1 / 38

Basic DNS Course

Basic DNS Course. Lecturer: Ron Aitchison. Module 1. DNS Theory. Objectives. Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries.

berne
Download Presentation

Basic DNS Course

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic DNS Course Lecturer: Ron Aitchison

  2. Module 1 DNS Theory

  3. Objectives • Function of Name Servers • Names Servers play critical role • DNS Hierarchy (root, TLDs, Users) • DNS Delegation and Authority • DNS Operational Structure • DNS Servers and Resolvers • DNS Master and Slaves • DNS Queries

  4. Name Server Function The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.

  5. Why not use an address? • Names are easier to remember (google.com vs 206.23.9.4)‏ • Multiple addressing schemes can be used (IPv4 and IPv6)‏ • We can relocate the resource without affecting the user's view of the network • We can duplicate the resource for resilience

  6. History of Name Servers • Historically used files to name local devices • 1974'ish IBM's SNA contained name translation capabilities • 1978 Open system Interconnect (OSI) Model – Name/Address Translation (L4)‏ • 1984 NetBIOS Name Server -> WINS • 1981 – 1987 RFC 1034/1034 DNS

  7. Name Server becomes Critical • No Name Server = no network access • Resilience • Performance • Number of Names • LANS – 10s ->1,000s of addresses • WANs (Internet) 1,000s -> millions • Frequency of Change

  8. Domain Name System (DNS)‏ • Multiple Name Servers • Performance • Resilience • Hierarchy of names (Domains)‏ • volume of names • frequency of changes • performance

  9. DNS Name Hierarchy • Organized into tree hierarchy • Top of the tree is called the root • Each branch is called a Domain • Any number of branches or levels • Top Level Domain (TLD), Second Level Domain (SLD)‏ • Responsibility for Domain is Delegated • Each Level is Authoritative

  10. DNS Hierarchy Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.

  11. DNS Domain Name • Typical user domain name • Each level is separated by dots • Highest level is on the right • Authority controls everything to the left • left of example.com in above case • Authority may delegate www.example.com

  12. DNS Name Hierarchy root Delegation TLDs .arpa .com .us Authoritative

  13. DNS TLD's • gTLDs (generic Top Level Domains)‏ • .com, .net, .org, .mil, .edu, .int, etc. • Some are open • .com, .net, .org • Some restricted • .mil, .edu, .int • Since 2004 sTLDs • Sponsored • .coop, .museum, .aero, .travel, .jobs, .mobi, .cat, .tel, .asia • Generic • .info, .biz, .pro, .name • Since 2011 • auction (essentially no limits only $)

  14. DNS TLDs • ccTLDs (country code)‏ • .us, .ca, .uk etc. • Defined by ISO 3166 • .arpa (technically a gTLD)‏ • ICANN (IANA) use only • specialized uses

  15. DNS – Some Terminology • TLD • Top Level Domain • SLD • Second Level Domain • Can be used to refer to a user domain • Confusing since in many countries the user domain is the third level (TLD!)

  16. DNS Name Hierarchy TLDs SLDs/ User

  17. Delegation and Authority • Owner is authoritative at level • Owner may do anything to left of name • Owner may delegate

  18. DNS Domain Name • .com is gTLD • example is user domain name • who chose www? • what is www? www.example.com

  19. DNS Domain Name www.example.com.

  20. DNS Domain Name • With the ending dot • Fully Qualified Domain Name (FQDN)‏ • unambiguously defines a name to the root • the dot (.) is the root and is normally silent www.example.com.

  21. Domain Names • www.example.md.us • www.guardian.co.uk • www.bancobrasil.com.br • ftp.example.org • www.nashville.tn.us • www.br.example.net • www.un.int

  22. Module 1 DNS Operations and Protocol

  23. DNS - Operations/Protocol • Authoritative DNS at every level in name hierarchy • DNS is interrogated using queries • Port 53 • UDP (mostly)‏ • 512 byte blocks (EDNS0 64K) • Other Operations • TCP on port 53

  24. DNS - Operations

  25. DNS Operations www.example.com root DNS Servers Query Referral Query TLD DNS Servers Referral Query user DNS Servers (example.com)‏ Answer Queries

  26. DNS Operations • Authoritative Name Server at every level in domain name • Name lookup asks (Queries) each level in hierarchy • If Name Server not authoritative it returns a referral to next level • If Name Server authoritative it returns an answer

  27. DNS - Operations • 13 root servers • a.root-servers.net – m.root-servers.net • gTLD/ccTLD servers – variable • .com = 12 • .net = 12 • .org = 6 • User servers – variable • 2 minimum (Microsoft 5, Google 4)‏

  28. DNS Operations www.example.com root DNS Servers caching DNS Server Queries TLD DNS Servers Resolver user DNS Servers (example.com)‏

  29. DNS Servers and Resolvers • DNS (name) servers are: • Authoritative • Caching • Combinations • Resolvers are: • Never Authoritative • Full – Function (follows referrals)‏ • Stub-Resolver (cannot follow referrals)‏ • Caching Stub-Resolver

  30. Authoritative DNS • May be a Master or Slave • Sometimes called Primary and Secondary • Responds authoritatively to a query for the complete address • example.com authoritative server will respond to www.example.com

  31. DNS – Master and Slave

  32. DNS - Master and Slave • Master reads zone file from local storage • Slave reads via network from Master • Both Master and Slave are Authoritative • May be one or more Slaves • May be no slaves (multiple Masters) • May be no visible masters (hidden Master)‏

  33. DNS – Zone Transfers • Passive – Slave Initiated • Slave reads zone record (SOA) periodically • Full Transfer (AXFR)‏ • Incremental Transfer (IXFR)‏ • Uses TCP on port 53 • Active - Master sends NOTIFY • Slave reads SOA on receipt of NOTIFY • AXFR or IXFR • Speeds up zone change propagation to slaves

  34. DNS Zone Transfer

  35. DNS Queries • Recursive Queries • requested server will provide answer • Optional • Iterative (non-recursive) Queries • Server will provide answer if available • Else sends referral • Mandatory

  36. DNS Recursive/Iterative Queries

  37. DNS - Queries • Locally configured DNS (properties) will always point to a recursive (caching) name server • PC have stub-resolvers (cannot follow referrals)‏ • Windows have caching resolver • stub-resolver • cache for performance

  38. Quick Quiz • Who controls the domain name space? • What is www.ny.us.example.com.br? • How many DNS servers may be involved in the above? • One method to speed up name changes? • Will an iterative query give me answer? • What type of resolver is on your PC?

More Related