0hbaseconasia2017: hbase-2.0.0
hbaseconasia2017: hbase-2.0.0
 
SPDY Talk
SPDY TalkSPDY Talk
SPDY Talk
 
Meet HBase 1.0
Meet HBase 1.0Meet HBase 1.0
Meet HBase 1.0
 
HBase Accelerated: In-Memory Flush and Compaction
HBase Accelerated: In-Memory Flush and CompactionHBase Accelerated: In-Memory Flush and Compaction
HBase Accelerated: In-Memory Flush and Compaction
 
HBase Storage Internals
HBase Storage InternalsHBase Storage Internals
HBase Storage Internals
 
HBase: Extreme Makeover
HBase: Extreme MakeoverHBase: Extreme Makeover
HBase: Extreme Makeover
 
Scaling HBase for Big Data
Scaling HBase for Big DataScaling HBase for Big Data
Scaling HBase for Big Data
 
Facebook keynote-nicolas-qcon
Facebook keynote-nicolas-qconFacebook keynote-nicolas-qcon
Facebook keynote-nicolas-qcon
 
HBase Sizing Guide
HBase Sizing GuideHBase Sizing Guide
HBase Sizing Guide
 
HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014HBase Applications - Atlanta HUG - May 2014
HBase Applications - Atlanta HUG - May 2014
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detail
 
Operating and supporting HBase Clusters
Operating and supporting HBase ClustersOperating and supporting HBase Clusters
Operating and supporting HBase Clusters
 
HBase Advanced - Lars George
HBase Advanced - Lars GeorgeHBase Advanced - Lars George
HBase Advanced - Lars George
 
HBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ SalesforceHBaseCon 2015: HBase Performance Tuning @ Salesforce
HBaseCon 2015: HBase Performance Tuning @ Salesforce
 

Similar to What You Need to Know - Domain Name System (DNS)

DNS - Jaringan Komputer
DNS - Jaringan KomputerDNS - Jaringan Komputer
DNS - Jaringan KomputerImam Suharjo
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An OverviewGraham Hayes
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleLuis Garay
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)Amandeep Kaur
 
server notes for beginners
server notes for beginners server notes for beginners
server notes for beginners Abhishek Maurya
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Netgate
 
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptxc5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptxchakravardhannani123
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentationrituchouhan1508
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxUsmanAhmed269749
 
Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsWebSniffer
 

Similar to What You Need to Know - Domain Name System (DNS) (20)

DNS - Jaringan Komputer
DNS - Jaringan KomputerDNS - Jaringan Komputer
DNS - Jaringan Komputer
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An Overview
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server role
 
Linux basics andng hosti
Linux basics andng hostiLinux basics andng hosti
Linux basics andng hosti
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
 
server notes for beginners
server notes for beginners server notes for beginners
server notes for beginners
 
Dns
DnsDns
Dns
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
 
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptxc5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
 
7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNS
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentation
 
DNS
DNSDNS
DNS
 
DomainNameSystem
DomainNameSystemDomainNameSystem
DomainNameSystem
 
Dot Com In A Day
Dot Com In A DayDot Com In A Day
Dot Com In A Day
 
3_CHAP~2.PPT
3_CHAP~2.PPT3_CHAP~2.PPT
3_CHAP~2.PPT
 
DNS.docx
DNS.docxDNS.docx
DNS.docx
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptx
 
Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals
 
Presentation2.pptx
Presentation2.pptxPresentation2.pptx
Presentation2.pptx
 

More from Wes Morgan

So, You're Going to the Cloud? Start Preparing NOW!
So, You're Going to the Cloud? Start Preparing NOW!So, You're Going to the Cloud? Start Preparing NOW!
So, You're Going to the Cloud? Start Preparing NOW!Wes Morgan
 
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Wes Morgan
 
Going Cloud, Going Mobile: Will Your Network Drag You Down?
Going Cloud, Going Mobile: Will Your Network Drag You Down?Going Cloud, Going Mobile: Will Your Network Drag You Down?
Going Cloud, Going Mobile: Will Your Network Drag You Down?Wes Morgan
 
