Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
|
|
- Alan Taylor
- 5 years ago
- Views:
Transcription
1 Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.20, 2011/09/26 13:56:09) Tuesday, September 13, 2011 A short history of DNS Root servers Basic concepts Delegation Wildcards Lookups DNS on the wire Limitations and extras DNS and BIND Short history of DNS (1) DNS (Domain Name System) concepts theory BIND (Berkeley Internet Name Domain) implementation Other implementations: djbdns (TinyDNS), PowerDNS, NSD,... practice December 1973 HOSTS.TXT (RFC 606) November 1983 DNS invented (RFC 882) October 1984 TLDs defined (RFC 920)
2 Short history of DNS (2) Short history of DNS (3) October 1984 gtlds established.arpa ( temporary ).GOV,.EDU,.COM,.MIL,.ORG January 1985 SRI runs DNS service SRI-NIC, in cooperation with IANA.NET (forgotten in RFC 920) July 1985 cctlds established.us (February 15, 1985).UK,.GB (July 24, 1985).AU (March 5, 1986).NL (April 25, 1986).JP (August 5, 1986) Short history of DNS (4) Short history of DNS (5) November 1987 DNS Specification STD 13, RFC 1034, RFC 1035 November 1988.INT domain established May 1991 DISA (Defense Information Systems Agency) transfers the DDN (Defense Data Network) NIC contract from SRI International to Government Systems Inc. (GSI) April 1993 InterNIC starts, initiated by NSF and operated by NSI (Network Solutions Inc.) and AT&T June 1994 Commercial use becomes dominant September 1995 Charging for domain name registration starts
3 Short history of DNS (6) Short history of DNS (7) 1997 Start planning for competition On July 1, 1997, as part of the Administration s Framework for Global Electronic Commerce, the President directed the Secretary of Commerce to privatize the management of the domain name system (DNS) in a manner that increases competition and facilitates international participation in its management. Source: MoU (Memorandum of Understanding; November 1998) 1 November 1998 Start of ICANN Internet Corporation for Assigned Numbers and Names Responsibilities IP address assignment, via ASO Address Supporting Organization Internet domain names, via GNSO and ccnso Generic Names Supporting Organization Country Code Names Supporting Organization Protocol parameters and port numbers, supported by IANA Internet Assigned Numbers Authority 1 Also see RFC 2860 (June 2000) DNS structure Root servers Hierarchical tree its root is unnamed ( unlabeled ) in fact the root uses the empty label : Top Level Domains (TLDs) generic TLDs (gtlds) country code TLDs (cctlds) Distributed database Status in 2001, according to ICANN official Michael Roberts 13 root servers Most of them located in the US (10) Nowadays there is a complete infrastructure with both global and local servers
4 Root servers map Root server list (part 1) Name Org Where Globals Locals A Verisign Los Angeles, CA, US 6 0 B USC-ISI Marina del Rey, CA, US 0 1 C Cogent Communications Herndon, VA, US 6 0 D University of Maryland College Park, MD, US 1 0 E NASA (Ames) Mountain View, CA, US 1 0 F ISC (Internet Software Consortium) Palo Alto, CA, US 2 47 G US DOD NIC Columbus, OH, US 6 0 Map provided by ICANN Root server list (part 2) Anycast Name Org Where Globals Locals H US Army Research Lab (ARL) Aberdeen, MD, US 2 0 I Autonomica (NORDUnet) Stockholm, SE 38 0 J Verisign Dulles, VA, US 64 6 K RIPE NCC London, UK 5 13 L ICANN Los Angeles, CA, US 50 0 M WIDE Tokyo, JP 5 1 Overloading of IP address Route to nearest instance (BGP metric) Global or local significance Live data for k root can be found at Source: (retrieved )
5 k root server presence (2006 snapshot) Global and local root server presence (2006 snapshot) Source: RIPE NCC Source: Anycasted root servers map DNS concepts Domain Name Space (Domain Name Tree) Resource Records Name Servers Resolvers Map (2007) provided by Patrik Fältström
6 Domain names To slash or not to slash Nodes (internal and leaf) have a label root label is empty: (not ) non-root labels must be non-empty labels are 0-63 octets long the root label is the only one with length 0 A domain name is a sequence of labels separated by. (dot) specifying the complete path to the root and ending in the (empty) root label A domain is a domain name together with all domain names below it Compare domain names to pathnames in a filesystem Labels (filenames) separated by / (slash). Absolute versus relative pathnames To dot or not to dot Resource Records (RR s) Absolute domain (FQDN) mail.serv.os3.nl. Relative domain mail mail.serv machine.cs can (could?) give problems Why? owner (domain name) ttl (time to live (in cache)) class (IN, CH, HS) Only IN actively used type (A, AAAA, CNAME, DNAME, MX, NS, PTR, SOA, SRV,... ) resource data (depends on type) BIND syntax owner [ttl] [class] type data ttl and class are optional and default to $TTL and IN
7 A record AAAA record An A record (address record) translates a domain name to an IPv4 address mail.serv.os3.nl Multihomed hosts have several A records Routers may have multiple A records Example (assuming the $ORIGIN is os3.nl.) mail.serv IN A AAAA are sometimes called quad-a records A quad-a record translates a domain name to an IPv6 address mail.serv.os3.nl. 2001:610:158:960::25 Many hosts have multiple AAAA records It is quite normal in IPv6 to belong to multiple subnets Example (assuming the $ORIGIN is os3.nl.) mail.serv IN AAAA 2001:610:158:960::25 Example of multiple A records CNAME record router.phil.uu.nl. CNAME frege.phil.uu.nl. frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A frege.phil.uu.nl. A in-addr.arpa. PTR frege.shrapnel.phil.uu.nl. A CNAME (canonical name) record defines an alias info4u.os3.nl. No other RR s are allowed Does not work for subdomains DNAME record proposed for that Example (assuming the $ORIGIN is os3.nl.) www IN CNAME info4u
