Chapter 17

51
TCP/IP Protocol Suite 1 Chapter 17 Chapter 17 Upon completion you will be able to: Domain Name Domain Name System: DNS System: DNS Understand how the DNS is organized Know the domains in the DNS Know how a name or address is resolved Be familiar with the query and response formats Understand the need for DDNS Objectives

description

Chapter 17. Domain Name System: DNS. Objectives. Upon completion you will be able to:. Understand how the DNS is organized Know the domains in the DNS Know how a name or address is resolved Be familiar with the query and response formats Understand the need for DDNS. - PowerPoint PPT Presentation

Transcript of Chapter 17

Page 1: Chapter   17

TCP/IP Protocol Suite 1

Chapter 17Chapter 17

Upon completion you will be able to:

Domain NameDomain NameSystem: DNSSystem: DNS

• Understand how the DNS is organized• Know the domains in the DNS• Know how a name or address is resolved• Be familiar with the query and response formats• Understand the need for DDNS

Objectives

Page 2: Chapter   17

TCP/IP Protocol Suite 2

17.1 NAME SPACE

The names assigned to machines must be unique because the addresses The names assigned to machines must be unique because the addresses are unique. A name space that maps each address to a unique name can are unique. A name space that maps each address to a unique name can be organized in two ways: flat or hierarchical.be organized in two ways: flat or hierarchical.

The topics discussed in this section include:The topics discussed in this section include:

Flat Name Space Flat Name Space Hierarchical Name Space Hierarchical Name Space

Page 3: Chapter   17

TCP/IP Protocol Suite 3

17.2 DOMAIN NAME SPACE

The domain name space is hierarchical in design. The names are The domain name space is hierarchical in design. The names are defined in an inverted-tree structure with the root at the top. The tree can defined in an inverted-tree structure with the root at the top. The tree can have 128 levels: level 0 (root) to level 127.have 128 levels: level 0 (root) to level 127.

The topics discussed in this section include:The topics discussed in this section include:

Label Label Domain Name Domain Name Domain Domain

Page 4: Chapter   17

TCP/IP Protocol Suite 4

Figure 17.1 Domain name space

Page 5: Chapter   17

TCP/IP Protocol Suite 5

Figure 17.2 Domain names and labels

Page 6: Chapter   17

TCP/IP Protocol Suite 6

Figure 17.3 FQDN and PQDN

Page 7: Chapter   17

TCP/IP Protocol Suite 7

Figure 17.4 Domains

Page 8: Chapter   17

TCP/IP Protocol Suite 8

17.3 DISTRIBUTION OF NAME SPACE

The information contained in the domain name space is distributed The information contained in the domain name space is distributed among many computers called DNS servers. among many computers called DNS servers.

The topics discussed in this section include:The topics discussed in this section include:

Hierarchy of Name Servers Hierarchy of Name Servers Zone Zone Root Server Root Server Primary and Secondary Servers Primary and Secondary Servers

Page 9: Chapter   17

TCP/IP Protocol Suite 9

Figure 17.5 Hierarchy of name servers

Page 10: Chapter   17

TCP/IP Protocol Suite 10

Figure 17.6 Zones and domains

Page 11: Chapter   17

TCP/IP Protocol Suite 11

A primary server loads all information from the disk file; the secondary server loads all information from the primary server. When the secondary downloads

information from the primary, it is called zone transfer.

Note:Note:

Page 12: Chapter   17

TCP/IP Protocol Suite 12

17.4 DNS IN THE INTERNET

The domain name space (tree) is divided into three different sections: The domain name space (tree) is divided into three different sections: generic domains, country domains, and the inverse domain.generic domains, country domains, and the inverse domain.

