DNS DNS DNS Summer Days 2013 Copyright
|
|
|
- Oscar Tyler
- 6 years ago
- Views:
Transcription
1 DNS DNS DNS Summer Days 2013 Copyright
2 : : 7 Copyright
3 Copyright
4 DNS Summer Days 2012 DNS 1 DNS RFC 2181 Copyright
5 DNS Summer Days 2012 DNS 2 RFC 1034/1035 Copyright
6 DNS referral 3. DNS 4. Copyright
7 DNS DNS dig DNS Copyright
8 dig Copyright
9 1. Copyright
10 jp example.jp DNS DNS Summer Days 2012 DNS jp kr com org net www example.jp example2.jp example3.jp Copyright
11 dig DNS +norec dig BIND noedns additional section EDNS0 OPT $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
12 answer section flags aa answer section answer section 0 $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
13 authority section NS additional section NS IP A/AAAA $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
14 A/AAAA additional section NS A/AAAA authority section NS Copyright
15 $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.net. ;; ADDITIONAL SECTION: ns1.example.net IN A Copyright
16 NS $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.net. ;; ADDITIONAL SECTION: ns1.example.net IN A Copyright
17 ns1.example.net a.dns.jp alternic.net $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.net. ;; ADDITIONAL SECTION: ns1.example.net IN A Copyright
18 flags aa $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
19 NS inbailiwick name $ORIGIN IN SOA example.jp IN NS ns1.example.jp. Copyright
20 1 $ORIGIN IN SOA example.co.jp IN NS ns1.example.ne.jp. $ORIGIN IN SOA example.jp IN NS ns1.example.ne.jp. Copyright
21 IN SOA jp IN NS a.dns.jp IN SOA com IN NS a.gtld servers.net. Copyright
22 $ORIGIN IN SOA 1 example.jp IN NS ns1.example.jp. 2 example.jp IN NS a.ns1.example.jp. 3 example2.jp IN NS ns1.example.com. 4 example3.jp IN NS ns1.example.jp. 5 example.co.jp IN NS ns1.example.co.jp. 6 example.ne.jp IN NS ns1.example.ad.jp. 7 example4.jp IN NS ns1.example.or.jp. Copyright
23 $ORIGIN IN SOA 1 example.jp IN NS ns1.example.jp. 2 example.jp IN NS a.ns1.example.jp. 3 example2.jp IN NS ns1.example.com. 4 example3.jp IN NS ns1.example.jp. 5 example.co.jp IN NS ns1.example.co.jp. 6 example.ne.jp IN NS ns1.example.ad.jp. 7 example4.jp IN NS ns1.example.or.jp. Copyright
24 NS NS DNS Copyright
25 NS NS DNS Copyright
26 DNS BIND 9 NSD DNS A/AAAA Copyright
27 A JP DNS Copyright
28 $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4 ;; QUESTION SECTION: ; IN A ;; AUTHORITY SECTION: iij.ad.jp IN NS dns0.iij.ad.jp. iij.ad.jp IN NS dns1.iij.ad.jp. ;; ADDITIONAL SECTION: dns0.iij.ad.jp IN A dns0.iij.ad.jp IN AAAA 2001:240:bb41:8002::1:16 dns1.iij.ad.jp IN A dns1.iij.ad.jp IN AAAA 2001:240:bb4c:8000::1:5 Copyright
29 $ dig +norec +noedns ii.co.jp ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ; ii.co.jp. IN A ;; AUTHORITY SECTION: iij ii.co.jp IN NS dns b.iij.ad.jp. iij ii.co.jp IN NS dns c.iij.ad.jp. Copyright
30 iij.ad.jp $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4 ;; QUESTION SECTION: ; IN A ;; AUTHORITY SECTION: iij4u.or.jp IN NS dns0.iij.ad.jp. iij4u.or.jp IN NS dns1.iij.ad.jp. ;; ADDITIONAL SECTION: dns0.iij.ad.jp IN A dns0.iij.ad.jp IN AAAA 2001:240:bb41:8002::1:16 dns1.iij.ad.jp IN A dns1.iij.ad.jp IN AAAA 2001:240:bb4c:8000::1:5 Copyright
31 DNS Copyright
32 DNS NS Copyright
33 1/2 additional section NS A/AAAA authority section NS pseudo-glue Copyright
34 2/2 NS DNS DNS Copyright
35 2. referral Copyright
36 referral referral referral DNS referral example.jp ns1.example.jp $ dig +norec +noedns ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
37 DNS JP DNS ns1.example.com Copyright
38 Upward referrals Upward Referrals Considered Harmful DNS-OARC 2009 Upward Referrals Considered Harmful < NANOG 45 Upward Referrals Considered Harmful Peter Losher < osher_light_harmful_n45.pdf> Copyright
39 Upward referrals BIND 9 recursion no; referral BIND 8 Upward referrals $ dig +norec +noedns DNS ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; AUTHORITY SECTION: IN NS a.root servers.net IN NS b.root servers.net. Copyright
