dns - the domain name system
DESCRIPTION
DNS - The Domain Name System. Sirak Kaewjamnong Computer Network Systems. Outline. DNS basic name space resolver protocol configuration. Why need DNS?. host table /etc/hosts simple text file with has IP address to name mapping problems name collision consistency - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/1.jpg)
DNS - The Domain Name System
Sirak Kaewjamnong
Computer Network Systems
![Page 2: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/2.jpg)
2
Outline
• DNS basic
• name space
• resolver
• protocol
• configuration
![Page 3: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/3.jpg)
3
Why need DNS?
• host table /etc/hosts – simple text file with has IP address to name
mapping
• problems– name collision– consistency
• A hierarchical name with distributed control is needed
![Page 4: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/4.jpg)
4
DNS basic
• DNS is a distributed database
• TCP/IP applications use DNS to – map hostname to IP address– map IP address to hostname– provide e-mail routing information
• mail [email protected] => ratree.psu.ac.th
– handle aliases• www.cs.psu.ac.th is actually www2.cs.psu.ac.th
![Page 5: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/5.jpg)
5
Naming Scheme
• name space is a tree of domain• names are case-insensitive
www.cs.psu.ac.thwww.cs.psu.ac.th
more specific
th
ac
psu
cs
www
building tree from top to bottom
www.cs.psu.ac.th
![Page 6: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/6.jpg)
6
Domain Name Space
edu gov int mil net org au th
ac
psu
cs eng
www
ku
www.cs.psu.ac.th
usu
cc cc.usu.edu
com
root
generic domains country domains
arpa
in-addr
![Page 7: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/7.jpg)
7
DNS Management
• ICANN manages root and top level domain name
• local admins manage 3rd level or more
root
ac
psu
cs
ku
or
com
managed by ICANN
managed bythnic Thailand
managed by psu
manage by ku
th
eng
![Page 8: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/8.jpg)
8
Domain Name Concept
label label every node has a label (except root)
domain name domain name
absolute domain nameabsolute domain name
the list of labels, starting at that node, working up to the root, using a “.” to separate
domain name that ends with a period
relative domain namerelative domain name name to be completed
www.cs.psu.ac.th.
www
psu.ac.th, cs.psu.ac.th
th
ac
psu
cs
www
![Page 9: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/9.jpg)
9
Domains
domain domain subtree of the domain name spaceth
ac
psu
cs eng
www
ku
www.cs.psu.ac.th node
ac.th domain
psu.ac.th domain
![Page 10: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/10.jpg)
10
Domains and Zones
• Zone is a subtree for which naming authority has been delegated
psu.ac.th domainpsu.ac.th zone
case 1 : single DNS administration
psu.ac.th domain
case 2 : cs and cc have authority for their zones
psu
sci ccpn
clibmgt
cs
engpsu
sci ccpn
clibmgt cs
eng
psu.ac.th zone
![Page 11: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/11.jpg)
11
psu
sci ccpn
clibmgt cs
eng
Name Servers
• Name server : Server that store information about the zone
ns.psu.ac.th
responsibility for psu.ac.th zone
ns.cc.psu.ac.th
responsibility for cc.psu.ac.th zone
responsibility for Cs.psu.ac.th zone
ns.cs.psu.ac.th
![Page 12: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/12.jpg)
12
Type of Name Servers
• Primary Name server gets the data for zones from files on the host it runs on
• Secondary Name server gets its zone data from the primary for redundancy and workload distribution
![Page 13: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/13.jpg)
13
Zone Transfer
• Secondary Name Server pulls zone data over from the primary called zone transfer.
primary for ku.ac.thsecondary for cpe.ku.ac.th
primary for eng.ku.ac.thsecondary for ku.ac.thsecondary for cpe.ku.ac.th
primary for cpe.ku.ac.thsecondary for ku.ac.thsecondary for eng.ku.ac.th
secondary for ku.ac.thsecondary for cpe.ku.ac.th
secondary for eng.ku.ac.th
secondary for cpe.ku.ac.th
ns.eng.ku.ac.th
ns.ku.ac.th
nontri.ku.ac.th
ns2.eng.ku.ac.th
ns.cpe.ku.ac.th
cc2.cpe.ku.ac.th
![Page 14: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/14.jpg)
14
Root Name Server
• name server must contact other name servers for non local IP
• it has to know IP address of the top most server called root name server
• root name server - provide the names and address of the name server authoritative for top level domain name
![Page 15: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/15.jpg)
15
Root Name Server
• 13 root servers are currently available in Internet
A.ROOT-SERVERS.NET 198.41.0.4
B.ROOT-SERVERS.NET 128.9.0.107
C.ROOT-SERVERS.NET 192.33.4.12
D.ROOT-SERVERS.NET 128.8.10.90
E.ROOT-SERVERS.NET 192.203.230.10
F.ROOT-SERVERS.NET 192.5.5.241
G.ROOT-SERVERS.NET 192.112.36.4
H.ROOT-SERVERS.NET 128.63.2.53
I.ROOT-SERVERS.NET 192.36.148.17
J.ROOT-SERVERS.NET 198.41.0.10
K.ROOT-SERVERS.NET 193.0.14.129
L.ROOT-SERVERS.NET 198.32.64.12
M.ROOT-SERVERS.NET 202.12.27.33
http://www.icann.org/committees/dns-root/y2k-statement.htm
![Page 16: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/16.jpg)
16
Name Resolution Process
address of www.psu.ac.th?
