Download presentation
Presentation is loading. Please wait.
Published byLambert Lawson Modified over 9 years ago
1
DNS
2
Agenda DNS Basic Zone Delegation Half Class-C reverse lookup Webmin Tools 參考資料
3
DNS Basic One of the main goals of the design of the Domain Name System was to decentralize administration
4
DNS Basic Name Servers and Zones The programs that store information about the domain name space are called name servers. Name servers generally have complete information about some part of the domain name space, called a zone, which they load from a file or from another name server. The name server is then said to have authority for that zone.
5
DNS Basic The edu domain broken into zones
6
DNS Basic The berkeley.edu domain broken into zones
7
DNS Basic The Domain ca The Zone ca
8
DNS Basic
9
Name servers can be authoritative for multiple zones.
10
DNS Basic Root arpaorgedugovcommilnettwukjpcn … in-addrmitnyu…nchu…nctu eeapmwww… … …
11
DNS Basic TLD (Top-Level Domains) The original top-level domains divided the Internet domain name space organizationally into seven domains com Commercial organizations, such as Hewlett-Packard (hp.com), Sun Microsystems (sun.com), and IBM (ibm.com) edu Educational organizations, such as U.C. Berkeley (berkeley.edu) and Purdue University (purdue.edu)
12
DNS Basic gov Government organizations, such as NASA (nasa.gov) and the National Science Foundation (nsf.gov) mil Military organizations, such as the U.S. Army (army.mil) and Navy (navy.mil) net Networking organizations, such as NSFNET (nsf.net) org Noncommercial organizations, such as the Electronic Frontier Foundation (eff.org) int International organizations, such as NATO (nato.int)
13
DNS Basic New Top Level Domain ICANN is working to add seven new TLDs to the Internet's domain-name system. In November 2000, after extensive discussions throughout the global Internet community, the ICANN Board selected seven TLD proposals to be included in the first addition of a global TLD to the Internet since the 1980s. The selected TLDs are:.aero (for the air-transport industry),.biz (for businesses),.coop (for cooperatives),.info (for all uses),.museum (for museums),.name (for individuals), and.pro (for professions).
14
DNS Basic .biz is already fully operational and accepting live registrations. For more information on these.biz, please visit the website of NeuLevel, Inc., the company selected to operate this new TLD:. .info is also fully operational and accepting live registrations. More info on.info registration is availble at the website of the.info registry operator, Afilias Limited, at http://www.nic.info/>. .name is fully operational and accepting live registrations. The company selected to operate.name, Global Name Registry, has posted an informational page at.
15
DNS Basic .museum is also operational. he.museum TLD is sponsored by Museum Domain Management Association (MuseDoma). MuseDoma's informational site can be ocated at. .coop is operational. The.coop TLD is ponsored by the National Cooperative Business ssociation (NCBA). An informational site for.coop is available at. .aero is operational and is sponsored by Societe Internationale de Telecommunications Aeronautiques SC (SITA). For more information on.aero, please visit.
16
DNS Basic The.pro registry agreement is still under negotiation. More information on.pro is available at the website of the registry operator, RegistryPro, Ltd., at.
17
DNS Basic - Resolver Resolvers are the clients that access name servers. Programs running on a host that need information from the domain name space use the resolver. The resolver handles: Querying a name server Interpreting responses (which may be resource records or an error) Returning the information to the programs that requested it In BIND, the resolver is just a set of library routines that is linked into programs such as telnet and ftp. It's not even a separate process.
18
DNS Basic Resolution of girigiri.gbrmpa.gov.au on the Internet
19
DNS Basic The resolution process
20
DNS Basic addr.arpa domain
21
DNS Basic - Caching Resolving baobab.cs.berkeley.edu
22
DNS Basic - TTL TTL (Time To Life) Name servers can't cache data forever. The administrator of the zone that contains the data decides on a time to live, or TTL, for the data. The time to live is the amount of time that any name server is allowed to cache the data. After the time to live expires, the name server must discard the cached data and get new data from the authoritative name servers. Deciding on a time to live for your data is essentially deciding on a trade-off between performance and consistency.
23
Zone Delegation edu.tw moesun.edu.tw a.twnic.net.tw b.twnic.net.tw c.twnic.net.tw tc.edu.tw nchud1.nchu.edu.tw pds.nchu.edu.tw
24
Zone Delegation tcc.edu.tw dns.boe.tcc.edu.tw chc.edu.tw dns.chc.edu.tw encntc.edu.tw ntcg.encntc.edu.tw 128.140.in-addr.arpa pds.nchu.edu.tw nchud1.nchu.edu.tw
25
Zone Delegation 17.163.in-addr.arpa pds.nchu.edu.tw nchud1.nchu.edu.tw 22.163.in-addr.arpa pds.nchu.edu.tw nchud1.nchu.edu.tw 23.163.in-addr.arpa dns.ncue.edu.tw life.ncue.edu.tw
26
Half Class-C Reverse Lookup RFC 2317 Classless IN-ADDR.ARPA delegation IN-ADDR.ARPA delegation on non-octet boundaries for address spaces covering fewer than 256 addresses. The proposed method is fully compatible with the original DNS lookup mechanisms.