8 DNAME record MX record A DNAME is used for non-terminal DNS Name Redirection Allows other RR types at the same owner except CNAME, DNAME Synthesizes CNAME records for clients who do not ascertain their understanding of DNAME semantics Processed before wildcards Also called Delegation Name because of its use instead of NS records in certain cases Example (assuming the $ORIGIN is nl.) ruu IN DNAME uu MX (Mail exchanger) record defines for a domain mail servers for that domain and the order of their preference lower precedence is preferred MX must not point to a CNAME Example (assuming the $ORIGIN is IN MX 0 mail.serv NS record PTR record NS (Name Server) record defines a cut (zone) Must list at least two name servers Makes DNS distributed Delegates responsibility NS record must not point to a CNAME Example (assuming the $ORIGIN is IN NS ns1 A PTR (pointer) record literally points to an arbitrary point in the DNS tree Mostly used for reverse lookup mail.serv.os3.nl. But lookup works via in-addr.arpa in-addr.arpa. Example (assuming the $ORIGIN is os3.nl.) in-addr.arpa. IN PTR mail.serv
9 SOA record Numerical SOA params (recommended values) An SOA (Start Of Authority) record administrates important zone parameters hostname of master server ns1.os3.nl. address (in dot form) of responsible person hostmaster.os3.nl. numerical parameters Time values are given in seconds The SOA record itself can have a low TTL (for instance 3600 = 1 hour) Serial (YYYYMMDDnn) Refresh (86400 = 1 day) Retry (7200 = 2 hours) Expire ( = 1000 hours 40 days) Minimum ( = 2 days, but... ) Numerical SOA params (OS3 example) SOA example These values are quite low (during IP migration) Serial ( ) Refresh (3600 = 1 hour) Retry (1800 = 30 minutes) Expire (21600 = 6 hours) Minimum (3600 = 1 hour, but... ) os3.nl. IN SOA ns1.os3.nl. hostmaster.os3.nl. ( ;serial (version) 3600 ;refresh period (1 hour) 1800 ;retry interval (30 minutes) ;expire time (6 hours) 3600 ;"minimum" (1 hour) )
10 Minimum SRV record Different interpretations Minimal TTL allowed (never used this way) Default TTL, if TTL not specified (BIND 8) TTL for caching negative replies (BIND 9) BIND 9 uses global $TTL for default TTL A SRV (service) record specifies the location of the services that a domain supports The format for the information about a certain domain Name uses _Service._Proto.Name as the owner domain name Priority Weight Port Target as its resource data It is a typical generator of empty non-terminals Like _Proto.Name in the above case Example _sip._tcp.example.com. IN SRV sip.example.com. Resource Record sets (RRsets) Name servers and zones An RRset is a grouping of a set of RR s with the same owner, class and type All RR s in an RRset must have the same TTL DNSSEC signs complete RRsets with RRSIG RR s Which might make the RRSIG RR an exception to the TTL rule :) But in fact the DNSSEC specification tells us they do not form a resource record set at all (RFC 4035, section 2.2) Zones are created by cuts (delegations) Cuts are defined by NS records inside parent zone non-authoritative by definition Glue A records sometimes needed When name servers for the delegation are in bailiwick Or in the more general case when name servers have circular dependencies and create bailiwick loops
11 Bootstrap issues Name server types Hint file for root RR s Glue for child zones Glue NS records (stub server) Glue A records (for servers inside the child zone) Glue data is not authoritative unless the parent is also a slave server Non-authoritative data should be replaced by authoritative data as soon as that becomes available Master (primary) Slave (secondary) Stub (limited secondary) Stealth (secondary that is not listed) Caching-only (never authoritative) Forward-only (using forwarders ) Wildcards (1) Wildcards (2) From RFC 1034, section The contents of the wildcard RRs follows the usual rules and formats for RRs. The wildcards in the zone have an owner name that controls the query names they will match. The owner name of the wildcard RRs is of the form "*.<anydomain>", where <anydomain> is any domain name. <anydomain> should not contain other * labels, and should be in the authoritative data of the zone. The wildcards potentially apply to descendants of <anydomain>, but not to <anydomain> itself. Another way to look at this is that the "*" label always matches at least one whole label and sometimes more, but always whole labels. From RFC 1034, section Wildcard RRs do not apply: When the query is in another zone. That is, delegation cancels the wildcard defaults. When the query name or a name between the wildcard domain and the query name is know to exist. For example, if a wildcard RR has an owner name of "*.X", and the zone also contains RRs attached to B.X, the wildcards would apply to queries for name Z.X (presuming there is no explicit information for Z.X), but not to B.X, A.B.X, or X.
