Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Lecture content
Today's lecture
• DNS
– 3 olika användningsområden
• Internet
• Lokalt
• Active Directory
• DHCP
• Namesapces
2013-11-26 © 2013 Jacob Lindehoff 2
DNS – Domain Name System
• Create user-friendly names:
– Servers
– Clients
– Services
What’s ny056.lnu.se IP address?
ny056.lnu.se IP is 194.47.174.56
Client DNS server
DNS-server data ny056.lnu.se 194.47.174.56
Forward Lookup
DNS – Domain Name System
DNS Structure
• Relative to the DNS root
• Fully Qualified Domain Name, FQDN
• Maximum depth of a DNS tree is 127 levels .
arpa com edu gov mil org
w3
server1
The root of the DNS tree (usually indicated by a dot)
DNS – Domain Name System Domain name • Each node can be up to 63 characters long • DNS requires that the nodes that have the same parent should have
different names
Conflict because they have the same FQDN voyager.dfm.lnu.se.
voyager.dfm.lnu.se.
.
se
lnu
dfm
voyager
nv it
moon voyager
moon.it.lnu.se.
DNS – Domain Name System
DNS domains ”.”
se com org
lnu
lnu.se. (node)
lnu.se (domänen) it nv dfm
a b
dfm.lnu.se (domänen)
dfm.lnu.se. (node)
DNS – Domain Name System Toppdomäner
De ursprungliga toppdomänerna: • com • edu • gov • mil • net • org • int http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
DNS – Domain Name System
Delegating control
• One of the goals in the design of the DNS was to decentralize the administration:
• Parent domain contains only a pointer
lnu
.
mil net se
kth lu
Managed by Linnaeus dfm it nv
lnu
.
mil net se
kth lu
Managed by Linnaeus nv it dfm
Managed by DFM institution on Linnaeus
DNS – Domain Name System
Name servrer and zones
• Name server = "application" that store information about the zone
• Loaded from a file or another name server
• Responsibility for the zone
• May be responsible for multiple zones
.
se
com org
lu lnu
kth
lu.se (zone) lnu.se (zone)
se (zone)
DNS – Domain Name System
Zones
• Contains all domain names in the domain, except for domain names in delegated subdomains
• Name servers loads the zone is not the domain
se
lnu
nv dfm eko
it
.
se (zone)
it.lnu.se (zone)
eko.lnu.se (zone)
dfm.lnu.se (zone) nv.lnu.se (zone)
lnu.se (zone)
Delegering
DNS – Domain Name System
• Types of name servers:
Primary Master Secondary Master
c:\Windows\System32\dns\
The primary name server loads zone data from the zone file.
1.
1.
The secondary name server loads zone data from the primary name server or another secondary name server.
2.
2.
When the secondary name server starts up, contact the their "master" server, and if necessary, it downloads zone data from its "master" server, this is called "zone transfer".
3.
3.
”.”
se
lnu.se
dfm.lnu.se
”.”
se com net
lnu kth
dfm it nv
1.
jacob.dfm.lnu.se
2.
se 3.
jacob.dfm.lnu.se 4.
lnu.se
5.
jacob.dfm.lnu.se
6.
dfm.lnu.se
7.
jacob.dfm.lnu.se
8.
jacob.dfm.lnu.se
Adressen till
9. 10.