Digital Nightmares - The Biggest Performance Killers in Your Environment
Digital Nightmares - The Biggest Performance Killers in Your EnvironmentDigital Nightmares - The Biggest Performance Killers in Your Environment
Digital Nightmares - The Biggest Performance Killers in Your EnvironmentWes Morgan
 
Chordspeller 2.0
Chordspeller 2.0Chordspeller 2.0
Chordspeller 2.0Wes Morgan
 
The Gurubox Project: Open Source Troubleshooting Tools
The Gurubox Project: Open Source Troubleshooting ToolsThe Gurubox Project: Open Source Troubleshooting Tools
The Gurubox Project: Open Source Troubleshooting ToolsWes Morgan
 
JMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopJMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopWes Morgan
 
ID114 - Wrestling the Snake: Performance Tuning 101
ID114 - Wrestling the Snake: Performance Tuning 101ID114 - Wrestling the Snake: Performance Tuning 101
ID114 - Wrestling the Snake: Performance Tuning 101Wes Morgan
 

More from Wes Morgan (8)

So, You're Going to the Cloud? Start Preparing NOW!
So, You're Going to the Cloud? Start Preparing NOW!So, You're Going to the Cloud? Start Preparing NOW!
So, You're Going to the Cloud? Start Preparing NOW!
 
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
 
Going Cloud, Going Mobile: Will Your Network Drag You Down?
Going Cloud, Going Mobile: Will Your Network Drag You Down?Going Cloud, Going Mobile: Will Your Network Drag You Down?
Going Cloud, Going Mobile: Will Your Network Drag You Down?
 
Digital Nightmares - The Biggest Performance Killers in Your Environment
Digital Nightmares - The Biggest Performance Killers in Your EnvironmentDigital Nightmares - The Biggest Performance Killers in Your Environment
Digital Nightmares - The Biggest Performance Killers in Your Environment
 
Chordspeller 2.0
Chordspeller 2.0Chordspeller 2.0
Chordspeller 2.0
 
The Gurubox Project: Open Source Troubleshooting Tools
The Gurubox Project: Open Source Troubleshooting ToolsThe Gurubox Project: Open Source Troubleshooting Tools
The Gurubox Project: Open Source Troubleshooting Tools
 
JMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopJMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment Workshop
 
ID114 - Wrestling the Snake: Performance Tuning 101
ID114 - Wrestling the Snake: Performance Tuning 101ID114 - Wrestling the Snake: Performance Tuning 101
ID114 - Wrestling the Snake: Performance Tuning 101
 

Recently uploaded

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 

Recently uploaded (20)

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

What You Need to Know - Domain Name System (DNS)

  • 1. © 2009 IBM Corporation IBM Collaboration Solutions What You Need to Know: Domain Name System (DNS) Wes Morgan WW ICS SWAT wes_morgan@us.ibm.com
  • 2. © 2012 IBM Corporation November 8, 2016 Directory Assistance for TCP/IP Networks ● Humans don't “do” numerical addresses ● We like names ● More to the point, we like organized names ● DNS organizes hosts into domains, which it calls zones ● DNS can also organize/advertise services ● Zones may host other zones (aka “subdomains”) ● There is only ONE authoritative source for each zone ● DNS establishes a hierarchy of zones under a “root” zone Doing a “DNS lookup” simply means that we travel up, down, and/or across the hierarchy until we find the information we need
  • 3. © 2012 IBM Corporation November 8, 2016 DNS Zones and Individual Hosts flamtap.lex.ky.us .us zone .ky.us zone lex.ky.us zone root zone .com .org .jp .edu .ny.us .ca.us .bg.ky.us .lou.ky.us ruff longroll Top-Level Domains (TLDs) Fully Qualified Domain Name (FQDN) Individual hosts booga
  • 4. © 2012 IBM Corporation November 8, 2016 It's All About Resources... ● EVERYTHING in DNS is a resource ● DNS provides resource records (RRs) in response to queries ● So, a big part of “configuring DNS” is setting up RRs correctly ● As DNS has grown, so has the number of RRs supported ● We'll only touch upon the RRs we most frequently encounter: ● SOA – Start of Authority ● NS – Name Server ● A – Address (IPv4) ● AAAA – Address (IPv6) ● CNAME – Canonical Name ● MX – Mail eXchanger ● SRV – Service ● PTR – Pointer
  • 5. © 2012 IBM Corporation November 8, 2016 SOA – Respect My Authority! ● Remember, there can be only one authority for each zone ● However, customers may have separate internal/external zones with the same name (aka “split horizon” DNS) with different authoritative name servers AND DIFFERENT DATA! ● The Start of Authority (SOA) record includes ● The authoritative server for the zone (aka “origin” or “primary name server”) ● The email address of the responsible party (without @) ● Other information used by secondary DNS servers in the zone
  • 6. © 2012 IBM Corporation November 8, 2016 SOA Examples a ibm.com (external) ibm.com (internal)
  • 7. © 2012 IBM Corporation November 8, 2016 NS Records – Nameservers ● NS records simply list all nameservers for a given zone ● This does NOT mean that all of them are up and running! ● Clients may send queries to any listed nameserver
  • 8. © 2012 IBM Corporation November 8, 2016 A & AAAA Records – Give Me An IP Address! ● Almost all DNS queries lead to an actual Address (A/AAAA) record ● A records provide IPv4 address, while AAAA records are IPv6
  • 9. © 2012 IBM Corporation November 8, 2016 A & AAAA Records – There Might Be More Than One! ● Multiple Address records may be provided for a single name ● Usually indicates a clustered server environment ● Address records are not prioritized; multiple Address records returned in rotating order (aka “round-robin”) ● Clients will attempt to reach addresses in the order provided } } Note different order of responses between the two queries
  • 10. © 2012 IBM Corporation November 8, 2016 CNAME – What's the REAL Name? ● End users like easy-to-remember names, but admins have to deal with real system names ● Canonical Name (CNAME) records specify the “real name” of the system queried ● In other words, it lets us create aliases ● CNAME records can reference other CNAMEs (i.e. an alias pointing to another alias) ● You may see this in queries whose responses change according to geography (e.g. cloud resources)
  • 11. © 2012 IBM Corporation November 8, 2016 CNAME – Chained Example ● Multiple levels of CNAMEs usually indicate dynamic DNS ● May indicate geographic DNS ● Often seen with Akamai and other content delivery networks ● When you see this, have affected users do queries too! ● They may be sent to different destinations!
  • 12. © 2012 IBM Corporation November 8, 2016 CNAME – Chained Example ● Multiple levels of CNAMEs usually indicate dynamic DNS ● May indicate geographic DNS ● Often seen with Akamai and other content delivery networks ● When you see this, have affected users do queries too! ● They may be sent to different destinations!
  • 13. © 2012 IBM Corporation November 8, 2016 MX Records – Where Can I Deliver Email to You? ● Mail eXchanger (MX) records list the email server(s) for the zone ● Multiple systems can be designated as mail exchangers ● MX records are be prioritized (usually in increments of 10) ● Clients will try to use the highest-priority (lowest-numbered) host first
  • 14. © 2012 IBM Corporation November 8, 2016 SPF – Who Can Deliver Mail for Me? ● Sender Policy Framework (SPF) uses TeXT records (TXT) to specify what hosts can deliver mail on behalf of a given domain ● SPF used in mail security – if SPF fails, delivery attempt rejected ● Example of leveraging DNS for application-layer information