12 Wildcard synthesis in query matching algorithm Problems with wildcards in RFC 1034 From RFC 1034, section 4.3.2, algorithm step 3.c If at some label, a match is impossible (i.e., the corresponding label does not exist), look to see if a the "*" label exists. If the "*" label does not exist, check whether the name we are looking for is the original QNAME in the query or a name we have followed due to a CNAME. If the name is original, set an authoritative name error in the response and exit. Otherwise just exit. If the "*" label does exist, match RRs at that node against QTYPE. If any match, copy them into the answer section, but set the owner of the RR to be QNAME, and not the node with the "*" label. Go to step 6. Notions are intuitive, not well-defined When does a domain name exist? How does matching work exactly? What about empty non-terminals? RFC 4592 tries to clarify all of this Defines existence of a domain name Defines asterisk label and wildcard domain name Defines source of synthesis and closest encloser Wildcard supporting definitions RFC 4592 example Definitions A domain name exists if itself or any of its descendants has at least one RR In particular empty non-terminals exist An asterisk label is a label of length 1 containing as only octet the ASCII equivalent of * A wildcard domain name is a domain name with an asterisk label as its leftmost label The closest encloser of a query name is the longest matching ancestor that exists The source of synthesis of a query name is the domain name *.<closest encloser> (if it exists) $ORIGIN example. example IN SOA <SOA RDATA> example NS ns.example.com. example NS ns.example.net. *.example TXT "this is a wildcard" *.example MX 10 host1.example. sub.*.example TXT "... not a wildcard" host1.example A _ssh._tcp.host1.example SRV <SRV RDATA> _ssh._tcp.host2.example SRV <SRV RDATA> subdel.example NS ns.example.com. subdel.example NS ns.example.net.
13 RFC 4592 example tree RFC 4592 example queries * TXT, MX sub TXT example host1 A _tcp SOA, NS host2 _tcp subdel NS QNAME QTYPE synthesized? result host3.example. MX yes non-empty host3.example. A yes empty foo.bar.example. TXT yes non-empty host1.example. MX no empty sub.*.example. MX no empty _telnet._tcp.host1.example. SRV no no such domain host.subdel.example. A no referral ghost.*.example. MX no no such domain _ssh SRV _ssh SRV Recursion and iteration Resolver Recursive behaviour Server follows referrals itself and Often doesn t have authoritative data at all (almost) Usually builds up a cache Iterative behaviour Server answers with authoritative data or Server passes referrals back to clients Often only has authoritative data and no cache Library doing domain name lookup Uses /etc/resolv.conf Contacts a recursive nameserver Does not follow referrals itself
14 Caching Common mistakes Necessary for performance Negative caching adds more functionality See RFC 2308 Lots of subtleties See RFC 1912 and also RFCs 2181 and 4697 Using CNAME s in MX and NS records Forgetting the final. Lame delegation Lack of human coordination DNS Message packet format DNS packet header Header section Question section Answer section Authority section Additional section ID Flags QDCOUNT ANCOUNT NSCOUNT ARCOUNT
15 DNS header fields ID Flags QDCOUNT ANCOUNT NSCOUNT ARCOUNT Transaction Identifier See next slide Number of questions Number of answers Number of authority records Number of additional records DNS header flags Bit(s) Mnemonic Meaning 0 QR Query(0) or Response(1) 1-4 OPCODE Kind of Query 5 AA Authoritative Answer 6 TC TrunCation or Truncated Response 7 RD Recursion Desired 8 RA Recursion Available 9 - Reserved 10 AD Authentic Data (DNSSEC) 11 CD Checking Disabled (DNSSEC) RCODE Result Code DNS result codes DNS opcodes 0 Query Standard query 1 IQuery Inverse Query (obsolete) 2 Status Status query (not standardized) 4 Notify Change of master data 5 Update Dynamic update Value Mnemonic Meaning 0 NoError No Error 1 FormErr Format Error 2 ServFail Server Failure 3 NXDomain Non-eXistent Domain 4 NotImp Not Implemented 5 Refused Query Refused Related to dynamic updates Not assigned Extended result codes (EDNS0)
16 Queries Label types In most cases QDCOUNT is 1 Query consists of QNAME (sequence of labels, coded with length/value) QTYPE (2 bytes) QCLASS (2 bytes, almost always IN (==1)) First two bits of the length byte denote the label type A label length may not exceed 63 octets (6 bits needed) 00: Normal label length 11: Compressed label: 6+8 bits used as pointer 01: Extended label type (EDNS0) : Binary labels (for use with IPv6 PTR types) Answers, Authorities and Additionals (1) Answers, Authorities and Additionals (2) Each of these are a list of resource records NAME, TYPE, CLASS (as in queries) TTL (4 bytes) RDLENGTH (2 bytes) RDATA (RDLENGTH bytes) Answers Answers the question(s) Special treatment of CNAME s Authorities Adds NS records as referral information Additionals Courtesy information Dangerous... if accepted too easily, especially if the information is not related to the question
17 DNS limitations Message Authentication DNS is usually based on UDP RFC 1035 maximum size is 512 bytes of DNS content Option to use TCP was present from the start but was not recommended for ordinary use DNS has weak security DNS packets can easily be spoofed Initially no support for message authentication except for a clear text Transaction ID TSIG mechanism added in RFC 2845 calculates HMAC-MD5 over the complete DNS packet adds this as a pseudo -TSIG-RR uses secret keys may use a pseudo -TKEY-RR for key exchange (RFC 2930) SIG(0) mechanism added in RFC 2931 uses public keys uses DNSSEC mechanisms extends DNSSEC to cover complete DNS packets Extension Mechanisms for DNS EDNS0 Specified in RFC 2671 Necessary for DNSSEC Extends maximum size of UDP-based requests and responses Extends possible flags, result codes and label types Uses a pseudo -OPT-RR Used by DNSSEC for DO (DNSSEC OK) extended flag
DNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46
DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 16, 2008 dr. C. P. J. Koymans (UvA) DNS September 16, 2008 1 / 46 DNS and BIND DNS (Domain Name System) concepts theory
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS.
