1 / 44

Module 2

Module 2. Zone Files. Objective. Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource Record (RRs) used to create zone files Understand IPv4 Reverse Mapping Understand which zone files are required. DNS – Zone Files.

sasha
Télécharger la présentation

Module 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Module 2 Zone Files

  2. Objective • Understand the idea of a zone and how it relates to a domain name • understand zone file structure • Understand the major Resource Record (RRs) used to create zone files • Understand IPv4 Reverse Mapping • Understand which zone files are required

  3. DNS – Zone Files • Domain = Zone • Textual descriptions of various Resource Records (RRs) that describe the domain, such as Name Servers, Mail Servers, Services and hosts and Directives • Forward mapping translates a name into an IP address or a secondary name • Reverse Mapping translates an IP address into a name • The Authoritative server for the Domain (Zone) loads the zone files

  4. DNS Zone File ; IPv4 zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN example.com. ; base domain-name ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.example.net. ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) IN MX 20 mail.example.net. ; domain hosts includes NS and MX records defined previously ; plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7 ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net.

  5. DNS - Forward Mapping • SOA RR defines the Apex of the zone and general properties • NS RRs define the Name Servers (DNS) which are authoritative • MX RRs define the mail servers • CNAME RRs define aliases • A (IPv4) and AAAA (IPv6) define IP addresses • TXT RRs are general records (SPF) example.com

  6. RRs – Generic Format • name or label identifies the record externally, for instance, www • ttl (Time-to-Live) defines how long the RR may be cached in seconds • class = IN = Internet • type of RR, for example, MX • One or more type-specific parameters • TTL and Class can be omitted name ttl class type parameters

  7. Zone Directives • All start with $ • $TTL time-in-seconds • default Time-to-Live for the zone in seconds • $ORIGIN FQDN. • Base domain (zone) name • $INCLUDE file-name • Include another file here • Comments start with ;

  8. $TTL Zone Directive • The default Time-to-Live in seconds if no TTL value on the RR • 172800 = 2 days • Takes short forms in BIND • m, h, d, w • 172800 = 2d or 48h • $TTL 1d2h3m = 93780 • Must appear before any RR (first)

  9. DNS - TTL • Only used by caching name servers (resolvers) • Slave uses SOA parameters • Determines the time the RR can held in a cache before being refreshed • Value in seconds (think in hours) • 0 = never cache (dangerous) • Determines DNS change propagation time

  10. $ORIGIN Directive • Defines a label (name) that will be used to substitute all non-FQDN names • Parameter must be an FQDN • terminates with a dot • $ORIGIN example.com. • Optional - defaults to zone name • Usage illustrated later

  11. DNS Zone File ; IPv4 zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN example.com. ; base domain-name ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.example.net. ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) IN MX 20 mail.example.net. ; domain hosts includes NS and MX records defined previously ; plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7 ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net.

  12. File layout rules Comments begin with ; ; IPv4 zone file for example.com Name @ = $ORIGIN Blank or TAB = last label or $ORIGIN Parameters continued in parenthesis () @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum )

  13. DNS – Substitution Rule • If any name (label) in a zone file is not an FQDN the last value of $ORIGIN will be appended to the end of the name (label).

  14. DNS - SOA RR • SOA defines the start of the zone and must be first non-directive entry • pmns = Primary Master Name Server • One of the authoritative name servers OR • if DDNS is used it defines the NS which will be updated • Spec. name is MNAME SOA pmns mail sn refresh retry expiry min

  15. DNS - SOA RR • mail = mailbox of DNS administrator or tech contact • Format is all dot separated (@ is used) • hostmaster.example.com (recommended) = hosthaster@example.com • Can be very important • Spec name is RNAME SOA pmns mail sn refresh retry expiry min

  16. DNS - SOA RR • sn = serial number of zone contents • Arbitrary 10 digit number (4294967295) • Usage typically YYYYMMDDSS • YYYY = year, MM = month DD = day, SS = sequence number • MUST increment every time zone contents change • Slave reads SOA and compares serial number SOA pmns mail sn refresh retry expiry min

  17. DNS - SOA RR • refresh = time after which Slave will start to refresh zone from Master (AXFR, IXFR) • retry = time between failed attempts to fresh zone • expiry = time after which Slave will not respond to zone requests if Master not accessed • min = time NXDOMAIN (no name) may be cached (max 3 hours) SOA pmns mail sn refresh retry expiry min

  18. DNS – SOA Example @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = nxdomain ttl )

  19. DNS – SOA Example $ORIGIN example.com. @ IN SOA ns1 hostmaster ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = nxdomain ttl )

  20. DNS - NS RR • NS RRs list all name servers for the domain • At zone apex for this zone • Minimum of two • In-zone servers will need A or AAAA RRs • name = name of an internal or external name server that is authoritative for this domain • NS RRs appear in the zone (authoritative) and the parent (point of delegation – not authoritative) NS name

  21. DNS – NS RRs ; name servers Resource Records for the domain IN NS ns1.example.com. ; could have been ; IN NS ns1 ; the second name server is ; external to this zone (domain). IN NS ns2.example.net.

  22. DNS – NS RRs $ORIGIN example.com. ; name servers Resource Records for the domain IN NS ns1.example.com. ; missing dot IN NS ns1.example.com ; looks for ns1.example.com.example.com.

