CSE 265: System & Network Administration

Similar documents
The Domain Name System

Networking Applications

The Domain Name System

Linux Network Administration

ECE 650 Systems Programming & Engineering. Spring 2018

APNIC elearning: DNS Concepts

CSc 450/550 Computer Networks Domain Name System

Protocol Classification

S Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice

Services: DNS domain name system

Computer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1

DNS. A Massively Distributed Database. Justin Scott December 12, 2018

DNS. Introduction To. everything you never wanted to know about IP directory services

DNS. DNS is an example of a large scale client-server application.

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

RHCE BOOT CAMP BIND. Wednesday, November 28, 12

DNS Basics BUPT/QMUL

Oversimplified DNS. ... or, even a rocket scientist can understand DNS. Step 1 - Verify WHOIS information

Domain Name System.

DOMAIN NAME SYSTEM (DNS) BEYAZIT BESTAMİ YÜKSEL

IPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Communications Software. CSE 123b. CSE 123b. Spring Lecture 11: Domain Name System (DNS) Stefan Savage. Some pictures courtesy David Wetherall

CSE 123b Communications Software. Overview for today. Names and Addresses. Goals for a naming system. Internet Hostnames

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

DNS & Iodine. Christian Grothoff.

Domain Name Service. DNS Overview. October 2009 Computer Networking 1

Configuration of Authoritative Nameservice

Goal of this session

SOFTWARE ARCHITECTURE 9. NAME RESOLUTION.

A DNS Tutorial

Course Organization. The Internet as a Blackbox: Applications. Opening the Blackbox: The IP Protocol Stack

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

IP ADDRESSES, NAMING, AND DNS

DNS Session 2: DNS cache operation and DNS debugging. Joe Abley AfNOG 2006 workshop

DNS. David Malone. 19th October 2004

Application Protocols

ECE 435 Network Engineering Lecture 7

DNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31

DNS Configuration Guide. Open Telekom Cloud

Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.

CompSci 356: Computer Network Architectures. Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1

Application Protocols in the TCP/IP Reference Model

Overview General network terminology. Chapter 9.1: DNS

DNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46

DNS Concepts. Acknowledgements July 2005, Thimphu, Bhutan. In conjunction with SANOG VI. Bill Manning Ed Lewis Joe Abley Olaf M.

IP Addresses. An IPv4 address looks like this

Manual Configuration Stateful Address Configuration (i.e. from servers) Stateless Autoconfiguration : IPv6

CSCE 463/612 Networks and Distributed Processing Spring 2018

DNS and HTTP. A High-Level Overview of how the Internet works

How to Add Domains and DNS Records

DNS and BIND Rock Eagle Computing Conference October 27, 2000 CL 10/25/00

DNS Session 2: DNS cache operation and DNS debugging. How caching NS works (1) What if the answer is not in the cache? How caching NS works (2)

Welcome! Acknowledgements. Introduction to DNS. cctld DNS Workshop October 2004, Bangkok, Thailand

Much is done on the Server, it20:

IT341 Introduction to System Administration Project V Implementing DNS

Domain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi

Naming Computer Networking. Overview. DNS: Domain Name System. Obvious Solutions (1) Obvious Solutions (2)

Advanced Networking. Domain Name System

Advanced Networking. Domain Name System. Purpose of DNS servers. Purpose of DNS servers. Purpose of DNS servers

Domain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale

DNS / DNSSEC Workshop. bdnog November 2017, Dhaka, Bangladesh

Application Layer Protocols

CSE561 Naming and DNS. David Wetherall

Lecture 7: Application Layer Domain Name System

How to Configure DNS Zones

Distributed Systems. Distributed Systems Within the Internet Nov. 9, 2011

Domain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi

Domain Name System - Advanced Computer Networks

Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS.

CIA Lab Assignment: Domain Name System (1)

Lecture 05: Application Layer (Part 02) Domain Name System. Dr. Anis Koubaa

2. Introduction to Internet Applications

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

DOWNLOAD PDF RESOLVING HIGH-LEVEL MACHINE NAMES

Reverse DNS Overview

Outline. EEC-484/584 Computer Networks. Slow Start Algorithm. Internet Congestion Control Algorithm

Domain Name System (DNS)

CSE 486/586 Distributed Systems

Based on Brian Candler's materials ISOC CCTLD workshop

Client Server Concepts, DNS, DHCP

Web Portal User Manual for

Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.

