• No results found

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24"

Copied!
24
0
0

Loading.... (view fulltext now)

Download now ( 24 Page )

Full text

(1)

Basic DNS

Course

Module 1

DNS Theory

Ron Aitchison

ZYTRAX, Inc.

(2)

The following are the slides used in this Module of the course. Some but not all slides have additional notes that you may find useful. You are encouraged to add you own notes.

Basic DNS Course

Lecturer: Ron Aitchison

Module 1

(3)

Objectives

Function of Name Servers

Names Servers play critical role

DNS Hierarchy (root, TLDs, Users)

DNS Delegation and Authority

DNS Operational Structure

DNS Servers and Resolvers

DNS Master and Slaves

DNS Queries

The objectives of the DNS Theory section are to provide a thorough background and understanding of the principles and operation of Name Servers. DNS is a specific implementation of the generic Name Server concept initially defined by RFCs 1034 and 1035. The DNS’s unique capabilities are optimized for use within large networks such as the Internet.

(4)

Name Server Function

The purpose of any name server is to

translate a name into something,

typically an address, that can be used

by network software to access a

resource.

While the ultimate goal of the DNS is to translate a name into a network address there are many cases where a name is translated into another name, which is finally translated into an address. An example of such a process is when looking up a mail server. In the first DNS operation (known as a query) the name of the mail server is obtained and in the second DNS operation the address of the mail server is

obtained.

Why not use an address?

Names are easier to remember

(google.com vs 206.23.9.4)

Multiple addressing schemes can be used

(IPv4 and IPv6)

We can relocate the resource without

affecting the user's view of the network

We can duplicate the resource for

(5)

History of Name Servers

Historically used files to name local

devices

1974'ish IBM's SNA contained name

translation capabilities

1978 Open system Interconnect (OSI)

Model – Name/Address Translation (L4)

1984 NetBIOS Name Server -> WINS

1981 – 1987 RFC 1034/1034 DNS

Name Server becomes Critical

No Name Server = no network

access

Resilience

Performance

Number of Names

LANS – 10s ->1,000s of addresses

WANs (Internet) 1,000s -> millions

Frequency of Change

Since the Name Server (DNS) is used in every operation - to translate the requested name to the address - it becomes a critical resource. Without the translation

(6)

network access. Resilience and performance become becomes essential to ensure timely access to network resources.

Domain Name System (DNS)

Multiple Name Servers

Performance

Resilience

Hierarchy of names (Domains)

volume of names

frequency of changes

performance

The DNS is a specific implementation, optimized to Internet requirements, of the general Name Server concept. It introduces the unique Internet naming hierarchy with which we are all familiar.

DNS Name Hierarchy

Organized into tree hierarchy

Top of the tree is called the root

Each branch is called a Domain

Any number of branches or levels

Top Level Domain (TLD), Second Level

Domain (SLD)

Responsibility for Domain is Delegated

Each Level is Authoritative

(7)

The responsibility for operation of each level in the hierarchy is delegated to that level. Each level is said to be authoritative, which means it responsible for the content at that level and will supply what is called authoritative data when requested.

DNS Hierarchy

Since 1998 the responsibility for

the allocation and operation of the

domain name hierarchy lies with

ICANN (Internet Corporation for

Assigned Names and Numbers).

ICANN is a non-profit organization

but operates under a MOU with

the US. Dept. of Commerce.

The Memorandum of Understanding (MOU) became contentious during 2006 when the US administration, which had historically adopted a hands-off approach to its oversight responsibilities, suddenly adopted a more activist position. On going oversight responsibility is being studied by an inter-governmental group under a UN umbrella. While the outcome is currently uncertain all that can safely said is that it will take a long time to reach some form of consensus.

(8)

The authority at each level in the hierarchy may in turn delegate to another party or owner. The responsibility to supply authoritative data is also delegated.

The .arpa domain (Assigned Resource and Parameter Area) is managed by IANA (Internet Assigned Number Authority) which is owned by ICANN and is managed jointly with the Internet Advisory Board (IAB), the parent of the Internet

Engineering Task Force (IETF) which sets Internet standards through the RFC process.

(9)

.arpa (Address and Routing Parameter Area) is used for Internet infrastructure including reverse mapping and ENUM.

(10)

While all country code (ccTLDs) are two characters there is one (currently)

exception which is .cat (Catalonia in Spain) which is an administrative region within the country of Spain (.es). It has provoked much envy within Quebec and Scotland who demand the same rights!

(11)

This slide illustrates the freedom that comes with ownership at any level in the hierarchy.

(12)

DNS Domain Name

www.example.com.

Contrast the normal domain name above with the one below.

DNS Domain Name

With the ending dot

Fully Qualified Domain Name (FQDN)

unambiguously defines a name to the root

the dot (.) is the root and is normally

silent

(13)

A Fully Qualified Domain Name technically always has a terminating dot, indicating the normally silent root, and which indicates it be an unambiguous definition. Unfortunately, the term is widely misused to describe any domain name, without or without the dot.

