Domain Name Server Presented By: Mahesh Venkat Adusumelli Garima Thakral Vivek Nemarugommula

Introduction Computers (hosts, routers) connected to the Internet have two forms of names: IP address — a 32 bit identifier used for addressing hosts and routing data to them. 192.168.0.101 Hostname — an ASCII string used by applications. cs.unt.edu

Purpose The DNS is an Internet-wide service that provides mappings between IP addresses and hostnames The DNS is usually used to translate a host name into an IP address . The DNS is a distributed database implemented in a hierarchy of name servers It is an application-layer protocol that allows hosts and name servers to communicate to provide the translation service.

Network The DNS protocol runs over UDP and uses port 53. Domain names comprise a hierarchy so that names are unique, yet easy to remember. Hosts and routers use name servers to resolve names (address/name translation) Name resolution is an essential Internet function implemented as application layer protocol. Name servers are often UNIX machines running the Berkeley Internet Name Domain (BIND) software.

Name Hierarchy

Top Level Domains

Root Name Servers

Important Applications Host aliasing – a host can have one or more alias names (e.g., ibm.com and www.ibm.com), one of which is the canonical hostname relay1.west-coast.ibm.com Aliasing by service – a company can use the same host name for its Web server, mail server, ftp server, etc. even though these are different computers with different IP addresses Load distribution – a set of IP addresses can be associated with a canonical hostname. DNS will return the set of addresses, varying the order of addresses

Specification RFC 1034 - Domain names - concepts and facilities This RFC is an introduction to the Domain Name System (DNS). This RFC introduces domain style names, their use for Internet mail and host address support, and the protocols and servers used to implement domain name facilities. RFC 1035 - Domain names - implementation and specification This RFC describes the details of the domain system and protocol

Configuration

Goals Names are not required to contain network identifiers, routes, addresses, etc. Maintained in a distributed manner with local caching to improve performance Access to info is more critical than speed or consistency

Further… Functions of DNS Operations of DNS Name resolution Process Event Flow in DNS

DNS Functions  

DNS Functions… Name Space DNS uses a hierarchical name space consisting of a single, complex, multi-level structure into which all names in the system fit. The name space is organized starting from a single root into which “containers” (called domains) are placed. Name Registration (Including Administration and Authorities) DNS uses a hierarchical arrangement of authorities that complements the hierarchical name space. A centralized authority determines the overall shape and structure of the name space, and handles registration of names at the highest level.

DNS Functions… Name Resolution: This is the most important part of DNS deign, to ensure that it could handle many name resolution requests each day.The name resolution process is implemented using two basic software elements that play the role of client and server: name servers and name resolvers. Name Servers: The main job of name servers is to receive requests for name resolution and either respond with the data requested from the database, or with the name of another name server that will lead to the requested information. Name Resolvers: Name resolvers are the usual clients in the name resolution process. When a user makes reference to a name in a networking application, the name is passed to the resolver, which issues a request to a name server.

Name Resolution Name resolution is the most important part of DNS as discussed before... DNS uses a very capable client/server name resolution method that makes use of a distributed database of name information. Domain Name Servers: These servers, which may be either dedicated devices or software processes running on machines that also perform other tasks. They store and manage information about domains, and respond to resolution requests for clients.

DNS Basic Name Resolution Techniques: Iterative and Recursive Resolution Cache: Locality of Reference

Operation of DNS

Event Flow in DNS

Event Flow The user passes the query to the Resolver, the role of the Resolver is to hide the distribution of data among the servers from the user. It(Resolver) starts with known name server for the information as a result to this it either gets the desired resultant server or it gets the reference to other server. Name Server: Manages 2 kinds of data. (i) Which are held in sets- Zone. Each zone is the complete database for a particular subtree of the domain space . A name server periodically checks to make sure that its zones are up to date, and if not, obtains a new copy of updated zones from master files stored locally or in another name server.

(ii)The second kind of data is cached data which was acquired by a local resolver. This data may be incomplete, but improves the performance of the retrieval process when non-local data is repeatedly accessed. Cached data is eventually discarded by a timeout mechanism. A Host can participates in ways, depending on whether the host runs programs that retrieve information from the domain system, name servers that answer queries from other hosts, or various combinations of both functions. The resolver may have to make several queries to several different foreign name servers to answer a particular user query, and hence the resolution of a user query may involve several network accesses and an arbitrary amount of time.

Here a primary name server acquires information about one or more zones by reading master files from its local file system, and answers queries about those zones that arrive from foreign resolvers. The shared database holds domain space data for the local name server and resolver.

Further… Message Formats Problems Performance Issues Extensions Security Issues

Message Format DNS messages are basically QUERY and RESPONSE. The other types of DNS messages are STATUS, NOTIFY and UPDATE.

Typical Message Format

Fields in the DNS Header

Fields in the DNS Question Section

Problems With DNS Vulnerability Note VU#327633 BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. In the BIND DNS Implementation a buffer overflow error exists in the handling of the q_usedns array used by the server to track nameservers and addresses that have been queried.

Problems With DNS Vulnerability Note VU#682110 Multiple Symantec firewall products fail to properly process DNS response packets Overview There is a vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service (DNS) response packet could allow an unauthenticated, remote attacker to cause a denial of service condition. By supplying a DNS packet containing a specially crafted compressed name pointer, an attacker could cause the kernel to enter an infinite loop on the vulnerable system.

Problems With DNS Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service.

Problems With DNS No Support to IPv6 Conversions. Excess Traffic for Updating Slave Resource Records. No Security Procedures for DNS.

Extensions In DNS Support To IPv6 (RFC 1886) New Resource Record Type—AAAA New Reverse Resolution Hierarchy A new hierarchical structure similar to IN-ADDR.ARPA is defined for IPv6 reverse lookups. Changes To Query Types And Resolution Procedure

Extensions In DNS Facilitating Inbound NAT Using DNS Integrate DNS and NAT so they work together Defined in RFC 2694

Extensions In DNS DNS Notify (RFC 1996) Incremental Transfers (RFC 1995)

Security IN DNS DNSSEC a) origin authentication of DNS data. b) data integrity. c) authenticated denial of existence.

Security In DNS A resource record format is defined to associate keys with DNS names. This permits the DNS to be used as a public key distribution mechanism in support of DNS security itself and other protocols. It includes an algorithm identifier, the actual public key parameter(s), and a variety of flags including those indicating the type of entity the key is associated with and/or asserting that there is no key associated with that entity.

Conclusions DNS is a Nice Way of Resolving IP addresses from names. Extensions for protection against DOS attacks have to be made.

References Sites - Books – www.tcpipguide.com www.cert.org www.dnssec.net Books – Computer Networks – Andrew Tanenbaum DNS and BIND – Cricket Liu

Questions

Thank You