1 / 69

The Domain Name Service

The Domain Name Service. The Internet’s directory service. Simple files for Names. simple files often provide name/address mappings On Microsoft OS machines HOSTS – Internet name <-> Internet addresses LMHOSTS – NetBIOS names <-> Internet addresses On Unix-like machines

giza
Download Presentation

The Domain Name Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Domain Name Service The Internet’s directory service

  2. Simple files for Names • simple files often provide name/address mappings • On Microsoft OS machines • HOSTS – Internet name <-> Internet addresses • LMHOSTS – NetBIOS names <-> Internet addresses • On Unix-like machines • /etc/hosts – Internet name <-> Internet addresses (sometimes a symbolic link to /etc/inet/hosts )

  3. What is the DNS? • Maps hostnames to IP addresses • Why do we need hostnames ? • Why can’t each machine simply have a list of hostnames and IP addresses ? • Hence no single computer has the whole database • It is a distributed database • Information is obtained from DNS servers • It is a client server architecture

  4. How is the DNS used? • Applications access the information in the DNS by way of resolver programs • gethostbyname() returns an IP address in repsonse to a query on a hostname • gethostbyaddr() returns a hostname in response to a query on an IP address • People access information by way of client programs • eg. nslookup or dig - run from the command line • Common implementation of DNS client and server programs is BIND (Berkeley Internet Domain Server) • Server is called named • The DNS defines a protocol (see RFC’s) that is used for communication between client and server

  5. The DNS name space • In 2000 ICANN (http://www.icann.org/tlds/) approved: .biz .info .name .pro .aero .coop .museum • See NOMINET - http://www.nic.uk/ Unnamed root ae uk zw net org int mil gov arpa edu com ac in- addr aber Node aber.ac.uk

  6. Who owns the names? • No one organisation • Authority is delegated • Network Information Centres (NICs) maintain different top-level domains • Eg. ICANN controls top level domains • NOMINET controls the .uk country domain • UKERNA controls the .ac.uk zone (sub-trees)

  7. Name servers and zone boundaries uk Aber Zone Primary name server dns0.aber.ac.uk Several domains ac aber Computer Science Zone Primary name server dns0.dcs.aber.ac.uk www inf dcs central stonkin legion

  8. How do clients know where the name servers are ? % more /etc/resolv.conf ; /etc/resolv.conf ; domain dcs.aber.ac.uk nameserver 193.60.15.253 nameserver 193.60.11.253 nameserver 193.60.10.253 % dig @dns0.aber.ac.uk dcs.aber.ac.uk NS ;; ANSWER SECTION: dcs.aber.ac.uk. 86400 IN NS dns1.dcs.aber.ac.uk. dcs.aber.ac.uk. 86400 IN NS dns0.dcs.aber.ac.uk. dcs.aber.ac.uk. 86400 IN NS dns0.aber.ac.uk. dcs.aber.ac.uk. 86400 IN NS dns0.bham.ac.uk. ;; ADDITIONAL SECTION: dns0.dcs.aber.ac.uk. 86400 IN A 193.60.11.253 dns0.aber.ac.uk. 86400 IN A 144.124.16.10 dns1.dcs.aber.ac.uk. 86400 IN A 193.60.10.253 Internal Only

  9. Serving Information • A name server can serve information from its own zone (authoritative information) • Can serve cached information from other zones (non authoritative) • Can query other name servers for information it does not hold itself

  10. Resolvers in use • If a resolver is passed a name that is not absolute or fully qualified it adds the local domain to it. • stonkin% ftp manuel dns0.dcs.aber.ac.uk name server Stonkin ftp manuel query response Manuel ftp server tcp connection to 193.60.10.9

  11. Querying another domain ftp server ftpservers’s Name server TCP connection Recursive requests to lower level name servers 7 4 ftp client 6 ftp client’s Name server 5 3 1 2 boot Top level domain name server root

