Presentation is loading. Please wait.

Presentation is loading. Please wait.

Domain Name System Introduction And Overview

Published bySara Davidson Modified over 6 years ago

Similar presentations

Presentation on theme: "Domain Name System Introduction And Overview"— Presentation transcript:

1 Domain Name System Introduction And Overview
DECUS Europe 2000 Domain Name System Introduction And Overview Tuesday, 11 Apr 2000 4:00 - 4:45 Jeff Schreiber © Process Software

2 Brief History Lesson How it worked What went wrong
Started as a single file in ARPANET Updated a couple times a week All systems transferred file from a single host What went wrong More additions = more load on host Large delay from change to update Larger delay from update to full transfer 1970’s ARPANET was small. Few hundred hosts maintained by a single file named HOSTS.TXT on a single host named SRI-NIC. Administrators would their changes to the NIC and FTP’d the most recent file from the SRI-NIC system. More and more systems joined the ARPANET, which resulted in more and more systems calling on the SRI-NIC for updates. Took a while for changes to become live in the HOSTS.TXT file The more systems out there, the longer it took for them all to be updated with the most recent version of HOSTS.TXT

3 “And then there were many”
The Solution to the problem in 1984 RFCs 882 and 883 originally Updated by RFCs 1034 and 1035 Distributed database Allows local control dispersed load and maintenance Client & Server architecture Hierarchical approach to name resolution In 1984 Paul Mockapetris authored two RFCs (882 and 883) that described the basic design of the Domain Name System. Updated by 1034 and 1035 Distributed Database approch which allowed local control to changes. Load was dispersed to different parts of the networks, as well as the maintenance required with updates. Client and Server archiitecture used. Resolvers ask questions to Nameservers who in turn answer or ask other nameservers. Hierarchical approach used. Parent knows authoritatively about it’s children, and delegates down the chain.

4 How Hierarchy works . [root] us org com arpa edu decus.org foo.com
in-addr.arpa ca.us ma.us unh.edu bu.edu sales.foo.com eng.foo.com boston.ma.us ref.eng.foo.com dev.eng.foo.com test.eng.foo.com

5 Basic Design Client / Server Architecture Resolver (Client)
Initiates questions Nameserver (Server and Client) Listens for questions Answers questions Caches information Delegates authority forwards questions (acting as a client)

6 DNS Resolvers Accessed by way of programming libraries
Configured with a list of default nameservers Relies on nameserver to find answer Generally doesn’t cache answers Often will look in local ‘hosts’ file before sending question

7 Local vs. fully qualified
Resolver determines order of attempts Uses number of dots to determine action Some resolvers allow number to be configurable local (append domain) Some resolvers allow multiple domain search lists fully qualified (as is) Trailing dot interpreted as ‘fully qualified’ only Some have special actions e.g. Netscape Browsers

8 local vs. fully qualified
Name asked for Resolver Looks up krypto Assumed local 1) krypto.foo.com 2) krypto krypto. Trailing dot = fully qualified 1) krypto krypto.foo.com # dots >= 1, assumed fully qualified 1) krypto.foo.com 2) krypto.foo.com.foo.com krypto.foo.com. Trailing dot = fully qualified 1) krypto.foo.com Name asked for Netscape Resolver krypto Assumed local 1) krypto.foo.com 2) krypto 3)

9 Resolving with Search Lists
Host: cozmo.hub.foo.com Search List: foo.com hub.foo.com test.foo.com Name asked for Resolver Looks up cozmo 1) cozmo.foo.com 3) cozmo.test.foo.com 2) cozmo.hub.foo.com 4) cozmo cozmo.hub 1) cozmo.hub 3) cozmo.hub.hub.foo.com 2) cozmo.hub.foo.com 4) cozmo.hub.test.foo.com With the number of dots configured to be 2 cozmo.hub 1) cozmo.hub.foo.com 3) cozmo.hub.test.foo.com 2) cozmo.hub.hub.foo.com 4) cozmo.hub

10 Two types of delegation
Non-Recursive Query server gives hint if no answer client asks other servers based on hints working down name hierarchy generally only nameservers work as non-recursive resolvers Recursive Query client asks server to ‘find’ answer most resolvers can only do recursive queries most servers working as clients won’t use recursion

