Domain Name System (DNS)
Download
Report
Transcript Domain Name System (DNS)
Domain Name System (DNS)
2G1701 Lecture
Jon-Olov Vatn
KTH/IMIT/TSLab © 2003
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Introduction
The domain name system (DNS) can be
considered as a distributed hierarchical
database, with the primary purpose of
resolving domain name to IP address
mappings.
It is also used for other resolution cases such as
inverse lookup (IP=>domain name), mail and
SIP servers, IPv6 addresses etc.
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Resolution examples
Normal lookup (domain name to IPv4 address)
ripper:~>host trillian.it.kth.se
trillian.it.kth.se has address 130.237.212.43
Reverse lookup
ripper:~>host 130.237.212.6
6.212.237.130.IN-ADDR.ARPA domain name pointer gaia.it.kth.se
Hosts can have multiple domain names (aliases)
ripper:~>host www.it.kth.se
www.it.kth.se is a nickname for fluff.it.kth.se
fluff.it.kth.se has address 130.237.203.50
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Resolution examples (cont)
Finding a mail server for email address [email protected]
ripper:~>host -t mx it.kth.se
it.kth.se mail is handled (pri=0) by mail.it.kth.se
ripper:~>host mail.it.kth.se
mail.it.kth.se has address 130.237.212.132
Looking up an IPv6 address
ripper:~>host -t AAAA www.ssvl.kth.se
www.ssvl.kth.se IPv6 address 3ffe:4008:2:4:a00:20ff:fe81:78c5
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Some terminology
Domain
Domain (e.g., kth.se)
Subdomain (e.g., imit.kth.se), also part of
the parent domain (kth.se).
Could specify the name of a host (e.g.
www.imit.kth.se)
Zone
Defines the border of responsibility
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Domain vs zone
Let’s consider the kth.se domain. If the whole
kth.se was managed by a central KTH
organization the domain and the zone kth.se
would be the same.
se
domain kth.se
zone kth.se
kth.se
it.kth.se
12 September 2003
imit.kth.se
ssvl.kth.se
Jon-Olov Vatn, KTH/IMIT/TSLab
Domain vs zone (cont.)
To simplify maintenance the authority of a
subdomain can be delegated (here
it.kth.se)
se
zone it.kth.se
it.kth.se
12 September 2003
domain kth.se
zone kth.se
kth.se
imit.kth.se
ssvl.kth.se
Jon-Olov Vatn, KTH/IMIT/TSLab
DNS hierarchy
”.”
Root
Top level
org
edu
Domains com
(TLD)
mit
stanford
cs
math
cs
se
arpa
kth
math
(For reverse
lookup)
in-addr.arpa
ssvl
Organized similar to a file hierarchy, but written in reverse order:
”/usr/sbin/ifconfig”
”cs.mit.edu.”
root
12 September 2003
leaf
leaf
Jon-Olov Vatn, KTH/IMIT/TSLab
root
Small exercise
Assume the following:
Your host is in the ssvl.kth.se domain and that your
name server is ns.ssvl.kth.se.
You would like to browse www.cs.mit.edu.
Your host will send the DNS query to ns.ssvl.kth.se:
How will your host find the IP address of its name
server ns.ssvl.kth.se?
Who will ns.ssvl.kth.se contact next in order to find
the IP address? A DNS server in its parent domain,
a root DNS server or some other server?
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Small exercise (cont.)
If you then would like to lookup the address
for www.cs.mit.edu again, would that DNS
lookup be faster?
Yes, since your host keeps a cache with domain
name to IP address mappings.
Yes, since ns.ssvl.kth.se has cached the mapping.
No, the DNS lookup will take the same time as
before.
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Hierarchy of name servers
Root name servers
TLD name servers
13 DNS servers located around the world.
Authoritative for the root domain ”.”
Knows how to find name servers authoritative for the
different top level domains (TLD)
Each authoritative for some of the TLDs (com., edu., se., fi.,
uk., …)
Knows how to find name servers authoritative for the 2nd
level domains (google.com, hotmail.com, kth.se, …)
And so on …
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Finding the root DNS servers
Your name server can
recursively ask root DNS
server, TLD DNS server, and
so on until it reaches the
name server authoritative for
the target domain (e.g.
cs.mit.edu)
But how will your DNS server
find the root DNS server(s)?
It keeps them in a file,
often called ”root.hints”!
12 September 2003
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
.
371742
L.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.
