1 Guide To TCP/IP Domain Name System. 2 DNS – TCP/IP Application Protocol Name resolution protocol - robust, reliable & stable Distributed database technology.

Slides:



Advertisements
Similar presentations
Web Server Administration
Advertisements

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Domain Name System: DNS
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
The Domain Name System (DNS)
Domain Name Services Oakton Community College CIS 238.
Configuring and Managing the DNS Server Role Lesson 4.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
DNS and Active Directory Integration
Chapter Overview Understanding DNS Creating Zones
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Name Resolution Domain Name System.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Network Protocols Chapter 25 (Data Communication & Networking Book): Domain Name System (DNS) 1.
Chapter 17 Domain Name System
BAI513 - PROTOCOLS DNS BAIST – Network Management.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
CITA 310 Section 1 Name Resolution (Textbook Chapter 4)
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008 Create.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
1 Kyung Hee University Chapter 18 Domain Name System.
Configuring Name Resolution and Additional Services Lesson 12.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Linux Operations and Administration
Web Server Administration Chapter 4 Name Resolution.
1 CMPT 471 Networking II DNS © Janice Regan,
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Configuring and Managing the DNS Server Role Lesson 4.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
1 Internet Service DNS & BIND OPS335 Seneca College of Applied Technology.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
Networking Applications
Chapter 25 Domain Name System.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
IMPLEMENTING NAME RESOLUTION USING DNS
Benefits of Using Domain Name System (DNS)
Configuring and Managing the DNS Server Role
Net 323 D: Networks Protocols
Chapter 19 Domain Name System (DNS)
Chapter 25 Domain Name System
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Chapter 25 Domain Name System
Computer Networks Presentation
Presentation transcript:

1 Guide To TCP/IP Domain Name System

2 DNS – TCP/IP Application Protocol Name resolution protocol - robust, reliable & stable Distributed database technology What does it resolve? –Maps the Internet – all valid domain names (symbolic) with IP addresses (numeric) * Note: Win2K domain pertains to a group of computers & devises under one adm DNS – domain is a node representing a partition in the DNS database. Replaced manual task of updating HOSTS files in a network

3 DNS - contd Network Services with DNS enabled

4 DNS Layer 7 Application Layer 4 – TCP or UDP DNS Server

5 DNS Background Early method – static text files HOSTS 1984 – JEEVES by Paul Mockapetris 1988 – BIND (Berkeley Internet Name Domain) by Kevin Dunlap –Works with UNIX and Win2K

6 DNS Structure (Domain Namespace) Hierarchical – inverted tree with the root on top and is designated by a single period (.) Partitions namespace into categories Parent/child domains –Top level primary domains –Organizational domain hierarchies: second-level domains. –Host names

7 DNS Structure – an inverted tree There are also 2 or 3-letter country codes. See ftp://ftp.ripe.net/iso3166-countrycode.txt.uk

8 Structure - contd Root server – provide ultimate source for all name lookups 13 root servers worldwide –A.ROOT-SERVERS.NET –B.ROOT-SERVERS.NET At least one valid IP address for each unique domain name. –This name-to-address correlation is the most impt. function of DNS Structure of DNS database mirrors domain namespace itself.

9 FQDN Fully Qualified Domain Name – consists of all the elements of the domain including the periods. Ex. Computer1.sales.microsoft.com. Root Host name Domain name – starts from bottom of tree and work their way up.

10 Domain Namespace *Structure of DNS database mirrors domain namespace itself. Partitioning – trees and subtrees Delegation of Authority –Domain – registration & fees central authority –Subdomain – arbitrary, local admin. Any valid domain name ultimately resides in master/primary servers –Copies can be made.

11 Domain Namespace – “partitioning” Zone – a portion of the domain namespace ZONE 1ZONE 2 Microsoft Zone 1 Database file Zone 2 database file development sales.com Domain namespace divided into zones.

12 Zones - contd Zones allows a domain namespace to be partitioned into manageable sections. Root domain for zone 1 – microsoft Root domain for zone 2 - development

13 Zone File Zone file located -Win2K Server running DNS %SystemRoot%\System 32\DNS directory

14 DNS Naming Conventions & Guidelines Limit the number of domain levels. Host entries should be 3-4 levels down, no more than 5. The more levels you have, the more admin work. Use unique names. For ease of use, select simple names. Avoid lengthy names. Domain name can be up to 63 characters including the periods.

15 Naming Guides - contd FQDN cannot exceed 255 characters. Not case sensitive. Use standard DNS characters & Unicode characters: –DNS characters: A thru Z, a thru z, 0 thru 9 and the hyphen (-) RFC 1035 –Unicode characters set includes additional characters not found in ASCII; required for languages.

16 Unicode - contd Use Unicode characters only if all the servers support Unicode. For complete set of Unicode – RFC 2044

17 DNS Database Resource Records (RR) RR – special database that contains specific data relevant to DNS: Address record (A) – stores domain name-to-IP address translation data Canonical name record (CNAME) – used to create aliases Name server record (NS) – used to identify all DNS servers in the domain

18 RR - contd Pointer record (PTR) – stores IP address-to-domain name translation data; supports reverse DNS lookup Start of Authority record (SOA) – identifies the master DNS server for a specific domain or subdomain.

19 Other RR: –Host information (HINFO) record –Mail exchange (MX) record –Text (TXT) record –Well-known services (WKS) record

20 DNS Structure – delegation of authority Assignment of duties - hierarchy; zones; authoritative servers for subdomains, Easy and quick way to point to other name servers Resource Records (RR) – will reflect this delegation of authority. DNS Servers – 3 kinds at any given subdomain: –Primary –Secondary –Caching

21 DNS Servers – contd Primary or Master server – contains primary database files for the domain or subdomain. –Authoritative –Database file is called zone file, an ASCII snapshot that is loaded into memory when the server runs. –Only one primary/master on any given DNS zone.

22 DNS servers - contd Secondary or slave server – gets data from primary server; gets regular updates. Incremental zone transfer vs. full copy or replication. –Every zone should have at least one slave server; multiple slaves allowed. –Serves as backup (fault tolerance) and provides load balancing.

23 DNS servers - contd Caching servers – stores recently accessed DNS records –Stand-alone servers (primary & secondary DNS can provide caching also) –Ideal for large companies & Internet Service providers –Speeds access by storing lookup data locally. –Does not provide DNS server functions.

24 DNS Root-Level Servers Top of the hierarchy Has access to all elements of the hierarchy (subdomains) Any queries that can’t be handled locally go to the root server Follows NS (Name Server) records in the zone database until it finds the authoritative server that contains the SOA name

25 QUERY (Client) Local – ZONE Authoritative Server Neighborhood/Caching Server ROOT – Authoritative Servers following NS If DNS server is authoritative, it gives data. This process always produces some kind of answer, even error message. How Domain Name Servers Work:

26 Root-level Servers: Types of Queries Recursive – “query that keeps working until an answer of some kind is forthcoming.” –FIRST DNS server issues further queries on its behalf –When other server responds to first server, they provides answer from own dbases/caches OR –Provide pointers to other “closer” name servers.

27 Types of queries - contd Iterative or non-recursive – queries to authoritative server which may or may not generate a reply. –FIRST DNS server that receives the recursive query issues repeated iterative queries to other servers –It will either : get an answer or error message –What is the difference between a DNS server that receives a recursive and a server that receives iterative query?

28 Queries - contd Why is caching important to a DNS server? What is non-authoritative response? Authoritative response?

29 Resource Record (RR) Formats RFC , 2065 A and CNAME records: ; Host addresses localhost.tree.com. IN A pear.tree.com. IN A apple.tree.com. IN A peach.tree.com. IN A

30 RR format ; Multi-homed host hedge.tree.com. IN A hedge.tree.com. IN A ; Aliases pr.tree.com IN CNAME pear.tree.com h.tree.com IN CNAME hedge.tree.com h1.tree.com IN CNAME Note: CNAME do not end in period.

31 Start of Authority (SOA) Record (p. 325) tree.com IN SOA apple.tree.com. sue.pear.tree.com ( 1 ; Serial ( incremented after each update ) ; Refresh after 3 hours ( sync w/ primary ) 3600 ; Retry after 1 hour ( interval before trying another refresh) ; Expire after 1 week (zone db no longer auth.) ) ; Minimum TTL of 1 day ( how long an entry can persist outside of a zone.) “ IN ” indicates the record is an Internet class of record types “ SOA ” indicates the record is a Start of Authority record

32 Client Side DNS Errors Client side DNS errors may stem from any of the following causes –Invalid domain name or Invalid IP address –Inability to locate an IP address that corresponds to the requested domain name –Inability to reach an authoritative name server for the requested domain

33 Reverse DNS Lookup – mapping addresses to names Used to verify if an IP address matches the domain name of the source. Good for identifying IP spoofing Format – reverse order (4 th octet first) Example: in-addr-arpa. IN PTR hedge.tree.com in-addr-arpa. IN PTR pear.tree.com This string defined IP address for Internet formerly known as Arpanet

34 NSLOOKUP Command Queries default name server; provides info from default server or from a server/IP address you provide. Command-line utility C:\>nslookup –should give you default server –Let see if we can find default DNS server for nvcc.edu.

35 NSLOOKUP

36 NSLOOKUP - contd Results of lookup Lookup occurs here

37 NSLOOKUP

38 Other DNS Issues Dual Purpose: DNS allows your users to “reach out”; Outsiders can “reach in” –Provide name resolution to your users –Providing the authoritative hostname-to-IP mapping for services you choose to provide Dynamic DNS (DDNS) – name servers & clients within a network automatically update the zone database files –Linkage: need to link DNS and Active Directory. –DHCP, WINS, Active Directory or LDAP Lightweight Directory Access Protocol) keep track of IP address space; keeps track of domain name-to-address changes over time.

39 DNS Issues - contd DDNS & DHCP – DHCP service generates dynamic updates –Active Directory (with DHCP) keeps track of name-to-address changes over time –Synchronize master copies of zone files –DHCP allows client to add his/her A (host) records to the zone –DHCP adds the PTR (pointer) to the zone –DHCP also cleans up when zone expires

40 DNS Issues - contd Remember the query process? How does caching play a role? Propagation Delay – How long will the cached values catch up with “master copies”? –Depends on TTL clause. Default TTL – 24 hours. –Any change will add another 24 hrs to the default TTL before it kicks in.

41 DNS issues - contd Security : if possible, separate your internal & external DNS servers. How? –Single DNS server can leak info about internal hosts.

42 Security Structure DNS, Web, FTP, ,etc How can we separate our external and internal servers?

43 Split DNS Architecture 2 DNS servers: External DNS Server Internal DNS Server Query Bastion Host

44 Security - contd External DNS server contains public server info Both external & external servers are primary for the domain –Internal DNS should forward queries that it cannot resolve to external DNS Another alternative – run external DNS on Bastion host.