11 Non-Recursive Queries
1 Client Non-Recursive Server “Ask root server” 2 3 Root Server “Ask .com server” 4 5 .com Server “Ask ns.foo.com server” 6 7 ns.foo.com Server “Ask ns.eng.foo.com server” 8 9 ns.eng.foo.com Server “Yea… That’s ” 10

12 Recursive Queries 4 “www.eng.foo.com?” .com Server “www.eng.foo.com?”
3 “Yea… That’s ” 7 8 “Yea… That’s ” Root Server ns.foo.com Server 5 2 9 6 “Yea… That’s ” “Yea… That’s ” Recursive Server ns.eng.foo.com Server 10 “Yea… That’s ” Client 1

13 With some Realism Default Server Root & .com Server 2
“(Recursion Desired)” “Ask ns.foo.com server” 3 1 resolver 4 8 ns.foo.com Server “Ask ns.eng.foo.com server” 5 “Yea… That’s ” “(Recursion Available)” 6 ns.eng.foo.com Server “Yea… That’s ” 7

14 Caching Saving answers to use in future queries
Most servers cache answers Most resolvers do not cache answers caching based on Time To Live (TTL) Advantages Cuts down traffic speeds up resolution Disadvantages Memory requirements Delay in updates

15 Default Server has foo.com information cached
Example with Caching Default Server Cache Root & .com Server “cozmo.hub.foo.com?” 1 resolver “cozmo.hub.foo.com?” 2 6 foo.com NS foo.com NS ns.foo.com Server eng.foo.com NS “Ask ns.hub.foo.com” “Yea… That’s ” 3 “cozmo.hub.foo.com?” 4 hub.foo.com NS ns.hub.foo.com Server cozmo.hub.foo.com “Yea… That’s ” 5 Default Server has foo.com information cached

16 Primary Servers Actually “Server primary for a zone”
Primary Servers can also be Secondary servers Generally Caching servers as well Only one Primary server per zone rest must be secondary Primary maintains the database file Authoritative source for records in zone

17 Secondary Servers Actually “Server with Secondary Zones”
Can be Primary for other zones Generally are Caching Servers as well Knows primary and/or other secondaries Uses that information to download zone data can fail over to other authoritative servers if updates can’t be obtained from primary Only maintains a ‘backup’ copy of the zone Will loose authority if updates can’t be obtained

18 Zone Transfer How Secondary servers download zone info
Secondary requests transfer Done by invoking an xfer process Requests SOA record first to see if xfer needed Often limits the number of simultaneous transfers Can be requested other ways Nslookup’s “ls” command other “show zone”-style commands Actually an AXFR record query

19 Basic setup The Great Beyond Secondary servers transfer off of primary
Zone Primary Server Zone Transfers Zone Transfers Internal Secondary Internal Secondary Secondary servers transfer off of primary Secondaries & primary query network Queries from network come into primary

20 Forwarders and Forwarding
Forwarding servers ‘forward’ unknown questions. Most servers ‘forward’ to root servers Some servers can be configured with a list of forwarders. Use of Forwarders centralized caching servers behind firewalls Internal root servers

21 Centralized Caching Forwarder Server Cache Root Servers 1
“cozmo.foo.com?” 2 “cozmo.foo.com?” Forwarding Server [Answer] [Referral] 6 3 7 “meatz.foo.com?” Forwarding Server 4 “cozmo.foo.com?” Domain Servers foo.com NS foo.com NS [Answer] 11 [Answer] cozmo.foo.com cozmo.foo.com 5 12 “cozmo.foo.com?” meatz.foo.com 9 “meatz.foo.com?” Forwarding Server [Answer] [Answer] 10 13

22 Forwarding Setup The Great Beyond
Zone Primary Server Internal Secondary Internal Secondary Secondary servers transfer off of primary Secondaries forward to primary Primary queries network Queries from network come into primary Secondaries query network if primary doesn’t respond

23 Forward Only Setup The Great Beyond
Zone Primary Server Internal Secondary Internal Secondary Secondary servers transfer off of primary Secondaries forward to primary All queries go through primary Queries from network come into primary Secondaries never query through firewall

24 Allow-transfer Security option in many servers
Introduced in BIND version as xfrnets. helps prevent unauthorized zone transfers Allows Domain Administrator to restrict zone transfer access Zone transfer requests only honored from IP addresses or networks on list. BIND 8 versions allow restrictions on per zone basis as well as per server.

