1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.
-
date post
18-Dec-2015 -
Category
Documents
-
view
231 -
download
0
Transcript of Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 7 Domain Name System.
Guide to TCP/IP, Second Edition 1
Guide To TCP/IP, Second Edition
Chapter 7
Domain Name System
Guide to TCP/IP, Second Edition 2
Objectives
• Understand the history of DNS, types of services that DNS provides, types of roles that DNS servers can play on a network, and DNS database structure
• Understand how DNS servers handle name resolution requests, including the role of nearby and root servers in the resolution process, and the difference between recursive and iterative name resolution requests
• Explain the significance of DNS caching and the value of data in DNS caches
• Understand DNS configuration files and resource record formats, and describe the most common DNS RR types
Guide to TCP/IP, Second Edition 3
Objectives (cont.)
• Understand how to handle the loopback address and root server data
• Use the NSLOOPUP command to gather name server information, test DNS server configurations, and inspect the contents of key DNS records on such servers
• Explain how DNS queries and responses work, and how they handle name resolution, DNS record lookups, zone data transfers, and reverse DNS queries
• Understand the purposes of and drawbacks to implementing DNS in the real world
Guide to TCP/IP, Second Edition 4
DNS History And Background
• Text files called HOSTS• BIND (Berkeley Internet Name Domain)• Virtues of DNS
– It allows local control over domain name database segments
– Data from all database segments is available everywhere
– Database information is robust and highly available
Guide to TCP/IP, Second Edition 5
DNS Database Structure
• Tree structure• Root is identified by a single period (.)• Top-level domains
– .com– .edu– .gov– .mil– .net– .org
Guide to TCP/IP, Second Edition 6
DNS Database Structure (cont.)
• Top-level domain names expanded
• Country codes
• Thirteen root name servers– A.ROOT-SERVERS.NET– B.ROOT-SERVERS.NET
• Fully Qualified Domain Names (FQDNs)
Guide to TCP/IP, Second Edition 7
DNS Database Structure (cont.)
Guide to TCP/IP, Second Edition 8
The DNS Name Space
• Delegation of authority
• Domains (such as ibm.com)
• Subdomains (such as clearlake.ibm.com)
Guide to TCP/IP, Second Edition 9
DNS Database Records
• Resource Records (RRs)
• Nine most common RR types– Address (A) record– Canonical name (CNAME) record– Host information (HINFO) record– Mail exchange (MX) record
Guide to TCP/IP, Second Edition 10
DNS Database Records (cont.)
• Nine most common RR types (cont.)– Name server (NS) record– Pointer (PTR) record– Start of Authority (SOA) record
Guide to TCP/IP, Second Edition 11
Delegating DNS Authority
• Primary DNS server delegates authority for subdomains to DNS servers lower in the domain namespace– Includes NS records that point to name servers
that are authoritative for specific subdomains
Guide to TCP/IP, Second Edition 12
Types Of DNS Servers
• Primary DNS server, a.k.a. master server– Zone file or a zone data file
– There can be only one primary master name server
• Secondary DNS server, a.k.a. slave server– Provide a back-up
– Distribute the load for DNS lookups
• Caching server– Store recently accessed DNS records
Guide to TCP/IP, Second Edition 13
The Client Side Of DNS
• Name resolver or resolver• Name queries or address requests• Inverse DNS query• Client side DNS errors may stem from any of the
following causes– Invalid domain name or Invalid IP address– Inability to locate an IP address that corresponds to the
requested domain name– Inability to reach an authoritative name server for the
requested domain
Guide to TCP/IP, Second Edition 14
How Domain Name Servers Work
• Sequence of lookups and reply for domain name resolution– DNS servers retrieve name data from the general
domain namespace – Provides data about those zones for which it is
authoritative– Search its cached domain name data– Search caching-only server or other name servers in the
“neighborhood” – Sends a request for name resolution to a root server
Guide to TCP/IP, Second Edition 15
How Domain Name Servers Work (cont.)
