dns how to find things…. 12/10/20152 domain name system associate human-friendly names with...
TRANSCRIPT
![Page 1: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/1.jpg)
DNS
How to find things…
![Page 2: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/2.jpg)
19/04/23 2
Domain Name System
Associate human-friendly names with machine-friendly IP addresses
Resolution of a given hostname to an IP address Domain Names, as opposed to IP addresses have
the top-most element on the right Each element can be up to 63 characters long, the
full name can be no more than 255 characters Letters, numbers or dashes can be used in a name
element
![Page 3: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/3.jpg)
19/04/23 3
DNS Allows machines to be grouped logically, by domain name Right-most element is called the (TLD) Top Level Domain The full name is referred to as the (FQDN) Fully Qualified
Domain Name lugh.student.comp.dit.ie or lugh Internet Assigned Numbers Authority (IANA) controls the
top-level domains
Host names map to IP addresses in a one-to-many relationship, each machine may have many IP addresses, and each IP address may be associated with many machines
![Page 4: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/4.jpg)
19/04/23 4
E.G. Mail Routing using DNS
Hosts that are designed to perform email routing, mail exchangers, have special-purpose records in DNS, MX records
A domain should have multiple mail exchangers. Mail that cannot sent to one mail exchanger, can
instead be delivered to an alternative server, providing a failsafe redundancy.
![Page 5: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/5.jpg)
19/04/23 5
Before DNS
Before DNS, name resolution was accomplished solely by text file databases residing on each host (“hosts” files)
The method is not scalable, and it requires centralised management of the text files
![Page 6: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/6.jpg)
19/04/23 6
Internet DNS Hierarchy
Root Name Servers Provide references to the appropriate zone
authoritative name servers for the top-level domains
Zone-Authoritative name servers Master and slave servers for zones
![Page 7: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/7.jpg)
19/04/23 7
Root Name Servers
There are 13 root-name servers Each has an associated letter name (a to m)
No more names can be used because of protocol limitations UDP packet can only carry 512 bytes reliably A hint file with more than 13 servers would be
larger than 512 bytes C, F, I, J, K and M servers now exist in
multiple locations on different continents
![Page 8: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/8.jpg)
19/04/23 8
Root name servers
Letter Old name Operator Location
A ns.internic.net VeriSign Dulles, Virginia, USA
B ns1.isi.edu ISI Marina Del Rey, California, USA
Cc.psi.net Cogent Commu
nicationsdistributed using anycast
D terp.umd.edu University of Maryland
College Park, Maryland, USA
E ns.nasa.gov NASA Mountain View, California, USA
F ns.isc.org ISC distributed using anycast
G ns.nic.ddn.mil U.S. DoD NIC Columbus, Ohio, USA
Haos.arl.army.mil
U.S. Army Research Lab Aberdeen Proving Ground, Maryland, USA
I nic.nordu.net Autonomica distributed using anycast
J VeriSign distributed using anycast
K RIPE NCC distributed using anycast
L ICANN Los Angeles, California, USA
M WIDE Project distributed using anycast
![Page 9: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/9.jpg)
19/04/23 9
A simplified domain-map(Root)
.ie domain
dit
wicklowTaranaki AislingPosedion
.com .org
wicklow.dit.ie.
![Page 10: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/10.jpg)
19/04/23 10
Domains
Dividing domains into sub-domains is important in several regards
Division of a namespace into sub-domains in an hierarchical manner Removes the requirement that the names of
individual hosts be unique (FQDNs) must still be unique
It allows for the decentralised management of the entire namespace
Up to 127 levels deep!
![Page 11: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/11.jpg)
19/04/23 11
Comp.dit.ie domain-map(Root)
.ie domain
Compad
dit
ict
Poseidon Aisling
Taranki
McCool
Student
MyLaptop
wicklow.student.comp.dit.ie.
![Page 12: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/12.jpg)
19/04/23 12
Zones, Domains and Delegation
A Domain is a complete sub-tree of the hierarchical namespace
A zone is part of the domain managed by a particular server
Sub domains may be delegated into additional zones
A zone may directly manage some sub domains A zone represents the scope of administration for
which one body is responsible
![Page 13: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/13.jpg)
19/04/23 13
Comp.dit.ie zones (?)(Root)
.ie domain
Compad
dit
Poseidon Aisling
Taranki
wicklowWicklow.student.comp.dit.ie.