27
Half Class-C Reverse Lookup Let us assume we have assigned the address spaces to three different parties as follows: 192.0.2.0/25 to organization A 192.0.2.128/26 to organization B 192.0.2.192/26 to organization C
28
Half Class-C Reverse Lookup In the classical approach, this would lead to a single zone like this: $ORIGIN 2.0.192.in-addr.arpa. ; 1PTR host1.A.domain. 2PTR host2.A.domain. 3 PTR host3.A.domain. ; 129PTR host1.B.domain. 130 PTR host2.B.domain. 131 PTR host3.B.domain. ; 193PTR host1.C.domain. 194 PTR host2.C.domain. 195 PTR host3.C.domain.
29
Half Class-C Reverse Lookup by using the first address or the first address and the network mask length (as shown below)in the corresponding address space to form the the first component in the name for the zones. The following four zone files show how the problem in the motivation section could be solved using this method.
30
Half Class-C Reverse Lookup $ORIGIN 2.0.192.in-addr.arpa. @IN SOA my-ns.my.domain. hostmaster.my.domain. (...) ;... ; >/25 0/25 NS ns.A.domain. 0/25 NS some.other.name.server. ; 1CNAME 1.0/25.2.0.192.in-addr.arpa. 2 CNAME 2.0/25.2.0.192.in-addr.arpa. 3 CNAME 3.0/25.2.0.192.in-addr.arpa. ; ; >/26 128/26 NS ns.B.domain. 128/26 NS some.other.name.server.too. ; 129CNAME 129.128/26.2.0.192.in-addr.arpa. 130 CNAME 130.128/26.2.0.192.in-addr.arpa. 131 CNAME 131.128/26.2.0.192.in-addr.arpa.
31
Half Class-C Reverse Lookup ; ; >/26 192/26 NS ns.C.domain. 192/26 NS ome.other.third.name.server. ; 193CNAME 193.192/26.2.0.192.in-addr.arpa. 194 CNAME 194.192/26.2.0.192.in-addr.arpa. 195 CNAME 195.192/26.2.0.192.in-addr.arpa. $ORIGIN 0/25.2.0.192.in-addr.arpa. @ N SOA ns.A.domain. hostmaster.A.domain. (...) @ NS ns.A.domain. @ NS some.other.name.server. ; 1 PTR host1.A.domain. 2 PTR host2.A.domain. 3 PTR host3.A.domain.
32
Half Class-C Reverse Lookup $ORIGIN 128/26.2.0.192.in-addr.arpa. @ IN SOA ns.B.domain. hostmaster.B.domain. (...) @ NS ns.B.domain. @ NS some.other.name.server.too. ; 129 PTR host1.B.domain. 130 PTR host2.B.domain. 131 PTR host3.B.domain. $ORIGIN 192/26.2.0.192.in-addr.arpa. @ IN SOA ns.C.domain. hostmaster.C.domain. (...) @ NS ns.C.domain. @ NS some.other.third.name.server. ; 193 PTR host1.C.domain. 194 PTR host2.C.domain. 195 PTR host3.C.domain.
33
Dynamic Update BIND 8 also supports the dynamic update facility described in RFC 2136. This permits authorized updaters to add and delete resource records from a zone for which the server is authoritative. An updater can find the authoritative name servers for a zone by retrieving the zone's NS records. If the server receiving an authorized update message is not the primary master for the zone, it will forward the update "upstream" to its master server(s). If they, in turn, are slaves for the zone, they will also forward the update upstream. command : nsupdate
34
Webmin
35
Webmin
36
Webmin URL : http://www.webmin.com
37
Tools Nslookup Dig host
38
參考資料 http://www.isc.org RFC 2317 Classless IN-ADDR.ARPA delegation http://www.internic.net/faqs/new-tlds.html Some of the important features of BIND 9 DNS Security DNSSEC (signed zones) TSIG (signed DNS requests) IP version 6 Answers DNS queries on IPv6 sockets IPv6 resource records (A6, DNAME, etc.) Bitstring Labels Experimental IPv6 Resolver Library
39
參考資料 DNS Protocol Enhancements IXFR, DDNS, Notify, EDNS0 Improved standards conformance Views One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others. Multiprocessor Support Improved Portability Architecture
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.