Post on 25-Jul-2021
1
Internet Service
DNS & BINDSRT210
2017 Summer
Seneca College of Applied Technology
2
What is DNS?DNS is a hierachical, distributed database for
resolving Host Name to IP and vice versa
DNS contains information for– Mapping registered full qualify domain name of host
computers to IP addresses
– Mapping registered network address to FQDN
– Routing electronic mails
– Other internet applications
3
Hierarchical NamespacePartitioned
into
divisions
4
Fully Qualified Domain NamesFully Qualified Domain Names:
– A domain name ends in a dote.g. cs.senecac.on.ca.
– a.k.a. absolute domain name
– Host name:
– zenit, my
– Domain Name:
– zenit.senecac.on.ca., my.senecacollege.ca
5
Generic DomainsTop-level domains● com. - commerical organizations● edu. - education institutions● gov. - Government institutions● net. - major network support centres● org. - non-profit organizations● country code – ISO 3166 2-letter country domain● Others ...
6
DNS ServersDNS Server:
– Maps fully qualify domain names to IP addresses
– Holds a portions of the name-to-address mapping database
– Answers queries requested from other name servers, or clients, called resolver
– Maps IP addresses to domain names (pointer query)
7
in-addr.arpa domainin-addr.arpa domain (for IPv4)
– Is the name space for reverse mapping
– Each label can only take the decimal number 0 to 255
– Host with IP address a.b.c.d will be represented as d.c.b.a.in-addr.arpa
e.g. IP 192.168.2.1 --> 1.2.168.192.in-addr.arpa
See: http://www.ntchosting.com/web_hosting_images/reverse-mapping.gif
8
Distributed Name Space● Domain and subdomain
● Zone – group of symbolic name with a common base● Name server – maintains a database of symbolic names
and IP addresses and provides service of mapping between symbolic names and IP addresses.
● Delegate authority – for sub-domain
● Root Name servers – authority for the top level zone “.”
9
Domain Name Resolution● A user program issues a request to the resolver● The resolver formulates a query to the name
server● Name server checks its authoritative database or
cache, and/or query other available name servers, starting from the root name server
● User program get the answer or an error
10
Different Roles of Name Server● Caching Only Name Server (needs hint file)● Authoritative Name Server (needs zone file(s))● Combination of both (not recommended for
security)
11
Full Resolver
UserProgram
FullResolver
NameServer
Cache
Database
OtherNameServer
Cache
User QueryQuery
Response Response
12
Authoritative Name Server
UserProgram
FullResolver
Auth.NameServer
Cache
Database
User QueryQuery
Response Response
13
Caching Name Server
UserProgram
FullResolver
CachingNameServer
CacheOtherNameServer
Cache
User QueryQuery
Response Response(hint file)
14
Mixed-Mode Name Server
UserProgram
FullResolver
NameServer
Cache
Database
OtherNameServer
Cache
User QueryQuery
Response Response
15
Resover Query/Response● Query:
– Recursive
– Iterative (non-recursive)
● Response– Authoritative
– Non-authoritative
16
Name Servers● Primary Name Server
– Read zone data from some local files and has authority over the zone.
● Secondary Name Servers
– Has authority for a zone, but obtains its zone information from a primary name server by the zone transfer process
● Caching-only name server
– Cache DNS info queried from other NS
17
DNS Boss
root name server● Holds the ultimate authority on DNS system● Authoritative for the root domain “.”● There are thirteen root name servers on the
Internet (public root name servers)● What does root name server do? Mostly delegate.
18
Resource Records in Zone File● Basic component of the DNS distributed
Database● Divided into classes for different kinds of
networks● IN – internet class
e.g. SOA, A, NS, CNAME, MX, PTR
● Each zone must have SOA and NS records
19
RR Format● Name: domain name to be defined● TTL: Time-to-live in seconds (cache limit)● Class: IN● Type: Resource record type● Rdata: value of the record (depends on type)
Name TTL Class Type Rdata
20
RR Examples● SOA Record – Start of Authority@ IN SOA abc.mydomain.ca root.abc.mydomain.ca (
20040210 ;serial no
3600 ;refresh
600 ;retry
360000 ;expire
86400) ;minimum
The above five numbers are used by slave server.
21
RR Examples 2More:cs.senecac.on.ca. IN A 142.204.76.23
senecac.on.ca. IN MX 10 mail
23 IN PTR scs
senecac.on.ca. 360000 IN NS prime
scs IN CNAME cs
22
Setup your own Domain● What is Domain Name Registration?● What Domain Name is available?● How do you register your Domain Name?● How to setup your Name server?● How to make your name server visible on the
Internet?
23
Pick Your Own DomainDomain Names:● A sequence of labels separated by dots● Label: a-z, A-Z, 0-9, - and _
e.g. pod1.com, pod2.com, etc
Use your Seneca ID + “.net” as you domain name.
24
How to register?● What is your Domain Name?● How many labels are there in your Domain
Name?● Remove the first label on the left of your domain
name and the remaining is your parent domain.● Who has authority on your parent domain?● Go register with that authority.
25
How to setup your domain?● Setup a Primary Namer Server
(Bind 9.8.2 on CentOS 6.5)
● Create forward lookup zone file(s)
● Create reverse lookup zone file(s)
● Populate your zone files with
– SOA record– A records (in forward zone)– PTR records (in reverse zone)– NS records– MX records (in forward zone)
26
Make your NS visible● Tell people about the IP address of your Name Server.
● Test your name server.
● Ask the DNS administrator of your parent domain to delegate the zone for your domain to your name server.
● Test your Name Server on Internet.
● Mission accomplished!
27
Troubleshooting DNSnslookup (Interactive mode)Set options:
novc nodebug nod2
search recurse
timeout = 0 retry = 2 port = 53
querytype = A class = IN
srchlist = senecac.on.ca
28
DNS Troubleshootingnslookup● set type=value
– A, CNAME, MX, SOA, NS, PTR, ANY
● set debug - Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. (Default = nodebug)
29
DNS Troubleshootingnslookup● Set norecurse - Tell the name server NOT to
query other servers if it does not have the information. (Default = recurse; abbreviation = [no] rec)
rndc- name server control utility– reload, status, dumpdb,
30
DNS ToolsThe following utilities come with the bind-utils package:
● nslookup● dig ● host
Consult the man for more details on how to use them.
31
RFCs● 1032 – Domain Administrator's Guide
● 1033 – Domain Administrator Operation Guide
● 1034 – Domain Names – Concepts and Facilities
● 1035 – Domain Names – Implementation and Specification
● 1713 – Tools for DNS debugging
● 1912 – Common DNS operational and Config. Errors
● More ...
32
DNS
Q & A