Student
MyLaptop
ict
![Page 14: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/14.jpg)
19/04/23 14
Relationship between domains, zones and DNS Servers
The DNS database is effectively spread across all servers
DNS Servers are delegated to manage particular zones and the links to the rest of the database.
Zone is not necessarily equivalent to domain A DNS server can manage one or more
zones
![Page 15: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/15.jpg)
19/04/23 15
Comp.dit.ie dns-servers(Root)
.ie domain
Compad
dit
ict
PoseidonAisling
Taranki
wicklow
Cara: 147.252.224.80Poseidon: 147.252.224.12
Student
cara.comp.dit.ie.
MyLaptop
Poseidon.ict.ict.ad.dit.ie.
![Page 16: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/16.jpg)
19/04/23 16
The DNS Server
Server receives request from client If the server does not have the answer it will either
ask a root server or it forwards the request to another name server
This may happen a number of times until a name server is found that knows the answer
When the server gets a response it will place a copy in its local cache and return a copy to the requesting client
![Page 17: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/17.jpg)
19/04/23 17
Name Server Hierarchy
Master Name Server Contains the master copy of data for the zone
Slave Name Server Provides an automatic backup to the master name server All slave servers maintain synchronisation with their master
name server Both Master and Slave servers contain authoritative data Zone may have multiple slaves but only one master Slave may get its data from another slave
![Page 18: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/18.jpg)
19/04/23 18
Authoritative ?
If the name server responding to a query is authoritative with respect to the query performed, the data returned is said to be authoritative
Alternatively, responses may come from a name server which has cached the information, in which case the response is said to be non-authoritative
The client may choose not to accept non-authoritative information
![Page 19: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/19.jpg)
19/04/23 19
Resolver
The DNS client is called the resolver Resolver capability is built into any program that
needs it by way of the resolver library calls Resolver functions implemented in libresolv.so DNS Clients and servers communicate using UDP
packets in most cases UDP is fast, but packets can be no larger than 512
bytes If query or response is larger than 512bytes, it must
be sent by TCP
![Page 20: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/20.jpg)
19/04/23 20
Resolution Configuration Files
/etc/host.conf mainly used to indicate which source of information is to be used and in what orderorder hosts,bind
![Page 21: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/21.jpg)
19/04/23 21
Resolution Configuration Files
/etc/resolv.conf is used to configure which servers are to be used and whether any domains are assumed for non qualified host namessearch student.comp.dit.ienameserver 147.252.224.70nameserver 147.252.224.73nameserver 147.252.1.37
![Page 22: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/22.jpg)
19/04/23 22
How did I find out the name servers?U:\>nslookupDefault Server: poseidon.ict.ad.dit.ieAddress: 147.252.224.12> set type=ns> student.comp.dit.ieServer: poseidon.ict.ad.dit.ieAddress: 147.252.224.12Non-authoritative answer:student.comp.dit.ie nameserver = oisin.comp.dit.iestudent.comp.dit.ie nameserver = cara.comp.dit.iestudent.comp.dit.ie nameserver = cian.student.comp.dit.iestudent.comp.dit.ie nameserver = lugh.student.comp.dit.ieoisin.comp.dit.ie internet address = 147.252.224.70cara.comp.dit.ie internet address = 147.252.224.80cian.student.comp.dit.ie internet address = 147.252.224.68lugh.student.comp.dit.ie internet address = 147.252.224.73
![Page 23: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/23.jpg)
19/04/23 23
nslookup on Aislingrbradley@aisling:~$ nslookup wicklow
Server: 147.252.224.80
Address: 147.252.224.80
Name: wicklow.student.comp.dit.ie
Address: 147.252.224.79
rbradley@aisling:~$ nslookup DM-LFJLL02J.comp.dit.ie
Server: 147.252.224.80
Address: 147.252.224.80
Name: DM-LFJLL02J.comp.dit.ie
Address: 147.252.230.48
![Page 24: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/24.jpg)
19/04/23 24
Nslookup on my laptop
U:\>nslookup wicklowServer: poseidon.ict.ad.dit.ieAddress: 147.252.224.12*** poseidon.ict.ad.dit.ie can't find mccool: Non-existent domain
U:\>nslookup wicklow.student.comp.dit.ieServer: poseidon.ict.ad.dit.ieAddress: 147.252.224.12Non-authoritative answer:Name: wicklow.student.comp.dit.ieAddress: 147.252.224.79
![Page 25: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/25.jpg)
19/04/23 25
Deeper into nslookup
rbradley@aisling:~$ nslookup> set type=mx> comp.dit.ieServer: 147.252.224.80Address: 147.252.224.80
comp.dit.ie mail exchanger = 15 mail.dit.ie.comp.dit.ie mail exchanger = 5 mail.comp.dit.ie.
