Download presentation
Presentation is loading. Please wait.
1
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System
2
Guide to TCP/IP, Second Edition2 Objectives Understand the history of DNS, types of services that DNS provides, types of roles that DNS servers can play on a network, and DNS database structure Understand how DNS servers handle name resolution requests, including the role of nearby and root servers in the resolution process, and the difference between recursive and iterative name resolution requests Explain the significance of DNS caching and the value of data in DNS caches Understand DNS configuration files and resource record formats, and describe the most common DNS RR types
3
Guide to TCP/IP, Second Edition3 Objectives (cont.) Understand how to handle the loopback address and root server data Use the NSLOOPUP command to gather name server information, test DNS server configurations, and inspect the contents of key DNS records on such servers Explain how DNS queries and responses work, and how they handle name resolution, DNS record lookups, zone data transfers, and reverse DNS queries Understand the purposes of and drawbacks to implementing DNS in the real world
4
Guide to TCP/IP, Second Edition4 DNS History And Background Text files called HOSTS BIND (Berkeley Internet Name Domain) Virtues of DNS –It allows local control over domain name database segments –Data from all database segments is available everywhere –Database information is robust and highly available
5
Guide to TCP/IP, Second Edition5 DNS Database Structure Tree structure Root is identified by a single period (.) Top-level domains –.com –.edu –.gov –.mil –.net –.org
6
Guide to TCP/IP, Second Edition6 DNS Database Structure (cont.) Top-level domain names expanded Country codes Thirteen root name servers –A.ROOT-SERVERS.NET –B.ROOT-SERVERS.NET Fully Qualified Domain Names (FQDNs)
7
Guide to TCP/IP, Second Edition7 DNS Database Structure (cont.)
8
Guide to TCP/IP, Second Edition8 The DNS Name Space Delegation of authority Domains (such as ibm.com) Subdomains (such as clearlake.ibm.com)
9
Guide to TCP/IP, Second Edition9 DNS Database Records Resource Records (RRs) Nine most common RR types –Address (A) record –Canonical name (CNAME) record –Host information (HINFO) record –Mail exchange (MX) record
10
Guide to TCP/IP, Second Edition10 DNS Database Records (cont.) Nine most common RR types (cont.) –Name server (NS) record – Pointer (PTR) record –Start of Authority (SOA) record
11
Guide to TCP/IP, Second Edition11 Delegating DNS Authority Primary DNS server delegates authority for subdomains to DNS servers lower in the domain namespace –Includes NS records that point to name servers that are authoritative for specific subdomains
12
Guide to TCP/IP, Second Edition12 Types Of DNS Servers Primary DNS server, a.k.a. master server –Zone file or a zone data file –There can be only one primary master name server Secondary DNS server, a.k.a. slave server –Provide a back-up –Distribute the load for DNS lookups Caching server –Store recently accessed DNS records
13
Guide to TCP/IP, Second Edition13 The Client Side Of DNS Name resolver or resolver Name queries or address requests Inverse DNS query Client side DNS errors may stem from any of the following causes –Invalid domain name or Invalid IP address –Inability to locate an IP address that corresponds to the requested domain name –Inability to reach an authoritative name server for the requested domain
14
Guide to TCP/IP, Second Edition14 How Domain Name Servers Work Sequence of lookups and reply for domain name resolution –DNS servers retrieve name data from the general domain namespace –Provides data about those zones for which it is authoritative –Search its cached domain name data –Search caching-only server or other name servers in the “neighborhood” –Sends a request for name resolution to a root server
15
Guide to TCP/IP, Second Edition15 How Domain Name Servers Work (cont.) Recursive query Iterative or non-recursive queries
16
Guide to TCP/IP, Second Edition16 The Importance Of DNS Caching Authoritative response Non-authoritative response DNS cache expiration value Negative caching
17
Guide to TCP/IP, Second Edition17 DNS Configuration Files And Resource Record Formats domain.dns addr.in-addr.arpa.dns Start of Authority (SOA) Record Address (A) and Canonical Name (CNAME) Records
18
Guide to TCP/IP, Second Edition18 Start of Authority (SOA) Record tree.com IN SOA apple.tree.com. sue.pear.tree.com ( 1 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day “IN” indicates the record is an Internet class of record types “SOA” indicates the record is a Start of Authority record
19
Guide to TCP/IP, Second Edition19 Address (A) and Canonical Name (CNAME) Records ; Host addresses localhost.tree.com. IN A 127.0.0.1 pear.tree.com. IN A 172.16.1.2 apple.tree.com. IN A 172.16.1.3 peach.tree.com. IN A 172.16.1.4 ; Multi-homed host hedge.tree.com. IN A 172.16.1.1 hedge.tree.com. IN A 172.16.2.1 ; Aliases pr.tree.com IN CNAME pear.tree.com h.tree.com IN CNAME hedge.tree.com a.tree.com IN CNAME apple.tree.com h1.tree.com IN CNAME 172.16.1.1 h2.tree.com IN CNAME 172.16.2.1
20
Guide to TCP/IP, Second Edition20 Mapping Addresses to Names Records in the db.addr file are provided to support reverse DNS lookups Reverse address lookups are used to determine if the IP address that a user presents matches the domain name from which the user claims to originate Reverse DNS lookups are classful
21
Guide to TCP/IP, Second Edition21 Obtaining and Storing Root Server Data DNS implementations make it possible to pre-load the name-and-address information InterNIC’s FTP server at ftp.rs.internic.net –Named.root –Rename file to cache.dns
22
Guide to TCP/IP, Second Edition22 Examining the named.root File ; last update: Nov 5, 2002 ; related version of root zone: 2002110501 ; ; formerly NS.INTERNIC.NET ;. 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ;. 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET
23
Guide to TCP/IP, Second Edition23 The NSLOOKUP Command General name server lookup Queries the default name server specified in the current machine’s TCP/IP configuration It is an essential tool for –Testing –Configuration and troubleshooting
24
Guide to TCP/IP, Second Edition24 The NSLOOKUP Command (cont.)
