DNS – Domain Name Service
Download
Report
Transcript DNS – Domain Name Service
DNS – Domain Name
Service
WeeSan Lee <[email protected]>
http://www.cs.ucr.edu/~weesan/cs183/
Roadmap
Introduction
The DNS Namespace
Top-level Domains
Second-level Domains
Domain Names
How to Register a Domain Name?
How DNS Works?
BIND
Tools
Q&A
Introduction
A service that maps between hostnames and
IP addresses
A hierarchical distributed caching database
with delegated authority.
Uses port 53
UDP for the queries and responses
TCP for the zone transfer
Introduction (cont)
Recursive servers
Non-recursive servers
root name server (.)
Q
R
http://www.cs.berkeley.edu/
Q
Q
momo.cs.ucr.edu
edu
A
R
A
eon
Q
Q
R
cs.berkeley.edu
berkeley.edu
The DNS Namespace
A tree structure that starts with the root (.)
Each node represents a domain name
2 branches
Forward mapping
hostnames → IP addresses
Reverse mapping
IP addresses → hostnames
Top-level Domains
gTLDs (generic TLDs)
ccTLDs (country code TLDs)
com, edu, net, org, gov, mil, int, arpa
aero, biz, coop, info, jobs, museum, name, pro
au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, …
Profitable domain names
CreditCards.com - $2.75M
Loans.com – $3M
Business.com - $7.5M
Second-level Domain Name
Examples
ucr.edu
sony.co.jp
Must apply to a registrar for the appropriate
TLD
Network Solutions, Inc used to monopolize
the name registration
Now, ~500 registrars
Domain Names
Valid domain names
Case insensitive
Each component: [a-zA-Z0-9\-]{1,63}
Each name < 256 chars
www.cs.ucr.edu == WWW.CS.UCR.EDU
FQDN
Fully Qualified Domain Name
eon.cs.ucr.edu
eon – hostname
cs.ucr.edu – domain name
How To Register A Domain Name?
Pick a domain name of interest
Dedicate 2 NS servers
RFC1219 stated that each domains should be served by at
least 2 servers: a master & a slave
One technical contact person
One administrative contact person
Then, register the name to a registrar of your choice
Used to be done via email or fax, now all web-based
How DNS Works?
Delegation
All name servers read all the 13 root servers from
a local configuration file
[a-m].root-servers.net
$ dig
Those servers in turn knows all the TLDs
.edu knows .ucr.edu
.com knows .google.com
etc
DNS Caching
DNS servers cache results they receive from
other servers
Each result is saved based on its TTL
Negative caching
For nonexistent hostname (for 10 mins)
Also for unreachable/unresponsive servers
Authoritative vs. Non-authoritative
An authoritative answer from a name server
(such as reading the data from the disk) is
“guaranteed” to be accurate
A non-authoritative answer (such as an
answer from the cache) may not
Primary and secondary servers are
authoritative for their own domains
Recursive vs. Non-recursive
Recursive
Queries on a client behalf until it returns either an
answer or an error
Non-recursive
Refers the client to another server if it can’t
answer a query
DNS Database
A set of text files, called zone files,
maintained by the system admin. on the
master NS
2 types of entries
Parser commands, eg.
$ORIGIN and $TTL
Resource Records (RR)
[name] [tt] [class] type data
eon
76127 IN A 138.23.169.9
orpheus.cs.ucr.edu. 76879 IN A 138.23.169.17
A very important . there!
DNS Database (cont)
Resource Record Types
SOA
NS
A
AAAA
PTR
MX
CNAME
TXT
…
Start Of Authority
Name Server
IPv4 name-to-address translation
IPv6 name-to-address translation
Address-to-name translation
Mail eXchanger
Canonical NAME
Text
BIND
The Berkeley Internet Name Domain system
Current maintainer: Paul Vixie @ ISC
BIND 9
Use RTT to pick the best root servers and
use them in round-robin fashion
named
/etc/named.conf
options {
directory "/var/named";
// query-source address * port 53;
forwarders { 138.23.169.10; };
};
zone "." IN {
type hint;
file "named.ca"; // Read from /var/named/named.ca
};
/etc/named.conf
zone "localhost" IN {
type master;
file "localhost.zone"; // Read from /var/named/localhost.zone
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local"; // Read from /var/named/named.local
allow-update { none; };
};
/etc/named.conf
zone "voicense.com" IN {
type master;
file "voicense.com.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "voicense.com.rev";
};
zone "macrohard.com IN {
type slave;
file "macrohard.com.zone.bak";
masters { 10.0.0.1; };
};
/var/named/voicense.com.zone
Email address:
[email protected]
Remember to
increment the serial #
after each editing
$TTL 86400
$ORIGIN voicense.com.
@
IN SOA voicense.com. weesan.voicense.com. (
20040304 ; serial #
7200
; refresh (2 hrs)
1800
; retry
(30 mins)
604800 ; expire (1 week)
7200 )
; mininum (2 hrs)
IN NS
ns.voicense.com.
IN MX
10 mail.voicense.com.
IN MX
20 mail.myisp.com.
IN A
10.0.0.1
mail
IN CNAME
voicense.com.
www
IN CNAME
voicense.com.
ns
IN CNAME
voicense.com.
lee
IN A
10.0.0.31
wee
IN A
10.0.0.32
/var/named/voicense.com.zone
Serial #
Refresh
How long the slave servers should retry before giving up
Expire
How often the slave servers should sync. with the master
Retry
An increasing integer number (for sync’ing)
How long should the slave servers continue to serve the
domains in the absent of the master
Mininum
TTL for negative answers that are cached
/var/named/voicense.com.rev
$TTL
@
1
31
32
86400
IN SOA voicense.com. weesan.voicense.com. (
20040304 ; serial #
7200
; refresh (2 hrs)
1800
; retry (30 mins)
604800 ; expire (1 week)
7200 )
; mininum (2 hrs)
IN NS
ns.voicense.com.
IN PTR
fw.voicense.com.
IN PTR
lee.voicense.com.
IN PTR
wee.voicense.com.
How To Load Balance A Web Server?
www IN A 10.0.0.1
www IN A 10.0.0.2
www IN A 10.0.0.3
How To Load Balance A Web Server?
$ host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.19.104
www.l.google.com has address 74.125.19.103
www.l.google.com has address 74.125.19.147
www.l.google.com has address 74.125.19.99
$ host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.19.99
www.l.google.com has address 74.125.19.104
www.l.google.com has address 74.125.19.103
www.l.google.com has address 74.125.19.147
Zone Transfer
DNS servers sync with each other via zone
transfer
All-at-once and incremental updates
A slave server compares the serial number
on the master’s and save backup zone files
on disk.
Uses TCP on port 53
Tools
dig
$ dig eon.cs.ucr.edu
$ dig eon.cs.ucr.edu ns
$ dig @momo.cs.ucr.edu eon.cs.ucr.edu mx
$ man dig
host
$ host eon.cs.ucr.edu
$ host -t ns cs.ucr.edu
$ host -t mx eon.cs.ucr.edu momo.cs.ucr.edu
$ man host
Tools (cont)
nslookup
$ nslookup eon.cs.ucr.edu
$ nslookup eon.cs.ucr.edu momo.cs.ucr.edu
whois
$ whois google.com
$ whois ucr.edu
/etc/resolv.conf
Resolver
$ cat /etc/resolv.conf
search cs.ucr.edu weesan.com
nameserver 138.23.169.10
nameserver 138.23.178.2
/etc/nsswitch.conf
Used by C library
gethostbyname()
$ cat /etc/nsswitch.conf
hosts: file nis dns
Reference
LAH
Ch 15: DNS – The Domain Name System