1 / 55

Domain Name System

Domain Name System. Introduction. Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005. Introduction. Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005. Introduction.

lspellman
Télécharger la présentation

Domain Name System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Domain Name System

  2. Introduction Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005

  3. Introduction Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005

  4. Introduction Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005

  5. Introduction Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005

  6. URL http://www.cdk3.net:8888/WebExamples/earth.html DNS lookup Resource ID (IP number, port number, pathname) 138.37.88.61 8888 WebExamples/earth.html ARP lookup (Ethernet) Network address file 2:60:8c:2:b0:5a Socket Web server Introduction Figure 1. Composed naming domains used to access a resource from a URL Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005

  7. Introduction • You need to name an entity in order to use it. • If you don’t have a name or don’t know a name you should be able to describe its characteristics in order to identify it. • According to these two requirements we have two services: • Naming service • Directory service

  8. Naming Service • Given the name of a resource returns the information about the resource. • For example consider the white pages: given the name of a person you get the address/telephone number of that person. • Other examples: LDAP (Lightweight Directory Access Protocol) a person on UB computers gives you information about the person’s email, campus address, phone number, position held etc.

  9. Directory Service • Given a description, find a service or resource that matches the description. • For example consider the yellow pages: when you want to rent a car, it may give a list of car rental agencies.

  10. Overview of Domain Name System Domain Name System is a hierarchical distributed database DNS is the foundation of the Internet naming scheme DNS supports accessing resources by using alphanumeric names InterNIC is responsible for managing the domain namespace DNS was created to support the Internet’s growing number of hosts

  11. Domain com.au The ausregistry.com.au sub-domain of com.au

  12. What Is a Domain Namespace? Root Domain Top-Level Domain com net org Second-Level Domain nwtraders Subdomain west south east sales FQDN: SERVER1.sales.south.nwtraders.com Host: SERVER1

  13. Naming a Domain Naming a Directory Start Here Start Here C:\windows\system32\drivers\ yahoo.com.au. A “.” is used as separator A “\” is used as separator

  14. Standards for DNS Naming The following characters are valid for DNS names: A through Z a through z 0 through 9 Hyphen (-) The underscore (_) is a reserved character

  15. What Are the Components of a DNS Solution? DNS Clients DNS Servers DNS Servers on the Internet Root “.” Resource Record .com .edu Resource Record

  16. DNS – How it works?

  17. DNS – How it works (mechanism)

  18. What Is a DNS Query? A query is a request for name resolution and is directed to a DNS server • Queries are recursive or iterative • DNS clients and DNS servers both initiate queries • DNS servers are authoritative or nonauthoritative for a namespace • An authoritative DNS server for the namespace will either: • Return the requested IP address • Return an authoritative “No” • A nonauthoritative DNS server for the namespace will either: • Check its cache • Use forwarders • Use root hints

  19. How Recursive Queries Work 172.16.64.11 DNS Client A recursive query is sent to a DNS server and requires a complete answer mail1.contoso.msft Database Local DNS Server

  20. How Iterative Queries Work An iterative query directed to a DNS server may be answered with a referral to another DNS server Local DNS Server Root Hint (.) Iterative Query Ask .com Iterative Query .com Ask nwtraders.com Recursive Query mail1.nwtraders.com Iterative Query 172.16.64.11 Nwtraders.com Authoritative Response Client Server

  21. How Forwarders Work A forwarder is a DNS server designated to resolve external or offsite DNS domain names Iterative Query Forwarder Root Hint (.) Ask .com Iterative Query .com Ask nwtraders.com Recursive Query 172.16.64.11 Iterative Query Authoritative Response 172.16.64.11 Recursive query for mail1.nwtraders.com Nwtraders.com Local DNS Server Client Server

  22. How Root Hints Work Root hints contain the IP addresses for DNS root servers Root (.) Servers DNS Servers Root Hints com DNS Server microsoft Client

  23. How DNS Server Caching Works Where’s ServerA? ServerA is at 192.168.8.44 ServerA Client1 ServerA is at 192.168.8.44 Where’s ServerA? Client2