Table of Contents Specification and implementation DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 14, 2009 A short history of DNS Root servers Basic concepts Delegation
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.11, 2010/10/04 10:03:37) Tuesday, September 14, 2010 A short history of DNS
More informationDNS. Some advanced topics. Karst Koymans. Informatics Institute University of Amsterdam. (version 17.2, 2017/09/25 12:41:57)
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 17.2, 2017/09/25 12:41:57) Friday, September 22, 2017 Karst Koymans (UvA) DNS Friday, September 22, 2017 1
More informationSome advanced topics. Karst Koymans. Tuesday, September 16, 2014
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 44, 2014/09/15 08:39:47) Tuesday, September 16, 2014 Karst Koymans (UvA) DNS Tuesday, September 16, 2014 1
More informationDNS. Karst Koymans & Niels Sijm. Friday, September 14, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 14, 2012 Karst Koymans & Niels Sijm (UvA) DNS Friday, September 14, 2012 1 / 32 1 DNS on the wire 2 Zone transfers
More informationThe basics. Karst Koymans. Tuesday, September 9, 2014
.. DNS The basics Karst Koymans Informatics Institute University of Amsterdam (version 4.7, 2014/09/11 13:54:31) Tuesday, September 9, 2014 Karst Koymans (UvA) DNS Tuesday, September 9, 2014 1 / 64 .1
More informationDNS. Karst Koymans & Niels Sijm. Tuesday, September 7, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Tuesday, September 7, 2012 Karst Koymans & Niels Sijm (UvA) DNS Tuesday, September 7, 2012 1 / 62 1 DNS: what does it do and
More informationTable of Contents DNS. Specification versus implementations. Primary use case. DNS: basic ideas and functionality. The basics. A short history of DNS
Table of Contents DNS The basics Karst Koymans DNS: basic ideas and functionality A short history of DNS Basic concepts Informatics Institute University of Amsterdam (version 17.2, 2017/09/25 12:41:49)
More informationTable of Contents DNS. Primary use case. Specification versus implementations. DNS: basic ideas and functionality. The basics. A short history of DNS
Table of Contents DNS The basics Karst Koymans DNS: basic ideas and functionality A short history of DNS Basic concepts Informatics Institute University of Amsterdam (version 18.7, 2018/09/24 13:14:01)
More informationDomain Name Service. DNS Overview. October 2009 Computer Networking 1
Domain Name Service DNS Overview October 2009 Computer Networking 1 Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides
More informationCSc 450/550 Computer Networks Domain Name System
CSc 450/550 Computer Networks Domain Name System Jianping Pan Summer 2007 5/28/07 CSc 450/550 1 Review: Web/HTTP Web URI/URL, HTML tags, embedded objects HTTP request and response persistence, statefulness
More informationComputer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1
Computer Networks Domain Name System Jianping Pan Spring 2017 1/25/17 CSC361 1 Review: Web/HTTP Web URI/URL, HTML tags embedded/linked objects HTTP request and response persistence, statefulness web caching,
More informationThe Domain Name System
The Domain Name System Stefano Vissicchio UCL Computer Science COMP0023 Today 1. The Domain Name System (DNS) 2. A Brief Word on DNS Security A name indicates what we seek. An address indicates where it
More informationDNS Fundamentals. Steve Conte ICANN60 October 2017
DNS Fundamentals Steve Conte ICANN60 October 2017 Names and Numbers IP addresses easy for machines but hard for people IPv4: 192.0.2.7 IPv6: 2001:db8::7 People need to use names In the early days of the
More informationCSCI-1680 DNS Rodrigo Fonseca
CSCI-1680 DNS Rodrigo Fonseca Based partly on lecture notes by Sco2 Shenker and John Janno6 Host names and IP Addresses Host names Mnemonics appreciated by humans Variable length, ASCII characters Provide
More informationIP ADDRESSES, NAMING, AND DNS
IP ADDRESSES, NAMING, AND DNS George Porter Apr 9, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These
More informationCSE561 Naming and DNS. David Wetherall
CSE561 Naming and DNS David Wetherall djw@cs.washington.edu Naming and DNS Focus: How do we resolve names to addresses Names and addresses Application DNS as a system design Transport Network Link Physical
More informationChapter 2 Application Layer. Lecture 5 DNS. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 2 Application Layer Lecture 5 DNS Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Application Layer 2-1 Chapter 2: outline 2.1 principles
More informationIs your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018
lieter_ PowerDNS pieterlexis PowerDNS Is your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018 1 What s all this about? A DNS recap What is EDNS? Issues with EDNS on the internet
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: January 2019
Internet Engineering Task Force (IETF) P. Hoffman Request for Comments: 8499 ICANN BCP: 219 A. Sullivan Obsoletes: 7719 Updates: 2308 K. Fujiwara Category: Best Current Practice JPRS ISSN: 2070-1721 January
More informationRequest for Comments: 2672 Category: Standards Track August 1999
Network Working Group M. Crawford Request for Comments: 2672 Fermilab Category: Standards Track August 1999 Status of this Memo Non-Terminal DNS Name Redirection This document specifies an Internet standards
