The Domain Name System James Brown Simon Gingold Yue Lai Jun Ma Haobin Song Thomas Stewart David...
-
Upload
willis-stevenson -
Category
Documents
-
view
216 -
download
0
Transcript of The Domain Name System James Brown Simon Gingold Yue Lai Jun Ma Haobin Song Thomas Stewart David...
The Domain Name System
James BrownSimon Gingold
Yue LaiJun Ma
Haobin SongThomas StewartDavid Weinberg
Group 20
Presentation Structure
bull Introduction amp Historybull How a resolver looks up a remote namebull Domain Name space
ndash Practical DNSndash The Domain Name Spacendash Root Name Serverndash uk The United Kingdomrsquos TLDndash WHOIS ndash Database Of Registrantsndash Registering a coukdomain
bull Inside a DNS Serverndash Resolvingndash Cachingndash Updating
bull Two DNS Serversndash BINDndash Microsoft DNS Server
bull The DNS Packetsbull Conclusions
Introduction amp HistoryPeople remember meaningful names far more easily than collections of numbers
bull In the beginninghellipa file named hoststxt was maintained and distributed
bull DNS created in 1981 to overcome hoststxt problems- When a user accesses the internet the nearest DNS server translates URLrsquos into IPrsquos
- DNS is a distributed database ndash reduces server load
- Indexed for fast searching Search key = domain name
- DNS can force name uniqueness
- Domain Names are like ldquomicrosoftcomrdquo
- The zones are separated by lsquorsquo
- Optionally contain hosts within the domain name
- Allows same names on different hosts but different domains
(eg woodstockmanacuk and woodstockumistacuk)
- The internet moved to TCPIP and grew
- Hoststxt became
Large
Slow to download
Didnrsquot dictate lsquouniqueness of namesrsquo property
Quickly obsolete name records
woodstock
man
ac
uk
woodstock
umist
How a resolver looks up a remote name
Suppose a client wants to resolve the name cicadecsprincetonedu
Copied from Larry L Peterson amp Bruce S Davie (2000) ldquoComputer Networks ndash A system approachrdquo Morgan Kaufmann Publishers pp 633
How a resolver looks up a remote name
bull Step 1 the client sends query containing the domain name to the local name server
bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server
bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record
bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain
bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu
bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)
bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960
bull Step 8 armed with the IP address the client can establish a TCP connection with the destination
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Presentation Structure
bull Introduction amp Historybull How a resolver looks up a remote namebull Domain Name space
ndash Practical DNSndash The Domain Name Spacendash Root Name Serverndash uk The United Kingdomrsquos TLDndash WHOIS ndash Database Of Registrantsndash Registering a coukdomain
bull Inside a DNS Serverndash Resolvingndash Cachingndash Updating
bull Two DNS Serversndash BINDndash Microsoft DNS Server
bull The DNS Packetsbull Conclusions
Introduction amp HistoryPeople remember meaningful names far more easily than collections of numbers
bull In the beginninghellipa file named hoststxt was maintained and distributed
bull DNS created in 1981 to overcome hoststxt problems- When a user accesses the internet the nearest DNS server translates URLrsquos into IPrsquos
- DNS is a distributed database ndash reduces server load
- Indexed for fast searching Search key = domain name
- DNS can force name uniqueness
- Domain Names are like ldquomicrosoftcomrdquo
- The zones are separated by lsquorsquo
- Optionally contain hosts within the domain name
- Allows same names on different hosts but different domains
(eg woodstockmanacuk and woodstockumistacuk)
- The internet moved to TCPIP and grew
- Hoststxt became
Large
Slow to download
Didnrsquot dictate lsquouniqueness of namesrsquo property
Quickly obsolete name records
woodstock
man
ac
uk
woodstock
umist
How a resolver looks up a remote name
Suppose a client wants to resolve the name cicadecsprincetonedu
Copied from Larry L Peterson amp Bruce S Davie (2000) ldquoComputer Networks ndash A system approachrdquo Morgan Kaufmann Publishers pp 633
How a resolver looks up a remote name
bull Step 1 the client sends query containing the domain name to the local name server
bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server
bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record
bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain
bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu
bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)
bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960
bull Step 8 armed with the IP address the client can establish a TCP connection with the destination
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Introduction amp HistoryPeople remember meaningful names far more easily than collections of numbers
bull In the beginninghellipa file named hoststxt was maintained and distributed
bull DNS created in 1981 to overcome hoststxt problems- When a user accesses the internet the nearest DNS server translates URLrsquos into IPrsquos
- DNS is a distributed database ndash reduces server load
- Indexed for fast searching Search key = domain name
- DNS can force name uniqueness
- Domain Names are like ldquomicrosoftcomrdquo