40 Upward referrals referral Copyright
41 RFC Queries and responses The way that the name server answers the query depends upon whether it is operating in recursive mode or not: The simplest mode for the server is non recursive, since it can answer queries using only local information: the response contains an error, the answer, or a referral to some other server closer to the answer. referral Copyright
42 Upward referrals DNS DNS. IN NS 47 Upward referrals 256 ISPrime Upward Referrals Considered Harmful Copyright
43 Upward referrals BIND 9 additional from cache no; allow query cache { none; }; BIND 9 named.root REFUSED $ dig +norec +noedns DNS ;; >>HEADER<< opcode: QUERY, status: REFUSED, id: xxxxx ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Copyright
44 Upward referrals NSD SERVFAIL PowerDNS send-root-referral=no yes BIND 8 lean BIND 9 djbdns Copyright
45 DNS BIND 9 NOTIFY BIND 9 NOTIFY IP BIND 9 Copyright
46 BIND 9 named.conf NOTIFY NS RRSet SOA MNAME NS NOTIFY DNS BIND 9 DNS DNS Copyright
47 BIND 9 NOTIFY allow transfer named.conf IP DNS DNS Copyright
48 BIND 9 NOTIFY zone "example.jp {... // also notify explicit IP NOTIFY notify explicit; // NOTIFY IP also notify { ; ; }; }; zone "example.jp {... // NOTIFY NOTIFY // notify no; NOTIFY notify no; }; Copyright
49 3. DNS Copyright
50 RFC RFC 2181 Clarifications to the DNS Specification DNS Ranking data source trustworthiness AA answer authority additional CNAME Copyright
51 RFC Ranking data answer section most authority section answer section answer section additional information authority section additional information additional section additional information least Copyright
52 the least NS authority section A/AAAA additional information Copyright
53 BIND 9 NSD BIND 8 answer section $ dig +norec +noedns ns1.example.jp ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; AUTHORITY SECTION: example.jp IN NS ns1.example.jp. ;; ADDITIONAL SECTION: ns1.example.jp IN A Copyright
54 DNS DNS NS answer section increase Copyright
55 DNS NS/ NS/A NS/ NA/A NS/ Copyright
56 NS NS DNS Copyright
57 NS/ NS/A NS/A NS/ Copyright
58 4. Copyright
59 2008 *1 1 2 DNS 3 *1 BIND (Kaminsky Bug ) < Copyright
60 1 Web ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;(random).example.jp. IN A ;; ANSWER SECTION: (random).example.jp IN A ( IP ) ;; AUTHORITY SECTION: (random).example.jp IN NS ;; ADDITIONAL SECTION: IN A ( ) Copyright
61 2 Web ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;(random).example.jp. IN A ;; ANSWER SECTION: (random).example.jp IN A ( IP ) ;; AUTHORITY SECTION: example.jp IN NS ;; ADDITIONAL SECTION: IN A ( ) Copyright
62 3 DNS p.298 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;(random). IN A ;; ANSWER SECTION: (random) IN A ( IP ) ;; AUTHORITY SECTION: IN NS ;; ADDITIONAL SECTION: IN A ( ) Copyright
63 1 2 authority section 1: (random).example.jp NS 2: example.jp NS /answer section 1/2: (random).example.jp A 3: (random). A authority section 1/2: 3: NS Copyright
64 1 2 additional information BIND [bug] Additional could be promoted to answer. [RT #20663] [bug] Additional answer Copyright
65 3 authority section additional information answer section Copyright
66 authority section additional information answer section DNS Copyright
67 DNS DNS DNS answer section Copyright
68 Ranking data 3 most answer section authority section 3 answer section answer section 1/2 additional information authority section additional information least Copyright
69 RFC 2181 RFC 2181 Copyright
70 Q&A Copyright
Testing IPv6 address records in the DNS root
Testing IPv6 address records in the DNS root February 2007 Geoff Huston Chief Scientist APNIC Priming a DNS name server 1. Take the provided root hints file 2. Generate a DNS query for resource records
CNAME-based Redirection Design Notes
CNAME-based Redirection Design Notes When we configure a redirect type of local-zone or access-control action, we might want to specify a CNAME as the action data, whose canonical name is managed by an
