Embed Size (px)
Citation preview
1
Domain Names SystemThe Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
A domain name is the sequence of labels from a node to the root, separated by dots (“.”s), read left to right◦ The name space has a maximum depth of 127 levels◦ Domain names are limited to 255 characters in
length A node’s domain name identifies its position in the
name space
2
d a ko ta
w e s t
to rna do
e a st w w w
n o m in um m e ta in fo
com
b e rke ley n w u
e du g ov
n a to
in t
a rm y
m il
uu
n e t o rg
""
SubdomainsSubdomainsOne domain is a subdomain of another if its
apex node is a descendant of the other’s apex node
More simply, one domain is a subdomain of another if its domain name ends in the other’s domain name◦ So sales.nominum.com is a subdomain of
nominum.com com
◦ nominum.com is a subdomain of com
3
4
Domain name space
The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more resource records, which hold information associated with the domain name. The tree sub-divides into zones beginning at the root zone. A DNS zone may consist of only one domain, or may consist of many domains and sub-domains, depending on the administrative authority delegated to the manager.
Administrative responsibility over any zone may be divided by creating additional zones. Authority is said to be delegated for a portion of the old space, usually in the form of sub-domains, to another nameserver and administrative entity. The old zone ceases to be authoritative for the new zone
Domain Name Space◦Domain Top-level Domain
com, edu, gov, mil, net, org, int
◦Delegation◦Forward / Reverse
winnie.corp.hp.com 15.16.192.152
5
6
The Domain Name System is maintained by a distributed database system, which uses the client-server model. The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root nameservers, the servers to query when looking up (resolving) a TLD
Name servers
Name ServersName ServersName servers store information about the
name space in units called “zones”◦ The name servers that load a complete zone are
said to “have authority for” or “be authoritative for” the zone
Usually, more than one name server are authoritative for the same zone◦ This ensures redundancy and spreads the load
Also, a single name server may be authoritative for many zones
7
Types of Name ServersTypes of Name Servers
8
Two main types of servers– Authoritative – maintains the data
Master – where the data is edited Slave – where data is replicated to
– Caching – stores data obtained from an authoritative server
– The most common name server implementation (BIND) combines these two into a single process
Other types exist… No special hardware necessary
Name Servers and ZonesName Servers and Zones
9
128.8.10.5nominum.com
204.152.187.11
202.12.28.129
Name Servers
isc.org
Zones128.8.10.5 serves data for both
nominum.com and isc.org zones
202.12.28.129 serves data for nominum.com
zone only
204.152.187.11 serves data for
isc.org zone only
Name ResolutionName Resolution
10
Name resolution is the process by which resolvers and name servers cooperate to find data in the name space
To find information anywhere in the name space, a name server only needs the names and IP addresses of the name servers for the root zone (the “root name servers”)– The root name servers know about the
top-level zones and can tell name servers whom to contact for all TLDs
Name ResolutionName Resolution
11
A DNS query has three parameters:– A domain name (e.g., www.nominum.com),
Remember, every node has a domain name!– A class (e.g., IN), and– A type (e.g., A)
A name server receiving a query from a resolver looks for the answer in its authoritative data and its cache– If the answer isn’t in the cache and the server
isn’t authoritative for the answer, the answer must be looked up
Name Resolution◦Resolver◦Root Name Server◦Recursive◦Iterative◦Caching◦Time to Live (TTL)
12
13
Authoritative name serverAuthoritative name serverAn authoritative name server is a name server that gives answers that have been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers that were obtained via a regular DNS query to another name server. An authoritative-only name server only returns answers to queries about domain names that have been specifically configured by the administrator.An authoritative name server can either be a master server or a slave server. A master server is a server that stores the original (master) copies of all zone records. A slave server uses an automatic updating mechanism of the DNS protocol in communication with its master to maintain an identical copy of the master records.Every DNS zone must be assigned a set of authoritative name servers that are installed in NS records in the parent zone.