address of www.psu.ac.th?
address of www.psu.ac.th?
address of www.psu.ac.th?
resolver
th
ac
psu
www
or
ku
root name server
th name server
ac.th name server
psu.ac.th name server
ask th name servers
ask ac.th name servers
ask psu.ac.th name server
address of www.psu.ac.th?
address is 192.168.100.61
name server
ns.psu.ac.th name server
ask ns.psu.ac.th name server
address of www.psu.ac.th?
address is 192.168.100.61
![Page 17: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/17.jpg)
17
Reverse Resolution
au th
ac
psu
www cs
ku
www. psu.ac.th
arpa
in-addr
root
0
0
0
0
255
255
255
255
61
100
168
192
• in-addr.arpa domainin reverse directionof IP address
61.100.168.192.in-addr.arpa
![Page 18: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/18.jpg)
18
Caching
• all name servers employ a cache to reduce the DNS traffic
• standard UNIX keep cache in name server with time-out
• cache data is non-authoritative
![Page 19: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/19.jpg)
19
DNS message format fixed 12 byte header with 4 variable length fields DNS message format is defined for both queries and answers
0 15 16 31
identification:16 flags:16
number of questions :16 number of answer RRs:16
number of authority RRs :16 number of additional RRs:16
1 or more questions
1 or more answers
1 or more authority
1 or more additional information
==
==
==
==
fixed header
query
reply
![Page 20: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/20.jpg)
20
DNS message format: detail
• set by the client and return by the server
• lets the client match responses to requests
0 15 16 31
Identification : 16 Flags : 16
![Page 21: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/21.jpg)
21
DNS message format: detail
identification:16 flags:16 identification:16 flags:16
QR opcode AA TC RD RA (zero) rcode
QR opcode AA TC RD RA (zero) rcode 1 4 1 1 1 1 3 4
QR 0= query, 1= response
opcode 0= standard query, 1=inverse query, 2=server status request
AA 0= authoritatived answer,1 = non authoritatived answer
TC 1= truncated. using UDP, reply was>512 bytes, return only 512 bytes
RD 1= recursive desired, 0= iterative
RA 1= recursion available (server support recursion)
rcode return code : 0=no error, 3=name error
![Page 22: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/22.jpg)
22
DNS message format: detail
questions :32 questions :32
query name query name
query type query class query type query class
3www2cs3psu2ac2th0 query name is the name being lookup sequence of label begins with 1-byte count
A 1 IP address
NS 2 name server
CNAME 5 canonical name
PTR 12 pointer record
HINFO 13 host info
MX 15 mail exchange record
query type indicates desired response
query class normally =1 meaning Internet address
![Page 23: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/23.jpg)
23
DNS message format: detail
• domain name : corresp. response name, (query name format)
• type : response RR type code (see query type)
• time-to-live : cache life time of RR (often 86400=1 day)
• resource length : specify the size of resource data
• resource data : the answer, e.g. IP address or other type
1 or more answers
1 or more authority
1 or more additional information
===
===
reply
these three fields share a common resource record (RR)
domain name type class
time-to-live
resource data
domain name type class
time-to-live
resource data
resource length
=
= =
=
![Page 24: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/24.jpg)
24
Operation
• use port 53
• typically UDP request and reply• if answer is too big, use TCP
ip hdr UDP hdr DNS hdr query answer#1 answer#2 ip hdr UDP hdr DNS hdr query answer#1 answer#2
![Page 25: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/25.jpg)
25
Resolves file
• resolver must have address for local name server
• /etc/resolv.conf on UNIX
/etc/resolv.conf
#domain
domain cs.psu.ac.th
#list of name server
192.100.77.5
192.100.77.2
![Page 26: DNS - The Domain Name System](https://reader035.vdocuments.us/reader035/viewer/2022062305/5681505a550346895dbe59e8/html5/thumbnails/26.jpg)
26
Setting up DNS
• BIND (Berkeley Internet Name Domain) package
• /usr/somewhere/in.named - BSD named DNS server
• /etc/named.boot - named configuration (tell named where to find database files)