1 / 30

DNS – Domain Name Service

DNS – Domain Name Service. WeeSan Lee <weesan@cs.ucr.edu> http://www.cs.ucr.edu/~weesan/cs183/. Roadmap. Introduction The DNS Namespace Top-level Domains Second-level Domains Domain Names How to Register a Domain Name? How DNS Works? BIND Tools Q&A. Introduction.

lotus
Télécharger la présentation

DNS – Domain Name Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS – Domain Name Service WeeSan Lee <weesan@cs.ucr.edu> http://www.cs.ucr.edu/~weesan/cs183/

  2. Roadmap • Introduction • The DNS Namespace • Top-level Domains • Second-level Domains • Domain Names • How to Register a Domain Name? • How DNS Works? • BIND • Tools • Q&A

  3. Introduction • A service that maps between hostnames and IP addresses • A hierarchical distributed caching database with delegated authority. • Uses port 53 • UDP for the queries and responses • TCP for the zone transfer

  4. Introduction (cont) Recursive servers Non-recursive servers root name server (.) Q R http://www.cs.berkeley.edu/ Q Q momo.cs.ucr.edu edu A R A Q Q eon R berkeley.edu cs.berkeley.edu

  5. The DNS Namespace • A tree structure that starts with the root (.) • Each node represents a domain name • 2 branches • Forward mapping • hostnames → IP addresses • Reverse mapping • IP addresses → hostnames

  6. Top-level Domains • gTLDs (generic TLDs) • com, edu, net, org, gov, mil, int, arpa • aero, biz, coop, info, jobs, museum, name, pro • ccTLDs (country code TLDs) • au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, … • Profitable domain names • CreditCards.com - $2.75M • Loans.com – $3M • Business.com - $7.5M

  7. Second-level Domain Name • Examples • ucr.edu • sony.co.jp • Must apply to a registrar for the appropriate TLD • Network Solutions, Inc used to monopolize the name registration • Now, ~500 registrars

  8. Domain Names • Valid domain names • Each component: [a-zA-Z0-9\-]{1,63} • Each name < 256 chars • Case insensitive • www.cs.ucr.edu == WWW.CS.UCR.EDU • FQDN • Fully Qualified Domain Name • eon.cs.ucr.edu • eon – hostname • cs.ucr.edu – domain name

  9. How To Register A Domain Name? • Pick a domain name of interest • Dedicate 2 NS servers • RFC1219 stated that each domains should be served by at least 2 servers: a master & a slave • One technical contact person • One administrative contact person • Then, register the name to a registrar of your choice • Used to be done via email or fax, now all web-based

  10. How DNS Works? • Delegation • All name servers read all the 13 root servers from a local configuration file • [a-m].root-servers.net • $ dig • Those servers in turn knows all the TLDs • .edu knows .ucr.edu • .com knows .google.com • etc

  11. DNS Caching • DNS servers cache results they receive from other servers • Each result is saved based on its TTL • Negative caching • For nonexistent hostname (for 10 mins) • Also for unreachable/unresponsive servers

  12. Authoritative vs. Non-authoritative • An authoritative answer from a name server (such as reading the data from the disk) is “guaranteed” to be accurate • A non-authoritative answer (such as an answer from the cache) may not • Primary and secondary servers are authoritative for their own domains

  13. Recursive vs. Non-recursive • Recursive • Queries on a client behalf until it returns either an answer or an error • Non-recursive • Refers the client to another server if it can’t answer a query

  14. DNS Database • A set of text files, called zone files, maintained by the system admin. on the master NS • 2 types of entries • Parser commands, eg. • $ORIGIN and $TTL • Resource Records (RR) • [name] [tt] [class] type data • eon 76127 IN A 138.23.169.9 • orpheus.cs.ucr.edu. 76879 IN A 138.23.169.17 A very important . there!