  23. DNS - MX RR • MX RRs list all incoming mail servers for the domain • Defined at zone apex for this zone • One or more • priority = relative priority of defined server (low is most important). Value = 0 – 65535 • name = name of an internal or external mail server for this domain • In-zone servers will have A or AAAA RRs MX priority name

  24. DNS – MX RRs ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) - backup IN MX 20 mail.example.net. 3w = TTL Priority 10 simply means you can add a more important mail server with only one change

  25. DNS - A RR • A RRs list all visible hosts for the zone (domain). • Must include the in-zone NS and MX RRs plus others • IPv4-address = standard dotted quad address (address not a name) A IPv4-address

  26. DNS - AAAA RR • AAAA RRs list all visible IPv6 hosts for the zone (domain). • Mixed with A RRs • Both A and AAAA if dual stacked • IPv6-address = standard colon separated address (address not a name) AAAA IPv6-address

  27. DNS – A RRs ; domain hosts includes NS and MX records defined ;previously plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7

  28. DNS - CNAME RR • CNAME RRs maps an alias name to a canonical (real) name (A or AAAA RRs) • May point to a host name in-zone or out-of-zone • canonical-name = real name of host • CNAME costs extra access • Alternate is to use multiple A or AAAA RRs CNAME canonical-name

  29. DNS – CNAME RRs ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net. ; very common use of CNAME mail IN A 192.168.2.3 www IN CNAME mail ; alternate – functionally identical mail IN A 192.168.2.3 www IN A 192.168.2.3

  30. DNS - TXT RRs • TXT RRs may be used to contain any text • Externally visible • Used to define Sender Profile (SPF) RRs (now also SPF RR) • Used to define DKIM RRs • text = enclosed in quotes TXT text

  31. DNS – TXT RRs ; uses of TXT ftp IN CNAME ftp.example.net. IN TXT “Supports FTP and SFTP” mail IN A 192.168.0.18 mail IN TXT “v=spf1 ip4:192.168.0.3/27 –all” ; DKIM TXT RR mail._domainkey IN TXT "v=DKIM1;t=s;p=blah....blah;" ; ADSP TXT RR _adsp._domainkey IN TXT "dkim=discardable;"

  32. DNS – Reverse Mapping • Maps an IP address to a name • Domain name hierarchy is right to left – www.example.com • IP address hierarchy is left to right 192.168.0.1 • Solution • Remove last digit (192.168.0) • Invert number (0.168.192) • Append in-addr.arpa (0.168.192.in-addr.arpa) • Define .1 (and others) in zone file with PTR RR

  33. DNS – Reverse Mapping

  34. DNS – Reverse Zone File ; simple reverse mapping zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN 254.168.192.IN-ADDR.ARPA. ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; sn = serial number 12h ; refresh 15m ; retry 3w ; expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.anotherdomain.com. ; PTR RR maps an IPv4 address to a host name 2 IN PTR ns1.example.com. ..... 4 IN PTR mail.example.com. ..... 16 IN PTR joe.example.com. 17 IN PTR www.example.com. ....

  35. DNS - PTR RRs • PTR RRs maps a name to a name • Both left and right hand expressions are names – needs $ORIGIN • Right hand name must be FQDN • PTR is used for both IPv4 and IPv6 • Separate zone files for IPv4 and IPv6 because of domain name • Reverse map domain for IPv6 is ip6.arpa • Generally only a single IP mapped to a name name PTR name

  36. DNS – PTR RR $ORIGIN 254.168.192.IN-ADDR.ARPA. ... ; PTR RR maps an IPv4 address to a host name 2 IN PTR ns1.example.com. ..... 4 IN PTR mail.example.com. ..... 16 IN PTR joe.example.com. • IN PTR www.example.com. ; could be written as 17. 254.168.192.IN-ADDR.ARPA. IN PTR www.example.com. ... ; missing dot • IN PTR bill.example.com ; maps to bill.example.com.254.168.192.IN-ADDR.ARPA. ....

  37. DNS – Reverse Mapping • IPv4 Optional • Used especially by mail systems to do reverse lookup (essential) • IPv6 Optional (originally Mandatory) • Local IP address reverse map

  38. Zone File – Best Practice • Comment file – changes made • Always include $ORIGIN • $ORIGIN is optional defaulted to name of zone • bad practice – non-self documenting • Use consistent style FQDN on right names, or left names or both

  39. Required Zone Files • Depends on name server function • Forward and reverse map for localhost zone • Forward domain = localhost • Reverse map 0.0.127.in-addr.arpa • Hints file if caching server – points to root-servers • Reverse map private IPs (192.168.x, 10.x.x, 172.16.x)

  40. Hints (Root) Zone file ; ; last update: Jan 29, 2004 ; related version of root zone: 2004012900 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 …

  41. Local Host Forward Map $TTL 86400 ; 24 hours could have been written as 24h or 1d $ORIGIN localhost. @ 1D IN SOA @ hostmaster ( 2004022401 ; serial 12h; refresh 15m ; retry 1w ; expiry 3h ; minimum ) @ 1D IN NS @ ; localhost is the name server 1D IN A 127.0.0.1 ; always returns the loop-back address

  42. Alternate Format $TTL 1d ; $ORIGIN localhost. localhost. IN SOA localhost. hostmaster.localhost. ( 2002022401 ; serial 3H ; refresh 15M ; retry 1w ; expire 3h ; minimum ) localhost. IN NS localhost. ; localhost is the name server localhost. IN A 127.0.0.1 ; the loop-back address

  43. Localhost Reverse Map $TTL 86400 ; 24 hours ; could use $ORIGIN 0.0.127.IN-ADDR.ARPA. @ IN SOA localhost. hostmaster.localhost. ( 1997022700 ; Serial 3h ; Refresh 15 ; Retry 1w ; Expire 3h ) ; Minimum IN NS localhost. 1 IN PTR localhost.

  44. Quick Quiz • What RR defines a mail server? • What is the first record in a zone file? • What does the $ORIGIN directive do? • How does the slave know to transfer zone? • What is a PTR RR used for? • What value defines how long an RR can be cached?

More Related