Jon-Olov Vatn, KTH/IMIT/TSLab
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
IN NS
499062
499062
487141
487141
499062
499062
487141
462023
487141
487141
499062
458200
462023
L.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.
IN A 198.32.64.12
IN A 202.12.27.33
IN A 198.41.0.4
IN A 128.9.0.107
IN A 192.33.4.12
IN A 128.8.10.90
IN A 192.203.230.10
IN A 192.5.5.241
IN A 192.112.36.4
IN A 128.63.2.53
IN A 192.36.148.17
IN A 192.58.128.30
IN A 193.0.14.129
Our example (bogus) domain
Your own domain,
sports.bogus
IP address range
192.168.0.0/24
Routers, name
servers, web and
mail servers,
ordinary hosts
12 September 2003
Internet
ns ns2 www
gw1
Jon-Olov Vatn, KTH/IMIT/TSLab
.1
.2
.4
.11
.14
192.168.0.0/25
gw2
.129
.144
192.168.0.128/25
.137
.201
mail/ftp golf basket
Multiple name servers
For increased reliability each domain should
have (at least) two DNS servers
DNS information is only entered at one of the
servers (primary master DNS)
Slave (secondary) DNS servers receive DNS
configuration from the master.
This procedure is known as zone transfer.
Refresh interval, or triggered updates.
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Configuring a name server
BIND is a widespread DNS server. It has two
types of configuration files:
The ”zone files”
The DNS ”database” files
Resource records (RR): A, PTR, CNAME, …
In our example the zones ”sports.bogus” and
”192.168.0” (reverse lookup) are of interest
The main configuration file ”named.conf”
Organizes/glues the zone files
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Main configuration file
named.conf
options {
directory ”/var/named”;
};
origin
zone ”sports.bogus” in {
type master;
file ”pz/db.sport.bogus”;
};
zone ”0.168.192.in-addr-arpa” {
type master;
file ”pz/db.192.168.0”;
};
12 September 2003
named.conf (cont)
zone ”.” in {
type hint;
file ”root.hints”;
};
zone ”0.0.127.in-addr-arpa” {
type master;
file ”pz/db.127.0.0”;
};
Jon-Olov Vatn, KTH/IMIT/TSLab
Zone file (sport.bogus)
db.sports.bogus
$TTL 3h
sports.bogus. IN SOA ns.sports.bogus. staff.sports.bogus. (
1
; Serial
3h
; Refresh
1h
; Retry
1w
; Expire
1h
; Negative TTL
)
; Name servers (NS records)
sports.bogus.
IN NS ns.sports.bogus.
sports.bogus.
IN NS ns2.sports.bogus.
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Zone file (cont)
db.sports.bogus
; Addresses for canonical names (A records)
gw1.sports.bogus. IN A
192.168.0.1
gw2.sports.bogus. IN A
192.168.0.2
gw2.sports.bogus. IN A
192.168.0.129
ns.sports.bogus.
IN A
192.168.0.4
ns2.sports.bogus. IN A
192.168.0.11
www.sports.bogus. IN A
192.168.0.14
golf.sports.bogus. IN A
192.168.0.137
mail.sports.bogus. IN A
192.168.0.144
basket.sports.bogus. IN A
192.168.0.201
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Zone file (cont)
db.sports.bogus
; Aliases (CNAME records)
ftp.sports.bogus.
IN CNAME mail.sports.bogus.
; Mail servers
sports.bogus.
IN
MX 10 mail.sports.bogus.
Mail server priority
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Abbreviations
db.sports.bogus
”@”
implied
$TTL 3h
@ IN SOA ns.sports.bogus. staff.sports.bogus. (
1
; Serial
3h
; Refresh
1h
; Retry
1w
; Expire
1h
; Negative TTL
)
; Name servers (NS records)
IN NS ns
IN NS ns2
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Abbreviations (cont)
db.sports.bogus
repeat
last
; Addresses for canonical names (A records)
gw1
IN A 192.168.0.1
gw2
IN A 192.168.0.2
IN A 192.168.0.129
ns
IN A 192.168.0.4
ns2
IN A 192.168.0.11
www
IN A 192.168.0.14
golf
IN A 192.168.0.137
mail
IN A 192.168.0.144
basket
IN A 192.168.0.201
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Abbreviations (cont)
db.sports.bogus
; Aliases (CNAME records)
ftp
IN CNAME
mail
; Mail servers
@
mail
12 September 2003
IN MX 10
Jon-Olov Vatn, KTH/IMIT/TSLab
Reverse look-up
Compare a domain name and an IP address. IP
addresses also have a hierarchy, although the
direction of root to leaf is reversed (left to right)
Possible to use the same technique to look up
domain names from IP address (reverse look up)
Use of specific top and second level domain
(in-addr.arpa) for this purpose, e.g.,
14.0.168.192.in-addr.arpa
www.sports.bogus
12 September 2003
192.168.0.14
Jon-Olov Vatn, KTH/IMIT/TSLab
DNS hierarchy
”.”
