DNS Presntation

8/7/2019 DNS Presntation

1/33

PRESENTATIONOF DOMAIN NAME SYSTEM


2/33

DETAILS OF CONTENTS

y Introduction and History of DNS

y Structure of DNS :TLD & SLD

y Name Server

y FQDN

y DNS Zone and Zone Transfer

y DNS query and resource record

y LOAD balancing of DNS & Round Robin DNS

y DNS & ADS

y DNS and Windows Server

y

IPV6 & DNS Sever Windows 2008y DNS server monitoring and security

y Domain name registration

y DNS and SWAN network


3/33

DNS

The Domain Name System (DNS) is a hierarchical naming system built on

for computers, services, or any resource connected to the Internet or a

private network.

y It translates IP address to meaningful name

y DNS also provides the directory service


4/33

DEFINITION OF DOMAIN

A domain consists of a set of network addresses. This domain is

organized in multiple or single levels. A domain is part of every networkaddress, including Web site addresses, email addresses, and addresses

for other Internet protocols such as FTP .So the domain can be set on a

single network address also.


5/33

HISTORY OF DNS

y Mr. Postel, Paul Mockapetris invented the Domain Name System in 1983

and wrote the first implementation. They developed one file HOST.TXT

y In 1984 , four student of Berkeley collage was developed the first DNS

server - Berkeley Internet Name Domain (BIND) and it was Unix based .

y DNS was introduced by Microsoft on windows NT sever 3.51 on 1995

.Microsoft DNS is based on RFC(Requests for comments) 974, 1034, and1035


6/33

DNS STRUCTURE

The domain name space consists of a tree of domain names. Each nodeor leaf in the tree has zero or more resource records, which hold

information associated with the domain name. The tree sub-divides intozones beginning at the root zone. It is also identified as Top LabelDomain and The hierarchy of domains descends from right to left; eachlabel to the left specifies a sub domain (SLD).


7/33

DOMAIN NAME SPACE


8/33

TLD AND SLD

Each label may contain up to 63 characters. The full domain name may

not exceed the total length of 253 characters .

` com- Commercial organizations

` edu - Educational institutions` org - Nonprofits

` net - Network support canters and network service

` gov -U.S. government

SLD can be divided in 3rd level domain and virtually it can be divided

more than that and there is no limit.


9/33

Query one of the root servers to find the server authoritative for the top-level domain.

Query the obtained TLD DNS server for the address of a DNS serverauthoritative for the second-level domain.

Repeating the previous step to process each domain name label insequence, until the final step which would, rather than generating theaddress of the next DNS server, return the IP address of the host sought.


10/33

HOW DNS WORKS


11/33

NAME SERVER

Name server consists of a program or computer server that implements a

name-service protocol. It maps ah

uman-recognizable identifier to a system-internal, often numeric, identification or addressing component. The most

prominent types of name servers in operation today are the name servers of

the DNS Server,WINS


12/33

FQDN

Is a domain name(Fully Qualified Domain Name) that specifies its

exact location in the tree hierarchy of the Domain Name System

(DNS). It specifies all domain levels, including the top-level domain

and the root domain. This is used to identify the exact name of the sever

for fast searching .

Example, given a device with a local hostname testand a parent domain

name example.com, the fully qualified domain name is

test.example.com.


13/33

DNS ZONES

Forward Lookup Zone- A forward lookup zone is a DNS zone in which

hostname to IP address relations are stored.

Reverse Lookup Zone- Resolves the IP address into a hostname. It

introduced a new domain name - in-addr arpa(Internet - Address

Address and Routing Parameter Area ).This zone solves reverse DNS

query

Conditional Forwarder- Forward the query of other DNS server


14/33

PRIMARY AND SECONDARY ZONE

The primary zone is a master read-write copy of a DNS hostname

database, which is used to commit any sort of zone configuration or

resource record changes. The primary zone is the source of DNS

information for all.

The secondary zone is used reliability of the DNS service, single point of

failure, distributes the DNS query traffic between several nodes


15/33

Zone transfers are configured in the properties of the primary zones

and during secondary zone setup.

Standard zone replication can be classified in two types of transfers:

full transfer and incremental transfer .

Incremental transfer communicates only those records in the primary

zone that have changed since the last replication cycle.

full transfer transfers of entire copies of the zone may still be

necessary.


16/33

DNS QUERY

` Recursive Query-it expects a clear -yes/no reply from the other party.

` Iterative queries(Non Recursive ) -DNS client allows the DNS server toreturn the best answer it can give based on its cache or zone data.

` Reverse Query - used to resolve IP addresses into hostnames

` Inverse Query - used to resolve hostnames into IP addresses


17/33

RESOURCE RECORDS

RR specifies information about a particular object. Zone files

contain numerous records that follow a certain format and describe

specific types and addresses of the resources. These records are called

resource records (RRs). Depending on the type, resource records maycontain information about the zone itself, about other DNS servers

maintaining the zone, or about mail servers, network nodes, network

services, and numerous other types of resources. The various

resource records are SOA,NS,A,CNAME,PTR,MX ,SRV,WINS etc.


18/33

|A} AND |CNAME}

` A- The most basic type of mapping in the DNS, used to map hostnamesto IP addresses. These simple mappings do not point to any service only

network node. So in one single IP We can register multiple domain name

` CNAME(Canonical) -It may be necessary to assign more than one

FQDN to the same physical host, or more specifically, to the same IPaddress. CNAME resource records, also called aliases .It is generally used

to create multiple sever like - software app & ftp for one single system.


19/33

PTR} AND |MX} RECORDS

` PTR(pointer record)- provide the opposite function of A records. They

provide reverse mapping of IP addresses to hostnames.

` A mail exchanger record (MX record) is a type of resource record in the

Domain Name System that specifies a mail server responsible for accepting

email messages on behalf of a recipient's domain and a preference value

used to prioritize mail delivery if multiple mail servers are available


20/33


21/33

DNS -RESOLVER

The DNS server receives the request to resolve a name into an IPaddress and vice versa. It checks its local cache .The DNS sever thengo to and then the zones supported on the server. If no matches arefound, it proceeds to submit the requests to upstream DNS serversconfigured as forwarders.


22/33

DDNS

` DDNS allows dynamic registration of DNS hostname, and the ability

to locate network services. Dynamic registration also occurs if the IPconfiguration changes on the client, if a hostname is modified on theclient.

` DDNS needs the DHCP sever for configuring on windows activedirectory .

The drawbacks of DDNS is it slow down the response .


23/33

LOAD BALANCING OF DNS

y It is recommended to use additional DNS server instead of one single

server.

y InAD environment , I it is better to configure additional domaincontroller with zone transfer facility

y AD DNS it is better to use CDC (child domain controller) for differentdivision


24/33

ROUND-ROBIN FUNCTIONALITY

The term round-robin describes correspondence to a single addressauthored or signed by numerous individuals .

In its simplest implementation Round-robin DNS works by responding to DNS requests not only with a single IP address, but a listof IP addresses of several servers that host identical services.

It also supports poor man load balancing .


25/33

DNS & ADSThe physical structure of Active Directory information in DNS is

represented in DNS zones and resource records, which, in turn, are typically

stored in Active Directory as Active Directoryintegrated DNS zones. The

DNS zones that support Active Directory domains can also be stored instandard, file-based, DNS zones. In addition, the DNS dynamic update

protocol is utilized by Active Directory in order to make the registration of

domain controller DNS resource records automatic.

In Ad , DNS uses _msdcs DNS sub domain & SRV records


26/33

DNS STRUCTURE IN AD


27/33

DNS OF WINDOWS 2003 & 08

The Windows 2008 DNS sever support the additional followingfeatures

` Windows 2008 support IPV6 also .

` Windows 2008 Support Read Only Domain Controller (RODC).TheRODC is the read only image ofAD used for security purpose.

` Windows 2008 I can support large active directory integrated zone

and are able to respond client more quickly.` Windows 2008 also Provides the CLI mode management .


28/33

IPV6 AND DNS 2008

` This is a new internet protocol and windows 2008 DNS sever can be

configure with that .

` The IPV6 support a wide network address space than IPV4

` The IPV6 subnet size is standardized with the combination ofMAC

address .

In DNS 2008 , hostname are mapped with AAAA resource record and for

reverse query they used ip6.arpa


29/33

DNS SERVER SECURITY

` Interfaces -Restrict a DNS server to listen only on selected addresses.

` Disable recursion-recursion is not disabled for the DNS Server service.

Recursion can be used by attackers it should be disabled. the server will

attempt to resolve a query from its own database only. It will not query any

additional servers. SDNS Secure DNS Server


30/33

DNS SERVER MONITORINGWe need to monitor DNS server Response Time, Record Type,Record Available, Search Field, Search Value, Search Value Statusand Search Time. We can use 3rd party tool- like-Applications

Manager and We can check from DNS event also.

` By providing a useful benchmark for predicting, estimating, andoptimizing DNS server performance.

` DNS servers has degraded either over time or during periods of

peak activity.


31/33

The right to use a domain name is delegated by domain nameregistrars which are accredited by the Internet Corporation forAssigned Names and Numbers (ICANN), the organization chargedwith overseeing the name and numbersystems of the Internet.

Example of DNS name registration organization : 0101 Internet, Inc. Hong Kong. 1st-for-domain-names, LLC United States


32/33

IMPLEMENTATION OF DNS ON SWAN

y Additional DNS sever for load balancing

y Implementation of CDC(child domain controller)

y Using forward zone for enabling hostname query


33/33

THANK YOU

DNS Presntation

Documents

Transcript of DNS Presntation