Got DNS?

A review of Domain Name Services and how it impacts website developers.

By Jason BakerDigital North

About me

● Director of Operations for Digital North● Cold fusion developer since 1997● 15 years of experience working with DNS● jbaker@digitalnorth.net● www.digitalnorth.net

Overview

● Review Domain Name Services architecture● Discuss the different types of DNS records● DNS Caching ● Reverse DNS● Common DNS problems and solutions

DNS Architecture

DNS is a global distributed architecture that looks like a tree.

DNS information is stored on the leaf nodes and the root routes requests.

Your DNS Request

●Your computer makes request to ISP● ISP asks Root which server is authoritative● Root provides the answer back to ISP● ISP server requests information from authoritative server

DNS Records

Address Records (A)

Mail Exchange Records (MX)

Canonical Records (CNAME)

Default Record

DNS Caching

Caching improves performance

Caching controlled by Time-to-Live (TTL)

Reverse DNS

Get the hostname that corresponds to an IP address

Usually managed by an ISP

Problem #1

Scenario: You move your website to a different server and update the DNS to point to the new IP address. But shortly after the move you can no longer reach the website in your web browser.

Problem Solved

The old IP address is being cached by your local workstation and possibly your DNS server. You will need to refresh your local DNS or wait until the TTL is reached.

The propagating DNS myth.

Problem #2

Problem: Your client calls you in a panic because they can no longer reach their website. You are also unable to reach the client's website. You call the hosting provider and find that they can access the site with no problems.

Problem Solved

Solution: The customer forgot to pay their domain registration bill. The domain registrar placed their domain in a HOLD status – effectively removing it from the ROOT servers.

Problem #3

Problem: Your website application is designed to send customers a confirmation email after they place online orders. All confirmation email messages sent to AOL customers are being rejected.

Problem Solved

Solution: AOL requires that all incoming email requests originate from a server that has valid reverse dns assigned. You need to setup a reverse dns record for your mail server.

Last Problem

Problem: A customer types in the website address for your extranet website. The website pops up and they type their access information into the login form. After submitting their login information nothing happens. You try the same test with the customer's information and you are able to access the extranet with no problems.

Problem Identification

Your customer could be the victim of a potential DNS Cache Poisoning attack. Basically the evil doer convinced the dns server at the client's ISP that the extranet website was located at a malicious IP address. The evil doer setup a fake site to phish password information from unknowing victims.

Tips & Tools

● The nslookup / host command is your friend● Perform lookups against remote DNS servers● I really dig the dig command● Always maintain perspective – know where your DNS information is coming from● www.dnsstuff.com

Got DNS?

THANK YOU!