Principles of Computer Security

Slides:



Advertisements
Similar presentations
Structured Naming Internet Naming Service: DNS* Chapter 5 *referred to slides by David Conrad at nominum.com.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Yerevan, July 11, Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.
DNS DOMAIN NAME SYSTEM NAME SYSTEM By Lijo George.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Domain Name Services Oakton Community College CIS 238.
Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
CS 4396 Computer Networks Lab
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Domain Names System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
COMT 6251 Network Layers COMT Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
Copyright © 2001, Nominum, Inc. Introduction to the DNS DNS Components DNS Structure and Hierarchy The DNS in Context Copyright © 2001, Nominum, Inc.
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007.
1 Kyung Hee University Chapter 19 DNS (Domain Name System)
Domain Name System (DNS)
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
@Yuan Xue A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
Understand Names Resolution
Domain Name Systems Introduction
Security Issues with Domain Name Systems
Networking Applications
Chapter 17 DNS (Domain Name System)
Introduction to Networks
Chapter 19 DNS (Domain Name System)
Chapter 25 Domain Name System.
Chapter 9: Domain Name Servers
Domain Name Registration, ICANN, Registrars & Hosting Options
Module 5: Resolving Host Names by Using Domain Name System (DNS)
IMPLEMENTING NAME RESOLUTION USING DNS
Configuring and Troubleshooting DNS
DNS.
DNS Cache Poisoning Attack
Domain Name System (DNS)
Net 323 D: Networks Protocols
Chapter 19 Domain Name System (DNS)
EE 122: Domain Name Server (DNS)
Network Services.
Chapter 19 DNS (Domain Name System)
Chapter 25 Domain Name System
DNS: Domain Name System
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
A Quick Introduction to the Domain Name System
Chapter 25 Domain Name System
Computer Networks Primary, Secondary and Root Servers
Computer Networks Presentation
The Domain Name System.
Apache : Installation, Configuration, Basic Security
Presentation transcript:

Principles of Computer Security Instructor: Haibin Zhang hbzhang@umbc.edu

DNS, DNSSEC, and Beyond Domain name system DNS security extension Improving DNSSEC and issues

DNS Computer: good at numbers Human: prefer names What’s IP address of Google.com? Acknowledgement: Part of the slides from David Conrad at nominum.com

DNS Computer: good at numbers Human: prefer names What’s IP address of Google.com?

Where DNS Names Stored A huge database 200,000,000 + domain names; increased rapidly

The Name Space The structure of the DNS database Tree structure

Domain Names The structure of the DNS database Tree structure

Name Servers Name servers store information about the name space in units called “zones” The name servers that load a complete zone are said to “have authority for” or “be authoritative for” the zone Usually, more than one name server are authoritative for the same zone This ensures redundancy and spreads the load Also, a single name server may be authoritative for many zones

Name Server Types Two main types of servers Authoritative – maintains the data Master – where the data is edited Slave – where data is replicated to Caching – stores data obtained from an authoritative server

Name Servers Name servers store information about the name space in units called “zones” The name servers that load a complete zone are said to “have authority for” or “be authoritative for” the zone Usually, more than one name server are authoritative for the same zone This ensures redundancy and spreads the load Also, a single name server may be authoritative for many zones

Name Server Architecture You can think of a name server as part of: database server, answering queries about the parts of the name space it knows about (i.e., is authoritative for), cache, temporarily storing data it learns from other name servers, and agent, helping resolvers and other name servers find data Also, the caching resolver can insert data into the cache, and can "query" the cache and the database server.

