Lecture – DNS How to find things…

Domain Name System Associate human-friendly names with machine- friendly IP addresses Resolution of a given hostname to an IP address Domain Names, as opposed to IP addresses have the top-most element on the right Each element can be up to 63 characters long, the full name can be no more than 255 characters Letters, numbers or dashes can be used in a name element

DNS Allows machines to be grouped logically, by domain name Right-most element is called the (TLD) Top Level Domain The full name is referred to as the (FQDN) Fully Qualified Domain Name lugh.student.comp.dit.ie or lugh Internet Assigned Numbers Authority (IANA) controls the top-level domains Host names map to IP addresses in a one-to-many relationship, each machine may have many IP addresses, and each IP address may be associated with many machines

Mail Routing using DNS DNS builds in some application specific information Hosts that are designed to perform routing, mail exchangers, have special-purpose records in DNS, MX records A domain should have multiple mail exchangers. Mail that cannot sent to one mail exchanger, can instead be delivered to an alternative server, providing a failsafe redundancy.

Before DNS Before DNS, name resolution was accomplished solely by text file databases residing on each host (“hosts” files) The method is not scalable, and it requires centralised management of the text files

Internet DNS Hierarchy Root Name Servers Provide references to the appropriate zone authoritative name servers for the top-level domains Zone-Authoritative name servers Master and slave servers for zones

Root Name Servers There are 13 root-name servers Each has an associated letter name (a to m) No more names can be used because of protocol limitations UDP packet can only carry 512 bytes reliably A hint file with more than 13 servers would be larger than 512 bytes C, F, I, J, K and M servers now exist in multiple locations on different continents

Root name servers LetterOld nameOperatorLocation A ns.internic.netVeriSignDulles, Virginia, USA B ns1.isi.eduISIMarina Del Rey, California, USA C c.psi.net Cogent Communication sdistributed using anycast D terp.umd.edu University of MarylandCollege Park, Maryland, USA E ns.nasa.govNASAMountain View, California, USA F ns.isc.orgISCdistributed using anycast G ns.nic.ddn.milU.S. DoD NICColumbus, Ohio, USA H aos.arl.army.mil U.S. Army Research LabAberdeen Proving Ground, Maryland, USA I nic.nordu.netAutonomicadistributed using anycast J VeriSigndistributed using anycast K RIPE NCCdistributed using anycast L ICANNLos Angeles, California, USA M WIDE Projectdistributed using anycast

A simplified domain-map (Root).ie domain dit WicklowTaranakiAislinghermes.com.org Wicklow.dit.ie.

Domains Dividing domains into sub-domains is important in several regards Division of a namespace into sub-domains in an hierarchical manner Removes the requirement that the names of individual hosts be unique but the FQDNs must still be unique It allows for the decentralised management of the entire namespace Up to 127 levels deep(!)

cs.dit.ie domain-map (Root).ie domain cs dit hermes Taranki Wicklow MyLaptop Wicklow.cs.dit.ie.

Zones, Domains and Delegation A Domain is a complete sub-tree of the hierarchical namespace A zone is part of the domain managed by a particular server Sub domains may be delegated into additional zones A zone may directly manage some sub domains A zone represents the scope of administration for which one body is responsible

cs.dit.ie zones (?) (Root).ie domain cs dit hermes Aisling Taranki Wicklow Wicklow.cs.dit.ie. MyLaptop ?

Relationship between domains, zones and DNS Servers The DNS database is effectively spread across all servers DNS Servers are delegated to manage particular zones and the links to the rest of the database. Zone is not necessarily equivalent to domain A DNS server can manage one or more zones

Comp.dit.ie dns-servers (Root).ie domain cs dit hermes Aisling Taranki Wicklow MyLaptop hermes.dit.ie.

The DNS Server Server receives request from client If the server does not have the answer it will either ask a root server or it forwards the request to another name server This may happen a number of times until a name server is found that knows the answer When the server gets a response it will place a copy in its local cache and return a copy to the requesting client

Name Server Hierarchy Master Name Server Contains the master copy of data for the zone Slave Name Server Provides an automatic backup to the master name server All slave servers maintain synchronisation with their master name server Both Master and Slave servers contain authoritative data Zone may have multiple slaves but only one master Slave may get its data from another slave

Authoritative ? If the name server responding to a query is authoritative with respect to the query performed, the data returned is said to be authoritative Alternatively, responses may come from a name server which has cached the information, in which case the response is said to be non-authoritative The client may choose not to accept non- authoritative information

Resolver The DNS client is called the resolver Resolver capability is built into any program that needs it by way of the resolver library calls Resolver functions implemented in libresolv.so DNS Clients and servers communicate using UDP packets in most cases UDP is fast, but packets can be no larger than 512 bytes If query or response is larger than 512bytes, it must be sent by TCP

Resolution Configuration Files /etc/host.conf mainly used to indicate which source of information is to be used and in what order order hosts,bind

Resolution Configuration Files /etc/resolv.conf is used to configure which servers are to be used and whether any domains are assumed for non qualified host names search cs.dit.ie nameserver nameserver nameserver

How did I find out the name servers? C:\>nslookup Default Server: WL.domain.name Address: > set type=ns > cs.dit.ie Server: WL.domain.name Address: Non-authoritative answer: cs.dit.ie nameserver = cara.comp.dit.ie > microsoft.com Server: WL.domain.name Address: Non-authoritative answer: microsoft.com nameserver = ns2.msft.net microsoft.com nameserver = ns3.msft.net microsoft.com nameserver = ns5.msft.net microsoft.com nameserver = ns1.msft.net microsoft.com nameserver = ns4.msft.net >

nslookup on wicklow nslookup > set type=ns > cs.dit.ie Server: Address: #53 cs.dit.ie nameserver = cara.comp.dit.ie. > microsoft.com Server: Address: #53 Non-authoritative answer: microsoft.com nameserver = ns2.msft.net. microsoft.com nameserver = ns3.msft.net. microsoft.com nameserver = ns4.msft.net. microsoft.com nameserver = ns5.msft.net. microsoft.com nameserver = ns1.msft.net. Authoritative answers can be found from: ns1.msft.net internet address = ns2.msft.net internet address = ns3.msft.net internet address = ns4.msft.net internet address = ns5.msft.net internet address = >

Nslookup on my laptop C:\>nslookup wicklow Server: WL.domain.name Address: *** WL.domain.name can't find wicklow: Non-existent domain C:\>nslookup wicklow.cs.dit.ie Server: WL.domain.name Address: Non-authoritative answer: Name: wicklow.cs.dit.ie Address: C:\>

Deeper into nslookup nslookup > set type=mx > dit.ie Server: Address: #53 dit.ie mail exchanger = 5 smtp.dit.ie. dit.ie mail exchanger = 10 staffmail.dit.ie. dit.ie mail exchanger = 15 mymail.dit.ie. > cs.dit.ie Server: Address: #53 *** Can't find cs.dit.ie: No answer >

Deeper into nslookup > set type=a > hermes.dit.ie Server: Address: #53 Name: hermes.dit.ie Address:  Server: Address: # in-addr.arpa name = hermes.dit.ie. >