The topics discussed in this section include:The topics discussed in this section include:

Generic Domains Generic Domains Country Domains Country Domains Inverse Domain Inverse Domain Registrar Registrar

Page 13: Chapter   17

TCP/IP Protocol Suite 13

Figure 17.7 DNS used in the Internet

Page 14: Chapter   17

TCP/IP Protocol Suite 14

Figure 17.8 Generic domains

Page 15: Chapter   17

TCP/IP Protocol Suite 15

Table 17.1 Table 17.1 Generic domain labelsGeneric domain labels

Page 16: Chapter   17

TCP/IP Protocol Suite 16

Table 17.1 Table 17.1 Generic domain labels (Continued)Generic domain labels (Continued)

Page 17: Chapter   17

TCP/IP Protocol Suite 17

Figure 17.9 Country domains

Page 18: Chapter   17

TCP/IP Protocol Suite 18

Figure 17.10 Inverse domain

Page 19: Chapter   17

TCP/IP Protocol Suite 19

17.5 RESOLUTION

Mapping a name to an address or an address to a name is called name-Mapping a name to an address or an address to a name is called name-address resolution.address resolution.

The topics discussed in this section include:The topics discussed in this section include:

Resolver Resolver Mapping Names to Addresses Mapping Names to Addresses Mapping Addresses to Names Mapping Addresses to Names Recursive Resolution Recursive Resolution Iterative Resolution Iterative Resolution Caching Caching

Page 20: Chapter   17

TCP/IP Protocol Suite 20

Figure 17.11 Recursive resolution

Page 21: Chapter   17

TCP/IP Protocol Suite 21

Figure 17.12 Iterative resolution

Page 22: Chapter   17

TCP/IP Protocol Suite 22

17.6 DNS MESSAGES

The DNS query message consists of a header and question records; the The DNS query message consists of a header and question records; the DNS response message consists of a header, question records, answer DNS response message consists of a header, question records, answer records, authoritative records, and additional records.records, authoritative records, and additional records.

The topics discussed in this section include:The topics discussed in this section include:

Header Header

Page 23: Chapter   17

TCP/IP Protocol Suite 23

Figure 17.13 DNS messages

Page 24: Chapter   17

DNS Message Formats

Two basic types: Query and Response

Page 25: Chapter   17

TCP/IP Protocol Suite 25

Figure 17.15 Header format

Page 26: Chapter   17

Identification: 2 byte field so client may match response to the question. Client creates number,Server just repeats the number in the request

Flags: QR Query/Response: One bit 0=query 1=responseOpcode: four bits define type of query or response 0=normal 1=inverse,

2=server statusis requested

AA authoritative answer: One bit value of 1 means server responding is authoritative server

TC truncated: One bit if it equals 1 means answer was larger than than 512 bytes and was

truncated RD recursion desired: one bit if set to 1 means we want a recursive answerRA recursion available: One bit when set to 1 means a recursive response is

available. This isset only in the response messageReserved: three bit field set to 000rCode: Four bit field contains error status

Number of Question Records: two byte field with number of queries in the question section

of the message

Number of Answer Records: two byte field with number of answers contained in answer section

of the messageNumber of Authoritative Records: Two byte field containing the number of authoritative records in the

authoritative records section of a response messageNumber of Additional Records: Two byte field containing the number additional records in the

additional section of a response message.

Header:

Page 27: Chapter   17

Question Section: Section consisting of one or more question records. Exists in both query and response

Answer Section: Section consisting of one or more answer records. Exists in response only.

Authoritative Section: Section consisting of one or more resource records. Exists in response only. This contains the domain name about one or more of the authoritative servers for the query.

Additional Info Section: Contains one or more resource records. Exists in response only.

Remainder of DNS Message Format

Page 28: Chapter   17

TCP/IP Protocol Suite 28

Table 17.2 Table 17.2 Values of rCodeValues of rCode

Page 29: Chapter   17

TCP/IP Protocol Suite 29

17.7 TYPES OF RECORDS

Two types of records are used in DNS. The question records are used in Two types of records are used in DNS. The question records are used in the question section of the query and response messages. The resource the question section of the query and response messages. The resource records are used in the answer, authoritative, and additional information records are used in the answer, authoritative, and additional information sections of the response message.sections of the response message.