  24. How DNS Data Is Stored and Maintained A zone contains resource records for a contiguous portion of the DNS namespace DNS Server DNS ClientC DNS ClientA DNS ClientB

  25. What is a resource record? • A domain contains resource records • Resource records are analogous to files • Classified into types • Some of the important types are SOA, NS, A, CNAME and MX • Normally defines in “zone files”

  26. What Are Resource Records and Record Types?

  27. The “A” Record • The “Address” record • One or more normally defines a host • Contains an IPv4 Address (the address computers use to uniquely identify each other on the internet) • Eg. The record: • www A 203.18.56.31 • In the ausregistry.com.au domain, defines the host uniquely identifiable as “www.ausregistry.com.au” to be reachable at the IPv4 Address 203.18.56.31

  28. The “CNAME” Record • A CNAME defines an alias • The alias will then be resolved, if another CNAME is encountered then the process continues until an A record is found • Eg. The record: • search CNAME www.google.com. • In the ausregistry.com.au domain, defines the name uniquely identifiable as “search.ausregistry.com.au” to be and alias to “www.google.com”

  29. The “MX” Record • An MX record defines the mail servers for a particular domain • Mail eXchange records hold the name of hosts, and their priorities, able to deliver mail for the domain. • Eg. The record: • ausregistry.com.au MX 10 mail • In the ausregistry.com.au domain, defines the host mail to be the priority 10 mail server for the “ausregistry.com.au” domain

  30. The “NS” Record • An NS record defines the authoritative Name servers for the domain. • The “Name Server” records also define the name servers of children domains • Eg. The record: • internal NS ns1.hosting.com.au. • In the ausregistry.com.au domain, defines the host “ns1.hosting.com.au” to be a name sever for the “internal.ausregistry.com.au” sub-domain

  31. What is a zone? • Its records are held in a database (“zonefile”) and served from an authoritative name server • Zone refers to all the resource records in a domain but not its sub domains, the com.au zone contains delegations records for ausregistry.com.au, but not the resource records for ausregistry.com.au, however all of these records are part of the com.au domain

  32. What Are DNS Zone Types?

  33. What Are Stub Zones? DEN-SRV1 MTL-SRV2 Primary Zone Contoso.msft Stub Zone Contoso.msft (SOA) Den-srv1.contoso.msft (NS) Den-srv1.contoso.msft (NS) Den-srv2.contoso.msft DEN-SRV1 (A) 10.10.0.10 DEN-SRV2 (A) 10.10.0.11 (SOA) Den-srv1.contoso.msft (NS) Den-srv1.contoso.msft (NS) Den-srv2.contoso.msft DEN-SRV1 (A) 10.10.0.10 DEN-SRV2 (A) 10.10.0.11 WEB1 (A) 10.10.16.5 DEN-DC1 (A) 10.10.0.2 WWW (CNAME) Web1.contoso.msft

  34. What Are Forward and Reverse Lookup Zones? Namespace: training.nwtraders.msft DNS Server Authorized for training DNS Client2 = ? 192.168.2.46 = ? DNS Client3 DNS Client1 DNS Client2

  35. What is a Delegation? • Delegation refers to the act of putting NS records in a domain name “delegating” control of a sub-domain to another entity • This entity then has the ability to control the resource records in this sub-domain and delegate further children domains to other entities. • Eg. IANA delegating control of a country code domain to the country.

  36. What Is Delegation of a DNS Zone? Contoso.msft Sales.contoso.msft Training.contoso.msft

  37. How DNS Zone Transfers Work A DNS zone transfer is the synchronization of authoritative DNS zone data between DNS servers SOA query for a zone 1 SOA query answered 2 IXFR or AXFR query for a zone 3 IXFR or AXFR query answered (zone transferred) 4 Secondary server Primary and master server

  38. How Incremental Zone Transfers Work IXFR Request Current SOA [12054] Primary Zone Secondary Zone SOA [12054] 10.10.0.2 Client 1 10.11.6.5 Client87 10.11.6.87 SOA [12056] 10.10.0.2 Client 1 10.11.6.5 Client87 10.11.6.87 Client95 10.10.8.3 Client22 10.6.3.2

