1

Internet Service

DNS & BINDSRT210

2017 Summer

Seneca College of Applied Technology

2

What is DNS?DNS is a hierachical, distributed database for

resolving Host Name to IP and vice versa

DNS contains information for– Mapping registered full qualify domain name of host

computers to IP addresses

– Mapping registered network address to FQDN

– Routing electronic mails

– Other internet applications

3

Hierarchical NamespacePartitioned

into

divisions

4

Fully Qualified Domain NamesFully Qualified Domain Names:

– A domain name ends in a dote.g. cs.senecac.on.ca.

– a.k.a. absolute domain name

– Host name:

– zenit, my

– Domain Name:

– zenit.senecac.on.ca., my.senecacollege.ca

5

Generic DomainsTop-level domains● com. - commerical organizations● edu. - education institutions● gov. - Government institutions● net. - major network support centres● org. - non-profit organizations● country code – ISO 3166 2-letter country domain● Others ...

6

DNS ServersDNS Server:

– Maps fully qualify domain names to IP addresses

– Holds a portions of the name-to-address mapping database

– Answers queries requested from other name servers, or clients, called resolver

– Maps IP addresses to domain names (pointer query)

7

in-addr.arpa domainin-addr.arpa domain (for IPv4)

– Is the name space for reverse mapping

– Each label can only take the decimal number 0 to 255

– Host with IP address a.b.c.d will be represented as d.c.b.a.in-addr.arpa

e.g. IP 192.168.2.1 --> 1.2.168.192.in-addr.arpa

See: http://www.ntchosting.com/web_hosting_images/reverse-mapping.gif

8

Distributed Name Space● Domain and subdomain

● Zone – group of symbolic name with a common base● Name server – maintains a database of symbolic names

and IP addresses and provides service of mapping between symbolic names and IP addresses.

● Delegate authority – for sub-domain

● Root Name servers – authority for the top level zone “.”

9

Domain Name Resolution● A user program issues a request to the resolver● The resolver formulates a query to the name

server● Name server checks its authoritative database or

cache, and/or query other available name servers, starting from the root name server

● User program get the answer or an error

10

Different Roles of Name Server● Caching Only Name Server (needs hint file)● Authoritative Name Server (needs zone file(s))● Combination of both (not recommended for

security)

11

Full Resolver

UserProgram

FullResolver

NameServer

Cache

Database

OtherNameServer

Cache

User QueryQuery

Response Response

12

Authoritative Name Server

UserProgram

FullResolver

Auth.NameServer

Cache

Database

User QueryQuery

Response Response

13

Caching Name Server

UserProgram

FullResolver

CachingNameServer

CacheOtherNameServer

Cache

User QueryQuery

Response Response(hint file)

14

Mixed-Mode Name Server

UserProgram

FullResolver

NameServer

Cache

Database

OtherNameServer

Cache

User QueryQuery

Response Response

15

Resover Query/Response● Query:

– Recursive

– Iterative (non-recursive)

● Response– Authoritative

– Non-authoritative

16

Name Servers● Primary Name Server

– Read zone data from some local files and has authority over the zone.

● Secondary Name Servers

– Has authority for a zone, but obtains its zone information from a primary name server by the zone transfer process

● Caching-only name server

– Cache DNS info queried from other NS

17

DNS Boss

root name server● Holds the ultimate authority on DNS system● Authoritative for the root domain “.”● There are thirteen root name servers on the

Internet (public root name servers)● What does root name server do? Mostly delegate.

18

Resource Records in Zone File● Basic component of the DNS distributed

Database● Divided into classes for different kinds of

networks● IN – internet class

e.g. SOA, A, NS, CNAME, MX, PTR

● Each zone must have SOA and NS records

19

RR Format● Name: domain name to be defined● TTL: Time-to-live in seconds (cache limit)● Class: IN● Type: Resource record type● Rdata: value of the record (depends on type)

Name TTL Class Type Rdata

20

RR Examples● SOA Record – Start of Authority@ IN SOA abc.mydomain.ca root.abc.mydomain.ca (

20040210 ;serial no

3600 ;refresh

600 ;retry

360000 ;expire

86400) ;minimum

The above five numbers are used by slave server.

21

RR Examples 2More:cs.senecac.on.ca. IN A 142.204.76.23

senecac.on.ca. IN MX 10 mail

23 IN PTR scs

senecac.on.ca. 360000 IN NS prime

scs IN CNAME cs

22

Setup your own Domain● What is Domain Name Registration?● What Domain Name is available?● How do you register your Domain Name?● How to setup your Name server?● How to make your name server visible on the

Internet?

23

Pick Your Own DomainDomain Names:● A sequence of labels separated by dots● Label: a-z, A-Z, 0-9, - and _

e.g. pod1.com, pod2.com, etc

Use your Seneca ID + “.net” as you domain name.

24

How to register?● What is your Domain Name?● How many labels are there in your Domain

Name?● Remove the first label on the left of your domain

name and the remaining is your parent domain.● Who has authority on your parent domain?● Go register with that authority.

25

How to setup your domain?● Setup a Primary Namer Server

(Bind 9.8.2 on CentOS 6.5)

● Create forward lookup zone file(s)

● Create reverse lookup zone file(s)

● Populate your zone files with

– SOA record– A records (in forward zone)– PTR records (in reverse zone)– NS records– MX records (in forward zone)

26

Make your NS visible● Tell people about the IP address of your Name Server.

● Test your name server.

● Ask the DNS administrator of your parent domain to delegate the zone for your domain to your name server.

● Test your Name Server on Internet.

● Mission accomplished!

27

Troubleshooting DNSnslookup (Interactive mode)Set options:

novc nodebug nod2

search recurse

timeout = 0 retry = 2 port = 53

querytype = A class = IN

srchlist = senecac.on.ca

28

DNS Troubleshootingnslookup● set type=value

– A, CNAME, MX, SOA, NS, PTR, ANY

● set debug - Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. (Default = nodebug)

29

DNS Troubleshootingnslookup● Set norecurse - Tell the name server NOT to

query other servers if it does not have the information. (Default = recurse; abbreviation = [no] rec)

rndc- name server control utility– reload, status, dumpdb,

30

DNS ToolsThe following utilities come with the bind-utils package:

● nslookup● dig ● host

Consult the man for more details on how to use them.

31

RFCs● 1032 – Domain Administrator's Guide

● 1033 – Domain Administrator Operation Guide

● 1034 – Domain Names – Concepts and Facilities

● 1035 – Domain Names – Implementation and Specification

● 1713 – Tools for DNS debugging

● 1912 – Common DNS operational and Config. Errors

● More ...

32

DNS

Q & A