The topics discussed in this section include:The topics discussed in this section include:

Question Record Question Record Resource Record Resource Record

Page 30: Chapter   17

Query Name: Variable length field containing a domain name

Query Type: 2 byte filed containing the type of query:Type Mnemonic Details1 A IP Address. Convert a domain name to IP address2 NS Name Server. IDs authoritative server for a zone5 CNAME Canonical Name. Defines an alias for official name of a host12 PTR Convert an IP address to a domain nameetc

Query Class: 2 Byte field specifying the protocol using DNS. Internet has a value of 1.

Question Record Format

(Each count byte is a binary value between 0 and 63, count bytes are not ASCII)

Page 31: Chapter   17

Resource Record Format

Resource records are returned from server to client

Domain Name: Variable length field containing domain name

Domain Type: Same as query type field from before but a reduced “Query type” list

Domain Class: 2 Byte field specifying the protocol using DNS. Internet has a value of 1.

Time to Live: 4 byte field with number of seconds answer is valid. Receiver can cache this answer for this period of time

Resource Data Field Length: 2 bytes representing the length of the resource data field

Resource Data: Variable length field containing answer to query

Page 32: Chapter   17

TCP/IP Protocol Suite 32

Table 17.3 Table 17.3 TypesTypes

Page 33: Chapter   17

TCP/IP Protocol Suite 33

Table 17.4 Table 17.4 ClassesClasses

Page 34: Chapter   17

TCP/IP Protocol Suite 34

17.8 COMPRESSION

DNS requires that a domain name be replaced by an offset pointer if it is DNS requires that a domain name be replaced by an offset pointer if it is repeated. DNS defines a 2-byte offset pointer that points to a previous repeated. DNS defines a 2-byte offset pointer that points to a previous occurrence of the domain name or part of it.occurrence of the domain name or part of it.

Page 35: Chapter   17

DNS does not repeat a domain name in an answer record when we have it echoed in thequestion section of the same message. This is called compression.

Instead of repeating DNS messages use an offset value to say how many bytes afterthe beginning of the message we can find the domain name already included in the message.

The pointer has the format:

Where the “address of the beginning byte” is counted in bytes from the beginning of the entire message. Start counting with zero as the first byte.

So in our example 0xC00C is 1100 0000 0000 1100 which means 1100 offset which is 12 bytes from the beginning of the entire DNS message.

Whew!

DNS Offset Pointer

Page 36: Chapter   17

TCP/IP Protocol Suite 36

A resolver sends a query message to a local server to find the IP address for the host “chal.fhda.edu.”. We discuss the query and response messages separately.

Example 1

QR OpCode AA TC RD RA Reserved rCode

0 0000 0 0 1 0 000 0000

Figure 17.21 shows the query message sent by the resolver. The first 2 bytes show the identifier (1333). It is used as a sequence number and relates a response to a query. Because a resolver may even send many queries to the same server, the identifier helps to sort responses that arrive out of order. The next bytes contain the flags with the value of 0x0100 in hexadecimal. In binary it is 0000000100000000, but it is more meaningful to divide it into the fields as shown below:

Page 37: Chapter   17

TCP/IP Protocol Suite 37

Figure 17.21 Example 1: Query message

Page 38: Chapter   17

TCP/IP Protocol Suite 38

Example 1 (Continued)

QR OpCode AA TC RD RA Reserved rCode

1 0000 0 0 1 1 000 0000

The QR bit defines the message as a query. The OpCode is 0000, which defines a standard query. The recursion desired (RD) bit is set. (Refer back to Figure 17.16 for the flags field descriptions.) The message contains only one question record. The domain name is 4chal4fhda3edu0. The next 2 bytes define the query type as an IP address; the last 2 bytes define the class as the Internet.