Root
Top level
org
edu
Domains com
(TLD)
mit
stanford
cs
math
cs
se
arpa
kth
math
(For reverse
lookup)
in-addr.arpa
ssvl
192
168
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Reverse look up (named.conf)
named.conf
options {
directory ”/var/named”;
}
zone ”sports.bogus” in {
type master;
file ”pz/db.sport.bogus”;
};
origin
zone ”0.168.192.in-addr-arpa” {
type master;
file ”pz/db.192.168.0”;
};
12 September 2003
named.conf (cont)
zone ”.” in {
type hint;
file ”root.hints”;
};
zone ”0.0.127.in-addr-arpa” {
type master;
file ”pz/db.127.0.0”;
};
Jon-Olov Vatn, KTH/IMIT/TSLab
Reverse look up (zone file)
db.192.168.0
$TTL 3h
@ IN SOA ns.sports.bogus. staff.sports.bogus. (
1
; Serial
3h
; Refresh
”@” is
1h
; Retry
0.168.192.in-addr.arpa
1w
; Expire
1h
; Negative TTL
)
; Name servers (NS records)
IN NS ns.sports.bogus.
IN NS ns2.sports.bogus.
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Reverse zone file (cont)
db.192.168.0
; Address
1
2
4
11
14
…
201
to name POINTER records (PTR records)
IN
PTR
gw.sports.bogus.
IN
PTR
gw2.sports.bogus.
IN
PTR
ns.sports.bogus.
IN
PTR
ns2.sports.bogus.
IN
PTR
www.sports.bogus.
IN
PTR
basket.sports.bogus.
”@” (0.168.192.in-addr.arpa) appended
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Primary and slave DNS servers
Master and slave servers can answer to DNS queries
in the same way
Primary Master DNS
Slave DNS
This is were the administrator manually configures the zone
files
Can specify which slaves that can get copies of the zone files
Specifies which zone files to download and which DNS server
to download this from
Polls DNS server at specific interval.
May store the transfered zone files locally.
Procedure is called ”zone transfer”
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
SOA resource record revisited
$TTL 3h
@ IN SOA ns.sports.bogus. staff.sports.bogus. (
1
; Serial
3h
; Refresh
1h
; Retry
1w
; Expire
1h
; Negative TTL
)
Serial, Refresh and Expire related to master/slave zone transfers
$TTL and ”Negative TTL” related to lifetime of result of previous
DNS queries (caching is what makes DNS scalable!!)
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Delegation
If someone would like to look up www.sports.bogus
its name server may recursively send its query to a
root DNS (”.”), e.g., a.root-servers.net
a TLD DNS (”bogus.”), e.g., ns.bogus
our DNS (”sports.bogus.”), ns.sports.bogus
But how can ns.bogus know that the query should be
sent to ns.sports.bogus?
And how can it know the IP address of
ns.sports.bogus?
There is need for some glue information in the parent
name server. This is what delegation is about!
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
Delegation (cont)
db.bogus
$TTL 3h
@ IN SOA
”@” is
”bogus”
ns.bogus. staff.bogus. (
1
3h
1h
1w
1h
; Serial
; Refresh
; Retry
; Expire
; Negative TTL
)
IN NS ns
; Name servers in delegated zones
sports.bogus.
IN NS ns.sports.bogus.
IN NS ns2.sports.bogus.
ns.sports.bogus.
IN A
192.168.0.4
ns2.sports.bogus.
IN A
192.168.0.11
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab
glue
Delegation (cont)
How to delegate the reverse look up?
The really hard thing is if there address blocks are not
divided on octet borders.
How can you delegate a sub domain in your own
domain?
For example, what if a the basket balls players would like to
maintain their own domain ”basket.sports.bogus”
12 September 2003
Jon-Olov Vatn, KTH/IMIT/TSLab