Based on Brian Candler's materials ISOC CCTLD workshop
Based on Brian Candler's materials ISOC CCTLD workshop Easier for people to remember Computers may be moved between networks, in which case their IP address will change A centrally maintained file, distributed
Preparation Test AAAA and EDNS0 support Share Your Results Results Reported Testing Period
Testing Recursive Name Servers for IPv6 and EDNS0 Support SAC 017 15 March 2007 Preparation Test AAAA and EDNS0 support Share Your Results Results Reported Testing Period Background The DNS Root Server
DNS Session 1: Fundamentals. Based on Brian Candler's materials ISOC CCTLD workshop
DNS Session 1: Fundamentals Based on Brian Candler's materials ISOC CCTLD workshop Computers use IP addresses. Why do we need names? Easier for people to remember Especially true for IPv6 Computers may
BIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium
BIND-USERS and Other Debugging Experiences Mark Andrews Internet Systems Consortium Mark_Andrews@isc.org http://isc.org BIND-USERS and Other Debugging Experiences We will look at some typical debugging
Domain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
Configuration of Authoritative Nameservice
Configuration of Authoritative Nameservice AfCHIX 2011 Blantyre, Malawi (based on slides from Brian Candler for NSRC) Recap DNS is a distributed database Resolver asks Cache for information Cache traverses
DNS. Some advanced topics. Karst Koymans. Informatics Institute University of Amsterdam. (version 17.2, 2017/09/25 12:41:57)
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 17.2, 2017/09/25 12:41:57) Friday, September 22, 2017 Karst Koymans (UvA) DNS Friday, September 22, 2017 1
Evaluation and consideration of multiple responses. Kazunori Fujiwara, JPRS OARC 28
Evaluation and consideration of multiple responses Kazunori Fujiwara, JPRS fujiwara@jprs.co.jp OARC 28 Past discussion Background DNS is query response based protocol Each query contains one QNAME / QTYPE
Some advanced topics. Karst Koymans. Tuesday, September 16, 2014
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 44, 2014/09/15 08:39:47) Tuesday, September 16, 2014 Karst Koymans (UvA) DNS Tuesday, September 16, 2014 1
DNS. Karst Koymans & Niels Sijm. Friday, September 14, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 14, 2012 Karst Koymans & Niels Sijm (UvA) DNS Friday, September 14, 2012 1 / 32 1 DNS on the wire 2 Zone transfers
Response Differences between NSD and other DNS Servers
Response Differences between NSD and other DNS Servers Jelte Jansen, NLnet Labs Wouter Wijngaards, NLnet Labs NLnet Labs document 2006-004 November 2, 2006 Abstract This note describes observed differences
RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal ---
RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal --- Kazunori Fujiwara fujiwara@jprs.co.jp Japan Registry Services Co., Ltd (JPRS) DNS-OARC Workshop 2016/10/16 Last
DNS / DNSSEC Workshop. bdnog November 2017, Dhaka, Bangladesh
DNS / DNSSEC Workshop bdnog7 19-22 November 2017, Dhaka, Bangladesh Issue Date: 03 November 2015 Revision: 2.0-draft4 Overview DNS Overview BIND DNS Configuration Recursive and Forward DNS Reverse DNS
Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.11, 2010/10/04 10:03:37) Tuesday, September 14, 2010 A short history of DNS
DNS Session 2: DNS cache operation and DNS debugging. Joe Abley AfNOG 2006 workshop
DNS Session 2: DNS cache operation and DNS debugging Joe Abley AfNOG 2006 workshop How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache easy! Resolver
Networking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport 1 Outline Introduction Name Space concepts Domain Name Space
Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.20, 2011/09/26 13:56:09) Tuesday, September 13, 2011 A short history of DNS
Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS.
Table of Contents Specification and implementation DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 14, 2009 A short history of DNS Root servers Basic concepts Delegation
DNS Flag day. A tale of five cctlds. Hugo Salgado,.CL Sebastián Castro,.NZ DNS-OARC 29, Amsterdam
DNS Flag day A tale of five cctlds Hugo Salgado,.CL Sebastián Castro,.NZ DNS-OARC 29, Amsterdam 1 What is EDNS? RFC 6891 Defines a backward compatible mechanism to signal support for new DNS options Original
Implementing DNSSEC with DynDNS and GoDaddy
Implementing DNSSEC with DynDNS and GoDaddy Lawrence E. Hughes Sixscape Communications 27 December 2017 DNSSEC is an IETF standard for adding security to the DNS system, by digitally signing every resource
DNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO
DNS Workshop @CaribNOG12 Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and
Domain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session-1: Fundamentals Joe Abley AfNOG Workshop, AIS 2017, Nairobi Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved
DNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46
DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 16, 2008 dr. C. P. J. Koymans (UvA) DNS September 16, 2008 1 / 46 DNS and BIND DNS (Domain Name System) concepts theory
EDNS Compliance. Mark Andrews
EDNS Compliance Mark Andrews marka@isc.org DataSets Root and TLD servers Alexa Top 1000 Alexa Bottom 1000 of Top 1Million GOV servers from Alexa Top 1Million AU servers from Alexa Top 1Million Methodology
Is your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018
lieter_ PowerDNS pieterlexis PowerDNS Is your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018 1 What s all this about? A DNS recap What is EDNS? Issues with EDNS on the internet
Domain Name Service. DNS Overview. October 2009 Computer Networking 1
Domain Name Service DNS Overview October 2009 Computer Networking 1 Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides
DNS Session 2: DNS cache operation and DNS debugging. How caching NS works (1) What if the answer is not in the cache? How caching NS works (2)
D Session 2: D cache operation and D debugging How caching works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Joe Abley AfNOG 2006 workshop Resolver Query
RSSAC028 Technical Analysis of the Naming Scheme Used For Individual Root Servers
RSSAC028 Technical Analysis of the Naming Scheme Used For Individual Root Servers An Advisory from the ICANN Root Server System Advisory Committee (RSSAC) 3 August 2017 Preface This is a report to the
Goal of this session
DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:
Increase of Root and JP queries -- Long-term trends of number of queries --
Increase of Root and JP queries -- Long-term trends of number of queries -- Kazunori Fujiwara, JPRS DNS-OARC 2015 Spring Workshop Last Update: 2015/5/10 1945 (UTC) 1 Are DNS queries
IDN query trends seen at JP and Root. Kazunori Fujiwara, JPRS 2016/4/3, IEPG meeting
IDN query trends seen at JP and Root Kazunori Fujiwara, JPRS fujiwara@jprs.co.jp 2016/4/3, IEPG meeting Is IDN use increasing? It is said that IDN is important for non- English speakers IDN implementations
Domain Name System - Advanced Computer Networks
- Advanced Computer Networks Saurabh Barjatiya International Institute Of Information Technology, Hyderabad 26 August, 2011 Contents 1 Distributed database, highly volatile Domain names Top level domains
6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. M.I.T. DEPARTMENT
The Domain Name System
The Domain Name System History of DNS Before DNS ARPAnet HOSTS.txt contains all the hosts information Maintained by SRI s Network Information Center In SRI-NIC host Problems: Not scalable! Traffic and
Internet Engineering. DNS Message Format. Contents. Robert Elz.
