Domain Name System: DNS - AOI...

TCP/IP Protocol Suite 1

Upon completion you will be able to:

Domain NameDomain NameSystem: DNSSystem: DNS

• Understand how the DNS is organized• Know the domains in the DNS• Know how a name or address is resolved• Be familiar with the query and response formats• Understand the need for DDNS

Objectives


17.1 NAME SPACE

TheThe namesnames assignedassigned toto machinesmachines mustmust bebe uniqueunique becausebecause thethe addressesaddressesareare uniqueunique.. AA namename spacespace thatthat mapsmaps eacheach addressaddress toto aa uniqueunique namename cancanbebe organizedorganized inin twotwo waysways:: flatflat oror hierarchicalhierarchical..

The topics discussed in this section include:The topics discussed in this section include:

Flat Name SpaceFlat Name SpaceHierarchical Name SpaceHierarchical Name Space


17.2 DOMAIN NAME SPACE

TheThe domaindomain namename spacespace isis hierarchicalhierarchical inin designdesign.. TheThe namesnames areare defineddefinedinin anan invertedinverted--treetree structurestructure withwith thethe rootroot atat thethe toptop.. TheThe treetree cancan havehave128128 levelslevels:: levellevel 00 (root)(root) toto levellevel 127127..


LabelLabelDomain NameDomain NameDomainDomain


Figure 17.1 Domain name space


Figure 17.2 Domain names and labels


Figure 17.3 FQDN and PQDN


Figure 17.4 Domains


17.3 DISTRIBUTION OFNAME SPACE

TheThe informationinformation containedcontained inin thethe domaindomain namename spacespace isis distributeddistributedamongamong manymany computerscomputers calledcalled DNSDNS serversservers..


Hierarchy of Name ServersHierarchy of Name ServersZoneZoneRoot ServerRoot ServerPrimary and Secondary ServersPrimary and Secondary Servers


Figure 17.5 Hierarchy of name servers


Figure 17.6 Zones and domains


A primary server loads all informationfrom the disk file; the secondary serverloads all information from the primaryserver. When the secondary downloads

information from the primary, it is calledzone transfer.

Note:Note:


17.4 DNS IN THE INTERNET

TheThe domaindomain namename spacespace (tree)(tree) isis divideddivided intointo threethree differentdifferent sectionssections::genericgeneric domains,domains, countrycountry domains,domains, andand thethe inverseinverse domaindomain..


Generic DomainsGeneric DomainsCountry DomainsCountry DomainsInverse DomainInverse DomainRegistrarRegistrar


Figure 17.7 DNS used in the Internet


Figure 17.8 Generic domains


Table 17.1Table 17.1 Generic domain labelsGeneric domain labels


Table 17.1Table 17.1 Generic domain labels (Continued)Generic domain labels (Continued)


Figure 17.9 Country domains


Figure 17.10 Inverse domain


17.5 RESOLUTION

MappingMapping aa namename toto anan addressaddress oror anan addressaddress toto aa namename isis calledcalled namename--addressaddress resolutionresolution..


ResolverResolverMapping Names to AddressesMapping Names to AddressesMapping Addresses to NamesMapping Addresses to NamesRecursive ResolutionRecursive ResolutionIterative ResolutionIterative ResolutionCachingCaching


Figure 17.11 Recursive resolution


Figure 17.12 Iterative resolution


17.6 DNS MESSAGES

TheThe DNSDNS queryquery messagemessage consistsconsists ofof aa headerheader andand questionquestion recordsrecords;; thetheDNSDNS responseresponse messagemessage consistsconsists ofof aa header,header, questionquestion records,records, answeranswerrecords,records, authoritativeauthoritative records,records, andand additionaladditional recordsrecords..


HeaderHeader


Figure 17.13 DNS messages


Figure 17.14 Query and response messages


Figure 17.15 Header format


Figure 17.16 Flags field


Table 17.2Table 17.2 Values of rCodeValues of rCode


17.7 TYPES OF RECORDS

TwoTwo typestypes ofof recordsrecords areare usedused inin DNSDNS.. TheThe questionquestion recordsrecords areare usedused ininthethe questionquestion sectionsection ofof thethe queryquery andand responseresponse messagesmessages.. TheThe resourceresourcerecordsrecords areare usedused inin thethe answer,answer, authoritative,authoritative, andand additionaladditional informationinformationsectionssections ofof thethe responseresponse messagemessage..


Question RecordQuestion RecordResource RecordResource Record


Figure 17.17 Question record format


Figure 17.18 Query name format


Table 17.3Table 17.3 TypesTypes


Table 17.4Table 17.4 ClassesClasses


Figure 17.19 Resource record format


17.8 COMPRESSION

DNSDNS requiresrequires thatthat aa domaindomain namename bebe replacedreplaced byby anan offsetoffset pointerpointer ifif itit isisrepeatedrepeated.. DNSDNS definesdefines aa 22--bytebyte offsetoffset pointerpointer thatthat pointspoints toto aa previouspreviousoccurrenceoccurrence ofof thethe domaindomain namename oror partpart ofof itit..