- The zones are separated by lsquorsquo
- Optionally contain hosts within the domain name
- Allows same names on different hosts but different domains
(eg woodstockmanacuk and woodstockumistacuk)
- The internet moved to TCPIP and grew
- Hoststxt became
Large
Slow to download
Didnrsquot dictate lsquouniqueness of namesrsquo property
Quickly obsolete name records
woodstock
man
ac
uk
woodstock
umist
How a resolver looks up a remote name
Suppose a client wants to resolve the name cicadecsprincetonedu
Copied from Larry L Peterson amp Bruce S Davie (2000) ldquoComputer Networks ndash A system approachrdquo Morgan Kaufmann Publishers pp 633
How a resolver looks up a remote name
bull Step 1 the client sends query containing the domain name to the local name server
bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server
bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record
bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain
bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu
bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)
bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960
bull Step 8 armed with the IP address the client can establish a TCP connection with the destination
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
How a resolver looks up a remote name
Suppose a client wants to resolve the name cicadecsprincetonedu
Copied from Larry L Peterson amp Bruce S Davie (2000) ldquoComputer Networks ndash A system approachrdquo Morgan Kaufmann Publishers pp 633
How a resolver looks up a remote name
bull Step 1 the client sends query containing the domain name to the local name server
bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server
bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record
bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain
bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu
bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)
bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960
bull Step 8 armed with the IP address the client can establish a TCP connection with the destination
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
How a resolver looks up a remote name
bull Step 1 the client sends query containing the domain name to the local name server
bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server
bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record
bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain
bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu
bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)
bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960
bull Step 8 armed with the IP address the client can establish a TCP connection with the destination
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Practical DNS
bull The domain name space is controlled to enforce a tree structure to it
bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types
ndash Generic eg com org edundash Country specific uk de il
bull All other domains must be under a TLDbull Domains are administered by different organisations
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
The Domain Name Space
bull Hierarchical tree structure makes domain name space distributable yet still navigable
bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom
bull rivers seas and lakes are separate zones
bull rumba samba and tango are part or acmecom
Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Root name servers
bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is
availablebull Coordinated by IANA (Internet Assigned Numbers
Authority) bull Many of the root servers are in the USA and run by
American organisationsbull KROOT-SERVERSNET is in London and is jointly run
by LINX and RIPE NCCbull Creation of TLDs is restricted
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
uk The United Kingdomrsquos TLD
bull uk is divided into second-level domains
bull Nominet UK is the the registrar and administrator of the first seven
bull plcuk and ltduk are restrictedndash Only registered companies
can be part of this domainndash Can only register your own
company name
Domain Intended use
couk for commercial enterprises (the largest SLD in the UK)
meuk for personal domains
orguk for non-commercial organisations
plcuk for registered company names only
ltduk for registered company names only
netuk for Internet Service Providers
schuk for schools
acuk for Academic Establishments
govuk for Government Bodies
nhsuk for NHS Organisations
policeuk
for UK Police Forces
moduk for Ministry of Defence Establishments
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
WHOIS ndash Database Of Registrants
bull WHOIS queries the database of ownership of the domain
bull Gives name and contact details of the owner of the domain
bull Gives name and contact details of the administrator of the domain
bull Lists the name servers that are authoritative for the domain
bull Not part of DNS but is used to help manage delegation and ownership sub domains
bull Available at wwwwhoiscouk
Domain Name WEINBERGCOUK
Registered For Leslie BunderDomain Registered By
WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-
Aug-2001 by domreg123-regcouk
Domain servers listed in orderNSHOSTEUROPECOM
212672022NS2HOSTEUROPECOM
(unable to validate IP)WHOIS database last updated
at 191200 17-Apr-2002
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Registering a couk domain