DNS – Domain Name System
Recursive Queries:
Request for address=
Reference to =
DNS – Domain Name System
Time To Live:
• Max time
• Long TTL
– Pros
– Cons
• Short TTL
– Pros
– Cons
DNS – Domain Name System
DNS Suffix
• Primary DNS domain
• DNS suffixes should not be confused with the Active Directory domain name
DNS – Domain Name System
Lookup zones
• Forward lookup zones:
– domain names to IP addresses
• Reverse lookup zones:
– IP addresses to domain names
DNS – Domain Name System
Resource Record Types:
• A (Host)
• CNAME(Alias)
• NS (Name Server)
• SOA(Start of Authority)
• MX (Mail Exchanger)
• SRV(Service Record)
• PTR (Pointer)
DNS – Domain Name System
A-record:
• Identifies the IP address from a hostname
• Ex. dfm.lnu.se -> 194.47.172.11
DNS – Domain Name System
CNAME records:
• Create alias
• A host name is the alias for a different hostname
• Ex. teknik.lnu.se -> dfm.lnu.se
DNS – Domain Name System
Name Server (NS) record:
• Identifies the DNS server for a zone
• Ex: dfm.lnu.se-> ns1.dfm.lnu.se
DNS – Domain Name System
SOA
• Start of Authority (SOA)
• The name server has the best information on DNS zone
• Make sure the server is responsible (authoritative) for the DNS zone
• An SOA record is required in all DNS zones
• Only one SOA record per DNS zone
DNS – Domain Name System
MX records:
• mail Exchanger
• Identifies which server is the mail server
• Ex. [email protected] -> mail.lnu.se
DNS – Domain Name System
SVR Records:
• Service Records
• Identifying a server that provides a network service
• Ex. _TCP._FTP.dfm.lnu.se-> Ftp01.dfm.lnu.se
DNS – Domain Name System
PTR records:
• Pointer
• The opposite of A-mail
• Translating IP to domain name
• Ex. 194.47.172.11 -> dfm.lnu.se
DNS – Domain Name System
Mappning av IP-adresser till namn:
• in-addr.arpa
• Reverse Zone
• 2.168.192.in-addr.arpa
IP-adresser blir mer specifika från vänster till höger: 192.168.2.3 Domännamn blir mer specifika från höger till vänster: kvarnholmen.kalmar.se
Anger vilken dator det är
Anger vilken dator det är
Create zones and records • Create a Forward Lookup Zone
– A record – The CNAME (Alias) – NS (name server) – SOA (Start of Authority)
• Create a Reverse Lookup Zone – PTR (Pointer)
DNS – Domain Name System
Where all information is stored:
DNS-serverminnet
• authoritative information • (primary master and slave zones). • cached information. • rotnamnsserver information.
Zonedata files
\\%systemroot%\ system32\dns\*.dns
User Input (add, modify, or delete a and zone)
All Tasks->Update Server Data Files
Show Updates (Refresh or F5) The files are loaded from the hard drive
when the server starts up
DNS – Domain Name System
”Forward lookup zone”-DNS-filen:
; Database file kalmar.se.dns for kalmar.se zone. ; Zone version: 7 @ IN SOA ns2003.kalmar.se. hostmaster.kalmar.se. ( 7 ; serial number 900 ; refresh 600 ; retry 86400 ; expire 3600 ) ; default TTL ; Zone NS records ; @ NS ns2003.kalmar.se. ; Zone records @ A 192.168.20.3 @ MX 10 mail.kalmar.se. jacob A 192.168.20.3 jakob CNAME jacob.kalmar.se. mail A 192.168.20.6 ns2003 A 192.168.20.3
DNS – Domain Name System
”Reverse lookup zone”-DNS-filen:
; Database file 20.168.192.in-addr.arpa.dns for 20.168.192.in-addr.arpa zone. ; Zone version: 2 @ IN SOA ns2003.kalmar.se. hostmaster.kalmar.se. ( 2 ; serial number 900 ; refresh 600 ; retry 86400 ; expire 3600 ) ; default TTL ; Zone NS records @ NS ns2003.kalmar.se. ; Zone records 3 PTR ns2003.kalmar.se.
DNS – Domain Name System
Internet root name servers:
Here are some of cache.dns file:
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET.
13 of the root name servers are 10 in America, one in Japan and 2 in Europe, including one in Stockholm
DNS – Domain Name System
Resolver:
• Client side of the DNS
• Translates names questions from program to DNS queries
• Have different functionality on different operating system
DNS – Domain Name System
nslookup
• Tool to look up information in a DNS server
• nslookup - dnsserver
• Recursive or Iterative queries
nslookup • How does the command work
– Querying DNS – Specific Record types
• Recursive Vs. iterative questions
DNS – Domain Name System
Name servers to query:
1. Name servers that the client should use. The primary name server is the top of the list 1.
2. Add, edit and delete the name servers
2.
DNS – Domain Name System
SRV records
• Is used to locate services on a network
• Distribute load
• Redundancy
• Today it is used only for Active Directory
DNS – Domain Name System
• SRV records – priority
– weight
• Example – A host has 1 in priority and 1 weight
– Another host has 1 in priority and 2 weight
– Host 2 will get twice as much load as host 1
• Port
• Target (host computer)
DNS – Domain Name System If we have two FTP servers in te.hik.se domain and want to add two SRV records for them, we can do it by using the "DNS Console" tool.
1. Which service that you wish to create an SRV record
1. Which protocol to use. 2.
2. 3. The priority of the SRV record. 3.
4. The weight of the SRV record 4.
5. Which port number to be used when the service is contacted
5.
6. The domain name of the computer that hosts the service
6.
