DNS 1 BIND DNS Resolve names to IP
DNS 1
BIND • DNS – Resolve names to IP address – Resolve IP address to names (reverse DNS) • BIND – Berkeley Internet Name Domain system • Version 4 is still in use, but should be considered obsolete • Version 8 improves efficiency, security, and robustness • Version 9 is a total rewrite and supports threads, multiprocessor and more 2
Who needs DNS? • DNS defines – A hierarchical namespace for hosts and IP addresses – A distributed database of hostname and address information – A “resolver” to query this database – Improved routing for email – A mechanism for finding services on a network – A protocol for exchanging naming information 3
4
5
DNS Lookup • Application – Becomes DNS client – Sends request to local DNS server • Local server – If answer known, returns response – If answer unknown • Starts at top-level server • Follows links • Returns response • Called name resolution 6
Resource Records • Name: The domain name or IP address • TTL: Time to Live – Indicate the maximum amount of time a server may keep a record in cache before checking whether a newer one is available • Class: Always IN for the Internet • Type: Record type • Data: Varies with record type 7
DNS Types • Each entry in server consists of – Domain name – DNS type for name – Value to which name corresponds • During lookup, client must supply – Name – Type • Server – Matches both name and type 8
Example DNS Types • Type A (Address) – Name-to-address mapping • Type MX (Mail e. Xchanger) – Value is IP address of computer with mail server for name • Type CNAME (Computer NAME) – Canonical name (for aliases) – Used to establish alias (www) • SOA (Start of Authority) – Indicate authority for this zone data • NS (Name Server) – A name server for this zone • PTR – IP-Address to domain name mapping 9
Reverse Name Resolution • To look up domain names given an IP address • Implemented by means of special domains – in-adde. arpa 10
Reverse name resolution in-addr. arpa domain IP address: 82. 211. 81. 150 11 Domain: 150. 81. 211. 82. in-addr. arpa
DNS Record Types 12
Components of BIND • Daemon named • Library routines – Resolve hosts queries by contacting the servers of the DNS distributed database • Command-line interface: – nslookup, dig, and host 13
Masters, Slaves, and the Authorities • Authoritative Servers – Master Server (keeps official copy of zone info on disk) – Slave server (gets copy of zone info from master via zone transfer) • Cache Servers – Never authoritative – Load “root” domain servers but all others are accumulated in memory only • Resource Records – – stored in zone data retrieved by resolvers sending queries to nameservers Different types of resource records: A, CNAME, MX… Each resource record has a TTL specified in the zone data 14
Name Server Taxonomy 15
@ IN SOA beast. TCNJ. EDU. admin. beast. TCNJ. EDU. ( 5923 ; serial number 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 604800 ; Expire 168 hours/1 week 43200 ) ; Minimum 12 hour localhost 43200 IN NS beast. TCNJ. EDU. IN NS seuss. TCNJ. EDU. IN NS snuffy. TCNJ. EDU. IN A 127. 0. 0. 1 beast IN A 159. 91. 15. 220 beast IN MX 20 beast. TCNJ. EDU. lion IN A 159. 91. 15. 221 lion IN MX 20 beast. TCNJ. EDU. tsclion IN CNAME lion. TCNJ. EDU. sa. tcnj. edu. IN NS cartman. sa. tcnj. edu. IN A 159. 91. 8. 228 16
91. 159. in-addr. arpa. IN SOA beast. TCNJ. EDU. ssivy. beast. TCNJ. EDU. ( 5774 ; serial number 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 604800 ; Expire 168 hours/1 week 43200 ) ; Minimum 12 hour localhost 43200 IN NS beast. Trenton. EDU. IN NS snuffy. Trenton. EDU. IN NS seuss. Trenton. EDU. IN A 127. 0. 0. 1 220. 15. 91. 159. IN-ADDR. ARPA. PTR beast. TCNJ. EDU. 221. 15. 91. 159. IN-ADDR. ARPA. PTR lion. TCNJ. EDU. 228. 8. 91. 159. IN-ADDR. ARPA. cartman. sa. tcnj. edu. 17
@ IN SOA beast. trenton. edu. admin. beast. tcnj. edu. ( 3 ; Serial number 10800 ; Refresh rate in seconds for secondary servers 3600 ; Retry in seconds after failure 3600000 ; Expire in seconds 1 86400) ; Default time-to-live in seconds IN NS beast. tcnj. edu. IN PTR localhost. 18
DNS Query 19
DNS Server Architecture 20
Example - /etc/named. conf 21
Example - /etc/named. conf cont’d 22
/etc/named. conf cont’d 23
Security Features in named. conf 24
- Slides: 24