25
Guide to TCP/IP, Second Edition25 NSLOOKUP Details
26
Guide to TCP/IP, Second Edition26 Using NSLOOKUP Identify your default domain name server –NSLOOKUP command with no arguments NSLOOKUP command mode –Symbolized by the > prompt Use the set OPTION command to examine specific types of resource records ls -a command (list canonical names and aliases) ls -d command (list all records)
27
Guide to TCP/IP, Second Edition27 Using NSLOOKUP (cont.)
28
Guide to TCP/IP, Second Edition28 Using NSLOOKUP (cont.)
29
Guide to TCP/IP, Second Edition29 DNS Query/Response Packet Formats DNS response packets include the original question and the reply Four sections in the DNS response packets –Question section –Answer section –Authority section –Additional section
30
Guide to TCP/IP, Second Edition30 DNS Query/Response Packet Formats (cont.)
31
Guide to TCP/IP, Second Edition31 DNS Query Packet Fields ID Number Field QR (Query/Response) Field Opcode (Operation Code) Field AA (Authoritative Answer) Field TC (Truncation) Field
32
Guide to TCP/IP, Second Edition32 DNS Query Packet Fields (cont.) RD (Recursion Desired) Field RA (Recursion Available) Field Z (Reserved) Field Rcode (Response Code) Field Question Count Field
33
Guide to TCP/IP, Second Edition33 DNS Query Packet Fields (cont.) Answer Count Field Name Server Count Field Additional Records Count Field Question Name Field Question Type Field Question Class Field
34
Guide to TCP/IP, Second Edition34 DNS Query Packet Fields (cont.) Name Field Type Field Class Field Time to Live Field Resource Data Length Field Resource Data Field
35
Guide to TCP/IP, Second Edition35 DNS Query Packet Fields (cont.)
36
Guide to TCP/IP, Second Edition36 DNS Implementation DNS implementations have two major purposes –Provide name resolution to your users –Providing the authoritative hostname-to-IP mapping for services you choose to provide Load Balancing
37
Guide to TCP/IP, Second Edition37 Chapter Summary Because it provides the essential way to get from a symbolic, human-readable domain name for an Internet location to a corresponding numeric, machine-readable IP address, the Domain Name System provides the key address resolution service that makes today’s Internet possible It’s almost impossible to overstate the importance of this service to the proper functioning of any large-scale TCP/IP-based internetwork
38
Guide to TCP/IP, Second Edition38 Chapter Summary (cont.) The impetus for DNS arose from the difficulty of maintaining static HOSTS files for computers on the ARPANET after the number of hosts climbed into the thousands DNS was designed to create a flexible, reliable, and robust name and address resolution service that could scale to handle very large address spaces Its designers succeeded more than they ever could have imagined
39
Guide to TCP/IP, Second Edition39 Chapter Summary (cont.) DNS name servers come in multiple varieties For each zone, a primary name server is mandatory; it contains the master copy of the database for its zone For each zone, one or more secondary name servers may be created. (At least one secondary is recommended for every zone to ensure improved reliability.) For large or heavily trafficked networks, caching-only name servers offload the task of resolving names and addresses outside the local zones for users, thereby freeing up the primary and secondary name servers for the zone to handle external incoming name resolution requests
40
Guide to TCP/IP, Second Edition40 Chapter Summary (cont.) DNS maintains its data on a large collection of name servers around the Internet by carving the domain namespace into a disjointed collection of domain or subdomain databases, also known as database segments, or database zones, each of which belongs to a single authoritative name server for that zone This permits database segments to be controlled locally, yet available globally
41
Guide to TCP/IP, Second Edition41 Chapter Summary (cont.) The DNS design also includes provisions for a primary master name server and one or more secondary master name servers for each database zone to help improve reliability (if one DNS server fails, the others continue to function) and availability (proper configuration will balance query loads against all name servers for a zone, not just the primary)
42
Guide to TCP/IP, Second Edition42 Chapter Summary (cont.) DNS databases consist of a collection of resource records (RRs), in which such databases consist of a collection of zone files that represents a static snapshot of those databases Every zone file must include a Start of Authority (SOA) record to identify the name server that’s primarily responsible for the database segments it manages Other records in each zone file correspond to its function and may contain address-to-name mappings for normal domain name resolution, or name-to-address mappings for inverse or reverse DNS lookups
43
Guide to TCP/IP, Second Edition43 Chapter Summary (cont.) DNS clients rely on a software component called a resolver to interact with an available DNS server for name resolution services Resolvers issue recursive queries that go to a designated DNS server, which either answers that query itself, or queries other name servers until an answer is forthcoming
44
Guide to TCP/IP, Second Edition44 Chapter Summary (cont.) DNS packet structures incorporate type information that identifies the kind of RR being carried, and that otherwise describes the record’s contents and validity Understanding DNS Application layer packet structures makes it much easier to appreciate DNS’ simplicity and elegance
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.