1 / 13

Petrozavodsk State University, Alex Moschevikin, 2003

Domain Name System. HISTORY File hosts (the size of Internet became more than 1000 hosts in 1984), manually update, errors, impossible to scale DNS is also called BIND (Berkeley Internet Name Domain) Distributed database (delegation to lower level) DNS Translates Resource Records (RR)

deo
Download Presentation

Petrozavodsk State University, Alex Moschevikin, 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Domain Name System • HISTORY • File hosts (the size of Internet became more than 1000 hosts in 1984), manually update, errors, impossible to scale • DNS is also called BIND (Berkeley Internet Name Domain) • Distributed database (delegation to lower level) • DNS Translates Resource Records (RR) • hostnames to IP addresses • mail exchanger • host information • Name Servers hold the DNS data and know how to find the answer • Fully Qualified Domain Name (FQDN) - www.oreilly.com. • Each dot separates a subdomain • Each subdomain may have a Name Server associated with it • nslookup Rev. 1.01 / 12.12.2006 Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  2. Query of girigiri.gbrmpa.gov.au Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  3. DNS and OSI RM Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 APPLICATION DNS TCP IP Physical PRESENTATION SESSION TRANSPORT NETWORK DATA LINK PHYSICAL TCP/IP OSI/RM Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  4. Inverse query • Name-to-Address is easy procedure due to indexing by name field in database. • Address-to-Name (authorization checks, understanding logs) is not trivial: • to implement an exhaustive search or • to establish the whole domain in-addr.arpa with IP addresses noted in it (example: IP address 15.16.192.152 corresponds to 152.192.16.15.in-addr.arpa). Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  5. Database entities RFC 1035 AHost Address NSAuthoritative Nameserver CNAMECanonical Name SOAMarks Start of Zone of Authority PTRDomain Name Pointer (Reverse Host Record) HINFOHost Information MX Mail Exchange . . . Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  6. SOA record mydomain.com. IN SOA ns1.mydomain.com. root.mail.mydomain.com. (200201290124h2h4w4d) The first line indicates first the zone, then the type of record — Internet SOA — then the primary name server for the zone, and then a contact address for the zone. Note that the email address uses a period (dot) in place of the @, and that all of these domain names must end with a dot. updated serial number YYYYMMDDVV check updates by secondary NS retry after fail expire data if no update minimal TTL Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  7. NS, A, CNAME records NS (Name Server) records provide a list of name servers authoritative for the zone: mydomain.com. IN NS ns1.mydomain.com.mydomain.com. IN NS ns2.mydomain.com. The real data itself. mail.mydomain.com. IN A 192.168.40.32ns1.mydomain.com. IN A 192.168.40.33ns2.mydomain.com. IN A 192.168.40.34cheesebox.mydomain.com. IN A 192.168.148.44lester.mydomain.com. IN A 192.168.148.45 CNAME (Canonical name) records allow aliases. www.mydomain.com. IN CNAME mydomain.com. wwww.mydomain.com. IN CNAME mydomain.com. ww.mydomain.com. IN CNAME mydomain.com. cb.mydomain.com. IN CNAME cheesebox.mydomain.com. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  8. MX record • MX (Mail Exchange) records provide a list of mail servers that accepts e-mail for the specified domain. • Three parts: • domain name, • the name of the machine that will accept mail for the domain, • and a preference value (lowest is preferred). • Mailers look for MX records before A records - should define MX records for mail systems Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  9. Sample zone file @ IN SOA NS.Opusl.COM hostmaster.Opusl.COM. ( 1998102601 ; serial number (update) 43200 ; refresh 2x per day 7200 ; retry every 2 hour (if fail) 2592000 ; expire after 1 month 86400 ; TTL is 24 hours ;(minimum in cache) ) IN MX 10 Cello.Opusl.COM. IN MX 10 Viola.Opusl.COM. IN MX 15 Tennis.Opusl.COM. IN NS ns.Opusl.COM. IN NS Arizona.EDU. IN A 192.245.12.8 IN A 192.245.12.7 IN HINFO "DEC-VAXCLUSTER" "OPENVMS" ; WWW CNAME Cello.Opusl.COM. News IN A 192.245.12.8 Tennis IN TXT "Game, set and match" IN A 192.245.12.2 ; 100 Mbps line IN HINFO "DEC-VAXSTATION" "OPENVMS" IN MX 10 Mail.Opusl.COM. IN MX 20 Mail.TheRiver.COM. for secondary servers Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  10. Reverse mapping zone file ; Authoritative data for 130.139.in-addr.arpa ; @INSOAjatz.aarnet.edu.au. mit.jatz.aarnet.edu.au. ( 1993092001 ; Serial 10800 ;Refresh - 3 hours 1800 ; Retry - 30 minutes 3600000 ; Expire - 1000 hours 43200 ) ; Minimum - 12 hours INNS jatz.aarnet.edu.au. INNS anu.anu.edu.au. ; 4.204INPTR jatz.aarnet.edu.au. 8.204INPTR scotch-finger.aarnet.edu.au. 16.204INPTR nico.aarnet.edu.au. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  11. DNS message format (UDP 53) Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  12. RR portion of DNS response Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

  13. Problems with DNS • Inverse queries for local ISP. • DNS supports both TCP and UDP, but primarily uses UDP. TCP is slow and denial of service, UDP is vulnerable to response spoofing. • Lack of competition in domain name registering. • Confusion of trademarks and domains. • NS records contain hostnames, not addresses. Redundancy. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

More Related