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre Contents The Domain Name System The DNS Database DNS Protocols DNS Message Formats ueries
Internet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: January 2019
Internet Engineering Task Force (IETF) P. Hoffman Request for Comments: 8499 ICANN BCP: 219 A. Sullivan Obsoletes: 7719 Updates: 2308 K. Fujiwara Category: Best Current Practice JPRS ISSN: 2070-1721 January
DNS Mark Kosters Carlos Martínez ARIN - LACNIC
DNS Workshop @CaribNOG8 Mark Kosters Carlos Martínez ARIN - LACNIC DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and integrity
page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016
page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, 10-14 October 2016 page 2 IP: Identifiers on the Internet The fundamental identifier on the internet is an IP address. Each host connected
Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: November 2015
Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: 2070-1721 W. Kumari Google P. Hoffman ICANN November 2015 Decreasing Access Time to Root Servers by Running
Domain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember Session-1: Fundamentals Computers may be moved between networks, in which case their IP
Managing Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
Welcome! Acknowledgements. Introduction to DNS. cctld DNS Workshop October 2004, Bangkok, Thailand
Welcome! cctld DNS Workshop 8-11 October 2004, Bangkok, Thailand Champika Wijayatunga, APNIC Acknowledgements Bill Manning Ed Lewis Joe Abley Olaf M. Kolkman EP.NET Introduction to
Hands-on DNSSEC with DNSViz. Casey Deccio, Verisign Labs RIPE 72, Copenhagen May 23, 2016
Hands-on DNSSEC with DNSViz Casey Deccio, Verisign Labs RIPE 72, Copenhagen May 23, 2016 Preparation Demo and exercises available at: http://dnsviz.net/demo/ Includes links to the following: VirtualBox
DNS / DNSSEC Workshop. bdnog May 2017, Bogra, Bangladesh
DNS / DNSSEC Workshop bdnog6 19-23 May 2017, Bogra, Bangladesh Issue Date: 03 November 2015 Revision: 2.0-draft4 Overview DNS Overview BIND DNS Configuration Recursive and Forward DNS Reverse DNS 2 Overview
Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember DNS Fundamentals Computers may be moved between networks, in which case their IP address
DNS Basics BUPT/QMUL
DNS Basics BUPT/QMUL 2018-04-16 Related Information Basic function of DNS Host entry structure in Unix Two system calls for DNS database retrieving gethostbyname () gethostbyaddr () 2 Agenda Brief introduction
ROOT SERVERS MANAGEMENT AND SECURITY
ROOT SERVERS MANAGEMENT AND SECURITY WSIS African regional meeting 01/29/05 ALAIN PATRICK AINA aalain@trstech.net What is DNS(1)? Addresses are used to locate objects Names are easier to remember than
Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail
What is DNS? Systems to convert domain names into ip addresses: For an instance; www.tashicell.com 118.103.136.66 Reverse: 118.103.136.66 www.tashicell.com DNS Hierarchy Root Servers The top of the DNS
DNS: Useful tool or just a hammer? Paul DNS-OARC 06 Oct 2013, Phoenix
DNS: Useful tool or just a hammer? Paul Ebersman pebersman@infoblox.com, @paul_ipv6 DNS-OARC 06 Oct 2013, Phoenix 1 Attacking your cache 2 Recursion DNS queries are either recursive or nonrecursive recursive
Information Network I: The Application Layer. Doudou Fall Internet Engineering Laboratory Nara Institute of Science and Technique
Information Network I: The Application Layer Doudou Fall Internet Engineering Laboratory Nara Institute of Science and Technique Outline Domain Name System World Wide Web and HTTP Content Delivery Networks
DNS Traffic Analysis CDN and the World IPv6 Launch
Regular Paper DNS Traffic Analysis CDN and the World IPv6 Launch Kazunori Fujiwara 1,2,a) Akira Sato 1,b) Kenichi Yoshida 1,c) Received: October 15, 2012, Accepted: March 1, 2013 Abstract: The Domain Name
QNAME minimisation. Ralph Dolmans (NLnet Labs) https://www.nlnetlabs.nl/ March 2016 Stichting NLnet Labs
QNAME minimisation Ralph Dolmans ralph@nlnetlabs.nl (NLnet Labs) March 2016 Stichting NLnet Labs page 2 Introduction About NLnet Labs A not for profit, public benefit foundation develop Open Source software
Experience with 8 bit label in JP Zone
Experience with 8 bit label in JP Zone 1st August 2004 IEPG Meeting Yoshiro YONEYA Japan Registry Service Overview Introduction Specification Result of Survey Observed effects 2 Introduction
CompSci 356: Computer Network Architectures. Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1
CompSci 356: Computer Network Architectures Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1 Xiaowei Yang xwy@cs.duke.edu Overview Domain Name System Content Distribution
Falling Trees or If a DNS Server is Lame but Nobody Queries It, Should You Send an ?
