DNS - The Domain Name System
description
Transcript of DNS - The Domain Name System
DNS - The Domain Name System
Sirak Kaewjamnong
Computer Network Systems
2
Outline
• DNS basic
• name space
• resolver
• protocol
• configuration
3
Why need DNS?
• host table /etc/hosts – simple text file with has IP address to name
mapping
• problems– name collision– consistency
• A hierarchical name with distributed control is needed
4
DNS basic
• DNS is a distributed database
• TCP/IP applications use DNS to – map hostname to IP address– map IP address to hostname– provide e-mail routing information
• mail [email protected] => ratree.psu.ac.th
– handle aliases• www.cs.psu.ac.th is actually www2.cs.psu.ac.th
5
Naming Scheme
• name space is a tree of domain• names are case-insensitive
www.cs.psu.ac.thwww.cs.psu.ac.th
more specific
th
ac
psu
cs
www
building tree from top to bottom
www.cs.psu.ac.th
6
Domain Name Space
edu gov int mil net org au th
ac
psu
cs eng
www
ku
www.cs.psu.ac.th
usu
cc cc.usu.edu
com
root
generic domains country domains
arpa
in-addr
7
DNS Management
• ICANN manages root and top level domain name
• local admins manage 3rd level or more
root
ac
psu
cs
ku
or
com
managed by ICANN
managed bythnic Thailand
managed by psu
manage by ku
th
eng
8
Domain Name Concept
label label every node has a label (except root)
domain name domain name
absolute domain nameabsolute domain name
the list of labels, starting at that node, working up to the root, using a “.” to separate
domain name that ends with a period
relative domain namerelative domain name name to be completed
www.cs.psu.ac.th.
www
psu.ac.th, cs.psu.ac.th
th
ac
psu
cs
www
9
Domains
domain domain subtree of the domain name spaceth
ac
psu
cs eng
www
ku
www.cs.psu.ac.th node
ac.th domain
psu.ac.th domain
10
Domains and Zones
• Zone is a subtree for which naming authority has been delegated
psu.ac.th domainpsu.ac.th zone
case 1 : single DNS administration
psu.ac.th domain
case 2 : cs and cc have authority for their zones
psu
sci ccpn
clibmgt
cs
engpsu
sci ccpn
clibmgt cs
eng
psu.ac.th zone
11
psu
sci ccpn
clibmgt cs
eng
Name Servers
• Name server : Server that store information about the zone
ns.psu.ac.th
responsibility for psu.ac.th zone
ns.cc.psu.ac.th
responsibility for cc.psu.ac.th zone
responsibility for Cs.psu.ac.th zone
ns.cs.psu.ac.th
12
Type of Name Servers
• Primary Name server gets the data for zones from files on the host it runs on
• Secondary Name server gets its zone data from the primary for redundancy and workload distribution
13
Zone Transfer
• Secondary Name Server pulls zone data over from the primary called zone transfer.
primary for ku.ac.thsecondary for cpe.ku.ac.th
primary for eng.ku.ac.thsecondary for ku.ac.thsecondary for cpe.ku.ac.th
primary for cpe.ku.ac.thsecondary for ku.ac.thsecondary for eng.ku.ac.th
secondary for ku.ac.thsecondary for cpe.ku.ac.th
secondary for eng.ku.ac.th
secondary for cpe.ku.ac.th
ns.eng.ku.ac.th
ns.ku.ac.th
nontri.ku.ac.th
ns2.eng.ku.ac.th
ns.cpe.ku.ac.th
cc2.cpe.ku.ac.th
14
Root Name Server
• name server must contact other name servers for non local IP
• it has to know IP address of the top most server called root name server
• root name server - provide the names and address of the name server authoritative for top level domain name
15
Root Name Server
• 13 root servers are currently available in Internet
A.ROOT-SERVERS.NET 198.41.0.4
B.ROOT-SERVERS.NET 128.9.0.107
C.ROOT-SERVERS.NET 192.33.4.12
D.ROOT-SERVERS.NET 128.8.10.90
E.ROOT-SERVERS.NET 192.203.230.10
F.ROOT-SERVERS.NET 192.5.5.241
G.ROOT-SERVERS.NET 192.112.36.4
H.ROOT-SERVERS.NET 128.63.2.53
I.ROOT-SERVERS.NET 192.36.148.17
J.ROOT-SERVERS.NET 198.41.0.10
K.ROOT-SERVERS.NET 193.0.14.129
L.ROOT-SERVERS.NET 198.32.64.12
M.ROOT-SERVERS.NET 202.12.27.33
http://www.icann.org/committees/dns-root/y2k-statement.htm
16
Name Resolution Process
address of www.psu.ac.th?
address of www.psu.ac.th?
address of www.psu.ac.th?
address of www.psu.ac.th?
resolver
th
ac
psu
www
or
ku
root name server
th name server
ac.th name server
psu.ac.th name server
ask th name servers
ask ac.th name servers
ask psu.ac.th name server
address of www.psu.ac.th?
address is 192.168.100.61
name server
ns.psu.ac.th name server
ask ns.psu.ac.th name server
address of www.psu.ac.th?
address is 192.168.100.61
17
Reverse Resolution
au th
ac
psu
www cs
ku
www. psu.ac.th
arpa
in-addr
root
0
0
0
0
255
255
255
255
61
100
168
192
• in-addr.arpa domainin reverse directionof IP address
61.100.168.192.in-addr.arpa
18
Caching
• all name servers employ a cache to reduce the DNS traffic
• standard UNIX keep cache in name server with time-out
• cache data is non-authoritative
19
DNS message format fixed 12 byte header with 4 variable length fields DNS message format is defined for both queries and answers
0 15 16 31
identification:16 flags:16
number of questions :16 number of answer RRs:16
number of authority RRs :16 number of additional RRs:16
1 or more questions
1 or more answers
1 or more authority
1 or more additional information
==
==
==
==
fixed header
query
reply
20
DNS message format: detail
• set by the client and return by the server
• lets the client match responses to requests
0 15 16 31
Identification : 16 Flags : 16
21
DNS message format: detail
identification:16 flags:16 identification:16 flags:16
QR opcode AA TC RD RA (zero) rcode
QR opcode AA TC RD RA (zero) rcode 1 4 1 1 1 1 3 4
QR 0= query, 1= response
opcode 0= standard query, 1=inverse query, 2=server status request
AA 0= authoritatived answer,1 = non authoritatived answer
TC 1= truncated. using UDP, reply was>512 bytes, return only 512 bytes
RD 1= recursive desired, 0= iterative
RA 1= recursion available (server support recursion)
rcode return code : 0=no error, 3=name error
22
DNS message format: detail
questions :32 questions :32
query name query name
query type query class query type query class
3www2cs3psu2ac2th0 query name is the name being lookup sequence of label begins with 1-byte count
A 1 IP address
NS 2 name server
CNAME 5 canonical name
PTR 12 pointer record
HINFO 13 host info
MX 15 mail exchange record
query type indicates desired response
query class normally =1 meaning Internet address
23
DNS message format: detail
• domain name : corresp. response name, (query name format)
• type : response RR type code (see query type)
• time-to-live : cache life time of RR (often 86400=1 day)
• resource length : specify the size of resource data
• resource data : the answer, e.g. IP address or other type
1 or more answers
1 or more authority
1 or more additional information
===
===
reply
these three fields share a common resource record (RR)
domain name type class
time-to-live
resource data
domain name type class
time-to-live
resource data
resource length
=
= =
=
24
Operation
• use port 53
• typically UDP request and reply• if answer is too big, use TCP
ip hdr UDP hdr DNS hdr query answer#1 answer#2 ip hdr UDP hdr DNS hdr query answer#1 answer#2
25
Resolves file
• resolver must have address for local name server
• /etc/resolv.conf on UNIX
/etc/resolv.conf
#domain
domain cs.psu.ac.th
#list of name server
192.100.77.5
192.100.77.2
26
Setting up DNS
• BIND (Berkeley Internet Name Domain) package
• /usr/somewhere/in.named - BSD named DNS server
• /etc/named.boot - named configuration (tell named where to find database files)