1 / 24

DNS, SNMP

DNS, SNMP . Yi-Neng Lin. Domain Name Service (DNS). Domain hierarchy and name service Zones and name servers Name resolution Zone data files and resource records Open source: BIND. Domain Hierarchy and Name Service . Why hierarchical domain structure Ease of management

tex
Download Presentation

DNS, SNMP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS, SNMP Yi-Neng Lin Copyright Reserved 2001

  2. Domain Name Service (DNS) • Domain hierarchy and name service • Zones and name servers • Name resolution • Zone data files and resource records • Open source: BIND Copyright Reserved 2001

  3. Domain Hierarchy and Name Service • Why hierarchical domain structure • Ease of management • Efficient in communication between two hosts • Why name service • Locate one another in the internet • A domain name is easier to remember than an IP • IP-based Internet • Domain names <-> IP: one-to-many or many-to-one • Analogy: Address <-> phone number • Perform lookups between IP’s and domain names (forward and inverse resolution) Copyright Reserved 2001

  4. Domain Hierarchy and Name Service (cont) root tw edu com uk org com edu nthu ntu nctu csie cis ee cis.nctu.edu.tw Copyright Reserved 2001

  5. Zones and Name Servers • Difference between a zone and a domain • Name servers manage their own zones • A zone may be a subset of a domain under heavy load • Hierarchical distributed database • Master and slave name servers • Availability and load balance Copyright Reserved 2001

  6. Zones and Name Servers (cont) 1. Redundancy for heavy load 2. Availability achieved 3. Utilize the zone data A large domain master slave master (A) | slave (B) db of A and B db of A db of B db: zone data file zone B zone A Copyright Reserved 2001

  7. Zone Data Files and Resource Records • Data files for resolving hosts of authoritative zones • RR’s in a zone data file describe all the hosts within that zone • Five major types of RR: “SOA”, “NS”, “A”, “PTR”, “CNAME” Copyright Reserved 2001

  8. Example RR • SOA (Start Of Authority) • Specify a best name server to be authoritative (master) for a zone • Ex: cis.nctu.edu.tw IN SOA cisserv.cis.nctu.edu.tw • Options for refresh, retry, expire ..etc are supported • NS (Name Server) • Specify name servers in a zone • Ex: cis.nctu.edu.tw IN NS cisserv.cis.nctu.edu.tw • A (Address and alias) • Map names to addresses, create aliases • Ex: linux.cis.nctu.edu.tw IN A 140.113.168.127 linux.cis.nctu.edu.tw IN A 140.113.207.127 Copyright Reserved 2001

  9. Example RR (cont) • CNAME (Canonical Name) • Create name-to-name alias • Ex: www.cis.nctu.edu.tw IN CNAME cache.cis.nctu.edu.tw • A (Address and alias) • Map names to addresses, create aliases • Ex: linux.cis.nctu.edu.tw IN A 140.113.168.127 linux.cis.nctu.edu.tw IN A 140.113.207.127 • PTR (Pointer) • Map addresses to names (canonical name only) • Ex: 140.113.23.1 IN PTR cisserv.cis.nctu.edu.tw Copyright Reserved 2001

  10. Name Resolution • Forward query • Recursive • Iterative (generally adopted) • Inverse query • Caching for speeding up the lookup process Copyright Reserved 2001

  11. Name Resolution (Iterative) 1 root name server 2 query for “ns1.nctu.edu.tw” client (resolver) 3 local name server ‘tw’ name server 4 www.resolver.net 5 ‘edu.tw’ name server 6 7 8 ‘nctu.edu.tw’ name server other name servers Copyright Reserved 2001

  12. Simple Network Management Protocol (SNMP) • Background • Architectural framework • MIB • SMI • SNMP, SNMPv2, SNMPv3 • Open source: NET-SNMP Copyright Reserved 2001

  13. Background • Remote control without attaching to managed entities of all physical networks • Exchange management information between network devices • Small tools: ping, traceroute, netstate..etc (base on ICMP) • Short history Copyright Reserved 2001

  14. Architectural Framework • Management station • Agent • Managed device • Managed object (specified in MIB) • Management protocols management station trap or response SNMP poll or request agent & managed device in one machine master agent MIB Possible protocol to use • SNMP proxy agent • SMUX • AgentX subagent (managed device ) MIB MIB MIB SMUX or AgentX Copyright Reserved 2001

  15. Management Information Base (MIB) • A group of objects that describe an SNMP manageable entity • Hierarchical object groups – MIB-II (RFC 1213) Copyright Reserved 2001

  16. MIB-II iso (1) …. org (3) …. …. dod (6) …. internet (1) private (4) experimental (3) …. mgmt (2) …. directory (1) MIB-II within hierarchical object groups mib-II (1) snmp (11) transmission (10) egp (8) udp (7) tcp (6) icmp (5) ip (4) at (3) interface (2) system (1) OBJECT IDENTIFIER: 1.3.6.1.2.1.3 Copyright Reserved 2001

  17. Structure of Management Information (SMI) • Define the structure of a particular MIB • Places restrictions on the types of the objects allowed in the MIB • Abstract Syntax Notation one (ASN.1) • Exchange of information between application components in different systems • Encode the object values (by Basic Encoding Rule) • Define the way data is represented during transmission Copyright Reserved 2001