Falling Trees or If a DNS Server is Lame but Nobody Queries It, Should You Send an E-mail? Shane Kerr DNS Working Group, RIPE 59 Lisbon, 2009-10-08 Background The RIPE NCC implemented a
DNS. A Massively Distributed Database. Justin Scott December 12, 2018
DNS A Massively Distributed Database Justin Scott December 12, 2018 What is DNS? Translates Hostnames to IP Addresses What is DNS? Example: www.serverlogic.com 23.185.0.4 What is DNS? Example: www.serverlogic.com
An Update on Anomalous DNS Behavior
An Update on Anomalous DNS Behavior Duane Wessels, and CAIDA wessels@measurement-factory October 23 Motivation Why are root servers getting slammed? Are caching/forwarding DNS servers doing the right thing?
IPv6 How-To for a Registry 17th CENTR Technical Workshop
IPv6 How-To for a Registry 17th CENTR Technical Workshop Amsterdam, October 2007 Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) Introduction Main steps to be undertaken
DNSSEC for ISPs workshop.! João Damas
DNSSEC for ISPs workshop!!! João Damas (joao@isc.org) 1 Outline of workshop Brief intro to DNSSEC (30 ) Overview of zone signing (30 ) DNSSEC validation (60 ) trust anchors validation impact of enabling
CSC 574 Computer and Network Security. DNS Security
CSC 574 Computer and Network Security DNS Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) A primer on routing Routing Problem: How do Alice s messages
Defeating DNS Amplification Attacks. UKNOF Manchester Central, UK January Ralf Weber Senior Infrastructure Architect
Defeating DNS Amplification Attacks UKNOF Manchester Central, UK January 21 2014 Ralf Weber Senior Infrastructure Architect History of DNS Amplification DNS amplification attacks aren't new Periodically
DNS Review Quiz. Match the term to the description: A. Transfer of authority for/to a subdomain. Domain name DNS zone Delegation C B A
DNS Review Quiz Match the term to the description: C B A Level: Domain name DNS zone Delegation Descriptions: A. Transfer of authority for/to a subdomain B. A set of names under the same authority (ie.com
DNS and HTTP. A High-Level Overview of how the Internet works
DNS and HTTP A High-Level Overview of how the Internet works Adam Portier Fall 2017 How do I Google? Smaller problems you need to solve 1. Where is Google? 2. How do I access the Google webpage? 3. How
ECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
Authoritative-only server & TSIG
Authoritative-only server & TSIG cctld workshop Apia, Samoa,20 23 June 2006 Andy Linton (Materials by Alain Aina) Different type of servers Several types of name servers Authoritative servers master (primary)
Worst Current Practice. Lutz Donnerhacke IKS GmbH
Worst Current Practice Lutz Donnerhacke IKS GmbH Worst Current Practice Not a talk about simple bugs Too many WTFs to talk about Sometimes instructive anyway SEOS: IPv6 packets crash Ether Channels: Card
DNS Fundamentals. Steve Conte ICANN60 October 2017
DNS Fundamentals Steve Conte ICANN60 October 2017 Names and Numbers IP addresses easy for machines but hard for people IPv4: 192.0.2.7 IPv6: 2001:db8::7 People need to use names In the early days of the
IPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011
IPv6 Support in the DNS Athanassios Liakopoulos (aliako@grnet.gr) 6DEPLOY IPv6 Training, Skopje, June 2011 Copy Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint
DNSSEC for ISPs workshop João Damas
DNSSEC for ISPs workshop João Damas (joao@isc.org) 1 Outline of workshop Brief intro to DNSSEC Overview of zone signing DNSSEC validation trust anchors validation impact of enabling validation debugging
DNS Load Balancing in ONTAP