  12. Recursive Search

  13. Putting IP addresses into DNS address space • The in-addr.arpa domain • Delegation propagated down through the tree – just like ordinary addresses • Problem: • saturn.dcs.aber.ac.uk. • 193.60.11.10 • Client programs need to reorder IP address. Eg. • 10.11.60.193.in-addr.arpa • Naming authorities also delegate within • in-addr.arpa

  14. The in-addr-arpa domain • Delegated in exactly the same way as the rest of the name space. • But IP address reversed so that most significant part is on right hand side • i.e. 193.60.11.10 becomes • 10.11.60.193.in-addr.arpa. In the DNS

  15. An Example

  16. An Example

  17. Location of Root Servers Stockholm (1,1) London (1,0) San Francisco Area (2,3) D.C Area (6,2) Amsterdam (0,1) Los Angeles Area (2,1) Tokyo (1,1) Hong Kong (0,1) Dallas (0,1) (x,y) where x is number of root servers, y is number of gTLD servers See also http://safle.org/cs35110/

  18. Anycast Anycast Diagrams Courtesy: Kevin Miller, Carnegie Mellon University

  19. Anycast in Action Routers D, E, F have route to 128.2.1.10 via unique address of server

  20. Anycast in Action Router A selects one best path (or equal cost multi path to D, E, F)

  21. Anycast in Action Client sends a packet, dest address 128.2.1.10

  22. Anycast in Action Server responds; source address is 128.2.1.10

  23. Anycast in Action Subsequent packets can arrive at different servers

  24. DNS & BIND • BIND – Berkeley Internet Name Domain • Originally written for BSD Unix 4.3 (by Kevin Dunlap) • Now maintained by Internet Systems (was Software) Consortium (ISC) • http://www.isc.org/products/BIND/ • a Domain Name System server (named) • a Domain Name System resolver library • tools for verifying the proper operation of the DNS server • Reference Book • DNS and BIND, Fifth Edition BY PAUL ALBITZ, CRICKET LIU. FIFTH EDITION  MAY 2006. O’Reilly. • ISBN 10: 0-596-10057-4 • http://www.oreilly.com/catalog/dns5/

  25. BIND Components • Server – named – typically /usr/sbin/named (or sometimes /usr/sbin/in.named ) • Client • implemented via a resolver library [we will not consider “C” programming access to the resolver] • Pre-made specific DNS clients, nslookup, dig • most Internet software uses the resolver library • We concentrate of configuration/maintenance of BIND based DNS servers

  26. Configuration Files • /etc/named.conf provides overall configuration for named • Datafiles normally in /var/named, e.g. db.193.61.210 db.127.0.0 db.cache • Often use other software to build the DNS datafiles from plain text files • Caching only servers, slave servers and master servers • My examples – Penglais School in the newer format as used by BIND 8 and BIND 9 • Note: On our Fedora based practical machines, named runs in a protected “chroot” environment and so its view of the filestore is changed and what it thinks is “/” is not really the “/” of the underlying system but instead is “/var/named/chroot” -- Why do we do this?

  27. Server Types • Caching only servers – help to share load • Primary (Master) Servers – contain the definitive underlying information needed to populate the DNS for the zones which have been delegated – authoritative • Secondary (Slave) servers – get information by zone transfer from associated master server – also authoritative • Forward-Only servers – always pass all queries onwards to another name server

  28. Caching only servers - /etc/named.conf options { directory "/var/named"; }; zone "0.0.127.IN-ADDR.ARPA" in { type master; file "db.127.0.0"; notify no; }; zone "." in { type hint; file "db.cache"; }; Identifying the location of the data files Providing information for the anonymous “localhost” 127.0.0.0 network Telling it how to find the root servers etc