  15. DNS Database (cont) • Resource Record Types • SOA Start Of Authority • NS Name Server • A IPv4 name-to-address translation • AAAA IPv6 name-to-address translation • PTR Address-to-name translation • MX Mail eXchanger • CNAME Canonical NAME • TXT Text • …

  16. BIND • The Berkeley Internet Name Domain system • Current maintainer: Paul Vixie @ ISC • BIND 9 • Use RTT to pick the best root servers and use them in round-robin fashion • named

  17. /etc/named.conf • options { • directory "/var/named"; • // query-source address * port 53; • forwarders { 138.23.169.10; }; • }; • zone "." IN { • type hint; • file "named.ca"; // Read from /var/named/named.ca • };

  18. /etc/named.conf • zone "localhost" IN { • type master; • file "localhost.zone"; // Read from /var/named/localhost.zone • allow-update { none; }; • }; • zone "0.0.127.in-addr.arpa" IN { • type master; • file "named.local"; // Read from /var/named/named.local • allow-update { none; }; • };

  19. /etc/named.conf • zone "voicense.com" IN { • type master; • file "voicense.com.zone"; • }; • zone "0.0.10.in-addr.arpa" IN { • type master; • file "voicense.com.rev"; • }; • zone "macrohard.com IN { • type slave; • file "macrohard.com.zone.bak"; • masters { 10.0.0.1; }; • };

  20. /var/named/voicense.com.zone Email address: weesan@voicense.com Remember to increment the serial # after each editing • $TTL 86400 • $ORIGIN voicense.com. • @ IN SOA voicense.com. weesan.voicense.com. ( • 20040304 ; serial # • 7200 ; refresh (2 hrs) • 1800 ; retry (30 mins) • 604800 ; expire (1 week) • 7200 ) ; mininum (2 hrs) • IN NS ns.voicense.com. • IN MX 10 mail.voicense.com. • IN MX 20 mail.myisp.com. • IN A 10.0.0.1 • mail IN CNAME voicense.com. • www IN CNAME voicense.com. • ns IN CNAME voicense.com. • lee IN A 10.0.0.31 • wee IN A 10.0.0.32

  21. /var/named/voicense.com.zone • Serial # • An increasing integer number (for sync’ing) • Refresh • How often the slave servers should sync. with the master • Retry • How long the slave servers should retry before giving up • Expire • How long should the slave servers continue to serve the domains in the absent of the master • Mininum • TTL for negative answers that are cached

  22. /var/named/voicense.com.rev • $TTL 86400 • @ IN SOA voicense.com. weesan.voicense.com. ( • 20040304 ; serial # • 7200 ; refresh (2 hrs) • 1800 ; retry (30 mins) • 604800 ; expire (1 week) • 7200 ) ; mininum (2 hrs) • IN NS ns.voicense.com. • 1 IN PTR fw.voicense.com. • 31 IN PTR lee.voicense.com. • 32 IN PTR wee.voicense.com.

  23. How To Load Balance A Web Server? • www IN A 10.0.0.1 • www IN A 10.0.0.2 • www IN A 10.0.0.3

  24. How To Load Balance A Web Server? • $ host www.google.com • www.google.com is an alias for www.l.google.com. • www.l.google.com has address 74.125.19.104 • www.l.google.com has address 74.125.19.103 • www.l.google.com has address 74.125.19.147 • www.l.google.com has address 74.125.19.99 • $ host www.google.com • www.google.com is an alias for www.l.google.com. • www.l.google.com has address 74.125.19.99 • www.l.google.com has address 74.125.19.104 • www.l.google.com has address 74.125.19.103 • www.l.google.com has address 74.125.19.147

  25. Zone Transfer • DNS servers sync with each other via zone transfer • All-at-once and incremental updates • A slave server compares the serial number on the master’s and save backup zone files on disk. • Uses TCP on port 53

  26. Tools • dig • $ dig eon.cs.ucr.edu • $ dig eon.cs.ucr.edu ns • $ dig @momo.cs.ucr.edu eon.cs.ucr.edu mx • $ man dig • host • $ host eon.cs.ucr.edu • $ host -t ns cs.ucr.edu • $ host -t mx eon.cs.ucr.edu momo.cs.ucr.edu • $ man host

  27. Tools (cont) • nslookup • $ nslookup eon.cs.ucr.edu • $ nslookup eon.cs.ucr.edu momo.cs.ucr.edu • whois • $ whois google.com • $ whois ucr.edu

  28. /etc/resolv.conf • Resolver • $ cat /etc/resolv.conf • search cs.ucr.edu weesan.com • nameserver 138.23.169.10 • nameserver 138.23.178.2

  29. /etc/nsswitch.conf • Used by C library • gethostbyname() • $ cat /etc/nsswitch.conf • hosts: file nis dns

  30. Reference • LAH • Ch 15: DNS – The Domain Name System

More Related