25 bogus servers Security option in many servers
Introduced in BIND version 4.9.3 Helps to filter rogue and problematic nameservers Nameserver won’t ask questions of servers configured to be bogus If bogus server is only server for zone, zone will be unresolvable. E.g. if is the only ns for foo.com, and is flagged as bogus, foo.com addresses will be unresolvable.

26 SOA Records Serial number Refresh Time Retry Time Expire Time Minimum
@ IN SOA cozmo.foo.com. wheelhog.cozmo.foo.com. ( ; Serial [Apr 11th 2000] ; Refresh [once every hour] ; Retry [every 10 minutes] ; Expire [after 12 hours] 86400 ) ; Minimum [TTL of 1 day] Serial number Version number of zone Refresh Time elapsed for a secondary to wait before checking for a serial number change Retry Time How long to wait before retrying a failed transfer Expire Time How long to go without a refresh before secondary stops answering authoritatively for zone. Minimum default TTL for zones records.

27 Refresh, Retry and Expire
46800 3600 7200 7800 9000 45000 4 4 4 4 4 4 1 2 3 5 Time Action Taken Status 1 0 (00:00) Original Transfer of Zone Successful 2 3600 (01:00) Start of Authority record checked No serial change 3 7200 (02:00) Start of Authority record checked Serial Change Here a Tree falls 3 7200 (02:00) Attempt Transfer of Zone Failure 4 7800 (02:10) Retry to Transfer Zone Failure every 10 mins Retry to Transfer Zone Failure 6 46800 (13:00) Zone Expired - Server no longer authoritative

28 Caching servers will come back more frequently looking for updates
Adjusting Minimum Minimum is the default TTL for the data in the zone file The TTL is the maximum time a remote nameserver will cache a record Planning changes? Lower your Minimum! Caching servers will come back more frequently looking for updates

29 Sequence Space Sequence Space Arithmetic Problem Solution
Finite Number Space for an infinite number of modifications Set up a wrapping sequence space so there will always be a value 1 more than X But then = 0, which is less than 255? Sequence Space Arithmetic Defines a number that can be added to any number in the sequence and be greater. Time is a sequence space (11 is later than 9, but earlier than 1) Make sure the difference between 2 serial numbers seen in ‘expire’ time is less than largest meaningful integer. If expire time is 1000 and you take a history of all the different serial numbers you’ve used. over any 1000 second period, there is no2 serial numbers greater than 127 apart. Time 0 X transfers Serial 00, Time 1000 X sees Serial Doesn’t transfer. = 150 > 127 ( = 106 == closer) Greater Than X + [1..127] is greater than X. 191 63 Less Than X 127

30 That’s all folks… Any Questions?

31 Mailing Lists and Newsgroups
bind-users namedroppers Send mail to ‘subscribe’ in the subject comp.protocols.dns.bind comp.protocols.dns.ops comp.protocols.tcp-ip

32 Handouts Slides available via anonymous FTP:
ftp://ftp.process.com/decus/europe_2000/dnsintro.ppt

33 Other References DNS and BIND Third Edition , Paul Albitz and Cricket Liu, O’Reilly & Associates, Inc. 1992, 1997, ISBN # The BOG (Bind Operations Guide) v4.9.4, Paul Vixie, The BIND 8 Online Docs DNS Defined - RFCs RFC Domain Names - Concepts and Facilities RFC Domain Names - Implementation and Specification RFC Common DNS Data File Configuration Errors RFC Serial Number Arithmetic RFC A Mechanism for Prompt Notification of Zone Changes RFC Dynamic Updates in the Domain Name System

Download ppt "Domain Name System Introduction And Overview"

Similar presentations

ITR3 lecture 9: DNS, mail, rsync Thomas Krichel 2002-11-05.

ITR3 lecture 9: DNS, mail, rsync Thomas Krichel
Web Server Administration

Web Server Administration
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
February 2003slideset 1 Introduction to the DNS system Olaf M. Kolkman

February 2003slideset 1 Introduction to the DNS system Olaf M. Kolkman
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Chapter 25 Domain Name System.

McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.

DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.
Host Name Resolution. Overview Name resolution Name resolution Addressing a host Addressing a host Host names Host names Host name resolution Host name.

Host Name Resolution. Overview Name resolution Name resolution Addressing a host Addressing a host Host names Host names Host name resolution Host name.

Similar presentations

Ads by Google