  29. Typical master server also has lines such as following in /etc/named.conf zone "penglais.ceredigion.sch.uk" in { type master; file "db.penglais"; }; zone "210.61.193.IN-ADDR.ARPA" in { type master; file "db.193.61.210"; }; Identifying server as a master for penglais school’s name space and specifying location of the datafile Identifying server as a master for penglais school’s number space and specifying location of the datafile

  30. A typical slave server would have lines such as zone "penglais.ceredigion.sch.uk" in { type slave; masters { 193.61.210.253;} file "db.penglais"; }; zone "210.61.193.IN-ADDR.ARPA" in { type slave; masters { 193.61.210.253;} file "db.193.61.210"; }; Identifying server as a slave for penglais school’s name space, specifying the IP address of the master and specifying location of the datafile Identifying server as a slave for penglais school’s number space, specifying the IP address of the master and specifying location of the datafile

  31. BIND’s data files • Contain “resource records” • Variety of types… • SOA – start of authority • NS – location of valid name servers • A – address records, i.e. hostnames and IP addresses • PTR – pointer records, i.e. IP addresses and corresponding names • CNAME – for introducing aliases • MX – mail exchanger records • Other lines • $INCLUDE – to include data from other files • @ - current origin • . - the root • ; line contains comment from here on • ( - to allow information to cover multiple lines

  32. /var/named/db.penglais @ IN SOA dns0.penglais.ceredigion.sch.uk. dap.aber.ac.uk. ( 2001052901 ; serial number 300 ; refresh after this many seconds 3600 ; retry after this many seconds 604800 ; expire after this many seconds 86400 ; was minimum TTL (now negative caching TTL) ) IN NS dns0.penglais.ceredigion.sch.uk. IN NS dns0.dcs.aber.ac.uk. IN NS dns0.bham.ac.uk. localhost IN A 127.0.0.1 ra8s11 IN A 193.61.210.51 ra8s12 IN A 193.61.210.52

  33. /var/named/db.193.61.210- starts with SOA etc, then … 1.210.61.193.IN-ADDR.ARPA. IN PTR server.penglais.ceredigion.sch.uk. 2.210.61.193.IN-ADDR.ARPA. IN PTR print1.penglais.ceredigion.sch.uk. 3.210.61.193.IN-ADDR.ARPA. IN PTR print2.penglais.ceredigion.sch.uk. 4.210.61.193.IN-ADDR.ARPA. IN PTR rnib.penglais.ceredigion.sch.uk.

  34. /var/named/db.cache • Needs to be (reasonably) up to date • Normally acquired directly from ftp.rs.internic.net using ftp of a file called /domain/named.root . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET

  35. Maintaining BIND Data Files • Do it all manually … • Or Better – use a tool to help • h2n - a tool, written in perl, to convert simple plain text files to BIND format

  36. The Penglais h2n options file -y -o 300:3600:604800:86400 -d penglais.ceredigion.sch.uk -e dcs.aber.ac.uk -h dns0.penglais.ceredigion.sch.uk -M -s dns0.penglais.ceredigion.sch.uk -s dns0.dcs.aber.ac.uk -s dns1.dcs.aber.ac.uk -s dns0.aber.ac.uk -s dns0.bham.ac.uk -u dap@aber.ac.uk -z 193.61.210.253 -H /var/named/penglais/hosts.penglais -n 193.61.210 Calculate serial number from date Domain to build Domain to exclude Name of master server Build mail exchange (MX) records Names of all master and slave servers Mail contact for DNS manager IP master server for sec. named files File name of hosts file Number of domain for pointers

  37. Resolver - /etc/resolv.conf • Resolver needs to know where to go for DNS servers • Linux/Unix normally uses /etc/resolv.conf ; /etc/resolv.conf ; domain dcs.aber.ac.uk nameserver 193.60.11.253 nameserver 193.60.10.253 search penglais.ceredigion.sch.uk nameserver 193.61.210.253 nameserver 193.60.11.253 nameserver 193.60.10.253

