Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.

Guide to TCP/IP, Second Edition 1

Guide To TCP/IP, Second Edition

Chapter 7

Domain Name System


Objectives

• Understand the history of DNS, types of services that DNS provides, types of roles that DNS servers can play on a network, and DNS database structure

• Understand how DNS servers handle name resolution requests, including the role of nearby and root servers in the resolution process, and the difference between recursive and iterative name resolution requests

• Explain the significance of DNS caching and the value of data in DNS caches

• Understand DNS configuration files and resource record formats, and describe the most common DNS RR types


Objectives (cont.)

• Understand how to handle the loopback address and root server data

• Use the NSLOOPUP command to gather name server information, test DNS server configurations, and inspect the contents of key DNS records on such servers

• Explain how DNS queries and responses work, and how they handle name resolution, DNS record lookups, zone data transfers, and reverse DNS queries

• Understand the purposes of and drawbacks to implementing DNS in the real world


DNS History And Background

• Text files called HOSTS• BIND (Berkeley Internet Name Domain)• Virtues of DNS

– It allows local control over domain name database segments

– Data from all database segments is available everywhere

– Database information is robust and highly available


DNS Database Structure

• Tree structure• Root is identified by a single period (.)• Top-level domains

– .com– .edu– .gov– .mil– .net– .org


DNS Database Structure (cont.)

• Top-level domain names expanded

• Country codes

• Thirteen root name servers– A.ROOT-SERVERS.NET– B.ROOT-SERVERS.NET

• Fully Qualified Domain Names (FQDNs)


DNS Database Structure (cont.)


The DNS Name Space

• Delegation of authority

• Domains (such as ibm.com)

• Subdomains (such as clearlake.ibm.com)


DNS Database Records

• Resource Records (RRs)

• Nine most common RR types– Address (A) record– Canonical name (CNAME) record– Host information (HINFO) record– Mail exchange (MX) record


DNS Database Records (cont.)

• Nine most common RR types (cont.)– Name server (NS) record– Pointer (PTR) record– Start of Authority (SOA) record


Delegating DNS Authority

• Primary DNS server delegates authority for subdomains to DNS servers lower in the domain namespace– Includes NS records that point to name servers

that are authoritative for specific subdomains


Types Of DNS Servers

• Primary DNS server, a.k.a. master server– Zone file or a zone data file

– There can be only one primary master name server

• Secondary DNS server, a.k.a. slave server– Provide a back-up

– Distribute the load for DNS lookups

• Caching server– Store recently accessed DNS records


The Client Side Of DNS

• Name resolver or resolver• Name queries or address requests• Inverse DNS query• Client side DNS errors may stem from any of the

following causes– Invalid domain name or Invalid IP address– Inability to locate an IP address that corresponds to the

requested domain name– Inability to reach an authoritative name server for the

requested domain


How Domain Name Servers Work

• Sequence of lookups and reply for domain name resolution– DNS servers retrieve name data from the general

domain namespace – Provides data about those zones for which it is

authoritative– Search its cached domain name data– Search caching-only server or other name servers in the

“neighborhood” – Sends a request for name resolution to a root server


How Domain Name Servers Work (cont.)

• Recursive query

• Iterative or non-recursive queries


The Importance Of DNS Caching

• Authoritative response

• Non-authoritative response

• DNS cache expiration value

• Negative caching


DNS Configuration Files And Resource Record Formats

• domain.dns

• addr.in-addr.arpa.dns

• Start of Authority (SOA) Record

• Address (A) and Canonical Name (CNAME) Records


Start of Authority (SOA) Record

• tree.com IN SOA apple.tree.com. sue.pear.tree.com (

1 ; Serial

10800 ; Refresh after 3 hours

3600 ; Retry after 1 hour

604800 ; Expire after 1 week

86400 ) ; Minimum TTL of 1 day

• “IN” indicates the record is an Internet class of record types

• “SOA” indicates the record is a Start of Authority record


Address (A) and Canonical Name (CNAME) Records

• ; Host addresses localhost.tree.com. IN A 127.0.0.1 pear.tree.com. IN A 172.16.1.2 apple.tree.com. IN A 172.16.1.3 peach.tree.com. IN A 172.16.1.4 ; Multi-homed host hedge.tree.com. IN A 172.16.1.1 hedge.tree.com. IN A 172.16.2.1 ; Aliases pr.tree.com IN CNAME pear.tree.com h.tree.com IN CNAME hedge.tree.com a.tree.com IN CNAME apple.tree.com h1.tree.com IN CNAME 172.16.1.1 h2.tree.com IN CNAME 172.16.2.1


