Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
-
Upload
wesley-nicholson -
Category
Documents
-
view
224 -
download
0
Transcript of Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries
Name Server Function
The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.
Why not use an address?
Names are easier to remember (google.com vs 206.23.9.4)
Multiple addressing schemes can be used (IPv4 and IPv6)
We can relocate the resource without affecting the user's view of the network
We can duplicate the resource for resilience
History of Name Servers Historically used files to name local
devices 1974'ish IBM's SNA contained name
translation capabilities 1978 Open system Interconnect (OSI)
Model – Name/Address Translation (L4) 1984 NetBIOS Name Server -> WINS 1981 – 1987 RFC 1034/1034 DNS
Name Server becomes Critical No Name Server = no network
access Resilience Performance
Number of Names LANS – 10s ->1,000s of addresses WANs (Internet) 1,000s -> millions
Frequency of Change
Domain Name System (DNS)
Multiple Name Servers Performance Resilience
Hierarchy of names (Domains) volume of names frequency of changes performance
DNS Name Hierarchy Organized into tree hierarchy
Top of the tree is called the root Each branch is called a Domain
Any number of branches or levels Top Level Domain (TLD), Second Level Domain
(SLD) Responsibility for Domain is Delegated Each Level is Authoritative
DNS Hierarchy
Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.
DNS Domain Name
Typical user domain name Each level is separated by dots Highest level is on the right Authority controls everything to the left
left of example.com in above case Authority may delegate
www.example.com
DNS TLD's gTLDs (generic Top Level Domains)
.com, .net, .org, .mil, .edu, .int, etc.
Some are open .com, .net, .org
Some restricted .mil, .edu, .int
Since 2004 sTLDs Sponsored
.coop, .museum, .aero, .travel, .jobs, .mobi, .cat, .tel, .asia Generic .info, .biz, .pro, .name
Since 2011 auction (essentially no limits only $)
DNS TLDsccTLDs (country code)
.us, .ca, .uk etc. Defined by ISO 3166
.arpa (technically a gTLD) ICANN (IANA) use only specialized uses
DNS – Some Terminology TLD
Top Level Domain SLD
Second Level Domain Can be used to refer to a user domain Confusing since in many countries the
user domain is the third level (TLD!)
Delegation and AuthorityOwner is authoritative at levelOwner may do anything to left of
nameOwner may delegate
DNS Domain Name
With the ending dot Fully Qualified Domain Name (FQDN) unambiguously defines a name to the root the dot (.) is the root and is normally
silent
www.example.com.
Domain Nameswww.example.md.uswww.guardian.co.ukwww.bancobrasil.com.brftp.example.orgwww.nashville.tn.uswww.br.example.netwww.un.int
DNS - Operations/Protocol Authoritative DNS at every level in
name hierarchy DNS is interrogated using queries
Port 53 UDP (mostly) 512 byte blocks (EDNS0 64K)
Other Operations TCP on port 53
DNS Operations
root DNS Servers
user DNS Servers(example.com)
TLD DNS Servers
www.example.com
Queries
Query
Query
Query
Referral
Answer
Referral
DNS Operations Authoritative Name Server at every
level in domain name Name lookup asks (Queries) each
level in hierarchy If Name Server not authoritative it
returns a referral to next level If Name Server authoritative it
returns an answer
DNS - Operations 13 root servers a.root-servers.net – m.root-servers.net gTLD/ccTLD servers – variable
.com = 12 .net = 12 .org = 6
User servers – variable 2 minimum (Microsoft 5, Google 4)
DNS Operations
root DNS Servers
user DNS Servers(example.com)
TLD DNS Servers
www.example.com
caching DNS Server
Resolver
Queries
DNS Servers and Resolvers DNS (name) servers are:
Authoritative Caching Combinations
Resolvers are: Never Authoritative Full – Function (follows referrals) Stub-Resolver (cannot follow referrals) Caching Stub-Resolver
Authoritative DNSMay be a Master or Slave
Sometimes called Primary and Secondary
Responds authoritatively to a query for the complete address example.com authoritative server will
respond to www.example.com
DNS - Master and Slave Master reads zone file from local storage Slave reads via network from Master Both Master and Slave are Authoritative May be one or more Slaves May be no slaves (multiple Masters) May be no visible masters (hidden
Master)
DNS – Zone Transfers Passive – Slave Initiated
Slave reads zone record (SOA) periodically Full Transfer (AXFR) Incremental Transfer (IXFR) Uses TCP on port 53
Active - Master sends NOTIFY Slave reads SOA on receipt of NOTIFY AXFR or IXFR Speeds up zone change propagation to slaves
DNS QueriesRecursive Queries
requested server will provide answer Optional
Iterative (non-recursive) Queries Server will provide answer if available Else sends referral Mandatory
DNS - Queries Locally configured DNS (properties)
will always point to a recursive (caching) name server
PC have stub-resolvers (cannot follow referrals)
Windows have caching resolver stub-resolver cache for performance