  38. Traffic at the Root Servers • Brownlee, Claffy, Nemeth (2000) “DNS Damage – Measurements at a Root Server” CAIDA/IETF • Measurements at the F Root Server • 10% of all queries from rfc 1918 private address space or reverse lookups of the same • 14% of all queries malformed A queries (looking for the host called 123.231.231.192, not a PTR) • Most of these from a bug in Windows 2000 fixed in service pack 2 – still a big problem • 20% of all queries in a bogus TLD (14% above plus 6% looking for e.g. myhost.msft) • 1.5% of all queries are for Microsoft Document System Names – msdc • 30% of all queries repeated more than once per minute!

  39. Traffic at the Root Servers • Microsoft Windows 2000/XP machines try to register with dynamic DNS by default • Misconfigured name servers or clients pass these requests up to the TLDs • Never appropriate for a client to update a TLD! • On failure, MS machines attempt an authenticated update and finally a UDP update! • Windows 2000 also does not query one source at a time as per RFC, and may flood a network with parallel queries asking the same question

  40. What are directories? • Databases optimised for lookups • Only updated occasionally relative to number of reads/searches • Searches supported on various criteria • Entries have attributes which have values

  41. Selecting a naming/directory service • Normally done via /etc/nsswitch.conf • Allows choice between • plain files • DNS • NIS and NIS+ • LDAP • And a few other choices • printers, hostnames, users/passwords, etc • Sometimes need to add a + into files such as /etc/passwd before the NIS maps are used.

  42. Example /etc/nsswitch.conf # # /etc/nsswitch.conf # # Example: passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis hosts: files nisplus nis dns ethers: files netmasks: files networks: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus

  43. NIS – Network Information Service • Originally from Sun in the 1980s, now used by many others • Coordinated administrative database to support management of multiple computers within a domain • Originally Sun Yellow Pages (YP), name changed because of legal reasons • Most commands still start with letters YP • [Sun now have NIS+, but not caught on with other vendors]

  44. Typical NIS Information • usernames / passwords • hostnames • groups and their membership • netgroups • mail aliases • Services • All this information stored in a set of “maps”

  45. How NIS Works • Each NIS domain has a “domainname” • Master Servers – maintain maps, distribute when required and answer queries from clients • Slave Servers – acquire information from masters and answer queries • Clients, interact with servers to access values associated with keys in the NIS maps

  46. How NIS Maps are stored • NIS raw data files are converted into simple database files using a hashing library (normally dbm, gdbm, ndbm) • Each data base file can only be searched on the basis of a single key • Some system information, e.g. password information may result in several NIS map files • e.g. passwd.byname and also passwd.byuid • Each individual map uses two files in the filestore

  47. How NIS Maps are stored • For a NIS domain “myworld” files would normally be stored in /var/yp/myworld • Each individual map stored as two files by the dbm in the filestore • e.g. passwd.byuid is stored as /var/yp/myworld/passwd.byuid.pag • and also /var/yp/myworld/ passwd.byuid.dir

  48. Typical map names passwd.byuid passwd.byname group.bygid group.byname protocols.bynumber protocols.byname rpc.bynumber rpc.byname hosts.byaddr hosts.byname mail.aliases netid.byname services.byname netgroup.byhost netgroup.byuser

  49. NIS Commands – Server side • domainname – to set the name of the NIS domain • ypserv – master or slave server itself • ypxfr – run by slave servers to recover maps from master servers • ypxfrd – run by master server to answer ypxfr requests from slaves • yppush – run on a server to tell slaves they need to execute ypxfr

  50. NIS Commands – Server Setup • ypinit – initialize server as master or slave • ypmake or makedbm – rebuild NIS maps • Often set up by running “make” in /var/yp where a Makefile is located • /etc/ypserv.conf can supply configuration information for ypserv • NISDOMAIN variable sometimes specified by a command in /etc/sysconfig/network e.g. on some Linux distributions

More Related