>
![Page 26: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/26.jpg)
19/04/23 26
Deeper into nslookup> set type=a> comp.dit.ieServer: 147.252.224.80Address: 147.252.224.80
Name: comp.dit.ieAddress: 147.252.224.70Name: comp.dit.ieAddress: 147.252.224.80
> 147.252.224.70Server: 147.252.224.80Address: 147.252.224.80
70.224.252.147.in-addr.arpa name = oisin.comp.dit.ie.>
![Page 27: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/27.jpg)
Configuring DNS
![Page 28: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/28.jpg)
Berkeley Internet Name Domain BIND
Most widely used DNS server Type: System-V managed service
Packages: bind, bind-utilsDaemons: namedConfig Files: /etc/named/conf and /var/named/*Related: redhat-config-bind, caching-nameserver, openssl
![Page 29: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/29.jpg)
/etc/sysconfig/named
Used by the named script to allow options to be passed to the named at startup
![Page 30: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/30.jpg)
Configuring BIND
Default config file is /etc/named.conf Read by named during startup or service named reload
Text file specifying zones, options etc. Check the log files to ascertain if the service
started correctly
![Page 31: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/31.jpg)
Config. File Basics
Comments can be in C, C++ or Shell style/* comment */// comment# comment
Directives such as options, zone and server precede blocks in bracesAll statements, including blocks end with semicolon
Relative pathnames will be prefixed with directory option, or /var/named if none specified
![Page 32: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/32.jpg)
Global Options
Declared in the options directiveoptions { directory “/var/named”; forwarders { 147.252.1.37; }; allow-query { 147.252.234/24; }; allow-transfer { 147.252.234/24; };};
![Page 33: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/33.jpg)
Global Options 2
directory: Base directory of all relative paths specified in named.conf
forwarders: Server forwards queries it cannot answer to name servers at the addresses in this list, if it gets no answer, it will try a root-name server unless the forward-only option is set
![Page 34: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/34.jpg)
Global Options 3
allow-Query: Specifies the range(s) of IP addresses allowed to query this DNS server. If the option is not set, then all hosts can query this server
allow-Transfer: specifies hosts that are allowed to copy the database. Should be used to limit zone transfers. By default zone transfers are not permitted unless explicitly stated using the allow-transfer statement.
![Page 35: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/35.jpg)
Master Zones
Declared with the zone directivezone “comp.dit.ie” {type master;file “comp.dit.ie.zone”;};
Specified file should contain the zone's database, but its name is not critical
![Page 36: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/36.jpg)
Slave Zones
Declared with the zone directivezone “comp.dit.ie” {type slave;masters {147.252.224.70; };file “comp.dit.ie.zone”;};
The file directive is not essential, but if specified, it should probably match the name given on the master DNS in the corresponding zone file
When slave starts, it asks Master for the serial no. on the master zone file to see if they match
![Page 37: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/37.jpg)
Reverse Lookup Zones
Zone name ends with special suffix.in-addr.arpa
Declared within the zone directivezone “1.10.14.in-addr.arpa” {type slave;masters {14.10.1.5;};file “1.10.14.in-addr.arpa”;};
![Page 38: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/38.jpg)
Special Zones
Root zone: “.”