More informationRequest for Comments: E. Brunner-Williams. Category: Best Current Practice. B. Manning ISI September 2000
Network Working Group Request for Comments: 2929 BCP: 42 Category: Best Current Practice D. Eastlake, 3rd Motorola E. Brunner-Williams Engage B. Manning ISI September 2000 Status of this Memo Domain Name
More informationNetwork Working Group
Network Working Group R. Arends Request for Comments: 4035 Telematica Instituut Obsoletes: 2535, 3008, 3090, 3445, 3655, 3658, R. Austein 3755, 3757, 3845 ISC Updates: 1034, 1035, 2136, 2181, 2308, 3225,
More informationDNS Basics BUPT/QMUL
DNS Basics BUPT/QMUL 2018-04-16 Related Information Basic function of DNS Host entry structure in Unix Two system calls for DNS database retrieving gethostbyname () gethostbyaddr () 2 Agenda Brief introduction
More informationDNS and CDNs : Fundamentals of Computer Networks Bill Nace
DNS and CDNs 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia HW #1 is posted Mission: Learn
More informationDomain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session-1: Fundamentals Joe Abley AfNOG Workshop, AIS 2017, Nairobi Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved
More informationDomain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember DNS Fundamentals Computers may be moved between networks, in which case their IP address
More informationpage 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016
page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, 10-14 October 2016 page 2 IP: Identifiers on the Internet The fundamental identifier on the internet is an IP address. Each host connected
More informationWE POWER YOUR MOBILE WORLD ENUM INTEGRATION MANUAL
ENUM INTEGRATION MANUAL 1 CONTENTS INTRODUCTION... 3 CONNECTIVITY... 3 TECHNICAL SPECIFICATION... 4 Valid format for ENUM server query... 4 ENUM server responses... 6 ENUM responses in case of error processing
More informationIPv6 How-To for a Registry 17th CENTR Technical Workshop
IPv6 How-To for a Registry 17th CENTR Technical Workshop Amsterdam, October 2007 Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) Introduction Main steps to be undertaken
More informationCS 43: Computer Networks. 10: Naming and DNS September 24, 2018
CS 43: Computer Networks 10: Naming and DNS September 24, 2018 Last class Distributed systems architectures Client-Server Peer-to-Peer Challenges in design Partial failures Event ordering Lecture 10 -
More informationCSCI-1680 DNS Rodrigo Fonseca
CSCI-1680 DNS Rodrigo Fonseca Based partly on lecture notes by Scott Shenker and John Jannotti We know how to open TCP connections to a server/port: E.g., 128.148.32.110, port 80 Host names and IP Addresses
More informationLecture 7: Application Layer Domain Name System
Lecture 7: Application Layer Domain Name System COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition: 1996-2016, J.F Kurose
More informationDomain Name System (DNS)
Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System qthe directory system for the Internet v Used by other application layer protocols v via socket programming qmaps
More informationMCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008 Objectives Discuss the basics of the Domain Name System (DNS) and its
More informationDNS. Introduction To. everything you never wanted to know about IP directory services
Introduction To DNS everything you never wanted to know about IP directory services Linux Users Victoria, April 3 rd 2007 what is the domain name system anyway? it's like a phone book...kinda DNS is (1)
More informationExpires: November 15, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST May 17, 2004
DNS Extensions Internet-Draft Expires: November 15, 2004 R. Arends Telematica Instituut M. Larson VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST May 17, 2004 Protocol Modifications for the DNS
More informationDNS. A Massively Distributed Database. Justin Scott December 12, 2018
DNS A Massively Distributed Database Justin Scott December 12, 2018 What is DNS? Translates Hostnames to IP Addresses What is DNS? Example: www.serverlogic.com 23.185.0.4 What is DNS? Example: www.serverlogic.com
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 Agenda 1 2 3 Introduction to DNS DNS Features
More informationDomain Name System (DNS) 김현철 ( 화 ) 정보통신융합서울대학교컴퓨터공학부
Domain Name System (DNS) 김현철 2010.09.29 ( 화 ) 정보통신융합서울대학교컴퓨터공학부 Chapter 2 Application Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students,
More informationECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
More informationConfiguration of Authoritative Nameservice
Configuration of Authoritative Nameservice AfCHIX 2011 Blantyre, Malawi (based on slides from Brian Candler for NSRC) Recap DNS is a distributed database Resolver asks Cache for information Cache traverses
More informationCSEN 404 Introduction to Networks. Mervat AbuElkheir Mohamed Abdelrazik. ** Slides are attributed to J. F. Kurose
CSEN 404 Introduction to Networks Mervat AbuElkheir Mohamed Abdelrazik ** Slides are attributed to J. F. Kurose HTTP Method Types HTTP/1.0 GET POST HEAD asks server to leave requested object out of response
More informationExpiration Date: May 1997 Randy Bush RGnet, Inc. November Clarifications to the DNS Specification. draft-ietf-dnsind-clarify-02.