Domain Name System (DNS)

DNS Management with Blue Cat Networks at PSU

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016

DNS Session 1: Fundamentals. Based on Brian Candler's materials ISOC CCTLD workshop

DNS Fundamentals. Steve Conte ICANN60 October 2017

CSE 124 January 27, Winter 2017, UCSD Prof. George Porter

Chapter 2 Application Layer. Lecture 5 DNS. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

CS 3640: Introduction to Networks and Their Applications

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Naming WHAT IS NAMING? Name: Entity: Slide 3. Slide 1. Address: Identifier:

Outline Applications. Central Server Hierarchical Peer-to-peer. 31-Jan-02 Ubiquitous Computing 1

How does the Internet Work? The Basics: Getting a Web Page. The Basics: Getting a Web Page. Client-Server model. The Internet: Basics

How to Configure the DNS Server

CS 43: Computer Networks. 10: Naming and DNS September 24, 2018

04 Identifiers. UUID URI Format Characteristics. Coulouris, Ch 9 rfc3986 Ahmed, 2005 Subharthi, 2009

CSCD 330 Network Programming Winter 2015

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

Transcription:

CSE 265: System & Network Administration DNS The Domain Name System History of DNS What does DNS do? The DNS namespace BIND software How DNS works DNS database Testing and debugging (tools)

DNS History In original ARPANET, a single text file listed all machines Updates used significant portion of available bandwidth File was still constantly out of date DNS solves scalability problem Hierarchical host naming Distributed responsibility Caching of content } Major ideas!

What does DNS do? Provides hostname IP lookup services www.lehigh.edu = 128.180.2.57 DNS defines A hierarchical namespace for hosts and IP addresses A distributed database of hostname and address info A resolver library routines that query this database Improved routing for email A mechanism for finding services on a network A protocol for exchanging naming information DNS is essential for any org using the Internet

What uses DNS? Any application that operates over the Internet Such as email Spam filters WWW FTP IRC, IM Windows update telnet, ssh

The DNS namespace A tree of domains Root is. (dot), followed by top-level (root-level) domains Two branches of tree One maps hostnames to IP addresses Other maps IP address back to hostnames Some illustrations from O'Reilly's DNS & Bind Two types of top-level domain names used today gtlds: generic top-level domains cctlds: country code top-level domains

Generic top-level domains Domain Purpose Domain Purpose com Companies aero Air transport industry edu Educational institutions biz Businesses gov (US) government agencies coop Cooperatives mil (US) military agencies info Unrestricted net Network providers jobs Human resources folks org Nonproft organizations museum Museums int International organizations name Individuals arpa IP address lookup pro Professionals (attorneys, etc.) But today there are an abundance of top-level domains.black,.blue,.airforce,.agency,.audio, etc. See http://www.iana.org/domains/root/db/

Common country codes Code Country Code Country au Australia hu Hungary br Brazil jp Japan ca Canada md Moldovia cc Cocos Islands mx Mexico ch Switzerland nu Niue de Germany se Sweden f Finland tm Turkmenistan fr France tv Tuvalu hk Hong Kong us United States See http://www.iana.org/domains/root/db/

Domain name management Network Solutions (now VeriSign) used to manage.com,.org,.net, and.edu VeriSign now manages.com,.net,.name, and others Dozens of others manage country codes and other top-level domains Organizations can now register with many different registrars (even when VeriSign manages the underlying database) Domain holders must have two name servers authoritative for the domain

Selecting a domain name Most good (short) names in.com and other old gtlds are already in use Domain names are up to 63 characters per segment (but a 12 character length limit is recommended), and up to 255 chars overall Identify two authoritative name servers Select a registrar, and pay ~$7-$35/year for registration

BIND software Berkeley Internet Name Domain system By far, the most popular nameserver [Measurement Factory 2010 study] Three components a daemon called named that answers queries library routines that resolve host queries by contacting DNS servers command-line utilities (nslookup, dig, host)

How DNS works A client calls gethostbyname(), which is part of the resolver library The resolver library sends a lookup request to the first nameserver that it knows about (from /etc/resolv.conf) If the nameserver knows the answer, it sends it back to the client If the nameserver doesn't know, it either asks the next server, or returns a failure, and suggests that the client contact the next server

Resolving process

Delegation Impractical for high-level servers to know about all hosts (or even subdomains) below Servers delegate specific zones to other servers Names and addresses of authoritative servers for relevant zone are returned in referrals

What servers know All servers know about the 13 root servers hardcoded (rarely changes!), or in hint file a.root-servers.net... m.root-servers.net Each root server knows about servers for every top-level domain (.com,.net,.uk, etc.) Each top-level domain knows the servers for each second-level domain within the toplevel domain Authoritative servers know about their hosts

Example resolution

Types of name servers Recursive vs. nonrecursive servers Servers that allow recursive queries will do all the work Nonrecursive servers will only return referrals or answers Authoritative vs. caching-only servers Authoritative servers have the original data Caching servers retain data previously seen for future use

Caching reduces DNS load

IP-to-hostname resolution IP resolution works essentially the same as hostname resolution Query for 15.16.192.152 Rendered as query for 152.192.16. 15.in-addr.arpa Each layer can delegate to the next

BIND client configuration Each host has /etc/resolv.conf which lists DNS servers Can be set manually, or via DHCP Example from suns: search cse.lehigh.edu ece.lehigh.edu cc.lehigh.edu lehigh.edu nameserver 128.180.120.6 nameserver 128.180.120.4 nameserver 128.180.2.9 Servers must be recursive, and should have a cache Servers are contacted in order, only after timing out previous attempt

BIND server issues named is typically started at boot time Configured using /etc/named.conf Can decide between caching vs. authoritative slave vs. master (per zone) answering recursive or only iterative queries Lots more options Who can access, what port, etc.

DNS on Linux Linux uses /etc/nsswitch.conf to determine what sources to use for name lookups # /etc/nsswitch.conf # passwd: files nisplus shadow: files nisplus group: files nisplus hosts: files dns Configuration is in /etc/named.conf Other files in /var/named

DNS database Exactly what data is stored? Resource records Specify nameservers Name to address translation Address to name translation Host aliases Mail routing Free text, location, etc. Format [name] [ttl] [class] type data

Resource record: name [name] [ttl] [class] type data name is host or domain for the record Absolute names end with a dot Relative names do not the current domain is added (sometimes causing mistakes!) www.cse.lehigh.edu.cse.lehigh.edu

Resource record: ttl [name] [ttl] [class] type data The time to live (ttl) field specifies in seconds the time that the data item may still be cached Increasing the ttl (say to a week) decreases traffic and DNS load substantially Setting a value too low can hurt web site performance Typical values are in days or weeks

Resource record: class [name] [ttl] [class] type data Three values of class are supported IN: Internet default CH: ChaosNet obsolete protocol used by obsolete machines HS: Hesiod database service built on top of BIND (from MIT)

Resource record: type [name] [ttl] [class] type data Many DNS record types Zone SOA: Start of authority (define a zone) NS: Name server Basic A: IPv4 address (name to address translation) PTR: address-to-name translation MX: Mail exchanger Other CNAME: Canonical name (implements aliases)

SOA record cs.colorado.edu 86400 IN SOA ns.cs.colorado.edu. hostmaster.cs.colorado.edu. ( 2001111300 ; serial number 7200 ; refresh (2 hours) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 7200 ) ; minimum (2 hours) refresh = how often slave servers must check master retry = when the slave will try again after failure expire = how long data can be considered valid without master minimum = TTL for cached negative answers

NS record lehigh.edu. 86400 IN NS cerberus.cc.lehigh.edu. lehigh.edu. 86400 IN NS spot.cc.lehigh.edu. lehigh.edu. 86400 IN NS rover.cc.lehigh.edu. cse.lehigh.edu. 86400 IN NS kato.eecs.lehigh.edu. cse.lehigh.edu. 86400 IN NS rosie.eecs.lehigh.edu. cse.lehigh.edu. 86400 IN NS cerberus.cc.lehigh.edu. cse.lehigh.edu. 86400 IN NS spot.cc.lehigh.edu. cse.lehigh.edu. 86400 IN NS rover.cc.lehigh.edu. Can't tell whether the nameserver is master or slave (but it is definitely authoritative, not caching)

A and PTR records rover.cc.lehigh.edu. 45355 IN A 128.180.2.9 spot.cc.lehigh.edu. 45355 IN A 128.180.1.3 cerberus.cc.lehigh.edu. 45355 IN A 69.7.224.17 kato.eecs.lehigh.edu. 86400 IN A 128.180.120.6 rosie.eecs.lehigh.edu. 86400 IN A 128.180.120.4 6.120.180.128.in-addr.arpa. 7200 IN PTR kato.eecs.lehigh.edu. 4.120.180.128.in-addr.arpa. 7200 IN PTR rosie.eecs.lehigh.edu. lehigh.edu and 180.128.in-addr.arpa are different zones each has own SOA and resource records Some apps require that A and PTR records match (for authentication)

MX and CNAME records piper IN MX 10 piper IN MX 20 mailhub IN MX 50 boulder.colorado.edu. xterm1 IN MX 10 mailhub ftp www IN CNAME anchor IN CNAME anchor www.cse.lehigh.edu. 6754 IN CNAME telstar.eecs.lehigh.edu. Every host should have MX records Machines that accept mail for others need to be configured to do so (e.g., mailhub) CNAMEs can nest eight deep in BIND

Dynamic updates to DNS DNS was originally designed for an environment in which hostnames (and other DNS info) changed slowly, if at all DHCP breaks this assumption Recent versions of BIND allow DHCP to notify BIND of address assignments

Testing and debugging (tools) named supports lots of logging options typical BIND tools nslookup (old, possibly deprecated) host dig whois find domain and network registration info

Other Issues Many aspects of DNS haven't been covered in lecture Lots of details! Security issues IPv6 Internationalization now supported! DNS is generally case-insensitive VeriSign Site Finder product See http://cyber.law.harvard.edu/tlds/sitefinder/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback