S Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice

Similar documents
Networking Applications

Miscellaneous. Name Service. Examples. Outline Domain Name System Peer-to-Peer Networks

ECE 650 Systems Programming & Engineering. Spring 2018

UCI University of California, Irvine

DNS Basics BUPT/QMUL

Overview General network terminology. Chapter 9.1: DNS

Protocol Classification

Outline Applications. Central Server Hierarchical Peer-to-peer. 31-Jan-02 Ubiquitous Computing 1

Domain Name Service. DNS Overview. October 2009 Computer Networking 1

DNS. Introduction To. everything you never wanted to know about IP directory services

A DNS Tutorial

Manual Configuration Stateful Address Configuration (i.e. from servers) Stateless Autoconfiguration : IPv6

CSE 265: System & Network Administration

SOFTWARE ARCHITECTURE 9. NAME RESOLUTION.

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

CSCE 463/612 Networks and Distributed Processing Spring 2018

APNIC elearning: DNS Concepts

CompSci 356: Computer Network Architectures. Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

Application Protocols in the TCP/IP Reference Model

FTP. Client Server Model. Kent State University Dept. of Computer Science. CS 4/55231 Internet Engineering. Server Models

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

Domain Name System.

Resource Records APPENDIXA

CSc 450/550 Computer Networks Domain Name System

The Domain Name System

CIS 551 / TCOM 401 Computer and Network Security

Linux Network Administration

Agha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#

DNS. DNS is an example of a large scale client-server application.

Resource Records. Host Address Name-to-address mapping for the zone. Table 1: Resource Records

The Internet. Overview. Network building blocks

Miscellaneous. Name Service. Examples (cont) Examples. Name Servers Partition hierarchy into zones. Domain Naming System

Resource Records APPENDIX

Application Layer Protocols

Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.

Objectives. Upon completion you will be able to:

Chapter 19. Domain Name System (DNS)

DNS and HTTP. A High-Level Overview of how the Internet works

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

Communications Software. CSE 123b. CSE 123b. Spring Lecture 11: Domain Name System (DNS) Stefan Savage. Some pictures courtesy David Wetherall

CSE 123b Communications Software. Overview for today. Names and Addresses. Goals for a naming system. Internet Hostnames

Computer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1

Domain Name System (DNS)

How to Configure DNS Zones

Goal of this session

Chapter 2 Application Layer. Lecture 5 DNS. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

This video will look at how to create some of the more common DNS records on Windows Server using Remote Administration Tools for Windows 8.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

How to Add Domains and DNS Records

IP ADDRESSES, NAMING, AND DNS

Course Organization. The Internet as a Blackbox: Applications. Opening the Blackbox: The IP Protocol Stack

CSE 124 January 27, Winter 2017, UCSD Prof. George Porter

Lesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012

CS 3640: Introduction to Networks and Their Applications

The Domain Name System

CSCI-1680 DNS Rodrigo Fonseca

DNS & Iodine. Christian Grothoff.

phoenixnap Client Portal

UDP. Networked Systems (H) Lecture 15

Advanced Networking. Domain Name System

Advanced Networking. Domain Name System. Purpose of DNS servers. Purpose of DNS servers. Purpose of DNS servers

EECS 122: Introduction to Computer Networks DNS and WWW. Internet Names & Addresses

Distributed Operating Systems

Reverse DNS Overview

How to Configure the DNS Server

Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 2. Page 3.

IP Addresses. An IPv4 address looks like this

Development of the Domain Name System

Domain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi

Naming. To do. q What s in a name q Flat naming q Structured naming q Attribute-based naming q Next: Content distribution networks

ECE 435 Network Engineering Lecture 7

Domain Name System - Advanced Computer Networks

Lecture 7: Application Layer Domain Name System

DNS. David Malone. 19th October 2004

Domain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale

DNS Fundamentals. Steve Conte ICANN60 October 2017

CSE 124 January 18, Winter 2017, UCSD Prof. George Porter

DNS. A Massively Distributed Database. Justin Scott December 12, 2018

Web Portal User Manual for

Distributed Systems. Distributed Systems Within the Internet Nov. 9, 2011

IPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Services: DNS domain name system