DNS – Domain Name System
SRV records cont.:
• The two SRV records that we create might look like this:
Name Type Data _ftp Service Location [1][0][21] soder.te.hik.se _ftp Service Location [2][0][21] kvarnholmen.te.hik.se
DNS – Domain Name System
SRV records:
If we add the following three SRV records.
_http Service Location [0][2][80] www.kalmar.se _http Service Location [0][1][80] www2.kalmar.se _http Service Location [1][1][8000] malmen.kalmar.se
Problem: Not too many browsers or FTP clients who use of SRV records to find the host computer. So why has Microsoft implemented the SRV records?
Answer:
Microsoft was looking for a way that made it possible for "Windows 2000" clients to find domain controllers and services in the domains, the SRV records perfect. The other functionality, such as locating FTP servers and HTTP servers, they got in the bargain.
DNS – Domain Name System
Stub zone: • SOA • NS • A records for the delegated zone • The IP address of one or more master servers that can update the
stub zone Parent zone: hik.se
Stub zone: te.hik.se
Request transfer
Transfer
Child zone: te.hik.se
SOA: te.hik.se NS: soder.te.hik.se A: 10.0.0.14 MX: mailsrv.te.hik.se SRV: _ldap._tcp.te.hik.se NS: malmen.te.hik.se A: 10.0.0.15
SOA: te.hik.se NS: soder.te.hik.se A: 10.0.0.14 NS: malmen.te.hik.se A: 10.0.0.15
DHCP
DHCP – Dynamic Host Configuration Protocol
• Bootstrap Protocol (BOOTP)
• Centralized management of IP addresses
• Avoid IP address conflicts
Local network
DHCP-Server
DHCP-client
DHCP IP-address database IP-address 1 IP-address 2 IP-address 3 IP-address 4
DHCP-client
No DHCP-client
DHCP
Initialization lease process: • IP lease request - DHCP Discover • IP lease offer - DHCP Offer • IP lease selection - DHCP Request • IP lease confirmatory - DHCP Acknowledge
DHCP Discover
DHCP Request
DHCP Offer
DHCP Acknowledge
DHCP Client DHCP Server
DHCPOFFER
Source IP address = 137.107.3.24 Dest IP address = 255.255.255.255 Assigned IP address = 131.107.8.13 Client MAC Address = 00-aa-ca-36-7d-2b Subnet mask = 255.255.255.0 Server identifier = 131.107.3.24
DHCPDISCOVER
Source IP address = 0 0 0 0 Dest IP address = 255.255.255.255 MAC Address = 00-aa-ca-36-7d-2b
DHCP
• What should you consider when you create a scope: – at least one scopes per DHCP server
– several scopes per DHCP server
– Exclude static IP addresses
– Information is not replicated between DHCP servers
• After you create a scope, you can: – add additional IP address ranges to be excluded
– reserve IP addresses
– adjusting the length of the lease
– configure settings and classes to be used within your scope
DHCP
DHCP-tjänstens interaktion med DNS-tjänsten: 1. The client initiates a DHCP request message 2. The server returns a DHCP Acknowledgment 3. The client updates the A record 4. The DHCP server updates the PTR record
1. IP Lease request
2.
IP Lease acknowledgement
3. DNS dynamic update of A (host) name
4. Dynamic DNS update the PTR (pointer) name
DNS Server DHCP Server
DHCP Client
DHCP
DHCP service's interaction with DNS service with older OS: 1. The client initiates a DHCP request message 2. The server returns a DHCP Acknowledgment 3. The DHCP server updates the A record 4. The DHCP server updates the PTR record
1. IP Lease request
2.
IP Lease acknowledgement
4.
Dynamic DNS update the PTR (pointer) name
3.
Dynamic DNS update A (host) name
DNS-Server DHCP-Server
DHCP Client (Older than Windows 2000)
Namespaces
The basics • Policies:
– Naming – Longevity – Locality – Exposure
• Procedures: – Adding – Changing – Deleting.
• Centralized management
2013-11-26 © 2013 Jacob Lindehoff 53
Ref. The Practice of System and Network Administration (2007), Thomas A. Limoncelli, Christine Hogan, Strata Chalup
Namespaces
Namespaces Policies
• What names are permitted / not permitted
• How do we create names?
• Collisions?
• Renaming allowed?
2013-11-26 © 2013 Jacob Lindehoff 54
Ref. The Practice of System and Network Administration (2007), Thomas A. Limoncelli, Christine Hogan, Strata Chalup