Document

Download Report

Transcript Document

Domain Name System

HISTORY • File

hosts

(the size of Internet became more than 1000 hosts in 1984), manually update, errors, impossible to scale • DNS is also called BIND (Berkeley Internet Name Domain) • Distributed database (delegation to lower level) • DNS Translates Resource Records (RR)  hostnames to IP addresses  mail exchanger  host information • Name Servers hold the DNS data and know how to find the answer • Fully Qualified Domain Name (FQDN) www.oreilly.com.

• Each dot separates a subdomain • Each subdomain may have a Name Server associated with it • nslookup

Rev. 1.01 / 12.12.2006

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

Query of girigiri.gbrmpa.gov.au

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

DNS and OSI RM

DNS TCP IP Physical TCP/IP APPLICATION PRESENTATION SESSION TRANSPORT NETWORK DATA LINK PHYSICAL Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 OSI/RM Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

Inverse query

1.

Name-to-Address is easy procedure due to indexing by name field in database.

2.

Address-to-Name (authorization checks, understanding logs) is not trivial: • to implement an exhaustive search or • to establish the whole domain

in-addr.arpa

with IP addresses noted in it (example: IP address 15.16.192.152 corresponds to

152.192.16.15.in-addr.arpa

).

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

Database entities

RFC 1035 A NS CNAME SOA PTR HINFO MX . . . Host Address Authoritative Nameserver Canonical Name Marks Start of Zone of Authority Domain Name Pointer (Reverse Host Record ) Host Information Mail Exchange Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

SOA record

mydomain.com. IN SOA ns1.mydomain.com. root.mail.mydomain.com. ( 2002012901 24h 2h 4w 4d)

The first line indicates first the zone, then the type of record — Internet SOA — then the primary name server for the zone, and then a contact address for the zone. Note that the email address uses a period (dot) in place of the @, and that all of these domain names must end with a dot.

updated serial number YYYYMMDDVV check updates by secondary NS retry after fail expire data if no update minimal TTL

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

NS, A, CNAME records

NS (Name Server) records provide a list of name servers authoritative for the zone:

mydomain.com. IN NS ns1.mydomain.com.

mydomain.com. IN NS ns2.mydomain.com.

The real data itself.

mail.mydomain.com. IN A 192.168.40.32

ns1.mydomain.com. IN A 192.168.40.33

ns2.mydomain.com. IN A 192.168.40.34

cheesebox.mydomain.com. IN A 192.168.148.44

lester.mydomain.com. IN A 192.168.148.45

CNAME (Canonical name) records allow aliases.

www.mydomain.com. IN CNAME mydomain.com. wwww.mydomain.com. IN CNAME mydomain.com. ww.mydomain.com. IN CNAME mydomain.com. cb.mydomain.com. IN CNAME cheesebox.mydomain.com.

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

MX record

MX (Mail Exchange) records provide a list of mail servers that accepts e-mail for the specified domain.

Three parts: • domain name, • the name of the machine that will accept mail for the domain, • and a preference value (lowest is preferred).

Mailers look for MX records before A records - should define MX records for mail systems

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

Sample zone file

@ IN IN IN IN IN IN IN IN IN

;

WWW CNAME News IN Tennis IN IN IN IN IN SOA MX MX MX NS NS A A HINFO A TXT A HINFO MX MX NS.Opusl.COM

1998102601 43200 7200 2592000 86400 ) 10 10 Cello.Opusl.COM.

Viola.Opusl.COM.

15 Tennis.Opusl.COM.

ns.Opusl.COM.

Arizona.EDU.

192.245.12.8

192.245.12.7

"DEC-VAXCLUSTER" "OPENVMS" Cello.Opusl.COM.

192.245.12.8

"Game, set and match" 192.245.12.2 ; 100 Mbps line "DEC-VAXSTATION" "OPENVMS" 10 20 Petrozavodsk State University, Alex Moschevikin, 2003 hostmaster.Opusl.COM. ( ; serial number (update) ; refresh 2x per day ; retry every 2 hour (if fail) ; expire after 1 month ; TTL is 24 hours ; (minimum in cache) Mail.Opusl.COM.

Mail.TheRiver.COM.

for secondary servers NET TECHNOLOGIES

Reverse mapping zone file

; Authoritative data for 130.139.in-addr.arpa ; @ IN SOA jatz.aarnet.edu.au. mit.jatz.aarnet.edu.au. ( 1993092001 ; Serial 10800 ; Refresh - 3 hours 1800 ; Retry - 30 minutes 3600000 ; Expire - 1000 hours 43200 ) ; Minimum - 12 hours IN IN NS jatz.aarnet.edu.au.

NS anu.anu.edu.au. ; 4.204

8.204

16.204

IN IN IN PTR jatz.aarnet.edu.au.

PTR scotch-finger.aarnet.edu.au.

PTR nico.aarnet.edu.au. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

DNS message format (UDP 53)

Identification Number of questions Number of authority RRs Flags Number of answer RRs Number of additional RRs Questions Answers (variable number of RRs) Authority (variable number of RRs) Additional information (variable number of RRs)

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

RR portion of DNS response

Domain name Type Time-to-live Resource data length Resource data Class

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES

Problems with DNS

    Inverse queries for local ISP.

 DNS supports both TCP and UDP, but primarily uses UDP. TCP is slow and denial of service, UDP is vulnerable to response spoofing.

Lack of competition in domain name registering.

Confusion of trademarks and domains.

NS records contain hostnames, not addresses. Redundancy.

Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES