1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.

Slides:



Advertisements
Similar presentations
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Advertisements

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.
Application Layer At long last we can ask the question - how does the user interface with the network?
Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System
Domain Name Services Oakton Community College CIS 238.
DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.
Host Name Resolution. Overview Name resolution Name resolution Addressing a host Addressing a host Host names Host names Host name resolution Host name.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
The Domain Name System. Computer Center, CS, NCTU 2 History of DNS  Before DNS ARPAnet  HOSTS.txt contains all the hosts’ information  Maintained by.
Domain Name System (DNS)
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Ch-9: NAME SERVICES By Srinivasa R. Gudipati. To be discussed.. Fundamentals of Naming Services Naming Resolution The Domain Name System (DNS) Directory.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
CS 471/571 Domain Name Server Slides from Kurose and Ross.
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
DNS: Domain Name System
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.
Chapter 17 Domain Name System
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
1 Kyung Hee University Chapter 18 Domain Name System.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
CPSC 441: DNS 1. DNS: Domain Name System Internet hosts: m IP address (32 bit) - used for addressing datagrams m “name”, e.g., - used by.
Configuring Name Resolution and Additional Services Lesson 12.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Lecture 5: Web Continued 2-1. Outline  Network basics:  HTTP protocols  Studies on HTTP performance from different views:  Browser types [NSDI 2014]
Linux Operations and Administration
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
Web Server Administration Chapter 4 Name Resolution.
1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.
COMP 431 Internet Services & Protocols
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Application Layer, 2.5 DNS 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.
Understand Names Resolution
Security Issues with Domain Name Systems
Chapter 9: Domain Name Servers
Module 5: Resolving Host Names by Using Domain Name System (DNS)
IMPLEMENTING NAME RESOLUTION USING DNS
DNS.
Domain Name System Introduction And Overview
DNS: Domain Name System
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Presentation transcript:

1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems

2 Domain Name System Motivation Directory services are essential in any network system, provide a name-to-address mapping service –Name of resource: what we seek –Address: where it is –Route: how to get there –Delayed binding: look-up address when you need it History: –Hosts.txt: Explicit file containing the mappings suitable for the early days of the ArpaNet (up to several hundred nodes) –Names: unstructured strings up to 30 characters –Maintained by the Network Information Center (NIC), but difficult to keep up-to-date as the Internet grew –Xerox Clearinghouse predates DNS

3 Domain Name System History Early 1980s: RFC 1034, 1123: –Consistent and variable depth hierarchy for names –Distributed maintenance, controlled by the database itself –Connectionless service using UDP (though TCP also supported) –Cached entries, cache aging, cache removal –Spartan features for database update and data structuring –Organized as an overlay “database” on top of the Internet Post 1995 Commercialization –IANA: Internet Assigned Number Authority » –Multiple Name Top Level Name Registries: e.g., VeriSign authoritative directory provider for.com,.cc,.net,.tv (10 billion interactions per day!) –65 million registered domains in late 2004

4 Domain Name System Structure 13 Roots –48 hour TTL –DOS attack October 2002: Pinging roots Top-level domains –CC: US, CA, CH, … –G: COM, EDU, NET, MIL, GOV, ORG, … Domain Name Tree –Name is ordered list, from node to root –Sahara.cs.Berkeley.edu DNS Abstract Database –Resource Records (RRs) associated with names »Type: Network Address (A), Name Server (NS), MX (Mail Exchange), … »Class: Internet (IN) »TTL: data validity, 32-bits, seconds –Delegated NS authority »NS RR + “Glue” A RR to defer name resolution for a subzone to another NS »Glue chasing resolution process if no glue record is found. Edu Berkeley CS Sahara.cs.Berkeley.edu Top-level domain Zone Root Subzone Single point of failure! Actually 13 roots (A – M) but one root file! London, Japan, Sweden, 10 US 7 HW platforms, 8 OSs, 5 vendors g, ccTLD

5 Domain Name System Query & Response Query –Query (Name, Type, Class) –Specific, Partial, Any Match Response –Set of resource records (0 or more) –Order may be important –Errors »Name does not exist »Temporary error: “try again later” caused by network disconnection or other temporary condition »Essential to rate limit the “try again”

6 Domain Name System Client-Server Resolvers (clients) contact Name Servers (servers) to translate names –Local Configuration Information »Identify location of other name servers »No requirement that local information is correct –Full Resolvers »Root name servers, local name servers, ability to recover from errors »Manage caches Small TTLs if volatile, large TTLs if stable Failures cached as well –Stub Resolvers »Sufficient functionality only to talk to nearby recursive NS

7 Domain Name System Name Servers Name Server: Internet host capable of processing DNS requests, e.g., BIND Primary vs. Secondary NSs –Zone transfer: complete copy of primary’s RR DB to secondary Query Response –Name server can return referral to better NS –Recursive: follow down naming tree, caching entries on the way –Authoritative Answer: came from NS’s actual DB, not from its cache

8 Domain Name System RFC 1123 DNS Health Considerations –Resolver must implement rexmit controls to avoid b/w waste; impose finite bounds on resources consumed in response to any request –After a query has been rexmit several times w/o response, give up and return error to application –DNS name servers and resolvers should cache temp failures with a timeout O(minutes)—prevents apps from immediately retrying, thus generating excessive DNS traffic –Cache negative responses indicating that specified name does not exist –UDP-based retry attempts constrained by exponential back-off algorithms with upper/lower bounds –Source Quench for resolver/server issuing query: take steps to reduce querying rate, e.g., by sending next query to alternative server

9 Domain Name System Health Survey Domain Health Survey (Feb 2003): –68.4% of.COM Zones Misconfigured –27.4% of.com zones have all name servers on the same subnet; 6.7% of.com zones have only one authoritative name server –DNS administrators most commonly make delegation configuration errors in their zone setup, resulting in lame delegations: 18.4% had lame delegations –16.4% had non-responding authoritative name servers resulting in web site lookup failures –43.3% of zones block zone transfer from all name servers; has no effect on the security of the zone data itself, provides "security by obscurity".

10 Domain Name System DNS Spoofing “Malicious cache poisoning” –Send recursive query to target for zone owned by attacker –Target references attacker’s server, which responds with an authoritative record for a third party’s domain name –Target caches a bogus record –Recent investigations indicate that 25-30% of DNS servers on the Internet are spoofable Solution: TSIGs— transaction signatures

11 netcomukcajp foo buzbar bar1bar2bar3 Zone: Occupies a continues subspace Served by the same nameservers bar.foo.com. NS ns1.bar.foo.com. bar.foo.com. NS ns3.bar.foo.com. bar.foo.com. NS ns2.bar.foo.com. bar.foo.com. MX mail.bar.foo.com. A bar name servers resource records DNS Operation

12 caching server client bar zone foo zone com zone root zone asking for answer: A referral: com NS RRs com A RRs referral: foo NS RRs foo A RRs referral: bar NS RRs bar A RRs

13 Infrastructure RRs foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com com ns1.foo.com. A ns2.foo.com. A ns3.foo.com. A ns1.foo.com. A ns2.foo.com. A ns3.foo.com. A NS Resource Record : –Provides the names of a zone’s authoritative servers –Stored both at the parent and at the child zone A Resource Record –Associated with a NS resource record –Stored at the parent zone (glue A record)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.