Figure 17.22 shows the response of the server. The response is similar to the query except that the flags are different and the number of answer records is one. The flags value is 0x8180 in hexadecimal. In binary it is 1000000110000000, but again we divide it into fields as shown below:

Page 39: Chapter   17

TCP/IP Protocol Suite 39

Example 1 (Continued)

The QR bit defines the message as a response. The OpCode is 0000, which defines a standard response. The recursion available (RA) and RD bits are set. The message contains one question record and one answer record. The question record is repeated from the query message. The answer record has a value of 0xC00C (split in two lines), which points to the question record instead of repeating the domain name. The next field defines the domain type (address). The field after that defines the class (Internet). The field with the value 12,000 is the TTL (12,000 s). The next field is the length of the resource data, which is an IP address (153.18.8.105).

Page 40: Chapter   17

TCP/IP Protocol Suite 40

Figure 17.22 Example 1: Response message

Page 41: Chapter   17

TCP/IP Protocol Suite 41

An FTP server has received a packet from an FTP client with IP address 153.2.7.9. The FTP server wants to verify that the FTP client is an authorized client. The FTP server can consult a file containing the list of authorized clients. However, the file consists only of domain names. The FTP server has only the IP address of the requesting client, which was the source IP address in the received IP datagram. The FTP server asks the resolver (DNS client) to send an inverse query to a DNS server to ask for the name of the FTP client. We discuss the query and response messages separately.

Example 2

Page 42: Chapter   17

TCP/IP Protocol Suite 42

Example 2 (Continued)

QR OpCode AA TC RD RA Reserved rCode

0 0001 0 0 1 0 000 0000

Figure 17.23 shows the query message sent from the resolver to the server. The first 2 bytes show the identifier (0x1200). The flags value is 0x0900 in hexadecimal. In binary it is 0000100100000000, and we divide it into fields

as shown below:

The OpCode is 0001, which defines an inverse query. The message contains only one question record. The domain name is 19171231537in-addr4arpa. The next 2 bytes define the query type as PTR, and the last 2 bytes define the class as the Internet.

Page 43: Chapter   17

TCP/IP Protocol Suite 43

Figure 17.23 Example 2: Inverse query message

Page 44: Chapter   17

TCP/IP Protocol Suite 44

Example 2 (Continued)

QR OpCode AA TC RD RA Reserved rCode

1 0001 1 0 1 1 000 0000

Figure 17.24 shows the response. The flags value is 0x8D80 in hexadecimal. In binary it is 1000110110000000, and we divide it into fields as shown below:

Page 45: Chapter   17

TCP/IP Protocol Suite 45

Figure 17.24 Example 2: Inverse response message

Page 46: Chapter   17

TCP/IP Protocol Suite 46

In UNIX and Windows, the nslookup utility can be used to retrieve address/name mapping. The following shows how we can retrieve an address when the domain name is given.

Example 3

$ nslookup fhda.eduName: fhda.eduAddress: 153.18.8.1

The nslookup utility can also be used to retrieve the domain name when the address is given as shown below:

$ nslookup 153.18.8.11.8.18.153.in-addr.arpa name = tiptoe.fhda.edu.

Page 47: Chapter   17

TCP/IP Protocol Suite 47

17.9 DDNS

The Dynamic Domain Name System (DDNS) updates the DNS master The Dynamic Domain Name System (DDNS) updates the DNS master file dynamically. file dynamically.

Page 48: Chapter   17

Dynamic Domain Name Service

DNS master database must be updated Dynamically

After a binding between a name and an IP has taken place, DHCP sends this info to a primaryDNS server

Primary Server updates the zone and sends message to secondary server

BIND (Berkeley Internet Name Domain) is an implementation of DNS, both server and client.

See: http://www.intac.com/~cdp/cptd-faq/

Page 49: Chapter   17

TCP/IP Protocol Suite 49

17.10 ENCAPSULATION

DNS uses UDP as the transport protocol when the size of the response DNS uses UDP as the transport protocol when the size of the response message is less than 512 bytes. If the size of the response message is message is less than 512 bytes. If the size of the response message is more than 512 bytes, a TCP connection is used. more than 512 bytes, a TCP connection is used.

Page 50: Chapter   17

TCP/IP Protocol Suite 50

DNS can use the services of UDP or TCP using the well-known port 53.

Note:Note:

Page 51: Chapter   17