• Recursive query
• Iterative or non-recursive queries
Guide to TCP/IP, Second Edition 16
The Importance Of DNS Caching
• Authoritative response
• Non-authoritative response
• DNS cache expiration value
• Negative caching
Guide to TCP/IP, Second Edition 17
DNS Configuration Files And Resource Record Formats
• domain.dns
• addr.in-addr.arpa.dns
• Start of Authority (SOA) Record
• Address (A) and Canonical Name (CNAME) Records
Guide to TCP/IP, Second Edition 18
Start of Authority (SOA) Record
• tree.com IN SOA apple.tree.com. sue.pear.tree.com (
1 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
• “IN” indicates the record is an Internet class of record types
• “SOA” indicates the record is a Start of Authority record
Guide to TCP/IP, Second Edition 19
Address (A) and Canonical Name (CNAME) Records
• ; Host addresses localhost.tree.com. IN A 127.0.0.1 pear.tree.com. IN A 172.16.1.2 apple.tree.com. IN A 172.16.1.3 peach.tree.com. IN A 172.16.1.4 ; Multi-homed host hedge.tree.com. IN A 172.16.1.1 hedge.tree.com. IN A 172.16.2.1 ; Aliases pr.tree.com IN CNAME pear.tree.com h.tree.com IN CNAME hedge.tree.com a.tree.com IN CNAME apple.tree.com h1.tree.com IN CNAME 172.16.1.1 h2.tree.com IN CNAME 172.16.2.1
Guide to TCP/IP, Second Edition 20
Mapping Addresses to Names
• Records in the db.addr file are provided to support reverse DNS lookups
• Reverse address lookups are used to determine if the IP address that a user presents matches the domain name from which the user claims to originate
• Reverse DNS lookups are classful
Guide to TCP/IP, Second Edition 21
Obtaining and Storing Root Server Data
• DNS implementations make it possible to pre-load the name-and-address information
• InterNIC’s FTP server at ftp.rs.internic.net– Named.root– Rename file to cache.dns
Guide to TCP/IP, Second Edition 22
Examining the named.root File; last update: Nov 5, 2002; related version of root zone: 2002110501;;; formerly NS.INTERNIC.NET;. 3600000 IN NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4;; formerly NS1.ISI.EDU;. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107;; formerly C.PSI.NET
Guide to TCP/IP, Second Edition 23
The NSLOOKUP Command
• General name server lookup
• Queries the default name server specified in the current machine’s TCP/IP configuration
• It is an essential tool for– Testing– Configuration and troubleshooting
Guide to TCP/IP, Second Edition 24
The NSLOOKUP Command (cont.)
Guide to TCP/IP, Second Edition 25
NSLOOKUP Details
Guide to TCP/IP, Second Edition 26
Using NSLOOKUP
• Identify your default domain name server– NSLOOKUP command with no arguments
• NSLOOKUP command mode– Symbolized by the > prompt
• Use the set OPTION command to examine specific types of resource records
• ls -a command (list canonical names and aliases)• ls -d command (list all records)
Guide to TCP/IP, Second Edition 27
Using NSLOOKUP (cont.)
Guide to TCP/IP, Second Edition 28
Using NSLOOKUP (cont.)
Guide to TCP/IP, Second Edition 29
DNS Query/Response Packet Formats
• DNS response packets include the original question and the reply
• Four sections in the DNS response packets– Question section– Answer section– Authority section– Additional section
Guide to TCP/IP, Second Edition 30
DNS Query/Response Packet Formats (cont.)
Guide to TCP/IP, Second Edition 31
DNS Query Packet Fields
• ID Number Field
• QR (Query/Response) Field
• Opcode (Operation Code) Field
• AA (Authoritative Answer) Field
• TC (Truncation) Field
Guide to TCP/IP, Second Edition 32
DNS Query Packet Fields (cont.)