Name Resolution Name resolution is the process by which resolvers and name servers cooperate to find data in the name space

The Resolution Process Let’s look at the resolution process step-by-step: annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The workstation annie asks its configured name server, dakota, for www.nominum.com’s address dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The name server dakota asks a root name server, m, for www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The root server m refers dakota to the com name servers This type of response is called a “referral” m.root-servers.net Here’s a list of the com name servers. Ask one of them. dakota.west.sprockets.com annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The name server dakota asks a com name server, f, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The com name server f refers dakota to the nominum.com name servers Here’s a list of the nominum.com name servers. Ask one of them. m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The name server dakota asks a nominum.com name server, ns1.sanjose, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The nominum.com name server ns1.sanjose responds with www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP address for www.nominum.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com.

The Resolution Process The name server dakota responds to annie with www.nominum.com’s address Here’s the IP address for www.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com.

Resolution Process (Caching) After the previous query, the name server dakota now knows: The names and IP addresses of the com name servers The names and IP addresses of the nominum.com name servers The IP address of www.nominum.com Let’s look at the resolution process again annie.west.sprockets.com ping ftp.nominum.com.

Resolution Process (Caching) The workstation annie asks its configured name server, dakota, for ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address of ftp.nominum.com? ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com.

Resolution Process (Caching) dakota has cached a NS record indicating ns1.sanjose is an nominum.com name server, so it asks it for ftp.nominum.com’s address What’s the IP address of ftp.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com.

Resolution Process (Caching) The nominum.com name server ns1.sanjose responds with ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP address for ftp.nominum.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com.

Resolution Process (Caching) The name server dakota responds to annie with ftp.nominum.com’s address Here’s the IP address for ftp.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com.

Iterative Name Resolution The principle of iterative name resolution.

Recursive Name Resolution The principle of recursive name resolution.

Iterative versus Recursive Resolution

Iterative versus Recursive Resolution Performance-wise, which is better? Recursive method puts higher performance demand on each name server Which works better with caching? Recursive method works better with caching How about communication cost? Recursive method can reduce communication cost

The Current TLDs ARPA: originally was the acronym for the Advanced Research Projects Agency (ARPA), the funding organization in the United States that developed the precursor of the Internet (ARPANET), it now stands for Address and Routing Parameter Area.

Internet Corporation for Assigned Names and Numbers (ICANN) ICANN’s role: to oversee the management of Internet resources including Addresses Delegating blocks of addresses to the regional registries Protocol identifiers and parameters Allocating port numbers, etc. Names Administration of the root zone file Oversee the operation of the root name servers Root zone file lists the names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs)

The Root Nameservers The root zone file lists the names and IP addresses of the authoritative DNS servers for all top-level domains (TLDs) The root zone file is published on 13 servers, “A” through “M”, around the Internet Root name server operations currently provided by volunteer efforts by a very diverse set of organizations

Root Name Server Operators Operated by: A Verisign (US East Coast) B University of S. California –Information Sciences Institute (US West Coast) C Cogent Communications (US East Coast) D University of Maryland (US East Coast) E NASA (Ames) (US West Coast) F Internet Software Consortium (US West Coast) G U. S. Dept. of Defense (ARL) (US East Coast) H U. S. Dept. of Defense (DISA) (US East Coast) I Autonomica (SE) J K RIPE-NCC (UK) L ICANN (US West Coast) M WIDE (JP)

Registries, Registrars, and Registrants A classification of roles in the operation of a domain name space Registry the name space’s database the organization which has edit control of that database the organization which runs the authoritative name servers for that name space Registrar the agent which submits change requests to the registry on behalf of the registrant Registrant the entity which makes use of the domain name

Registries, Registrars, and Registrants Registry updates zone Master updated Zone DB Registry Slaves updated Registrar submits add/modify/delete to registry Registrar End user requests add/modify/delete Registrants

Verisign: the registry and registrar for gTLDs .COM, .NET, and .ORG By far the largest top level domains on the Internet today Verisign received the contract for the registry for .COM, .NET, and .ORG also a registrar for these TLDs

Security Concerns Base DNS protocol (RFC 1034, 1035) is insecure DNS spoofing (cache poisoning) attacks are possible DNS Security Enhancements (DNSSEC, RFC 2565) remedies this flaw

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.