Download - 05a DNS Message Debuggingd

1 © Nokia Siemens Networks CN3203EN01GLN00

PCNSIG

DNS Message Debugging


Objectives

After this training session, the student should be able to:

• Analyse DNS concepts and messages

• Explain the structure and the contents of DNS queries

• Analyse and interpret DNS message flows


Domain Name System (1/2)

Is a database need to:

- resolve IP addresses based on Domain Names (Resolver application)

- resolve Domain Names based on IP addresses (Resolver application)

- inform defined parameters for services


Domain Name System (2/2)

Data are identify by Domain Names organized in a tree structure (Domain Name Space)

(label or node)

FQDN = HOST.NSN.COM

ROOT (null label or null node)

.COM .ORG .NET

.NSN HP

(last label or last node)

Second Level Domain Name

First Level Domain Name

or “Top Level Domain”

HOST

HP.ORG ZONE

NET ZONE

. ZONE


Resolver Operation

resolv.conf

search nokia.com net.nokia.com

nameserver 10.240.10.60

Command: # host bill

DNS Server 10.240.10.60

Resolver (DNS Client)

query for: bill

query for: bill.nokia.com

query for: bill.net.nokia.com

1

2

3

Name without domain suffix


Resolver Configuration

/etc/resolv.conf

static setup

dynamically created (dhcp)

Options:

• nameserver defines the name of server that resolver will use • domain defines the NS domain used for the host

in queries • search list for host-name lookup. Currently limited to six

domains note: domain and search are used mutually exclusive


DNS Query Types (1)

DNS Server

DNS Server •

Resolver (DNS client)

DNS Server com.

DNS Server nokia.com.

DNS recursive query: www.nokia.com

147.243.3.73

2

3

4

1

2

recursive

iterative

NS

A

5


DNS Query types (forwarding) (2)

DNS Server (10.240.10.60)

DNS Server •

DNS Server com.


www.nokia.com ?

147.243.3.73

3

4

5

2

6

recursive

iterative

DNS Server (forwarder)

named.conf

options {

forwarders {10.240.10.60;};

forward-only;

}


1 7

NS

NS

A

ww

w.n

okia

.co

m ?

14

7.2

43

.3.7

3

3

4


DNS Query types (forwarding zones) (3)

DNS Server (10.240.10.60)

DNS Server •

DNS Server com.


147.243.3.73

3

4

5

www.nokia.com ? 2

6

recursive

iterative

DNS Server (forwarder)

named.conf

zone "nokia.com"{

type forward;

forwarders {10.240.10.60;};

}


1 7

forwarding zone nokia.com.

other queries

NS

NS

A

14

7.2

43

.3.7

3

ww

w.n

okia

.co

m ?

3

4


Name Server Relations

primary master

DNS server

DNS server

DNS server

DNS server

DNS server

DNS server

The primary master server is defined in the SOA record

of the zone file.

The dns servers on this level are slaves of the primary master,

but masters of the secondary slaves.

slave servers

All servers in this picture are authoritative servers for the zone

Zone Transfer


Name Server Configuration Files

Configuration: /etc/named.conf (for bind 8 and bind 9) Data: /var/named/... can be configured Control Channel: /etc/rndc.conf /etc/rndc.key optional

DNS Server rndc reload stop start ...

tcp:953

The control channel


named.conf (options, controls, key)

options { ... };

options {

listen-on {127.0.0.1;10.240.160.120;10.240.160.125;};

allow-query {"ASTERIX"; "PCN2-BB";};

directory "/var/named";

pid-file "/var/run/named.pid";

notify yes; (periodic notification to slave server)

recursion yes; (recursive mode active)

};

controls { ... };

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1;} keys { "rndc-key"; };

};

key “<key-name>” { ... };

key "rndc-key" {

algorithm hmac-md5;

secret "GiZLRsc5rWT1nkOugdEvEQ==";

};


named.conf (zone)

zone “domain-path”{ ... };

zone "ossadm.nokia-cpt.com" {

type master;

file "ossadm.nokia-cpt.com.hosts";

};


type slave;

masters {10.240.160.125;};


};


type stub;

masters {10.240.160.125;};


};

zone "ossadm.nokia-cpt.com"{

type forward;

forwarders {172.25.129.11;172.25.129.12;};

};

zone “." {

type hint;

file “root-servers";

};

slave with automatic SOA and NS record update

hint zones do not expire. They are only used until after

a successful root query.