Naming Computer Networking. Overview. DNS: Domain Name System. Obvious Solutions (1) Obvious Solutions (2)

CS 43: Computer Networks. 10: Naming and DNS September 24, 2018

DNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31

Oversimplified DNS. ... or, even a rocket scientist can understand DNS. Step 1 - Verify WHOIS information

Application Session (Hands-on) Athanassios Liakopoulos (GRNET) version 1.01

Introduction to the Domain Name System

RHCE BOOT CAMP BIND. Wednesday, November 28, 12

Applications. Chong-kwon Kim. Running in end systems (hosts) over transport layer protocols Ex: , Web, FTP, instant messaging

Manage Your DNS In The Cloud Get Started With Route 53

Lecture 05: Application Layer (Part 02) Domain Name System. Dr. Anis Koubaa

Naming in Distributed Systems

Domain Name System (DNS)

More Internet Support Protocols

Distributed Naming. EECS 591 Farnam Jahanian University of Michigan. Reading List

DNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46

Domain Name System Security

Transcription:

Outline What and why? Structure of DNS Management of Domain Names Name Service in Practice 188lecture12.ppt Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo 1 2 Need Network addresses are numbers Addresses are topologically oriented Used for routing purposes Moving a host may require change of address Are not easy to remember Names can be used for users and for applications Easy for humans Can be used as a low level service discovery mechanism Changing the machine requires just changing the -> IP binding Names can have a logical structure Some history In the beginning, there was the hosts.txt A file containing the s and addresses of all hosts in the network Problems: maintainability, size Still used as a backup (local network host information) IEN-116 Name service Non scaleable, topology-oriented DNS Tree-structured Delegation Separated from network structure and topology uses UDP, port number 53 for queries, TCP for zone transfers 3 4

DNS system DNS domain hierarchy Terms: space = set of possible s, flat or hierarchical naming system maintains a collection of bindings of s to values given a, a resolution mechanism returns the corresponding value a is an implementation of the resolution mechanism DNS (Domain Name System) = service in Internet Zone is an administrative unit, domain is a subtree First level hierarchy domains for each country + edu., com., gov., mil., org., net., int. New domains: aero., biz., coop., info., museum.,., pro. DNS first level managed by Internet Corporation for Assigned Names and Numbers (ICANN), also manages address allocations Hierarchy is partitioned into subtrees, zones zone corresponds to administrative boundaries in DNS (and, often also of DNS-s) edu com gov mil org net uk fi princeton mit cisco yahoo nasa nsf arpa navy acm ieee cs ee physics ux01 ux04 5 6 Name structure 1. Root. 13 root s (one backup in Finland) Know where to find the addresses of all the hosts in the world Targets of DDoS attacts 2. Top level domains (common domain s + country codes) 3. Organisation type domain (such as co, edu) In some countries, e.g. uk 4. Organisation Abbreviation (hut, tkk) Registered trademark Full 5. Organisation subdomain Within organisation, e.g. tct 6. Host Each part at most 63 characters The whole at most 256 characters [A-Za-z0-9\-] Case insensitive Fully Qualified Domain Name (FQDN) host.suborg*.org.type.tld. Host + domain +. Read from right to left A host can be addressed by FQDN Host + partial domain s E.g. www.netlab.hut.fi. (FQDN) www.netlab.hut.fi (host + partial domain (subject to supplements)) www.netlab 7 8

Getting a domain TLD: ICANN delegated registrars Country level: local administrations. Finland: Ficora (Viestintävirasto) Companies, registered associations For public institutions, their or abbreviation Must not violate registered trademarks Elements RESOLVER A library within the operating system, provides an API and handles queries Contains a cache PRIMARY NAME SERVER One per domain. Contains the binding information for all hosts SECONDARY NAME SERVER Duplicates the information of primary s, used for sharing load and for reliability CACHE NAME SERVER Contains cache, but no binding info. Queries other DNS s PROXY NAME SERVER As cache NS but without cache :) For load balancing etc. 9 10 Bind (1) Zones defined in two or more s (redundancy) clients send queries to s s response with final answer or pointer to another Name binding database consists of resource records format: <Name, Value, Type, Class, TTL> Type: how Value is interpreted, A: means that Value is an IPv4 address, -address mapping AAAA, A6: IPv6 address NS: Value contains for host that knows how to resolve the CNAME: Value is a canonical for host, used to define aliases DNAME: Subdomain redirecting HINFO: Host information MX: Value gives the domain for a host running a mail PTR: Pointer to domain (reverse DNS) Bind (2) RP: Responsible person LOC: co-ordinates of the host TXT: Free text SIG, TSIG, KEY,CERT: security attributes Class: only widely used class IN (Internet) TTL: how long resource record is valid (used by s that cache resource records from other s) can use service specific aliases (www, smtp, nntp, print, etc.) MX allows administrators to redirect all mail of a host to a specified mail 11 12

Example DNS domain hierarchy (cont) tct.hut.fi IN SOA keskus.tct.hut.fi. puhuri.tct.hut.fi. ( 101008602 ; serial number 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 604800 ; Expire 1 week 86400 ) ; TTL 1 day Root : NS record for each 2nd level + A record that translates into IP address <princeton.edu, cit.princeton.edu, NS,IN> <cit,princeton.edu, 128.196.128.233, A, IN> Princeton Root Cisco IN NS keskus.tct.hut.fi. ; primary IN NS ns1.hut.fi. ; first secondary IN NS ns2.hut.fi. ; second secondary IN MX 10 keskus ; primary mail IN MX 20 smtp-1.hut.fi. ; backup IN MX 20 smtp-2.hut.fi. ; second backup keskus IN A 130.233.154.176 IN MX 10 keskus www IN CNAME keskus smtp IN CNAME keskus kytkin.ne IN A 10.0.0.1 At 2nd level, records contain either final answers or pointer to 3rd level s <cs.princeton.edu, gnat.cs.princeton.edu, NS, IN> <gnat.cs.princeton.edu, 192.12.69.5, A, IN> CS (pair like above) <jupiter.physics.princeton.edu, 128.196.4.1, A, IN> (final record) EE Lowest level contains final records, aliases for hosts (CNAME) and MX records 13 14 Name resolution Name resolution (cont) How did the client locate the root in the first place? -to-address mapping for one or more s is well know (published outside the naming system itself) in practice, resolver initialized with the address of a local client makes a query to local local makes queries further advantages only the s need to know about root s local gets to see the responses (can cache these) on a host running DNS (in Unix), try dig, nslookup, or host <host> Client 1 192.12.69.60 8 Local Root 2 3 4 Princeton cs.princeton.edu, 192.12.69.5 princeton.edu, 128.196.128.233, 192.12.69.60 5 6 Note: Internet has identifiers at several levels - domain s, IP CS addresses, and physical network addresses users give domain s in applications applications use DNS to 7 translate these into IP addresses IP does forwarding at each router, so it maps IP addresses into another (next hop router) IP engages ARP to Numbers (1-8) show the sequence of steps in the process translate the next hop IP address into a physical address 15 16

Reverse DNS Finding the when knowing the address A different hierarchy: in-addr.arpa E.g. What is the host of 130.233.154.148? Query 148.154.233.130.in-addr.arpa A separate hierarchy, organized as the address space Used for security purposes A might ask if the client and address match DNS as a Service Requires high reliability No single failure should affect -> s located in different parts of the network E.g..fi. Hydra.helsinki.fi ns-se.elisa.net prifi.ficora.fi ns1-fin.global.sonera.fi t.ns.verio.net ns.uu.net Difficult to organise -> Secondary DNS is an easy and important service to provide 17 18 Future Security still weak Using DNS as a directory structure (?) Service Location Generalisation of MX records Mapping Telephone numbers to IP addresses? Problems of policy (secret numbers, value) Character set 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback