DNS & PNRP
description
Transcript of DNS & PNRP
![Page 1: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/1.jpg)
DNS & PNRPName Resolution in Windows Server 2008 (R2)
![Page 2: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/2.jpg)
Name Resolution Overview NetBIOS name resolution Host name resolution Peer Name Resolution
![Page 3: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/3.jpg)
Name Resolution Overview NetBIOS name resolution
* Originally a broadcast-based NR protocol in PC-LAN & LM networks on top of NetBEUI* Based on single-label names (non-hierarchical)* Uses lmhosts (static) files, broadcasts and WINS (NBNS) servers in TCP/IP networks
Host name resolution* Original ARPANET (Internet) NR protocol* Based on multi-level names (hierarchical)* Distributed database model* Uses hosts (static) files and DNS Servers
![Page 4: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/4.jpg)
Name Resolution Overview Peer Name Resolution
* Strictly for IPv6 addresses* Distributed and serverless protocol* Real-time updates* Adresses computers, ports and services* Unsecured or secured with PK-cryptography
![Page 5: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/5.jpg)
Protocol stack comparison
P
A
D
N
T
S
P
NetBIOS Interface WinSock Interface
LLCMAC
NetBEUI(NBF)
SMB
SMB, CIFS, HTTP
TCP UDP
IP
medium
ARP, PPP, xDLC802.n
Broadcast NR Traffic Unicast NR Traffic
medium
802.n
![Page 6: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/6.jpg)
Protocol stack comparison
P
A
D
N
T
S
P
NetBIOS InterfaceWinSock Interface
LLCMAC
SMB
SMB, CIFS, HTTP
TCP UDP
IP
medium
ARP, PPP, xDLC802.n
Broadcast NR Traffic Unicast NR Traffic
NBT
NetBIOS over TCP/IP helper
![Page 7: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/7.jpg)
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
.yale .ucla.mit
.army.airforce.navySecond LevelDomains
.math.physics
.lawThird LevelDomains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
![Page 8: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/8.jpg)
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
.yale .ucla.mit
.army.airforce.navySecond LevelDomains
.math.physics
.lawThird LevelDomains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
![Page 9: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/9.jpg)
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
ISO 3166 country codes
.be.de
.jp.fr
.nl.il .ru .tw .tv.nu.au
.gb.gb
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
![Page 10: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/10.jpg)
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
ISO 3166 country codes
.be.de
.jp.fr
.nl.il .ru .tw .tv.nu.au
.ukccTLD’s
Country codeTop Level Domains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
![Page 11: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/11.jpg)
m.root-servers.net.
202.12.27.33l.root-servers.net.198.32.64.12k.root-servers.net.
193.0.14.129j.root-servers.net.198.41.0.10i.root-servers.net.192.36.148.17h.root-servers.net.
128.63.2.53g.root-servers.net.
192.112.36.4f.root-servers.net.192.5.5.241e.root-servers.net.
192.203.230.10d.root-servers.net.
128.8.10.90c.root-servers.net.
192.33.4.12b.root-servers.net.
128.9.0.107a.root-servers.net.
198.41.0.4
Recursive query“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? Root hints
Own zone? No!…
Cached? No!…
Cached? No!…Ask my DNS server
www
![Page 12: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/12.jpg)
Iterative query“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? www.amazon.com?
Don’t know … ask .com
server!www.amazon.com?
amazon.com NS = 93.151.75.200 !www.amazon.com?
Oh, it’s … 93.151.75.13!
www
![Page 13: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/13.jpg)
Recursive response“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? www.amazon.com?
Don’t know … ask .com
server!www.amazon.com?
amazon.com NS = 93.151.75.200 !www.amazon.com?
Oh, it’s … 93.151.75.13!
Ah, i
t’s
…
93.1
51.7
5.13
!
www
![Page 14: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/14.jpg)
Recursive response“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
?
www
Cached: www.amazon.com = 93.181.75.13TTL = 3600
![Page 15: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/15.jpg)
Domain vs. Zone
Domain is a node in the Internet namespace
Root domain is largest domain Zone is a file that contains records
for a domain with or without child domains
Zones can only contain contiguous domains
Child domains can be delegated to separate DNS servers (=zone delegation)
![Page 16: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/16.jpg)
Domain vs. Zone.a
rpa .in
t
.gov
.mil
.co
m
.net
.ed
u
.org
.ccTLD’s
.acm
e.a
maz
on.b
ol.h
p.m
icro
soft
.con
toso
.goo
gle
.mys
pace
.you
tube
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
Root Domain
.com Domain.microsoft Domain
“.” (root)
![Page 17: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/17.jpg)
Domain vs. Zone.a
rpa .in
t
.gov
.mil
.co
m
.net
.ed
u
.org
.ccTLD’s
.acm
e.a
maz
on.b
ol.h
p.m
icro
soft
.con
toso
.goo
gle
.mys
pace
.you
tube
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
![Page 18: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/18.jpg)
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Single contiguous DNS zonefilecontains all records for domains:microsoft.comone.microsoft.comtechnet.microsoft.commsdn.microsoft.commcp.microsoft.comupdate.microsoft.comsupport.microsoft.com
![Page 19: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/19.jpg)
Domain vs. Zone
.co
m.m
icro
soft
“.” (root)
DNS zonefilecontains only records for:microsoft.com
Delegated zonesEach DNS server contains a separate zone for each delegation:one.microsoft.comtechnet.microsoft.commsdn.microsoft.commcp.microsoft.comupdate.microsoft.comsupport.microsoft.com
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
![Page 20: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/20.jpg)
Partly delegated contiguous DNS zonefilecontains records for:microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Delegated zonesEach DNS server contains a separate zone for each delegation:update.microsoft.comsupport.microsoft.com
![Page 21: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/21.jpg)
Partly delegated contiguous DNS zonefilecontains records for:microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Illegal delegationDomains .update and .support are non-contiguous(common parent needed)
![Page 22: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/22.jpg)
Zone types
Primary zone Secondary zone Stub zone AD integrated zone (acts as primary
zone) RODC AD integrated zone (acts as
primary Read-Only zone)
![Page 23: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/23.jpg)
Primary Zone
.co
m
“.” (root)
Primary Zone file contains R/W-version of data
acme.com.dnsacme.com IN SOAwww.acme.com 10.10.0.50srv1.acme.com 10.10.0.20mail.acme.com 10.10.0.30
Manual updates
Automatic updates
Refreshes
ns1.acme.com 10.10.0.40ns2.acme.com 10.10.0.60pc1.acme.com 10.10.0.100pc2.acme.com 10.10.0.101pc3.acme.com 10.10.0.102
.acm
e
![Page 24: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/24.jpg)
Secondary Zone
Primary Zone file contains R/W-version of data
acme.com.dnsacme.com IN SOAwww.acme.com 10.10.0.50srv1.acme.com 10.10.0.20mail.acme.com 10.10.0.30
Manual updates
Automatic updates
Refreshes
ns1.acme.com 10.10.0.40ns2.acme.com 10.10.0.60pc1.acme.com 10.10.0.100pc2.acme.com 10.10.0.101pc3.acme.com 10.10.0.102
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
![Page 25: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/25.jpg)
Secondary Zone
Primary Zone file contains R/W-version of data
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
Request full zone transfer (AXFR)
Authorized?…Yes!
And Full Zone Transfer (AXFR)
![Page 26: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/26.jpg)
DNS Notify
Primary Zone file contains R/W-version of data
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
And Incremental Zone Transfer (IXFR)
Update
DNS Notify
Database version increment
Get SOA recordVersion increment = 1IXFR (1 record)(send 1 record)
Database version increment
![Page 27: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/27.jpg)
Aging and Scavenging
T0
Dis
cover O
ffer
Request
Ackn
ow
led
ge
Registe
r D
NS
Request
Ackn
ow
led
ge
Registe
r D
NS
Request
Ackn
ow
led
ge
Registe
r D
NS
Tl
1 st No-Refresh Interval Refresh Interval2nd No-Refresh Interval
DHCP
DNS
Lease
0,5 Lease Renewed Lease
0,5 Lease Renewed Lease
Zone fileversion: 1
2
3
![Page 28: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/28.jpg)
Aging and Scavenging
T0
Dis
cover O
ffer
Request
Ackn
ow
led
ge
Registe
r D
NS
Tl
1 st No-Refresh Interval Refresh Interval
DHCP
Lease
0,5 Lease
Scavenging Interval
DNS
![Page 29: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/29.jpg)
Reverse Lookups
Resolve IP-addresses to FQDN’s Reverse indexes the Internet Uses the in-addr.arpa or ip6.arpa
Domain Requires participation of domain
holders Used for inbound SMTP server
determination(and more)
![Page 30: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/30.jpg)
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.Internet rootdomaingTLD
2nd Leveldomain
3rd Leveldomain
Hostname
Left-to-rig
ht = Up th
e hierarchy
![Page 31: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/31.jpg)
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201/24191.124.17.201
Host-IDNet-IDLeft-to-right = Down the hierarchy
![Page 32: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/32.jpg)
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201/24191.124.17.201
Host-IDNet-IDLeft-to-right = Down the hierarchy
![Page 33: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/33.jpg)
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201
201.17.124.191.in-addr.arpa.“Host-ID” “Internet root”Left-to-right = Up the hierarchy
![Page 34: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/34.jpg)
Reverse Lookups
Example IP-address 191.124.17.201 Find PTR 201.17.124.191.in-
addr.arpa. Iterates between DNS servers to find:
17.124.191.in-addr.arpa zone Finds 201 PTR record with name:
201 IN PTR srv3.acme.com Responsibility of acme.com domain
holder to maintain PTR records
![Page 35: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/35.jpg)
Reverse Lookups.in
t
.gov
.mil
.in-a
ddr
.arp
a
.org
.ccTLD’s
1 2 3 … 191
192
… 254
255
1
“.” (root)
2 3 … 124
125
… 254
255
2 3 … 17 18 … 254
255
1
17.124.191.in-addr.arpa.acme.com IN SOA……199 PTR srv1.acme.com200 PTR srv2.acme.com201 PTR srv3.acme.com202 PTR srv4.acme.com……
What name belongs to IP:191.124.17.201 ?
srv3.acme.com !
191
.in-addr.arpa191.124.17.201.
![Page 36: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/36.jpg)
Peer Name Resolution Protocol Mentioned on P2P conference
November 2001 July 2003: Advanced Networking Pack
for XP Later SP2 for XP PNRP 2.0 in Windows Vista, available for
XP PNRP 2.1 in:
* Windows Vista SP1* Windows Server 2008* Windows XP SP3* Windows 7 Easy Connect (Remote Assistance)
![Page 37: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/37.jpg)
Peer Name Resolution Protocol
PNRP Clouds:A Cloud is a group of connected PNRP nodes(any node can resolve a name published by another node in the cloud)
Three cloud scopes:1. Global2. Site Local (deprecated)3. Link Local
When starting PNRP service it joins multiple clouds
Transient connectivity and shortcomings in DNS
Easily scales to billions of names
![Page 38: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/38.jpg)
Peer name is a communications endpoint
Consists of Authority.Classifier (256 bits)
P2P and PNRP ID’s
e06bf33a5b21 …
SHA-1
. Friendly Name
= P2P ID
SHA-1
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits) = PNRP ID
Authority Classifier
256 bits
![Page 39: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/39.jpg)
Peer name is a communications endpoint
Consists of Authority.Classifier (256 bits)
P2P and PNRP ID’s
e06bf33a5b21 …
SHA-1
. Friendly Name
= P2P ID
SHA-1
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits) = PNRP ID
Authority Classifier
256 bits
PNRP ID
![Page 40: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/40.jpg)
Authority = 0 if unsecure, value if secure
P2P and PNRP ID’s
PNRP ID
Cache
![Page 41: DNS & PNRP](https://reader036.fdocuments.in/reader036/viewer/2022081514/5681547d550346895dc2937d/html5/thumbnails/41.jpg)
End
Questions??