zone “.” {
type hint;
file “named.ca”;
}; Loopback zone
“0.0.127.in-addr-arpa” Specified like other reverse lookup zones
![Page 39: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/39.jpg)
Special Zones Every BIND configuration should include a root
zone. The root zone is used when a query is unresolvable
by any other configured zones, so it is the ‘default’ zone
Zone type is ‘hint’ (unless the server being configured is a root name server)
named.ca contains info about root servers on the internet
ftp://rs.internic.net/domain
![Page 40: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/40.jpg)
Special Zones
Loopback zones should be configured, although they are not strictly necessary
Many programs use the loopback address to implement inter-process communication (IPC)
These programs use the loopback address 127.0.0.1
![Page 41: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/41.jpg)
Address Match Lists
A list of semi-colon separated IP addresses, networks or named address match lists
Used with some directives for access control Can use acl directive to create custom named
address match list
acl “mylist” {192.168.0/24; 192.168.1.12; };
Trailing, non significant, zeros can be dropped
![Page 42: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/42.jpg)
Address Match Lists
Some global options such as allow-query take an address list as an argument
4 pre-defined match lists none - No IP addresses match any – All IP addresses match localhost – Any IP address of the name server matches localnets – Any network on which the name server has an
IP address matches
![Page 43: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/43.jpg)
Zone Files Usually reside in /var/named Begins with $TTL (time to live). This defines the
default time in seconds which you want resolving nameservers to cache your zone’s information
$TTL 86400 First resource record is zone’s start of authority Zone’s data in additional zone records FQDNs in zone files end with a . BIND assumes the names that don’t end with . need
the name of the current domain appended
![Page 44: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/44.jpg)
Resource Records
Three general types of Resource Records Setup Address mapping Miscellaneous
![Page 45: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/45.jpg)
Resource Records
SOA defines start of authority NS specifies a name server A associates names with IP addresses CNAME aliases one name to another PTR points an IP address to a name MX specifies a mail exchanger
![Page 46: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/46.jpg)
Resource Records Syntax
[domain] [ttl] [class] <type> <rdata> [domain] Specify domain or use current [ttl] how long to cache the record [class] record classification usually IN <type> record type (SOA, MX, A etc) <rdata> specific data for the record TTL values may be set on a per-record basis, overriding the
default ttl value. Most common class is the IN (Internet) class
![Page 47: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/47.jpg)
Setup Resource Records
The SOA designates the beginning of a zone’s data, and sets default parameters fo this domain
Should contain at least one DNS that is authoritative for the zone (may be a slave server to mask master server’s identity)
A list of name servers that can be references is commonly included
![Page 48: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/48.jpg)
SOA
Every Zone must have one@ IN SOA ns.redhat.com, root.redhat.com. (2003120101; serial number300; refresh60; retry1209600; expire43200; minimum ttl for negative answers) Values can now be in seconds, minutes(M), hours(H), days(D) or
weeks(W)The @ symbolises the current domain redhat.com in this example
![Page 49: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/49.jpg)
SOA Explanation
Serial, for update comparison purposes Refresh: slave server delay Retry: Delay after slave server refresh failed Expire: Upper limit of slave serving data in absence
of update from master Min TTL..: How long should a nameserver cache a
‘no such host’ answer from an authoritative nameserver in a different domain.
Last string specifies contact details.
![Page 50: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/50.jpg)
Address Mapping Records
An A resource record maps a hostname (FQDN or not) and an IP address
A CNAME record should only point to an A record
PTR Records are the inverse of an A record, map an IP address to a hostname
![Page 51: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/51.jpg)
Address Mapping examples
A record: maps hostname to IP addressmail IN A 192.100.100.3login.redhat.com. IN A 192.100.100.4
CNAME record: defines address aliasespop IN CNAME mailssh IN CNAME login.redhat.com.
PTR record: maps IP address to hostname3.100.100.192.in-arrd.arpa IN PTR mail.redhat.com.4.100 IN PTR login.redhat.com.
![Page 52: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/52.jpg)
NS name server
There should be an NS record for each master or slave serving your zone
NS records point to any slave servers that should be consulted by the client’s name server if the master should fail
@ IN NS ns.redhat.com.
Redhat.com IN NS ns1.redhat.com. FQDNs must be used for NS records
![Page 53: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/53.jpg)
Miscellaneous Resource Records
MX (Mail exchanger records) which have a preference associated with them are used by remote MTAs (Message Transfer Agents) for delivery of Email.
HINFO records were intended to provide information on a hosts’ architecture and OS. Not a great idea.
![Page 54: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/54.jpg)
MX & HINFO: examples
MX associates a domain with a host to handle mail for that domain
redhat.com. IN MX 5 mail.redhat.com.
redhat.com. IN MX 10 lava.redhat.com.