Zonefile (SOA, Variables)

SOA Record – Start of Authority owner ttl class SOA primary-master responsible-mbox (serial refresh retry expire minimum)

Example: ossadm.nokia-cpt.com. 38400 IN SOA osspkg1.ossadm.nokia-ocd.com. harald.nokia-ocd.com. (

1009 ; serial (date)

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

432000 ; expire (5 days)

432000 ; minimum (5 days)

)

Variables can be used: $ORIGIN <domain-name> $INCLUDE <file-name> $TTL <time-in-seconds> @ current origin


Zonefile (NS, A)

NS Name Server

owner ttl class NS name-server-dname

Example:

NS nmsdns01.nms.nokia-ocd.com.

or

ossadm.nokia-cpt.com. 38400 IN NS nmsdns01.nms.nokia-ocd.com.

A Address (forward resolution)

owner ttl class A address

Example:

$ORIGIN ossadm.nokia-cpt.com.

asterix A 10.240.160.120

or

asterix.ossadm.nokia-cpt.com. 38400 IN A 10.240.160.120


Zonefile (PTR, CNAME, MX)

PTR Pointer (reverse resolution)

owner ttl class PTR dname

Example: $ORIGIN 30.240.10.in-addr.arpa.

134 PTR bonnie.nms.nokia-ocd.com.

CNAME Canonical Name (alias)

owner ttl class CNAME canonical-dname

Example: $ORIGIN ossadm.nokia-cpt.com.

osspkg1 CNAME pkgoss1

pkgoss1 A 10.240.160.125

MX Mail Exchanger

owner ttl class MX priority mailserver-dname

Example: nokia-ocd.com. 38400 IN MX 2 mail.nms.nokia-ocd.com.


Monitored example of a DNS query

Frame 3 (99 on wire, 99 captured)

Ethernet II Internet Protocol, Src Addr: 192.168.10.151 (192.168.10.151), Dst Addr:

cndns1.mnc009.mcc262.gprs (192.168.10.60)

User Datagram Protocol, Src Port: 10002 (10002), Dst Port: domain (53)

Domain Name System (query)

Transaction ID: 0x0002

Flags: 0x0100 (Standard query)

0... .... .... .... = Query

.000 0... .... .... = Standard query

.... ..0. .... .... = Message is not truncated

.... ...1 .... .... = Do query recursively

.... .... ...0 .... = Non-authenticated data is unacceptable

Questions: 1

Answer RRs: 0

Authority RRs: 0

Additional RRs: 0

Queries

RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS: type A, class IN

Name: RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS

Type: Host address

Class: IN


Monitored example of a DNS query response - 1

Frame 2 (255 on wire, 255 captured)

Ethernet II

Internet Protocol

User Datagram Protocol

Domain Name System (response)

Transaction ID: 0x344d

Flags: 0x8580 (Standard query response, No error)

1... .... .... .... = Response

.000 0... .... .... = Standard query

.... .1.. .... .... = Server is an authority for domain

.... ..0. .... .... = Message is not truncated

.... ...1 .... .... = Do query recursively

.... .... 1... .... = Server can do recursive queries

.... .... ..0. .... = Answer/authority portion was not

authenticated by the server

.... .... .... 0000 = No error

Questions: 1

Answer RRs: 4

Authority RRs: 2

Additional RRs: 2

Queries

rrobin.nokia-ocd.com.mnc009.mcc262.gprs: type A, class IN

Name: rrobin.nokia-ocd.com.mnc009.mcc262.gprs

Type: Host address

Class: IN



Answers RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS: type A, class IN,

addr 192.168.10.24


Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.24

RROBIN.NOKIA-OCD.COM.MNC009.MCC262.GPRS: type A, class IN,

addr 192.168.10.23


Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.23




addr 192.168.10.21


Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.21


addr 192.168.10.22


Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.22



Authoritative nameservers mnc009.mcc262.gprs: type NS, class IN, ns cndns1.mnc009.mcc262.gprs

Name: mnc009.mcc262.gprs

Type: Authoritative name server

Class: IN

Time to live: 1 day

Data length: 9

Name server: cndns1.mnc009.mcc262.gprs

mnc009.mcc262.gprs: type NS, class IN, ns cndns2.mnc009.mcc262.gprs

Name: mnc009.mcc262.gprs

Type: Authoritative name server

Class: IN

Time to live: 1 day

Data length: 9

Name server: cndns2.mnc009.mcc262.gprs


Additional records cndns1.mnc009.mcc262.gprs: type A, class IN, addr 192.168.10.60

Name: cndns1.mnc009.mcc262.gprs

Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.60

cndns2.mnc009.mcc262.gprs: type A, class IN, addr 192.168.10.61

Name: cndns2.mnc009.mcc262.gprs

Type: Host address

Class: IN

Time to live: 1 day

Data length: 4

Addr: 192.168.10.61