Technical Report DNS Load Balancing in ONTAP Configuration and Best Practices Justin Parisi, NetApp October 2016 TR-4253 Abstract This document explains how to configure NetApp storage systems with NetApp
This time. Digging into. Networking. Protocols. Naming DNS & DHCP
This time Digging into Networking Protocols Naming DNS & DHCP Naming IP addresses allow global connectivity But they re pretty useless for humans! Can t be expected to pick their own IP address Can t be
Network Protocols. Domain Name System (DNS) TDC375 Spring 2010/11 John Kristoff - DePaul University 1
Network Protocols Domain Name System (DNS) TDC375 Spring 2010/11 John Kristoff - DePaul University 1 One of two critical systems Routing (BGP) and naming (DNS) are by far the two most critical subsystems
1 Release Notes for BIND Version
1 Release Notes for BIND Version 9.13.5 1.1 Introduction BIND 9.13 is an unstable development release of BIND. This document summarizes new features and functional changes that have been introduced on
Independent Submission Request for Comments: ISSN: January 2014
Independent Submission Request for Comments: 7108 Category: Informational ISSN: 2070-1721 J. Abley Dyn, Inc. T. Manderson ICANN January 2014 Abstract A Summary of Various Mechanisms Deployed at L-Root
A Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project
A Root DNS Server Akira Kato WIDE Project kato@wide.ad.jp Brief Overview of M-Root Assumes basic knowledge on DNS Dr. Tatsuya Jinmei has introduced in Nov 19, 2004 What s Root Servers? Start point of the
The Domain Name System
The Domain Name System History of DNS Before DNS ARPAnet HOSTS.txt contains all the hosts information Maintained by SRI s Network Information Center In SRI-NIC host Problems: Not scalable! Traffic and
DNS and BIND Rock Eagle Computing Conference October 27, 2000 CL 10/25/00
DNS and BIND 2000 Rock Eagle Computing Conference October 27, 2000 CL 10/25/00 1 The ARPANET ARPA: Advanced Research Projects Agency Part of the Department of Defense Funds defense-related projects In
D-mystifying the D-Root Address Change
D-mystifying the D-Root Address Change Matthew Lentz, Dave Levin, Jason Castonguay, Neil Spring, Bobby Bhattacharjee University of Maryland Domain Name System (DNS). Root arpa edu com gov... Top-Level
Advanced Networking. Domain Name System
Advanced Networking Domain Name System Purpose of DNS servers Human being has many identifications: 1) Our name can be used for identification Problem: Two differenet people may have same name. 2) Mobile
Advanced Networking. Domain Name System. Purpose of DNS servers. Purpose of DNS servers. Purpose of DNS servers
Purpose of DNS servers Advanced Networking Domain Name System Human being has many identifications: 1) Our name can be used for identification Problem: Two differenet people may have same name. 2) Mobile
DANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014!
DANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014! Outline! What is DANE?! The TLSA Record! TLSA Browser Plugin! Generating the TLSA Record! Other uses for DANE! 2!
Root Server Operated by ICANN. DNS Engineering DNS Symposium Madrid May 2017
Root Server Operated by ICANN DNS Engineering DNS Symposium Madrid May 2017 Root Server in a nutshell + RSSAC 026 + Entry point to the root server system. + Authoritative name server that answer queries
OPS535 Lab 5. Dynamic DNS. RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
OPS535 Lab 5 Dynamic DNS Overview In this lab, you add a forward lookup zone and a reverse lookup zone to your primary DNS server and configure both zones to support dynamic updates. Dynamic DNS zone accepts
Expiration Date: July 1997 Randy Bush RGnet, Inc. January Clarifications to the DNS Specification. draft-ietf-dnsind-clarify-04.
