130 likes | 314 Views
Domain Name System. HISTORY File hosts (the size of Internet became more than 1000 hosts in 1984), manually update, errors, impossible to scale DNS is also called BIND (Berkeley Internet Name Domain) Distributed database (delegation to lower level) DNS Translates Resource Records (RR)
E N D
Domain Name System • HISTORY • File hosts (the size of Internet became more than 1000 hosts in 1984), manually update, errors, impossible to scale • DNS is also called BIND (Berkeley Internet Name Domain) • Distributed database (delegation to lower level) • DNS Translates Resource Records (RR) • hostnames to IP addresses • mail exchanger • host information • Name Servers hold the DNS data and know how to find the answer • Fully Qualified Domain Name (FQDN) - www.oreilly.com. • Each dot separates a subdomain • Each subdomain may have a Name Server associated with it • nslookup Rev. 1.01 / 12.12.2006 Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Query of girigiri.gbrmpa.gov.au Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
DNS and OSI RM Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 APPLICATION DNS TCP IP Physical PRESENTATION SESSION TRANSPORT NETWORK DATA LINK PHYSICAL TCP/IP OSI/RM Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Inverse query • Name-to-Address is easy procedure due to indexing by name field in database. • Address-to-Name (authorization checks, understanding logs) is not trivial: • to implement an exhaustive search or • to establish the whole domain in-addr.arpa with IP addresses noted in it (example: IP address 15.16.192.152 corresponds to 152.192.16.15.in-addr.arpa). Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Database entities RFC 1035 AHost Address NSAuthoritative Nameserver CNAMECanonical Name SOAMarks Start of Zone of Authority PTRDomain Name Pointer (Reverse Host Record) HINFOHost Information MX Mail Exchange . . . Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
SOA record mydomain.com. IN SOA ns1.mydomain.com. root.mail.mydomain.com. (200201290124h2h4w4d) The first line indicates first the zone, then the type of record — Internet SOA — then the primary name server for the zone, and then a contact address for the zone. Note that the email address uses a period (dot) in place of the @, and that all of these domain names must end with a dot. updated serial number YYYYMMDDVV check updates by secondary NS retry after fail expire data if no update minimal TTL Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
NS, A, CNAME records NS (Name Server) records provide a list of name servers authoritative for the zone: mydomain.com. IN NS ns1.mydomain.com.mydomain.com. IN NS ns2.mydomain.com. The real data itself. mail.mydomain.com. IN A 192.168.40.32ns1.mydomain.com. IN A 192.168.40.33ns2.mydomain.com. IN A 192.168.40.34cheesebox.mydomain.com. IN A 192.168.148.44lester.mydomain.com. IN A 192.168.148.45 CNAME (Canonical name) records allow aliases. www.mydomain.com. IN CNAME mydomain.com. wwww.mydomain.com. IN CNAME mydomain.com. ww.mydomain.com. IN CNAME mydomain.com. cb.mydomain.com. IN CNAME cheesebox.mydomain.com. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
MX record • MX (Mail Exchange) records provide a list of mail servers that accepts e-mail for the specified domain. • Three parts: • domain name, • the name of the machine that will accept mail for the domain, • and a preference value (lowest is preferred). • Mailers look for MX records before A records - should define MX records for mail systems Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Sample zone file @ IN SOA NS.Opusl.COM hostmaster.Opusl.COM. ( 1998102601 ; serial number (update) 43200 ; refresh 2x per day 7200 ; retry every 2 hour (if fail) 2592000 ; expire after 1 month 86400 ; TTL is 24 hours ;(minimum in cache) ) IN MX 10 Cello.Opusl.COM. IN MX 10 Viola.Opusl.COM. IN MX 15 Tennis.Opusl.COM. IN NS ns.Opusl.COM. IN NS Arizona.EDU. IN A 192.245.12.8 IN A 192.245.12.7 IN HINFO "DEC-VAXCLUSTER" "OPENVMS" ; WWW CNAME Cello.Opusl.COM. News IN A 192.245.12.8 Tennis IN TXT "Game, set and match" IN A 192.245.12.2 ; 100 Mbps line IN HINFO "DEC-VAXSTATION" "OPENVMS" IN MX 10 Mail.Opusl.COM. IN MX 20 Mail.TheRiver.COM. for secondary servers Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Reverse mapping zone file ; Authoritative data for 130.139.in-addr.arpa ; @INSOAjatz.aarnet.edu.au. mit.jatz.aarnet.edu.au. ( 1993092001 ; Serial 10800 ;Refresh - 3 hours 1800 ; Retry - 30 minutes 3600000 ; Expire - 1000 hours 43200 ) ; Minimum - 12 hours INNS jatz.aarnet.edu.au. INNS anu.anu.edu.au. ; 4.204INPTR jatz.aarnet.edu.au. 8.204INPTR scotch-finger.aarnet.edu.au. 16.204INPTR nico.aarnet.edu.au. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
DNS message format (UDP 53) Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
RR portion of DNS response Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES
Problems with DNS • Inverse queries for local ISP. • DNS supports both TCP and UDP, but primarily uses UDP. TCP is slow and denial of service, UDP is vulnerable to response spoofing. • Lack of competition in domain name registering. • Confusion of trademarks and domains. • NS records contain hostnames, not addresses. Redundancy. Petrozavodsk State University, Alex Moschevikin, 2003 NET TECHNOLOGIES