Network Working Group Internet Draft Expiration Date: May 1997 Robert Elz University of Melbourne Randy Bush RGnet, Inc. November 1996 Clarifications to the DNS Specification Status of this Memo draft-ietf-dnsind-clarify-02.txt
More informationDomain Name System - Advanced Computer Networks
- Advanced Computer Networks Saurabh Barjatiya International Institute Of Information Technology, Hyderabad 26 August, 2011 Contents 1 Distributed database, highly volatile Domain names Top level domains
More informationInternet Engineering. DNS Message Format. Contents. Robert Elz.
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre Contents The Domain Name System The DNS Database DNS Protocols DNS Message Formats ueries
More informationCSE 486/586 Distributed Systems
CSE 486/586 Distributed Systems The Domain Name System Slides by Steve Ko Computer Sciences and Engineering University at Buffalo CSE 486/586 Domain Name System (DNS) Proposed in 1983 by Paul Mockapetris
More informationA DNS Tutorial
http://ntrg.cs.tcd.ie/undergrad/4ba2/multicast/ Copyright Table of Contents What is a DNS?... 3 Why do we need a DNS?... 3 Why do computers prefer addresses based on numbers?... 3 What is a Domain Name,
More informationDomain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember Session-1: Fundamentals Computers may be moved between networks, in which case their IP
More informationLecture 05: Application Layer (Part 02) Domain Name System. Dr. Anis Koubaa
NET 331 Computer Networks Lecture 05: Application Layer (Part 02) Domain Name System Dr. Anis Koubaa Reformatted slides from textbook Computer Networking a top-down appraoch, Fifth Edition by Kurose and
More informationTable of Contents. DNS security. Alternative DNS security mechanism. DNSSEC specification. The long (and winding) road to the DNSSEC specification
Table of Contents DNS security Karst Koymans Informatics Institute University of Amsterdam (version 1.19, 2011/09/27 14:18:11) Friday, September 23, 2011 The long (and winding) road to the DNSSEC specification
More informationObjectives. Upon completion you will be able to:
Domain Name System: DNS Objectives Upon completion you will be able to: Understand how the DNS is organized Know the domains in the DNS Know how a name or address is resolved Be familiar with the query
More informationCSCE 463/612 Networks and Distributed Processing Spring 2018
CSCE 463/612 Networks and Distributed Processing Spring 2018 Application Layer III Dmitri Loguinov Texas A&M University February 8, 2018 Original slides copyright 1996-2004 J.F Kurose and K.W. Ross 1 Chapter
More informationCSEN 503 Introduction to Communication Networks
CSEN 503 Introduction to Communication Networks 1-1 Mervat AbuElkheir Hana Medhat Ayman Dayf ** Slides are attributed to J. F. Kurose Roadmap: Application layer Cookies and User-Server State Web caches
More informationSOFTWARE ARCHITECTURE 9. NAME RESOLUTION.
1 SOFTWARE ARCHITECTURE 9. NAME RESOLUTION Tatsuya Hagino hagino@sfc.keio.ac.jp lecture URL https://vu5.sfc.keio.ac.jp/slide/ 2 OSI Reference Model Open Systems Interconnect ISO defined around 1984. Application
More informationResponse Differences between NSD and other DNS Servers
Response Differences between NSD and other DNS Servers Jelte Jansen, NLnet Labs Wouter Wijngaards, NLnet Labs NLnet Labs document 2006-004 November 2, 2006 Abstract This note describes observed differences
More informationCS 3516: Advanced Computer Networks
Welcome to CS 3516: Adanced Computer Networks Prof. Yanhua Li Time: 9:00am 9:50am M, T, R, and F Location: Fuller 320 Fall 2017 A-term 1 Some slides are originally from the course materials of the textbook
More informationNetwork Working Group Request for Comments: 5155 Category: Standards Track Nominet D. Blacka VeriSign, Inc. March 2008
Network Working Group Request for Comments: 5155 Category: Standards Track B. Laurie G. Sisson R. Arends Nominet D. Blacka VeriSign, Inc. March 2008 DNS Security (DNSSEC) Hashed Authenticated Denial of
More informationComputer Networking Introduction
Computer Networking Introduction Halgurd S. Maghdid Software Engineering Department Koya University-Koya, Kurdistan-Iraq Lecture No.5 Chapter 2: outline 2.1 principles of network applications app architectures
More informationExpires: June 16, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003
DNS Extensions Internet-Draft Expires: June 16, 2004 R. Arends Telematica Instituut M. Larson VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003 Protocol Modifications for the DNS
More informationChapter 2 part B: outline
Chapter 2 part B: outline 2.3 FTP 2.4 electronic, POP3, IMAP 2.5 DNS Application Layer 2-1 FTP: the file transfer protocol at host FTP interface FTP client local file system file transfer FTP remote file
More informationNetwork Working Group Request for Comments: 4592 Updates: 1034, 2672 July 2006 Category: Standards Track
Network Working Group E. Lewis Request for Comments: 4592 NeuStar Updates: 1034, 2672 July 2006 Category: Standards Track Status of This Memo The Role of Wildcards in the Domain Name System This document
More informationAPNIC elearning: DNS Concepts
APNIC elearning: DNS Concepts 27 MAY 2015 11:00 AM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationChapter 2: Application layer
Chapter 2: Application layer 2.1 Principles of network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail SMTP, POP3, IMAP 2.5 DNS 2.6 P2P applications 2.7 Socket programming with TCP 2.8 Socket
More informationExpiration Date: July 1997 Randy Bush RGnet, Inc. January Clarifications to the DNS Specification. draft-ietf-dnsind-clarify-04.
Network Working Group Internet Draft Expiration Date: July 1997 Robert Elz University of Melbourne Randy Bush RGnet, Inc. January 1997 Clarifications to the DNS Specification Status of this Memo draft-ietf-dnsind-clarify-04.txt
More informationNetworking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport 1 Outline Introduction Name Space concepts Domain Name Space
More informationELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ELEC / COMP 177 Fall 2013 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Project 1 Python HTTP Server Work day: Next Tuesday (Sept 24 th ) Due Thursday, September 26 th by 11:55pm
More informationCIA Lab Assignment: Domain Name System (1)
CIA Lab Assignment: Domain Name System (1) A. Bakker N. Sijm J. van der Ham M. Pouw Feedback deadline: September 22, 2015 10:00 CET Abstract The Domain Name System (DNS) is a hierarchical, distributed
More informationCSE 124: IP ADDRESSES, NAMING, AND DNS. George Porter Oct 4, 2017
CSE 124: IP ADDRESSES, NAMING, AND DNS George Porter Oct 4, 2017 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license
More informationA Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project
A Root DNS Server Akira Kato WIDE Project kato@wide.ad.jp Brief Overview of M-Root Assumes basic knowledge on DNS Dr. Tatsuya Jinmei has introduced in Nov 19, 2004 What s Root Servers? Start point of the
More informationApplications & Application-Layer Protocols: (SMTP) and DNS
CS 312 Internet Concepts Applications & Application-Layer Protocols: E (SMTP) and DNS Dr. Michele Weigle Department of Computer Science Old Dominion University mweigle@cs.odu.edu http://www.cs.odu.edu/~mweigle/cs312-f11
More informationDNS security. Karst Koymans & Niels Sijm. Tuesday, September 18, Informatics Institute University of Amsterdam
DNS security Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Tuesday, September 18, 2012 Karst Koymans & Niels Sijm (UvA) DNS security Tuesday, September 18, 2012 1 / 38 1 Chain
More informationDNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO
DNS Workshop @CaribNOG12 Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and
More informationDNS Hierarchical Name Space. BIND Terminology and DNS Name Servers. Distributed Hierarchical Database (1st Approx) Domain Name System (DNS)
Domain Name System (DNS) DNS consists of 1. an hierarchical name space name allocation decentralized to domains host.sub-subdomain.....subdomain.domain[.root] host machine name, can be an alias sub-subdomain
More informationThe Domain Name System
The Domain Name System History of DNS Before DNS ARPAnet HOSTS.txt contains all the hosts information Maintained by SRI s Network Information Center In SRI-NIC host Problems: Not scalable! Traffic and
More informationDNS Mark Kosters Carlos Martínez ARIN - LACNIC
DNS Workshop @CaribNOG8 Mark Kosters Carlos Martínez ARIN - LACNIC DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and integrity
More informationRequest for Comments: Category: Informational October 1994
Network Working Group Request for Comments: 1706 Obsoletes: 1637, 1348 Category: Informational B. Manning ISI R. Colella NIST October 1994 DNS NSAP Resource Records Status of this Memo This memo provides
More informationHow to Configure DNS Zones
The Barracuda NG Firewall DNS configuration object contains two predefined zones: _template and '.' To be able to edit and specify DNS zones within the Barracuda NG Firewall DNS configuration, you must
More informationEE 122: Domain Name System
EE 122: Domain Name System Ion Stoica (and Brighten Godfrey) TAs: Lucian Popa, David Zats and Ganesh Ananthanarayanan http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Vern Paxson, Jennifer
More informationReminders. EE 122: Domain Name System. Goals of Today!s Lecture. Host Names vs. IP addresses. Separating Naming and Addressing
Reminders EE 122: Domain Name System Homework 2 due Oct 1 @ 3:50 pm Oct 1 is this Wednesday Project 1 checkpoint due Oct 6 @ 11:59:59 pm Ion Stoica (and Brighten Godfrey) TAs: Lucian Popa, David Zats and
More informationIntroduction to the Domain Name System
The Domain Name System (DNS) handles the growing number of Internet users. DNS translates names, such as www.cisco.com, into IP addresses, such as 192.168.40.0 (or the more extended IPv6 addresses), so
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: March 2017
Internet Engineering Task Force (IETF) Request for Comments: 8109 BCP: 209 Category: Best Current Practice ISSN: 2070-1721 P. Koch DENIC eg M. Larson P. Hoffman ICANN March 2017 Initializing a DNS Resolver
More informationChapter 19. Domain Name System (DNS)
Chapter 19 Domain Name System (DNS) TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. OBJECTIVES: To describe the purpose of DNS. To define
More informationLinux Network Administration
Linux Network Administration Objective Describe the organization of the namespace Define the top-level subdomains of the Describe the process of converting IP addresses into names Define the concept of
More informationApplication Layer: , DNS
Application Layer: E-mail, DNS EECS 3214 Slides courtesy of J.F Kurose and K.W. Ross, All Rights Reserved 22-Jan-18 1-1 Chapter 2: outline 2.1 principles of network applications 2.2 Web and HTTP 2.3 electronic
More informationECE 650 Systems Programming & Engineering. Spring 2018
ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Dynamic
More informationDNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31
DNS and SMTP James Walden CIT 485: Advanced Cybersecurity James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31 Table of contents 1. DNS 2. DNS Protocol Packets 3. DNS Caching 4. DNS Cache Poisoning
More informationRIPE Network Coordination Centre. K-root and DNSSEC. Wolfgang Nagele RIPE NCC.
K-root and DNSSEC Wolfgang Nagele RIPE NCC RIPE NCC One of the five Regional Internet Registries Provides IP address and AS number resources to Europe and Middle-East regions DNS related work - Parent
More informationCompSci 356: Computer Network Architectures. Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1
CompSci 356: Computer Network Architectures Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1 Xiaowei Yang xwy@cs.duke.edu Overview Domain Name System Content Distribution
More informationDomain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
More informationApplication-layer Protocols
Application-layer Protocols Kai Shen application transport data link physical Network Applications and Application-Layer Protocols application transport data link physical application transport data link
More informationRoot Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail
What is DNS? Systems to convert domain names into ip addresses: For an instance; www.tashicell.com 118.103.136.66 Reverse: 118.103.136.66 www.tashicell.com DNS Hierarchy Root Servers The top of the DNS
More informationCSE 265: System & Network Administration
CSE 265: System & Network Administration DNS The Domain Name System History of DNS What does DNS do? The DNS namespace BIND software How DNS works DNS database Testing and debugging (tools) DNS History
More informationLameness in Reverse DNS
Lameness in Reverse DNS DNS Services Manager, RIPE NCC RIPE 58, Amsterdam http://www.ripe.net 1 History Request from DNS working group in 2006 to monitor DNS lameness RIPE-400 produced in January 2007
More informationPage 1. TCP Flow Control" TCP Flow Control" TCP Flow Control" CS162 Operating Systems and Systems Programming Lecture 16. Flow Control, DNS"
CS162 Operating Systems and Systems Programming Lecture 16 Flow Control, DNS" March 28, 2011! Ion Stoica! http://inst.eecs.berkeley.edu/~cs162! TCP: stream oriented protocol! Sender sends a stream of bytes,
More informationApplication Layer. Goals: Service models. Conceptual aspects of network application protocols Client server paradigm
Application Layer Goals: Conceptual aspects of network application protocols Client server paradigm Service models Review protocols by examining popular application-level protocols HTTP DNS 1 Applications
More informationCSCD 330 Network Programming Winter 2015
CSCD 330 Network Programming Winter 2015 Lecture 5 Application Layer Reading: Chapter 2 Still Some Material in these slides from J.F Kurose and K.W. Ross All material copyright 1996-2007 1 More Network
More informationRFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal ---
RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal --- Kazunori Fujiwara fujiwara@jprs.co.jp Japan Registry Services Co., Ltd (JPRS) DNS-OARC Workshop 2016/10/16 Last
More informationS Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice
Outline What and why? Structure of DNS Management of Domain Names Name Service in Practice 188lecture12.ppt Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo 1 2 Need Network addresses are numbers Addresses
More information