• RD (Recursion Desired) Field
• RA (Recursion Available) Field
• Z (Reserved) Field
• Rcode (Response Code) Field
• Question Count Field
Guide to TCP/IP, Second Edition 33
DNS Query Packet Fields (cont.)
• Answer Count Field
• Name Server Count Field
• Additional Records Count Field
• Question Name Field
• Question Type Field
• Question Class Field
Guide to TCP/IP, Second Edition 34
DNS Query Packet Fields (cont.)
• Name Field
• Type Field
• Class Field
• Time to Live Field
• Resource Data Length Field
• Resource Data Field
Guide to TCP/IP, Second Edition 35
DNS Query Packet Fields (cont.)
Guide to TCP/IP, Second Edition 36
DNS Implementation
• DNS implementations have two major purposes– Provide name resolution to your users– Providing the authoritative hostname-to-IP
mapping for services you choose to provide
• Load Balancing
Guide to TCP/IP, Second Edition 37
Chapter Summary
• Because it provides the essential way to get from a symbolic, human-readable domain name for an Internet location to a corresponding numeric, machine-readable IP address, the Domain Name System provides the key address resolution service that makes today’s Internet possible
• It’s almost impossible to overstate the importance of this service to the proper functioning of any large-scale TCP/IP-based internetwork
Guide to TCP/IP, Second Edition 38
Chapter Summary (cont.)
• The impetus for DNS arose from the difficulty of maintaining static HOSTS files for computers on the ARPANET after the number of hosts climbed into the thousands
• DNS was designed to create a flexible, reliable, and robust name and address resolution service that could scale to handle very large address spaces
• Its designers succeeded more than they ever could have imagined
Guide to TCP/IP, Second Edition 39
Chapter Summary (cont.)
• DNS name servers come in multiple varieties• For each zone, a primary name server is mandatory; it
contains the master copy of the database for its zone• For each zone, one or more secondary name servers may
be created. (At least one secondary is recommended for every zone to ensure improved reliability.)
• For large or heavily trafficked networks, caching-only name servers offload the task of resolving names and addresses outside the local zones for users, thereby freeing up the primary and secondary name servers for the zone to handle external incoming name resolution requests
Guide to TCP/IP, Second Edition 40
Chapter Summary (cont.)
• DNS maintains its data on a large collection of name servers around the Internet by carving the domain namespace into a disjointed collection of domain or subdomain databases, also known as database segments, or database zones, each of which belongs to a single authoritative name server for that zone
• This permits database segments to be controlled locally, yet available globally
Guide to TCP/IP, Second Edition 41
Chapter Summary (cont.)
• The DNS design also includes provisions for a primary master name server and one or more secondary master name servers for each database zone to help improve reliability (if one DNS server fails, the others continue to function) and availability (proper configuration will balance query loads against all name servers for a zone, not just the primary)
Guide to TCP/IP, Second Edition 42
Chapter Summary (cont.)
• DNS databases consist of a collection of resource records (RRs), in which such databases consist of a collection of zone files that represents a static snapshot of those databases
• Every zone file must include a Start of Authority (SOA) record to identify the name server that’s primarily responsible for the database segments it manages
• Other records in each zone file correspond to its function and may contain address-to-name mappings for normal domain name resolution, or name-to-address mappings for inverse or reverse DNS lookups
Guide to TCP/IP, Second Edition 43
Chapter Summary (cont.)
• DNS clients rely on a software component called a resolver to interact with an available DNS server for name resolution services
• Resolvers issue recursive queries that go to a designated DNS server, which either answers that query itself, or queries other name servers until an answer is forthcoming
Guide to TCP/IP, Second Edition 44
Chapter Summary (cont.)
• DNS packet structures incorporate type information that identifies the kind of RR being carried, and that otherwise describes the record’s contents and validity
• Understanding DNS Application layer packet structures makes it much easier to appreciate DNS’ simplicity and elegance