HINFO provides additional host data
mail IN HINFO i686 Linux-2.0.36
![Page 55: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/55.jpg)
Example zone file: 1/3
$TTL 86400
@ IN SOA ns.redhat.com. root.redhat.com. (
20003120101 ;serial # YYYYMMDDCC
3H ;refresh 3 hours
1M ;retry 1 minute
2W ;expiration 2 weeks
1D) ;minimum ttl
![Page 56: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/56.jpg)
Example zone file: 2/3
@ IN NS ns.redhat.com.
redhat.com. IN NS ns1.redhat.com.
ns.redhat.com. IN A 192.100.100.1 ; A
ns1 IN A 192.100..100.2 ; A
mail IN A 192.100.100.3
login IN A 192.100.100.4
lava IN A 192.100.100.10
www 0 IN A 192.100.100.5 ; ttl=0
![Page 57: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/57.jpg)
Example zone file: 3/3
pop IN CNAME mail ; alias pop to mail
imap IN cname pop; bad idea
@ IN MX 5 mail.redhat.com. ; used first
redhat.com. IN MX 10 lava.redhat.com. ; used if mail is down
![Page 58: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/58.jpg)
BIND Utilities
host: gather host/domain information host –a ns.redhat.com host –al redhat.com
dig send queries directly to name server dig @ns redhat.com any
nslookup is still widely used but deprecated
![Page 59: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/59.jpg)
Zone transfer from DNS server bash-2.05# dig @192.168.0.145 csaa.uml axfr
; <<>> DiG 9.1.3 <<>> @192.168.0.145 csaa.uml axfr ;; global options: printcmd csaa.uml. 86400 IN SOA csaa.uml. root.csaa.uml. 42 1080 0 900 604800 86400 csaa.uml. 86400 IN A 192.168.0.145 csaa.uml. 86400 IN NS csaa.uml. csaa.uml. 86400 IN MX 5 mail1.csaa.uml. csaa.uml. 86400 IN MX 10 mail2.csaa.uml. aclinton.csaa.uml. 86400 IN A 192.168.0.217 aclinton.csaa.uml. 86400 IN NS aclinton.csaa.uml. bradley.csaa.uml. 86400 IN A 192.168.0.148 bradley.csaa.uml. 86400 IN NS bradley.csaa.uml. byrne.csaa.uml. 86400 IN A 192.168.0.214 byrne.csaa.uml. 86400 IN NS byrne.csaa.uml. ccoffey.csaa.uml. 86400 IN A 192.168.0.222 ccoffey.csaa.uml. 86400 IN NS ccoffey.csaa.uml. manandhar.csaa.uml. 86400 IN A 192.168.0.215 manandhar.csaa.uml. 86400 IN NS manandhar.csaa.uml. oneill.csaa.uml. 86400 IN A 192.168.0.221 oneill.csaa.uml. 86400 IN NS oneill.csaa.uml. oriordan.csaa.uml. 86400 IN A 192.168.0.224 oriordan.csaa.uml. 86400 IN NS oriordan.csaa.uml. thaitrungking.csaa.uml. 86400 IN A 192.168.0.212 thaitrungking.csaa.uml. 86400 IN NS thaitrungking.csaa.uml. csaa.uml. 86400 IN SOA csaa.uml. root.csaa.uml. 42 1080 0 900 604800 86400 ;; Query time: 26 msec ;; SERVER: 192.168.0.145#53(192.168.0.145) ;; WHEN: Thu Feb 23 11:11:27 2006 ;; XFR size: 23 records
![Page 60: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/60.jpg)
DNS and load balancing
There are two types of load balancing possible with DNS Balancing the load between hosts whose name is
served by DNS Balancing the load between name servers
![Page 61: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/61.jpg)
Round-Robin Load Sharing through DNS
Load balancing can be achieved through the simple use of multiple A records
www 0 IN A 192.168.34.3
www 0 IN A 192.168.34.4
www 0 IN A 192.168.34.5 DNS traffic will increase due to instant time-out of 0
ttl
![Page 62: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/62.jpg)
BIND and load balancing
BIND will automatically load balance between name servers
BIND remembers the time the last query took (Round Trip Time). If it has never queried it before, the RTT=0
On each successful query, the RTT will be increased a little
On any resend, the RTT will be increased a lot
![Page 63: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/63.jpg)
DNS
Creating subdomains
![Page 64: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/64.jpg)
Delegating Sub Domains
It is possible to set up and manage an entire subdomain as part of a zone that includes its parent domain
Sometimes necessary to delegate management of DNS for a subdomain to another name server
We will delegate authority for the support.example.com subdomain from the example.com domain.
example.com is managed by ns.example.com support.example.com is managed by
ns.support.example.com
![Page 65: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/65.jpg)
Delegating Subdomains
Set up a zone to manage support.example.com on ns.example.com
Parent zone needs to delegate authority for the subdomain to the new server. Create NS records for the subdomain in the parent’s zone database to point to the new name server or servers
support.example.com. IN NS ns.support.example.com.
