1 / 24

DNS

DNS. BIND. DNS Resolve names to IP address Resolve IP address to names (reverse DNS) BIND Berkeley Internet Name Domain system Version 4 is still in use, but should be considered obsolete Version 8 improves efficiency, security, and robustness

amity
Download Presentation

DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS

  2. BIND • DNS • Resolve names to IP address • Resolve IP address to names (reverse DNS) • BIND • Berkeley Internet Name Domain system • Version 4 is still in use, but should be considered obsolete • Version 8 improves efficiency, security, and robustness • Version 9 is a total rewrite and supports threads, multiprocessor and more

  3. Who needs DNS? • DNS defines • A hierarchical namespace for hosts and IP addresses • A distributed database of hostname and address information • A “resolver” to query this database • Improved routing for email • A mechanism for finding services on a network • A protocol for exchanging naming information

  4. DNS Lookup • Application • Becomes DNS client • Sends request to local DNS server • Local server • If answer known, returns response • If answer unknown • Starts at top-level server • Follows links • Returns response • Called name resolution

  5. Resource Records • Name: The domain name or IP address • TTL: Time to Live • Indicate the maximum amount of time a server may keep a record in cache before checking whether a newer one is available • Class: Always IN for the Internet • Type: Record type • Data: Varies with record type

  6. DNS Types • Each entry in server consists of • Domain name • DNS type for name • Value to which name corresponds • During lookup, client must supply • Name • Type • Server • Matches both name and type

  7. Example DNS Types • Type A (Address) • Name-to-address mapping • Type MX (Mail eXchanger) • Value is IP address of computer with mail server for name • Type CNAME (Computer NAME) • Canonical name (for aliases) • Used to establish alias (www) • SOA (Start of Authority) • Indicate authority for this zone data • NS (Name Server) • A name server for this zone • PTR • IP-Address to domain name mapping

  8. Reverse Name Resolution • To look up domain names given an IP address • Implemented by means of special domains • in-adde.arpa

  9. Reverse name resolution in-addr.arpa domain IP address: 82.211.81.150 Domain: 150.81.211.82.in-addr.arpa

  10. DNS Record Types

  11. Components of BIND • Daemon named • Library routines • Resolve hosts queries by contacting the servers of the DNS distributed database • Command-line interface: • nslookup, dig, and host

  12. Masters, Slaves, and the Authorities • Authoritative Servers • Master Server (keeps official copy of zone info on disk) • Slave server (gets copy of zone info from master via zone transfer) • Cache Servers • Never authoritative • Load “root” domain servers but all others are accumulated in memory only • Resource Records • stored in zone data • retrieved by resolvers sending queries to nameservers • Different types of resource records: A, CNAME, MX… • Each resource record has a TTL specified in the zone data

  13. Name Server Taxonomy

  14. @ IN SOA beast.TCNJ.EDU. admin.beast.TCNJ.EDU. ( 5923 ; serial number 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 604800 ; Expire 168 hours/1 week 43200 ) ; Minimum 12 hour IN NS beast.TCNJ.EDU. IN NS seuss.TCNJ.EDU. IN NS snuffy.TCNJ.EDU. localhost 43200 IN A 127.0.0.1 beast IN A 159.91.15.220 beast IN MX 20 beast.TCNJ.EDU. TCNJ.EDU. IN MX 20 beast.TCNJ.EDU. lion IN A 159.91.15.221 lion IN MX 20 beast.TCNJ.EDU. tsclion IN CNAME lion.TCNJ.EDU. sa.tcnj.edu. IN NS cartman.sa.tcnj.edu. cartman.sa.tcnj.edu. IN A 159.91.8.228

  15. 91.159.in-addr.arpa. IN SOA beast.TCNJ.EDU. ssivy.beast.TCNJ.EDU. ( 5774 ; serial number 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 604800 ; Expire 168 hours/1 week 43200 ) ; Minimum 12 hour IN NS beast.Trenton.EDU. IN NS snuffy.Trenton.EDU. IN NS seuss.Trenton.EDU. localhost 43200 IN A 127.0.0.1 220.15.91.159.IN-ADDR.ARPA. PTR beast.TCNJ.EDU. 221.15.91.159.IN-ADDR.ARPA. PTR lion.TCNJ.EDU. 228.8.91.159.IN-ADDR.ARPA. cartman.sa.tcnj.edu.

  16. @ IN SOA beast.trenton.edu. admin.beast.tcnj.edu. ( 3 ; Serial number 10800 ; Refresh rate in seconds for secondary servers 3600 ; Retry in seconds after failure 3600000 ; Expire in seconds 86400) ; Default time-to-live in seconds IN NS beast.tcnj.edu. 1 IN PTR localhost.

  17. DNS Query

  18. DNS Server Architecture

  19. Example - /etc/named.conf

  20. Example - /etc/named.conf cont’d

  21. /etc/named.conf cont’d

  22. Security Features in named.conf

More Related