DNSDomain Name Service

america.pcs.cnu.edu->137.155.2.10

BIND an implementation of DNS

• A resolver for the client– libraries linked into client code

• A server NAMED

• Database files with the mapping

Client App

Resolver library Named

Database

But it’s a little more complicated

• The client asks the server

• Server sometimes has to ask other servers for answers

• Each domain (pcs…) has responsibility for its own machines

Client

Server

pcs.cnu.edu

Internet

A Distributed System

• The internet has a collection of servers

• Each domain takes care of its own

• If a server can’t find the IP address, it either directly asks or forwards the request to a server which helps.

• Redundancy is important

• You design your server approach

• Physical location of server in domain is NOT required

Domains(root)

edu gov mil com others

cnu odu wm

pcs

isl

math

Domains can delegateresponsibility for some ofthe domain to others

Types of servers

• Resolver Only (NO server on client machine

• Primary

• Secondary– gets info from primary

• Caching only (slave)– only caches what it retrieves – does not get updates from servers

A typical design

Internet

primary

secondary

secondary secondary

slave slave slave slave slave slave

Configuring the client(resolver)

• Every machine is a client

• The process of looking up a name is configured in a file : resolv.conf

• Tells the library linked into your code– how to search for names (domain entries)– where to look for names(nameserver entries)

domain pcs.cnu.edunameserver 137.155.2.10nameserver 137.155.12.24

Exampleresolv.conf

domain entry

Unix% telnet sappho

What is the IP of this machine?

domain pcs.cnu.edunameserver 137.155.2.10nameserver 137.155.12.24

RESOLVER

server

Find the IP of sappho.pcs.cnu.edu.

A user types this

NOTE: multiple domains can be listed (add cnu.edu)

nameserver entry

domain pcs.cnu.edunameserver 137.155.2.10nameserver 137.155.12.24

RESOLVER

First ask 137.155.2.10what the IP is

Second ask 137.155.12.24what the IP is if there is noanswer from 137.155.2.10

Windows has the same info in network/TCPIP/properties

That’s it for the client!Two entries in resolv.conf

Now for the server!Lots more options

More types of servers

Servers and domains

cnu.edu

pcs.cnu.edu

america

sappho

drake

wm.edu

bio.wm.edu

BioNs

frogs

WmNs

rootserver rootserver

edu

8

2

3

4

5 67

91

sappho wants tocontactfrogs.bio.wm.edu

1-sappho asks its nameserver (america .. from resolv.conf)2-america doesn’t know so asks rootserver from cache3- rootserver knows only knows .edu and forwards request 4- edu server responds to america with an answer for wm.edu5-america contacts wm.edu nameserver WmNs which has delegated a subdomain to BioNs6- WmNs contacts nameserver BioNs to which is the nameserver for bio.wm.edu7- BioNs responds to WmNs with the IP for frogs8- WmNs responds to america with the IP for frogs9- america responds to sappho with the IP for frogs.

As responses are generated, names and servers are cached for subsequent use. E.g. 6-7 could be bypassed if WmNs has already asked BioNs about frogs

Queries

• nameserver entry directs the request• Servers can be set up to forward requests or

to go directly to rootservers (america bypasses drake in this example)

• General approach is to resolve from the top

• Results are cached for future use

• Nameservers are not always physically located in the domain they serve

Major files at a server

• Named.boot– tells the server (named) where its data is stored

and for which domains it has responsibility as the primary server

• Database files– primary has THE copy of mappings– secondary is told where to get copies and where

to store them

named.bootdirectory /whatever (/etc/named)primary localhost localhostprimary 0.0.127.IN-ADDR.ARPA localrev.dnscache . cache

Caching only

directory /whatever (/etc/named)primary pcs.cnu.edu pcs.dnsprimary 2.155.137.IN-ADDR.ARPA pcsrev.dnsprimary localhost localhostprimary 0.0.127.IN-ADDR.ARPA localrev.dnscache . cache

Primary(for pcs net)

(assume at 137.155.2.10)

directory /whatever (/etc/named)primary wm.edu wm.dnsprimary 146.138.IN-ADDR.ARPA wmrev.dnssecondary pcs.cnu.edu 137.155.2.10 pcs.dnssecondary 2.155.137.IN-ADDR.ARPA pcsrev.dnsprimary localhost localhost primary 0.0.127.IN-ADDR.ARPA localrev.dnscache . cache

Secondary(for pcs but could

be located anywhere!)