Figure 17.20 Format of an offset pointer


A resolver sends a query message to a local server to find theIP address for the host “chal.fhda.edu.”. We discuss the queryand response messages separately.

Example 1

QR OpCode AA TC RD RA Reserved rCode

0 0000 0 0 1 0 000 0000

Figure 17.21 shows the query message sent by the resolver. The first 2 bytesshow the identifier (1333). It is used as a sequence number and relates aresponse to a query. Because a resolver may even send many queries to thesame server, the identifier helps to sort responses that arrive out of order.The next bytes contain the flags with the value of 0x0100 in hexadecimal.In binary it is 0000000100000000, but it is more meaningful to divide it intothe fields as shown below:


Figure 17.21 Example 1: Query message


Example 1 (Continued)


1 0000 0 0 1 1 000 0000

The QR bit defines the message as a query. The OpCode is 0000, whichdefines a standard query. The recursion desired (RD) bit is set. (Refer backto Figure 17.16 for the flags field descriptions.) The message contains onlyone question record. The domain name is 4chal4fhda3edu0. The next 2bytes define the query type as an IP address; the last 2 bytes define the classas the Internet.

Figure 17.22 shows the response of the server. The response is similar to thequery except that the flags are different and the number of answer recordsis one. The flags value is 0x8180 in hexadecimal. In binary it is1000000110000000, but again we divide it into fields as shown below:



The QR bit defines the message as a response. The OpCode is 0000, whichdefines a standard response. The recursion available (RA) and RD bits areset. The message contains one question record and one answer record. Thequestion record is repeated from the query message. The answer record hasa value of 0xC00C (split in two lines), which points to the question recordinstead of repeating the domain name. The next field defines the domaintype (address). The field after that defines the class (Internet). The field withthe value 12,000 is the TTL (12,000 s). The next field is the length of theresource data, which is an IP address (153.18.8.105).


Figure 17.22 Example 1: Response message


An FTP server has received a packet from an FTP client withIP address 153.2.7.9. The FTP server wants to verify that theFTP client is an authorized client. The FTP server can consulta file containing the list of authorized clients. However, the fileconsists only of domain names. The FTP server has only the IPaddress of the requesting client, which was the source IPaddress in the received IP datagram. The FTP server asks theresolver (DNS client) to send an inverse query to a DNS serverto ask for the name of the FTP client. We discuss the query andresponse messages separately.

Example 2




0 0001 0 0 1 0 000 0000

Figure 17.23 shows the query message sent from the resolver to the server.The first 2 bytes show the identifier (0x1200). The flags value is 0x0900 inhexadecimal. In binary it is 0000100100000000, and we divide it into fieldsas shown below:

The OpCode is 0001, which defines an inverse query. The message containsonly one question record. The domain name is 19171231537in-addr4arpa.The next 2 bytes define the query type as PTR, and the last 2 bytes definethe class as the Internet.


Figure 17.23 Example 2: Inverse query message




1 0001 1 0 1 1 000 0000

Figure 17.24 shows the response. The flags value is 0x8D80 inhexadecimal. In binary it is 1000110110000000, and we divide it into fieldsas shown below:


Figure 17.24 Example 2: Inverse response message


In UNIX and Windows, the nslookup utility can be used toretrieve address/name mapping. The following shows how wecan retrieve an address when the domain name is given.

Example 3

$ nslookup fhda.eduName: fhda.eduAddress: 153.18.8.1

The nslookup utility can also be used to retrieve the domainname when the address is given as shown below:$ nslookup 153.18.8.11.8.18.153.in-addr.arpa name = tiptoe.fhda.edu.


17.9 DDNS

TheThe DynamicDynamic DomainDomain NameName SystemSystem (DDNS)(DDNS) updatesupdates thethe DNSDNS mastermasterfilefile dynamicallydynamically..


17.10 ENCAPSULATION

DNSDNS usesuses UDPUDP asas thethe transporttransport protocolprotocol whenwhen thethe sizesize ofof thethe responseresponsemessagemessage isis lessless thanthan 512512 bytesbytes.. IfIf thethe sizesize ofof thethe responseresponse messagemessage isismoremore thanthan 512512 bytes,bytes, aa TCPTCP connectionconnection isis usedused..


DNS can use the services of UDP orTCP using the well-known port 53.

Note:Note:

Domain Name System: DNS - AOI...

Documents

Transcript of Domain Name System: DNS - AOI...