05a DNS Message Debuggingd

Click here to load reader

  • date post

    28-Jan-2016
  • Category

    Documents

  • view

    8
  • download

    0

Embed Size (px)

description

wxc

Transcript of 05a DNS Message Debuggingd

  • 1 Nokia Siemens Networks CN3203EN01GLN00

    PCNSIG

    DNS Message Debugging

  • 2 Nokia Siemens Networks CN3203EN01GLN00

    Objectives

    After this training session, the student should be able to:

    Analyse DNS concepts and messages

    Explain the structure and the contents of DNS queries

    Analyse and interpret DNS message flows

  • 3 Nokia Siemens Networks CN3203EN01GLN00

    Domain Name System (1/2)

    Is a database need to:

    - resolve IP addresses based on Domain Names (Resolver application)

    - resolve Domain Names based on IP addresses (Resolver application)

    - inform defined parameters for services

  • 4 Nokia Siemens Networks CN3203EN01GLN00

    Domain Name System (2/2)

    Data are identify by Domain Names organized in a tree structure (Domain Name Space)

    (label or node)

    FQDN = HOST.NSN.COM

    ROOT (null label or null node)

    .COM .ORG .NET

    .NSN HP

    (last label or last node)

    Second Level Domain Name

    First Level Domain Name

    or Top Level Domain

    HOST

    HP.ORG ZONE

    NET ZONE

    . ZONE

  • 5 Nokia Siemens Networks CN3203EN01GLN00

    Resolver Operation

    resolv.conf

    search nokia.com net.nokia.com

    nameserver 10.240.10.60

    Command: # host bill

    DNS Server 10.240.10.60

    Resolver (DNS Client)

    query for: bill

    query for: bill.nokia.com

    query for: bill.net.nokia.com

    1

    2

    3

    Name without domain suffix

  • 6 Nokia Siemens Networks CN3203EN01GLN00

    Resolver Configuration

    /etc/resolv.conf

    static setup

    dynamically created (dhcp)

    Options:

    nameserver defines the name of server that resolver will use domain defines the NS domain used for the host

    in queries search list for host-name lookup. Currently limited to six

    domains note: domain and search are used mutually exclusive

  • 7 Nokia Siemens Networks CN3203EN01GLN00

    DNS Query Types (1)

    DNS Server

    DNS Server

    Resolver (DNS client)

    DNS Server com.

    DNS Server nokia.com.

    DNS recursive query: www.nokia.com

    147.243.3.73

    2

    3

    4

    1

    2

    recursive

    iterative

    NS

    A

    5

  • 8 Nokia Siemens Networks CN3203EN01GLN00

    DNS Query types (forwarding) (2)

    DNS Server (10.240.10.60)

    DNS Server

    DNS Server com.

    DNS Server nokia.com.

    www.nokia.com ?

    147.243.3.73

    3

    4

    5

    2

    6

    recursive

    iterative

    DNS Server (forwarder)

    named.conf

    options {

    forwarders {10.240.10.60;};

    forward-only;

    }

    Resolver (DNS Client)

    1 7

    NS

    NS

    A

    ww

    w.n

    okia

    .co

    m ?

    14

    7.2

    43

    .3.7

    3

    3

    4

  • 9 Nokia Siemens Networks CN3203EN01GLN00

    DNS Query types (forwarding zones) (3)

    DNS Server (10.240.10.60)

    DNS Server

    DNS Server com.

    DNS Server nokia.com.

    147.243.3.73

    3

    4

    5

    www.nokia.com ? 2

    6

    recursive

    iterative

    DNS Server (forwarder)

    named.conf

    zone "nokia.com"{

    type forward;

    forwarders {10.240.10.60;};

    }

    Resolver (DNS Client)

    1 7

    forwarding zone nokia.com.

    other queries

    NS

    NS

    A

    14

    7.2

    43

    .3.7

    3

    ww

    w.n

    okia

    .co

    m ?

    3

    4

  • 10 Nokia Siemens Networks CN3203EN01GLN00

    Name Server Relations

    primary master

    DNS server

    DNS server

    DNS server

    DNS server

    DNS server

    DNS server

    The primary master server is defined in the SOA record

    of the zone file.

    The dns servers on this level are slaves of the primary master,

    but masters of the secondary slaves.

    slave servers

    All servers in this picture are authoritative servers for the zone

    Zone Transfer

  • 11 Nokia Siemens Networks CN3203EN01GLN00

    Name Server Configuration Files

    Configuration: /etc/named.conf (for bind 8 and bind 9) Data: /var/named/... can be configured Control Channel: /etc/rndc.conf /etc/rndc.key optional

    DNS Server rndc reload stop start ...

    tcp:953

    The control channel

  • 12 Nokia Siemens Networks CN3203EN01GLN00

    named.conf (options, controls, key)

    options { ... };

    options {

    listen-on {127.0.0.1;10.240.160.120;10.240.160.125;};

    allow-query {"ASTERIX"; "PCN2-BB";};

    directory "/var/named";

    pid-file "/var/run/named.pid";

    notify yes; (periodic notification to slave server)

    recursion yes; (recursive mode active)

    };

    controls { ... };

    controls {

    inet 127.0.0.1 port 953

    allow { 127.0.0.1;} keys { "rndc-key"; };

    };

    key { ... };

    key "rndc-key" {

    algorithm hmac-md5;

    secret "GiZLRsc5rWT1nkOugdEvEQ==";

    };

  • 13 Nokia Siemens Networks CN3203EN01GLN00

    named.conf (zone)

    zone domain-path{ ... };

    zone "ossadm.nokia-cpt.com" {

    type master;

    file "ossadm.nokia-cpt.com.hosts";

    };

    zone "ossadm.nokia-cpt.com" {

    type slave;

    masters {10.240.160.125;};

    file "ossadm.nokia-cpt.com.hosts";

    };

    zone "ossadm.nokia-cpt.com" {

    type stub;

    masters {10.240.160.125;};

    file "ossadm.nokia-cpt.com.hosts";

    };

    zone "ossadm.nokia-cpt.com"{

    type forward;

    forwarders {172.25.129.11;172.25.129.12;};

    };

    zone ." { type hint;

    file root-servers"; };

    slave with automatic SOA and NS record update

    hint zones do not expire. They are only used until after

    a successful root query.

  • 14 Nokia Siemens Networks CN3203EN01GLN00

    Zonefile (SOA, Variables)

    SOA Record Start of Authority owner ttl class SOA primary-master responsible-mbox (serial refresh retry expire minimum)

    Example: ossadm.nokia-cpt.com. 38400 IN SOA osspkg1.ossadm.nokia-ocd.com. harald.nokia-ocd.com. (

    1009 ; serial (date)

    10800 ; refresh (3 hours)

    3600 ; retry (1 hour)

    432000 ; expire (5 days)

    432000 ; minimum (5 days)

    )

    Variables can be used: $ORIGIN $INCLUDE $TTL @ current origin

  • 15 Nokia Siemens Networks CN3203EN01GLN00

    Zonefile (NS, A)

    NS Name Server

    owner ttl class NS name-server-dname

    Example:

    NS nmsdns01.nms.nokia-ocd.com.

    or

    ossadm.nokia-cpt.com. 38400 IN NS nmsdns01.nms.nokia-ocd.com.

    A Address (forward resolution)

    owner ttl class A address

    Example:

    $ORIGIN ossadm.nokia-cpt.com.

    asterix A 10.240.160.120

    or

    asterix.ossadm.nokia-cpt.com. 38400 IN A 10.240.160.120

  • 16 Nokia Siemens Networks CN3203EN01GLN00

    Zonefile (PTR, CNAME, MX)

    PTR Pointer (reverse resolution)

    owner ttl class PTR dname

    Example: $ORIGIN 30.240.10.in-addr.arpa.

    134 PTR bonnie.nms.nokia-ocd.com.

    CNAME Canonical Name (alias)

    owner ttl class CNAME canonical-dname

    Example: $ORIGIN ossadm.nokia-cpt.com.

    osspkg1 CNAME pkgoss1

    pkgoss1 A 10.240.160.125

    MX Mail Exchanger

    owner ttl class MX priority mailserver-dname

    Example: nokia-ocd.com. 38400 IN MX 2 mail.nms.nokia-ocd.com.

  • 17 Nokia Siemens Networks CN3203EN01GLN00

    Monitored example of a DNS query

    Frame 3 (99 on wire, 99 captured)

    Ethernet II Internet Protocol, Src Addr: 192.168.10.151 (192.168.10.151), Dst Addr:

    cndns1.mnc009.mcc262.gprs (192.168.10.60)

    User Datagram Protocol, Src Port: 10002 (10002), Dst Port: domain (53)

    Domain Name System (query)

    Transaction ID: 0x0002

    Flags: 0x0100 (Standard query)

    0... .... .... .... = Query

    .000 0... .... .... = Standard query

    .... ..0. .... .... = Message is not truncated

    .... ...1 .... .... = Do query recursively

    .... .... ...0 .... = Non-authenticated data is unacceptable

    Questions: 1

    Answer RRs: 0

    Authority RRs: 0

    Additional RRs: 0

    Queries

    RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS: type A, class IN

    Name: RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS

    Type: Host address

    Class: IN

  • 18 Nokia Siemens Networks CN3203EN01GLN00

    Monitored example of a DNS query response - 1

    Frame 2 (255 on wire, 255 captured)

    Ethernet II

    Internet Protocol

    User Datagram Protocol

    Domain Name System (response)

    Transaction ID: 0x344d

    Flags: 0x8580 (Standard query response, No error)

    1... .... .... .... = Respons