1 Choose the name you want- for example weinbergcouk
2 Check using the WHOIS service that this domain name does not already exist
3 Inform your registrant of the owners name and address as well as the administrators name and address
4 Inform them of the name servers that they will be authoritative for
5 Pay for the domain This ensures ownership and helps Nominet recover its costs
bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
RESOLVING
bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively
bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests
bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of
name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached
bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give
ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than
ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about
ndash 2 Iterative Requestsbull All work done by the resolver
ndash Name servers just respond with their best answer which they know
bull This technique used for security reasonsbull Not favourable for network traffic
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Resolving - recursion
bull A Recursive Queryndash The local name server does most of the work
uk
ac
umistacuk
lionumistacuk
130889640
Question lionumistacuk
Answer 130889640
lionumistacuk
lionumistacuk
lionumistacuk
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Resolving ndash iteration Vs recursion
The iterative and recursive queries are shown R=recursive I=iterative
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
bull A critical process in the DNS
ndash For every query a cache of the result and every intermediate step is maintained
bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached
bull When a query is receivedhellip
ndash The first step is to check whether this server is authoritative for the zone being queried
bull If yes then no caching is performed
bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are
checked and the results cached as the query progresses
bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be
flushedndash Typical value is 3 days
Caching
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Updating
bull All name servers know the internetrsquos root servers at the start
bull Most updating comes from the lsquoexperiencersquo of answering queries and caching
bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to
changendash In Perl an update of IP Addresses for a domainrsquos webserver
(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo
bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Resource Records
bull Where the settings for the DNS server are stored
bull Can be divided into classesndash Internet Chaosnet and Hesiod
bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Types of Records
bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for
aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
BIND
bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet
bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows
bull See Linux DNS HOWTO for more info
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion
bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS
bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates
bull Aging and Scavenging
Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
Features of Microsoft DNS Server continuedhellip
bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language
bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips
bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc
bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)
Header
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
The DNS Packetsbull The header section includes fields that specify
ndash which of the remaining sections are present
ndash whether the message is a query or a response
bull The question section contains
ndash Queries for which answers are desired
ndash The client fills in only the question sectionbull Each question has
ndash Query Domain Namendash Query Typendash Query Class fields
ndash the server returns the question and answers with its response
bull The answer section contains
ndash RRs (resource records) that answer the question
bull The authority section contains
ndash RRs that point toward an authoritative name server
bull The additional information section contains
ndash RRs which relate to the query but are not strictly answers for the question
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-
CONCLUSIONbull Should understand
- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)
bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable
ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS
ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address
bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS
bull DNS is still lsquode factorsquo and likely to remain so for several years
- The Domain Name System
- Presentation Structure
- Introduction amp History
- How a resolver looks up a remote name
- Slide 5
- Practical DNS
- The Domain Name Space
- Root name servers
- uk The United Kingdomrsquos TLD
- WHOIS ndash Database Of Registrants
- Registering a couk domain
- RESOLVING
- Resolving - recursion
- Resolving ndash iteration Vs recursion
- Caching
- Updating
- Resource Records
- Types of Records
- BIND
- Slide 20
- Slide 21
- The DNS Packets
- Slide 23
- CONCLUSION
-