Network Working Group Internet Draft Expiration Date: July 1997 Robert Elz University of Melbourne Randy Bush RGnet, Inc. January 1997 Clarifications to the DNS Specification Status of this Memo draft-ietf-dnsind-clarify-04.txt
CS 3640: Introduction to Networks and Their Applications
CS 3640: Introduction to Networks and Their Applications Fall 2018, Lecture 19: Application Layer III (Credit: Prof. Phillipa Gill @ University of Massachusetts) Instructor: Rishab Nithyanand Teaching
Naming. CS 475, Spring 2018 Concurrent & Distributed Systems. Slides by Luís Pina
Naming CS 475, Spring 2018 Concurrent & Distributed Systems Slides by Luís Pina (lpina2@gmu.edu) 1 Domain Name System Name Discovery 2 What happens after typing the name of the host? The internet routes
More Internet Support Protocols
More Internet Support Protocols Domain Name System (DNS) Ch 2.5 Problem statement: Average brain can easily remember 7 digits On average, IP addresses have 10.28 digits We need an easier way to remember
CSE 265: System & Network Administration
CSE 265: System & Network Administration DNS The Domain Name System History of DNS What does DNS do? The DNS namespace BIND software How DNS works DNS database Testing and debugging (tools) DNS History
Oversimplified DNS. ... or, even a rocket scientist can understand DNS. Step 1 - Verify WHOIS information
Oversimplified DNS... or, even a rocket scientist can understand DNS Step 1 - Verify WHOIS information GOALS: Make sure that WHOIS reports every name server you have, and doesn't report any that aren't
Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006-2015 Wenliang Du, Syracuse University. The development of this document is partially funded by the National Science Foundation s Course,
Protocol Classification
DNS and DHCP TCP/IP Suite Suite of protocols (not just TCP and IP) Main protocols TCP and UDP at the Transport Layer, and IP at the Network Layer Other protocols ICMP, ARP, Telnet, Ftp, HTTP, SMTP, SNMP
Packet Traces from a Simulated Signed Root
Packet Traces from a Simulated Signed Root Duane Wessels DNS-OARC DNS-OARC Workshop Beijing, China November 2009 Background We know from active measurements that some DNS resolvers cannot receive large
Open Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland!
Open Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland! Outine! Why do we care about Open Resolvers?! Surveys at Verisign! Characterizing Open
Internet Engineering Task Force (IETF) Request for Comments: ISSN: K. Fujiwara JPRS December 2015
Internet Engineering Task Force (IETF) Request for Comments: 7719 Category: Informational ISSN: 2070-1721 P. Hoffman ICANN A. Sullivan Dyn K. Fujiwara JPRS December 2015 DNS Terminology Abstract The DNS
DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d
DNSSEC Trust tree: www.dnslab.org. (A) ---dnslab.org. (DNSKEY keytag: 7308 alg ---dnslab.org. (DNSKEY keytag: 9247 ---dnslab.org. (DS keytag: 9247 dig DNSSEC ---org. (DNSKEY keytag: 24209 a Domain Name
DNS. David Malone. 19th October 2004
DNS David Malone 19th October 2004 1 Names vs. Addresses Computers like addresses eg. 134.226.81.11. People prefer names salmon.maths.tcd.ie. Need a way to translate. walton.maths.tcd.ie close to salmon.maths.tcd.ie.
Network Working Group
Network Working Group R. Arends Request for Comments: 4035 Telematica Instituut Obsoletes: 2535, 3008, 3090, 3445, 3655, 3658, R. Austein 3755, 3757, 3845 ISC Updates: 1034, 1035, 2136, 2181, 2308, 3225,
Ten DNS things you probably did not know about
Ten DNS things you probably did not know about How to bore your friends and amaze your geeks Bert Hubert PowerDNS PowerDNS.COM BV gestart in 1999 Eerste database gestuurde nameserver Meeste oplossingen