Domain Names

www.example.md.us

www.guardian.co.uk

www.bancobrasil.com.br

ftp.example.org

www.nashville.tn.us

www.br.example.net

www.un.int

While the above examples for the .us domain are still valid, the .us (and Canada - .ca) are both moving toward a flat (non-hierarchical) namespace.

(14)

Module 1

DNS Operations and Protocol

DNS - Operations/Protocol

Authoritative DNS at every level in

name hierarchy

DNS is interrogated using queries

Port 53

UDP (mostly)

512 byte blocks

Other Operations

TCP on port 53

Configuration parameters allow the user to define alternative ports for some or all operations (covered in Module 4).

(15)
(16)

DNS Operations

root DNS Servers user DNS Servers (example.com) TLD DNS Servers

www.example.com

Queries

Query Query Query Referral Answer Referral

DNS Operations

Authoritative Name Server at every

level in domain name

Name lookup asks (Queries) each

level in hierarchy

If Name Server not authoritative it

returns a referral to next level

If Name Server authoritative it

(17)

DNS - Operations

13 root servers

a.root-servers.net – m.root-servers.net

gTLD/ccTLD servers – variable

.com = 12

.net = 12

.org = 6

User servers – variable

2 minimum (Microsoft 5, Google 4)

DNS Operations

root DNS Servers user DNS Servers (example.com) TLD DNS Servers

www.example.com

caching DNS Server Resolver Queries

(18)

DNS Servers and Resolvers

DNS (name) servers are:

Authoritative

Caching

Combinations

Resolvers are:

Never Authoritative

Full – Function (follows referrals)

Stub-Resolver (cannot follow referrals)

Caching Stub-Resolver

All PCs have a stub-resolver and since around 2003 they are almost always caching stub-resolvers.

Authoritative DNS

May be a Master or Slave

Sometimes called Primary and

Secondary

Responds authoritatively to a query

for the complete address

example.com authoritative server will

(19)
(20)

DNS – Zone Transfers

Passive – Slave Initiated

Slave reads zone record (SOA) periodically

Full Transfer (AXFR)

Incremental Transfer (IXFR)

Uses TCP on port 53

Active - Master sends NOTIFY

Slave reads SOA on receipt of NOTIFY

AXFR or IXFR

Speeds up zone change propagation to slaves

(21)

DNS Queries

Recursive Queries

requested server will provide answer

Optional

Iterative (non-recursive) Queries

Server will provide answer if available

Else sends referral

(22)

DNS - Queries

Locally configured DNS (properties)

will always point to a recursive

(caching) name server

PC have stub-resolvers (cannot

follow referrals)

Windows have caching resolver

stub-resolver

(23)

Quick Quiz

The Quick Quiz is designed partly for fun, partly to wake you up and partly to ensure that you have understood the section. It does not count as part of any formal student assessment. There are usually many possible answers so please do not be afraid to take a risk in answering. First you may be correct and secondly a wrong answer may be useful to the lecturer because it may indicate that a concept was not well explained.

Quick Quiz

Who controls the domain name space?

What is www.ny.us.example.com.br?

How many DNS servers may be involved

in the above?

One method to speed up name changes?

Will an iterative query give me answer?

What type of resolver is on your PC?

You may find it useful to write down the correct answers together with any associated notes.

Who controls the domain name space?

________________________

What is www.ny.us.example.com.br?___________________

(24)

One method to speed up name changes?________________

(Changes to the speed which master - slave transfers take place – two possible answers and multiple variations)

Will an iterative query give me answer?_________________

(Assume that I want the IP address of, say, www.example.com)

References

Download now ( PDF - 24 Page - 384.24 KB )

Related documents

Smoking is Good for You

Criticism of tobacco must be mystifying to the millions of central and south American Indians who regard it as a gift from the gods. They smoked probably for thousands of years

Are the good functional results from arthroscopic repair of massive rotator cuff injuries maintained over the long term?

Methods: From the sample of the study conducted by our group in 2006, in which we evalu- ated the functional results from arthroscopic repair of massive rotator cuff tears, 35

Admissible monetary aggregates for the Euro area

missible levels of monetary aggregation for the Euro area. We find that the Euro area mone­  tary  assets  in  M2  and  M3  are  weakly  separable  and 

DNS and P2P File Sharing

requesting host cis.poly.edu gaia.cs.umass.edu root DNS server local DNS server dns.poly.edu 1 2 3 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server Recursive

The Application Layer: DNS

2-12 Requesting Host www.smith.edu gaia.cs.umass.edu root DNS server local DNS server dns.smith.edu 1 2 3 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server

CMPE 80N: Introduction to Networking and the Internet

requesting host cis.poly.edu gaia.cs.umass.edu root DNS server local DNS server dns.poly.edu 1 2 3 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server DNS name

Kfc Sukkur Online Order

Like to your meal online order your email address to the group to cook your guests are giving consent to satisfy your own food was completely served cold.. Helping us extra mayo, we

2011 Meeting Minutes Area 1

She mentioned that outreach reports submitted monthly to Odom do not reflect the number of grassroot issues received from our members.. Most of these are received from