  18. SMI (part of the one defined in RFC1155) RFC1155-SMI DEFINITIONS ::= BEGIN EXPORTS – EVERYTHING internet, directory, mgmt, experimental, private, enterprises, OBJECT-TYPE, ObjectName, ObjectSyntax, SimpleSyntax, ApplicationSyntax, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks, Opaque; -- the path to the root internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 } directory OBJECT IDENTIFIER ::= { internet 1 } mgmt OBJECT IDENTIFIER ::= { internet 2 } experimental OBJECT IDENTIFIER ::= { internet 3 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 } -- definition of object types OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) "ACCESS" Access "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" | "read-write" | "write-only" | "not-accessible" Status ::= "mandatory" | "optional" | "obsolete" END -- names of objects in the MIB ObjectName ::= OBJECT IDENTIFIER -- syntax of objects in the MIB ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax } SimpleSyntax ::= CHOICE { number INTEGER, string OCTET STRING, object OBJECT IDENTIFIER, empty NULL } Copyright Reserved 2001

  19. SMIv2 (part of the one defined in RFC2578) SNMPv2-SMI DEFINITIONS ::= BEGIN -- the path to the root org OBJECT IDENTIFIER ::= { iso 3 } -- "iso" = 1 dod OBJECT IDENTIFIER ::= { org 6 } internet OBJECT IDENTIFIER ::= { dod 1 } directory OBJECT IDENTIFIER ::= { internet 1 } mgmt OBJECT IDENTIFIER ::= { internet 2 } mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } transmission OBJECT IDENTIFIER ::= { mib-2 10 } experimental OBJECT IDENTIFIER ::= { internet 3 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 } security OBJECT IDENTIFIER ::= { internet 5 } snmpV2 OBJECT IDENTIFIER ::= { internet 6 } -- transport domains snmpDomains OBJECT IDENTIFIER ::= { snmpV2 1 } -- transport proxiessnmpProxys OBJECT IDENTIFIER ::= { snmpV2 2 } -- module identities snmpModules OBJECT IDENTIFIER ::= { snmpV2 3 } -- Extended UTCTime, to allow dates with four-digit years (Note that this definition of ExtUTCTime is not to be IMPORTed by MIB modules.) ExtUTCTime ::= OCTET STRING(SIZE(11 | 13)) -- format is YYMMDDHHMMZ or YYYYMMDDHHMMZMcCloghrie, et al. -- definitions for information modules MODULE-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "LAST-UPDATED" value(Update ExtUTCTime) "ORGANIZATION" Text "CONTACT-INFO" Text "DESCRIPTION" Text RevisionPart Copyright Reserved 2001

  20. SMIv2 (part of the one defined in RFC2578) VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) RevisionPart ::= Revisions | empty Revisions ::= Revision | Revisions Revision Revision ::= "REVISION" value(Update ExtUTCTime) "DESCRIPTION" Text -- a character string as defined in section 3.1.1 Text ::= value(IA5String) END OBJECT-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END -- names of objects (Note that these definitions of ObjectName and NotificationName are not to be IMPORTed by MIB modules.) ObjectName ::= OBJECT IDENTIFIER NotificationName ::= OBJECT IDENTIFIER -- syntax of objects the "base types" defined here are: 3 built-in ASN.1 types: INTEGER, OCTET STRING, OBJECT IDENTIFIER 8 application-defined types: Integer32, IpAddress, Counter32, Gauge32, Unsigned32, TimeTicks, Opaque, and Counter64 ObjectSyntax ::= CHOICE { simple SimpleSyntax, -- note that SEQUENCEs for conceptual tables and -- rows are not mentioned here... application-wide ApplicationSyntax} -- built-in ASN.1 types SimpleSyntax ::= CHOICE { -- INTEGERs with a more restrictive range may also be used integer-value INTEGER (-2147483648..2147483647), string-value OCTET STRING (SIZE (0..65535)), objectID-value OBJECT IDENTIFIER} Integer32 ::= INTEGER (-2147483648..2147483647) Copyright Reserved 2001

  21. Address Translation Group (in MIB-II) atIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS deprecated DESCRIPTION “…” ::= { atEntry 1 } atPhysAddress OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS deprecated DESCRIPTION “…" ::= { atEntry 2 } atNetAddress OBJECT-TYPE SYNTAX NetworkAddress ACCESS read-write STATUS deprecated DESCRIPTION “…" ::= { atEntry 3 } atTable OBJECT-TYPE SYNTAX SEQUENCE OF AtEntry ACCESS not-accessible STATUS deprecated DESCRIPTION “..." ::= { at 1 } atEntry OBJECT-TYPE SYNTAX AtEntry ACCESS not-accessible STATUS deprecated DESCRIPTION “..." INDEX { atIfIndex, atNetAddress } ::= { atTable 1 } AtEntry ::= SEQUENCE { atIfIndex INTEGER, atPhysAddress PhysAddress, atNetAddress NetworkAddress } Copyright Reserved 2001

  22. SNMP, SNMPv2, SNMPv3 Basic operators in SNMP *PDU: Basic data unit in SNMP operations Copyright Reserved 2001

  23. An SNMP entity and its component (RFC 2271) SNMP entity SNMP engine message processing subsystem access control subsystem security subsystem dispatcher Application(s) command generator notification receiver proxy forwarder command responder notification originator other Copyright Reserved 2001

  24. Comparisons between three SNMP Versions Copyright Reserved 2001

More Related