Primaryfor wm.edu

Primary named.boot

directory /whatever (/etc/named)primary pcs.cnu.edu pcs.dnsprimary 2.155.137.IN-ADDR.ARPA pcsrev.dnsprimary localhost localhostprimary 0.0.127.IN-ADDR.ARPA localrev.dnscache . cache

Primary(for pcs net)

(assume at 137.155.2.10)

This server stores files in /whatever directoryusually someplace in /etc like /etc/named

Primary server for pcs.cnu.edu andstores THE database for that domain in /whatever/pcs.dnsName(pcs.dns) is not important

All servers take of this for their self

Reverse dns for the pcs domain

Reverse dns for the loopback

Cache initializationstarts out with rootserversstored in /whatever/cache

Secondary named.boot

directory /whatever (/etc/named)primary wm.edu wm.dnsprimary 146.138.IN-ADDR.ARPA wmrev.dnssecondary pcs.cnu.edu 137.155.2.10 pcs.dnssecondary 2.155.137.IN-ADDR.ARPA pcsrev.dnsprimary localhost localhost primary 0.0.127.IN-ADDR.ARPA localrev.dnscache . cache

Secondary(for pcs but could

be located anywhere!)

Primaryfor wm.edu

Primary server for wm.eduwith database in wm.dns

Reverse dns for wm.edu whichis in 138.146.0.0 subnet

Secondary dns for pcs.cnu.edugets files from 137.155.2.10 whichis the primary server for that domain

Secondary reverse dns for pcs domain

Root servers

• Initialize your cache with root servers..done

• periodically update the list via ftp from– ftp site nic.ddn.mil– file netinfo/root-servers.txt

99999999 IN NS TERP.UMD.EDU. 99999999 IN NS AOS.BRL.MIL. 99999999 IN NS C.NYSER.NET. 99999999 IN NS A.ISI.EDU. TERP.UMD.EDU. 99999999 IN A 128.8.10.90 AOS.BRL.MIL. 99999999 IN A 192.5.25.82 C.NYSER.NET. 99999999 IN A 192.33.4.12 A.ISI.EDU. 99999999 IN A 26.3.0.103 AND OTHERS ..

DNS Server Database entries

An example for localhost for sappho

; @ is used to indicate the domain is the same as ORIGIN ; ORIGIN defined in named.boot for each domain ; here it would be localhost.@ IN SOA localhost. dgame.pcs.cnu.edu. ( 1 ; serial or version # change w/mods 36000 ; refresh every 100 hours 3600 ; retry after 1 hour 3600000; expire after 1000 hours 36000 ; default ttl is 100 hours ) IN NS localhost. IN A 127.0.0.1

Simple server db file ; ORIGIN for this should be defined as pcs.cnu.edu@ IN SOA america.pcs.cnu.edu. root.pcs.cnu.edu. ( ( 10000, 43000, 3600, 3600000, 2592000 )

; nameservers IN NS america.pcs.cnu.edu. ; NOTE . On endisl IN NS xyz.isl.pcs.cnu.edu. ; delegates subdomain to isl

; name server Ipsxyz.isl.pcs.cnu.edu. IN A 137.155.38.12america.pcs.cnu.edu. IN A 137.155.2.10sappho IN A 137.155.2.20endeavor IN A 137.155.2.21 …. ; mail server IN MX 5 mail.pcs.cnu.edu. ;5 is priority ; define mail servermail IN A 137.155.2.10

Reverse DNS137.155.2.20 -> sappho.pcs.cnu.edu

Exists within the DNS system

com edu

cnu wm

arpa

in-addr

137

155

2

(db file)

Reverse DNS example db file

; reverse dns for 137.155.0.0$ORIGIN 155.137.in-addr.arpa.@ SOA drake.cnu.edu. root.cnu.edu. ( 10 80000 3600 3600000 600000 ) IN NS drake.cnu.edu. ; found through normal dns2 IN NS america.pcs.cnu.edu.210.12 IN PTR drake.pcs.cnu.edu.213.12 IN PTR pompeii.pcs.cnu.edu.

137.155.12.213 -> pompeii137.155.12.210 -> drake

Example serverfor cnu.edu

(delegate subnet 2)

; reverse dns for 137.155.2.0$ORIGIN 2.155.137.in-addr.arpa.@ SOA america.pcs.cnu.edu. root.pcs.cnu.edu. ( 10 80000 3600 3600000 600000 ) IN NS america.pcs.cnu.edu.20 IN PTR sappho.pcs.cnu.edu.21 IN PTR endeavor.pcs.cnu.edu.

Example serverfor pcs.cnu.edu

(delegated subnet 2)

137.155.2.21 -> endeavor137.155.2.20 -> sappho

How are these started?

• named is in one of your startup scripts– reads basic configuration information from named.boot

– reads all of the data base files or contacts the primary servers

• resolver does not “start”– part of your application code– checks resolv.conf when application runs

• resolver and named create BIND system

Checking it out with nslookup

• An interactive program to let you check configuration

• Available on unix

• Responds with server used and response

• Can set type of responses requested

• You can control which server is used

• Try the exercise on-line at – www.pcs.cnu.edu/~dgame/cs336/topics/DNS/nslookup.html