  39. How DNS Notify Works A DNS notify is an update to the original DNS protocol specification that permits notification to secondary servers when zone changes occur Resource record is updated 1 Destination Server Source Server SOA serial number is updated 2 DNS notify 3 Zone transfer 4 Secondary Server Primary and Master Server

  40. How to Secure Zone Transfers • Restrict zone transfer to specified servers • Encrypt zone transfer traffic • Consider using Active Directory integrated zones Primary Zone Secondary Zone

  41. How Preferred and Alternate DNS Servers Work 1. The client tries the preferred DNS server first. 3. Optionally, you can enter a whole list of alternate DNS servers.The preferred and alternate DNS servers automatically appear at the top of this list. 2. If the preferred server fails, the client tries the alternate DNS server.

  42. How Suffixes Are Applied Name query = SERVER1 Domain suffix Search List Server1.sales.south.contoso.msft Server1.south.contoso.msft Suffix Selection Option Server1.contoso.msft Connection-Specific Suffix

  43. Linux - DNS • Linux uses BIND/DJBDNS to perform DNS functions • named It's a daemon that runs the server side of DNS • resolver library translate a friendly name to an IP address. uses the resolv.conf file Resolvers is a program that translating a users request located in end host, for example sending a queries to domains name servers • dig tools for testing your DNS server

  44. Query named Reply Domain Name Server named..conf Network Cloud reverse zone local zone pri.zone

  45. DNS - Named.conf Query named Reply named..conf reverse zone local zone pri.zone • The named.conf in linux box • Describing the functionality of BIND system • Always listen to port 53 for queries • Once DNS receives queries • Check the address from named.conf • The named.conf contains 4 others zones files for its reference to: • Hints file • Local host file • Zone file • Reverse Zone file

  46. DNS - Named.conf (cont) • Hints file • Contains names and address of the root servers on Internet. • These servers know where the authoritative servers for user domains exist. • Local Host file • Master of their own loop back domain • to reduce traffic • Zone file • Domain database • Defines most of the information needed to resolve the domain being managed. • Reverse Zone file • Maps IP address to Host files • Mirror image of the Zone file.

  47. DNS -Queries • Queries ? • Can be a question like “What is an IP address of www.soi.wide.ad.jp?” • DNS queries can be divided into 3 types: • Recursive query the complete answer to the question is always returned • Iterative (non-recursive) query the complete answer MAY be returned • Inverse query where the user wants to know the domain name given a resource record

  48. DNS – named.conf file Sample options statement defines the default directory for named and the location of the process ID (pid) file. named.pid • options {pid-file "/var/run/bind/run/named.pid";directory "/etc/bind";// query-source address * port 53; };//// a master nameserver config//zone "." {type hint;file "db.root";};zone "0.0.127.in-addr.arpa" {type master;file "db.local";}; zone "158.253.70.in-addr.arpa" {type master;file "pri.158.253.70.in-addr.arpa";};zone "centralsoft.org" {type master;file "pri.centralsoft.org";}; • Hints file • Local Host file • Reverse Zone file • Zone file

  49. DNS-The Primary Zone File @ IN SOA server1.centralsoft.org. root.localhost. ( 2006012103; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds NS server1.centralsoft.org. NS ns0.centralsoft.org. MX 10 server1.centralsoft.org.; Mail Servercentralsoft.org. A 70.253.158.42www A 70.253.158.42server1 A 70.253.158.42ns0 A 70.253.158.45 The host name of the master server for this zone is server1.centralsoft.org specify the name servers that are responsible for our domain The semicolon is for comment

  50. DNS-The Primary Zone File (cont) @INSOA ns.example.org. root.localhost. (2006012103; serial28800; refresh, seconds7200; retry, seconds604800; expire, seconds86400 ); minimum, seconds Name Class Type Name-Server Email-Address Serial-no Refresh Retry Expiry Minimum-TTL Class IN = INternet

More Related