  • 15. © 2012 IBM Corporation November 8, 2016 SRV Records – Services of All Sorts ● Service (SRV) records announce specific services via DNS ● General format is _service._protocol.dnsdomainname ● Heavily used in Active Directory environments _ldap._tcp.<DNSdomainName> – LDAP server for DNS domain _ldap._tcp.pdc._msdcs.<DNSdomainName> - Primary DC _kerberos._tcp.dc._msdcs.<DNDDomainName> - Kerberos DC ● Also seen in SIP and XMPP environments
  • 16. © 2012 IBM Corporation November 8, 2016 PTR Records – I Have the Number, I Want the NAME! ● Pointer (PTR) records associate numbers back to names ● Commonly called “reverse DNS” ● Reverses the IP address & uses a pseudo-domain of “in-addr.arpa” ● Many mail security systems require valid reverse DNS before accepting email from a given host ● Not generally required, but can be useful
  • 17. © 2012 IBM Corporation November 8, 2016 So, What Actually Happens When I Send a Query to DNS? ● Most DNS servers are recursive ● They will follow the trail until they have your answer ● Your client doesn't do the legwork ● Almost all DNS servers cache responses ● Cache lifetime (aka time-to-live or TTL) of each RR is set by its authoritative server (in seconds) ● So, you give a command like “ping -c 2 www.facebook.com” and it executes against an IP address, like so: ...but how did DNS get me from 'www.facebook.com' to 157.240.2.35?
  • 18. © 2012 IBM Corporation November 8, 2016 Behind the Scenes on the DNS Server ● Assuming that no cached information was available, the DNS server took your query for 'www.facebook.com' and started working backwards ● It went to the root zone nameservers and asked for .com NS ● It went to a .com name server and asked about facebook.com NS ● It went to a .facebook.com name server and asked about www.faceboook.com ● It got a CNAME RR in response, so it had to ask a .facebook.com nameserver about the canonical name ● It had valid cached info for .com and .facebook.com, so it didn't have to repeat those queries ● It finally received an A record, which it returned to your client If you want to see what this process looks like for any FQDN, check out http://simpledns.com/lookup-dg.aspx (It's a good thing that we have caching servers and TTLs, huh?)
  • 19. © 2012 IBM Corporation November 8, 2016 A Food-for-Thought Exercise
  • 20. © 2012 IBM Corporation November 8, 2016 Easing the Burden – Forwarding DNS Servers ● Going all the way to the root zone for every query would be prohibitively slow/costly and consume significant resources ● Use of forwarding servers spreads the work ● Forwarding DNS servers are NOT recursive; they pass queries for which they have no answers cached to the “next server up” ● As queries and responses are sent up and down the line, each server caches the responses (according to its TTL) ● Clients do not know if forwarding servers are used ● Responses might be from the forwarded server's perspective! ● Most ISPs offer forwarding DNS services, but don't require customers to use them dns.ap.company1.com dns.na.company1.com dns.eu.company1.com Internet
  • 21. © 2012 IBM Corporation November 8, 2016 Troubleshooting Connectivity? ALWAYS Check DNS! ● If DNS is wrong, NOTHING will work! ● Do NOT trust, use, or recommend “hosts files” ● “Hosts files” supplant DNS – DNS won't be queried if the “hosts file” has a matching entry ● Many customer issues caused by outdated hosts file entries ● Don't use IP addresses in configurations – use FQDNs! ● FQDNs in configuration + working DNS survives server/address changes ● Use of VPN may change DNS servers! ● Presence of round-robin DNS = no load balancers in use ● Single A record for FQDN of a cluster = load balancer in use ● Different answers internal/external may indicate split horizon DNS or (with cloud) content delivery networks (e.g. Akamai) ● Other names might be yielding different answers, too! ● Different answers within an enterprise may indicate Global Load Balancing (GLB) in use ● Using tcpdump/Wireshark? DNS query/response is udp/53, server/server (zone transfer) is tcp/53
  • 22. © 2012 IBM Corporation November 8, 2016 DNS Tools ● nslookup – built-in tool for Windows, Macintosh, AIX, Linux ● Uses system's DNS server as default ● Use “server A.B.C.D” to send queries to specific DNS server ● Use “set type=<RR type>” to query specific records ● Use “set type=ANY” to see all records associated with name ● dig – part of the BIND reference implementation of DNS ● Open-source package from Internet Systems Consortium ● BIND is (by FAR) the most widely used DNS server ● Built-in for Macintosh and many Linux distributions ● https://www.isc.org/downloads/bind/ for Windows binaries and Linux source code ● Windows: install “Tools Only” unless you want to run your own DNS server ● Allows quick command-line queries, e.g. “dig ns google.com” ● Allows “any” keyword to see all records, e.g. “dig any ibm.com”
  • 23. © 2012 IBM Corporation November 8, 2016 Closing Exercise – What Do You See?
  • 24. © 2012 IBM Corporation November 8, 2016 Questions & Answers