![Page 66: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/66.jpg)
Advanced DNS
![Page 67: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/67.jpg)
Logging 1 logging stanza per named.conf
With as many channels and categories
Examplelogging{ channel example_log{ file "/var/log/named/example.log" versions 3 size 2m; severity info;
print-severity yes; print-time yes; print-category yes;
};channel "default_stderr" { stderr; severity info; };};
![Page 68: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/68.jpg)
Logging options
Severity critical, error, warning, notice, info debug [ level ] dynamic (set by –d option from command line)
Printing options print-category, print-severity, print-time
![Page 69: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/69.jpg)
Logging Categories
• Categories
Category transfer{ xfer-in; xfer-out;};
• Types default config parser queries lame-servers
statistics panic update ncache xfer-in xfer-out db event-lib packet notify cname security os insist maintenance load response-checks
Default categories
category default { default_syslog; default_debug; };
category panic { default_syslog; default_debug; };
![Page 70: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/70.jpg)
More global options
recursion: Whether the name server will look outside its domain
listen-on: restricts which interface a name server uses
listen-on port 53 { 9.53.150.239; }; notify transfer-format: either one-answer or many-answer
Update { 9.53.150.239; };
![Page 71: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/71.jpg)
DNS enhancements: DNS Notify
RFC 1996 (1996): Specified DNS Notify message Original operation:
Slave will poll master for updates Refresh option controls the frequency of this Results in network traffic and latency with changes
Notify message is sent from master to the slave when the zone definition changes
![Page 72: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/72.jpg)
DNS enhancements: Incremental zone transfer
RFC 1995: Allows incremental updates of the zone definition
Original operation: Entire zone definition is transferred Wasteful of bandwidth
Slave server sends a IXFR message with the serial number of the current copy of the database.
Master identifies the changes and sends the updated records only.
![Page 73: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/73.jpg)
DNS enhancements: Dynamic DNS
Modern networks are not static IP addresses change rapidly (DHCP) DNS does not handle change well
Dynamic DNS Require Update in zone definition:
allow-update { 192.168.0.145; }; Allows zone definitions to be updated dynamically Integrated into Active Directory
![Page 74: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/74.jpg)
Server
Modifies the behaviour of the naming server with regard to individually specified servers
server ipaddr
{
[ bogus ( yes | no ); ]
[ transfers value;]
[ transfer-format ( one-answer |
many-answers ); ]
}
![Page 75: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/75.jpg)
Key
Not yet widely implemented Adds authentication to name serverskey key-name {
algorithm alg-id;secret secret-string;};
In the zone definition add:update-security
Unsecured :No security (standard operation)
Presecured :Won’t accept new records without authentication
Controlled :Can add new records, but not change existing ones
![Page 76: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/76.jpg)
More Resource Records
SOA defines start of authority NS specifies a name server A associates names with IP addresses CNAME aliases one name to another PTR points an IP address to a name MX specifies a mail exchanger AAAA specifies an IPv6 address TXT specifies a text string SRV specifies a service record
![Page 77: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/77.jpg)
AAAA and IPV6 support
RFC1886 (Dec1995) defined AAAA: 128bit IPv6 address IP6.INT: IPv6 equivalent of IN-ADDR.APPR extension to query types and resolution to handle IPv6
addresses
Alternative standard was proposed (RFC2874) which defined A6: allowed chaining of addresses
RFC3364 (2002) decided in favour of AAAA
![Page 78: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/78.jpg)
TXT record
Allows arbitrary text (up to 65535 bytes) to be defined in the configuration fileTXT “text string 1” text_string2 “last one”
Query with dig txt option Used for arbitrary applications which need extra info
E.g. anti-spam protection for mail servers
![Page 79: DNS How to find things…. 12/10/20152 Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649eb25503460f94bb8bd8/html5/thumbnails/79.jpg)
SRV record & DNS Service Discovery (DNS-SD)
Supports browsing of services as well as names through DNS
_http._tcp.example.com. SRV 10 5 80. www.example.com _[service name]._[protocol].[domain name] Priority Weighting (for load balancing) Port number for the service Hostname