Authoritative name serverAuthoritative name serverGive authoritative answers for one or more zones.The master server normally loads the data from a zone fileA slave server normally replicates the data from the master via a zone transfer
14
master
slave
slave
Authoritative DataAuthoritative Data
15
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Resolver
Query
Response
DelegationDelegation
16
Administrators can create subdomains to group hosts– According to geography, organizational affiliation or any
other criterion An administrator of a domain can delegate
responsibility for managing a subdomain to someone else– But this isn’t required
The parent domain retains links to the delegated subdomain– The parent domain “remembers” who it delegated the
subdomain to
Delegation Creates ZonesDelegation Creates ZonesEach time an administrator delegates a subdomain, a new unit of administration is createdThe subdomain and its parent domain can now be administered independentlyThese units are called zonesThe boundary between zones is a point of delegation in the name space
Delegation is good: it is the key to scalability
17
Zones & DelegationsZones & DelegationsZones are “administrative spaces”Zone administrators are responsible for portion of a domain’s name spaceAuthority is delegated from a parent and to a child
18
net domain
ripe.net zone
net zone
disi.ripe.net zone
net com
ripe
www www
edu
isi tislabs
•disi
ws1ws2
•
• •
•
•
•
ftp
sun
moon
19
A Resource Record (RR) is the basic data element in the domain name system. Each record has a type (A, MX, etc.), an expiration time limit, a class, and some type-specific data. Resource records of the same type define a resource record set (RRset). The order of resource records in a set, returned by a resolver to an application, is undefined, but often servers implement round-robin ordering to achieve load balancing. DNSSEC, however, works on complete resource record sets in a canonical order
DNS resource records
Resource Records Resource Records Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA
TTL is a timing parameter
IN class is widest used
There are multiple types of RR records
Everything behind the type identifier is called rdata
Label ttl
classtype rdata
www.ripe.net. 3600 IN A 10.10.10.2
◦ Types Resource Record Comments SOA NS A PTR CNAME TXT RP
21
Resource Record: SOAResource Record: SOAEvery Zone contains a Start Of Authority(SOA)resource record at the beginning of ZoneThe SOA and NS records are used to provide information about the DNS itself.SOA timers are used for maintaining consistency between primary and secondary serversThe NS indicates where information about a given zone can be found:
The SOA record provides information about the start of authority, i.e. the top of the zone, also called the APEX.
22
ripe.net. 7200 IN NS ns.ripe.net.ripe.net. 7200 IN NS ns.eu.net.
SOA◦Name Server Host, Admin. E-mail◦Serial (YYMMDDNN)◦Refresh Time (24 hrs.)◦Retry Time (2 hrs.)◦Expire Time (30 days)◦Min. TTL Time (4 days)
23
ee IN SOA sun4.ee.ncku.edu.tw. root.sun4.ee.ncku.edu.tw. ( 1998106002
3600 900 3600000 3600 )
Resource Record: SOAResource Record: SOA
24
Timing parameter
Master server Contact address
Version number
net. 3600 IN SOA A.GTLD-SERVERS.net. nstld.verisign-grs.com. ( 2002021301 ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ) ; neg. answ. ttl
25
DNS Protocol
The DNS protocols contain various kinds of DNS messages that are progressions according to the data in their message fields. DNS protocols consist of message type which consists of queries; updates, and responses, DNS (Domain Name System) query message format has fixed length which is 12 bytes. DNS Header has fixed length and all other such as:- Question Entries, Answer Resource Records, authority Resource Records, Additional Resource Records have variable length. There are many other type of DNS (Domain Name System) messages or protocol such as DNS query message header, DNS query question entries, DNS resource records, Name query message, Name query response, Reverse name query message, DNS update message format, DNS (Domain Name System) update message flags, Dynamic update response message.
26
DNS Protocol OverviewPart of the confusion associated with the DNS protocol is that it lacks a special name. Thus DNS can refer either to the entire system, or to the protocol that makes it work. This page documents the protocol, which operates in one of two basic modes - lookups or zone transfers. DNS LookupsNormal resource records lookups are done with UDP. An "intelligent retransmission" is to be used, though one is not specified in the protocol, resulting in a mix of poor strategies with good ones. The protocol itself is stateless; all the information needed is contained in a single message, fully documented in RFC 1035 §4.1, and having the following format:
+---------------------+ | Header | +---------------------+ | Question | the question for the name server +---------------------+ | Answer | resource records answering the question +---------------------+ | Authority | resource records pointing toward an
authority +---------------------+
| Additional | resource records holding additional information
+---------------------+
27
DHCP stands for Dynamic Host Configuration Protocol. DHCP Servers is used to assign an IP to the computers on a network. DHCP was first introduced in RFC 1531 in October 1993. The connected computers of a network must be configured before the starting of communication with all other computers on the network. DHP servers facilitate the clients with automatic option and save user time because DHCP Servers configured all computers used in a network automatically. DHCP servers also offer a central database for continuing track of computers that have been attached to the network and also avoid more than one computer from by accident being configured with the similar IP address. IPv4 and IPv6 are DHCP versions which are available in market having same performance and name. Dynamic Host Configuration Protocol makes uses of two ports consigned by LANA for BOOTP. DHCP Servers use 67/udp for the sending of data to server and 68/udp for client. Whole operation performed in four stages such as IP lease, request, lease offer, and IP discovery.
DHCP Servers