Mapping Addresses to Names

• Records in the db.addr file are provided to support reverse DNS lookups

• Reverse address lookups are used to determine if the IP address that a user presents matches the domain name from which the user claims to originate

• Reverse DNS lookups are classful


Obtaining and Storing Root Server Data

• DNS implementations make it possible to pre-load the name-and-address information

• InterNIC’s FTP server at ftp.rs.internic.net– Named.root– Rename file to cache.dns


Examining the named.root File; last update: Nov 5, 2002; related version of root zone: 2002110501;;; formerly NS.INTERNIC.NET;. 3600000 IN NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4;; formerly NS1.ISI.EDU;. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107;; formerly C.PSI.NET


The NSLOOKUP Command

• General name server lookup

• Queries the default name server specified in the current machine’s TCP/IP configuration

• It is an essential tool for– Testing– Configuration and troubleshooting


The NSLOOKUP Command (cont.)


NSLOOKUP Details


Using NSLOOKUP

• Identify your default domain name server– NSLOOKUP command with no arguments

• NSLOOKUP command mode– Symbolized by the > prompt

• Use the set OPTION command to examine specific types of resource records

• ls -a command (list canonical names and aliases)• ls -d command (list all records)


Using NSLOOKUP (cont.)


DNS Query/Response Packet Formats

• DNS response packets include the original question and the reply

• Four sections in the DNS response packets– Question section– Answer section– Authority section– Additional section


DNS Query/Response Packet Formats (cont.)


DNS Query Packet Fields

• ID Number Field

• QR (Query/Response) Field

• Opcode (Operation Code) Field

• AA (Authoritative Answer) Field

• TC (Truncation) Field


DNS Query Packet Fields (cont.)

• RD (Recursion Desired) Field

• RA (Recursion Available) Field

• Z (Reserved) Field

• Rcode (Response Code) Field

• Question Count Field



• Answer Count Field

• Name Server Count Field

• Additional Records Count Field

• Question Name Field

• Question Type Field

• Question Class Field



• Name Field

• Type Field

• Class Field

• Time to Live Field

• Resource Data Length Field

• Resource Data Field


DNS Implementation

• DNS implementations have two major purposes– Provide name resolution to your users– Providing the authoritative hostname-to-IP

mapping for services you choose to provide

• Load Balancing


Chapter Summary

• Because it provides the essential way to get from a symbolic, human-readable domain name for an Internet location to a corresponding numeric, machine-readable IP address, the Domain Name System provides the key address resolution service that makes today’s Internet possible

• It’s almost impossible to overstate the importance of this service to the proper functioning of any large-scale TCP/IP-based internetwork


Chapter Summary (cont.)

• The impetus for DNS arose from the difficulty of maintaining static HOSTS files for computers on the ARPANET after the number of hosts climbed into the thousands

• DNS was designed to create a flexible, reliable, and robust name and address resolution service that could scale to handle very large address spaces

• Its designers succeeded more than they ever could have imagined



• DNS name servers come in multiple varieties• For each zone, a primary name server is mandatory; it

contains the master copy of the database for its zone• For each zone, one or more secondary name servers may

be created. (At least one secondary is recommended for every zone to ensure improved reliability.)

• For large or heavily trafficked networks, caching-only name servers offload the task of resolving names and addresses outside the local zones for users, thereby freeing up the primary and secondary name servers for the zone to handle external incoming name resolution requests



• DNS maintains its data on a large collection of name servers around the Internet by carving the domain namespace into a disjointed collection of domain or subdomain databases, also known as database segments, or database zones, each of which belongs to a single authoritative name server for that zone

• This permits database segments to be controlled locally, yet available globally



• The DNS design also includes provisions for a primary master name server and one or more secondary master name servers for each database zone to help improve reliability (if one DNS server fails, the others continue to function) and availability (proper configuration will balance query loads against all name servers for a zone, not just the primary)



• DNS databases consist of a collection of resource records (RRs), in which such databases consist of a collection of zone files that represents a static snapshot of those databases

• Every zone file must include a Start of Authority (SOA) record to identify the name server that’s primarily responsible for the database segments it manages

• Other records in each zone file correspond to its function and may contain address-to-name mappings for normal domain name resolution, or name-to-address mappings for inverse or reverse DNS lookups



• DNS clients rely on a software component called a resolver to interact with an available DNS server for name resolution services

• Resolvers issue recursive queries that go to a designated DNS server, which either answers that query itself, or queries other name servers until an answer is forthcoming



• DNS packet structures incorporate type information that identifies the kind of RR being carried, and that otherwise describes the record’s contents and validity

• Understanding DNS Application layer packet structures makes it much easier to appreciate DNS’ simplicity and elegance

Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.

Documents

Transcript of Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.