DNS server Client part one of two Objectives
DNS server & Client, part one of two • Objectives – to learn how to setup dns servers • Contents – – – – – The history of DNS An Introduction to DNS system Forward and Reverse name lookup Zonefiles Cahce, Primary & Secondary DNS Stub and Delegation DNS security Installing chache only DNS Installing primary DNS Micrsosoft dnsmgmt console
DNS History • HOSTS. TXT file Through the 1970’s ARPanet was a community of some 200 to 300 computers A single file contained name to address mapping for all computers connected to arpanet SRI-NIC maintained the single file All computers needed to download the file once a week, then twice a week The hosts. txt file is still used locally in all computers for important servers only. • Finally maintaining the hosts. txt file broke down Load and inconsisty in the hosts. txt file constantly changing forced another solution. A distributed solution • 1984 the DNS was born, described in RFC 882/883 Todays DNS RFC is 1034 and 1035
What is DNS good for ? • IP addresses are hard to remember • To build the logical name based infrastructure Logical name to ip address Ip address to logical name • Form logical name spheres, so called domains Logical name spheres are essential for practical e-mail delivery Form Windows Acrtive Directory domain tree • Annonce Server Resource Locations Tell others where mailservers for domains sit Tell others where the nameserver for domains sit Tell others where domain controllants sit And many other resources records
DNS structure DNS Tree(simplified)
Server 2003 static host file • In C: WindowsSystem 32DriversEtchosts 127. 0. 0. 1 192. 168. 0. 42 192. 168. 0. 2 localhost router. my-site. com ns ns. my-site. com mail. my-site. com Is important for the nameserver at startup, to find itself and other important servers. You manage with only localhost but it is practical to have one or two important servers here. • The hosts file has higher priority than dns Beware of differences in hosts file and dns! More than 40 names in hosts file is not practical It can be replicated in small isolated communities
NETBIOS names • Windows classic networking Used to locate resources in windows domains and workgroups Printers Shared folders Computers RPC • Based on broadcast • Limited to 15 characters • Stored in C: WindowsSystem 32DriversEtclmhosts Can be shared • Wins server for Net. Bios name resolution Wins is now replaced with DNS Works almost like DNS • Problem with routers
DNS name resolution • Name resolution with DNS is Client Server activities These are the steps in name resolution (simplified): 1. Client application search for www. my-site. com (Forward name resolution question) 2. Client first look in its local name cache, if there it try to make contact 3. Client looks in its hosts file, if there it updates the local cache and try to contact 4. Client look in registry for default DNS and send a query to its IP address 5. Name server try to rekognize my-site. com in local zonefiles, if it is found an answer is sent to client, if not(first found will be sent to client): 5 a. Nameserver look in its name resolution cache, if it is there an answer is sent to client 5 b. Nameserver consult the root name servers trying to find who have www. my-site. com 5 c. Nameserver send recursion question if allowed to many other nameservers 5 d. Nameserver updates its name resolution cache. • Name resolution with DNS is Client Server activities
The local resolver Resolving a FQDN, forward lookup I have name want IP address:
Querying a DNS server Recursion
DNS Alternate query responses • When quering a nameserver different reply’s can come • An authoritative answer Indicate the answer was obtained from a server with direct authority for the queried name. • A positive answer The query matches with the DNS domain name and record type specified in the query message. (For example to find mailserver in a domain) • A referral answer contains additional data • A negative answer indicate that one of two possible results: A) An authoritative server reported that the queried name does not exist in the DNS namespace. B) An authoritative server reported that the queried name exists but no records of the specified type exist for that name
DNS server types • Primary Is authorative for all locally stored domain info (zone files) Can alter domain info (zone files) Also known as Master DNS Must have hostname ns Replicates out zonefiles to secondary • Secondary Recieves replicated zonefiles from primary Can not alter domain info • Caching only / Root HINT Does not keep any zonefiles Just stores resolved names in ram memory (100 byte per resolved) • Forwarder Just forwards all querys to another dns • Stub ZONE dns Limited forwarder, forwards only secific queries for selected domains
Zone and Domain
Zonefiles • Each Zone need two zonefiles: – Forward name resolution: my. site. com. This file contains the main resource records: NS Nameserver’s of zone MX Mailservers of zone A Host address for client or server in zone IN A Internet Address CNAME Alias name – Reverse name resolution: 0. 168. 192. in-addr. arpa. PTR Reverse record • Resource Records or RR tell us: What is inside this zone • Domain name of zone Practical is to name the file after domain
Nameservers need to be two! • In order to keep stable nameservice Have one PRIMARY nameserver at a central administration point. Setup at least one SECONDARY nameserver close to customers. The secondary will not only offload the primary for name resolution, it will also secure name resolution for you. Two nameservers are essential if you run public domain hosting services, you will in fact not be allowed to do ”pointing” without at least two nameservers. You also need RP, responsible person, one who recieves e-mail for your zones. If this email is not working, you will not got NIC acceptance.
Replicating zonefiles • Whenever one zonefile at the PRIMARY is modified or if a zone/domain is added/removed Server PUSH • Keeping the infrastructure intact with zonefile’s the SECONDARY uses SOA header SOA means start of authority and is first in zonefile. Time. To. Live Serial number • Securing the infrastructure Allowing only selected nameservers to access and replicate zonefiles This is configured inside Windows dnsmgmt console on zonfile basis or globally
Zonefile update process incremental zone transfer (IXFR) ifull (AXFR) transfer of the zone
Reverse lookup Client query is for PTR records found in file ” 20. 1. 168. 192. inaddr. arpa. ” Most services does not use reverse lookup, however some do to prevent spoofing of domain names and hostnames.
Understanding stub zones The STUB zone can speed up name resolution becauses it bypasses the root nameservers and going directly to the selected zone’s nameservers. A stub zone consists of: • The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. • The IP address of one or more master servers that can be used to update the stub zone. Stub zones are often used to improve name resolution. It can take up to 4 hours for a name to be registered worldwide.
Dynamic update DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records Dynamic updates can be sent for any of the following reasons or events: • An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections. • An IP address lease changes or renews with the DHCP server any one of the installed network connections. For example, when the computer is started or if the ipconfig /renew command is used. • The ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS. • At startup time, when the computer is turned on. • A member server is promoted to a domain controller.
Host Header LOOKUPS • Commonly known as Virtual webbserver Practically you bind a hostname to a specific directory in IIS • Practial to use if you dont have enough IP addresses • Does not work with SSL, the host header is encrypted when it arrives to IIS. • DNS resource record CNAME to share same IP address among several virtual webb servers in subdomains. • Use resource record IN A in zonefiles
Install a DNS server, Server installation To install a DNS server (dont install any dns yet): A. Install one Win 2 k 3 SE with default and typical settings. This is the PRIMARY nameserver it’s hostname is ”ns” B. Open control panel C. Select System icon D. Select Computer Name E. Click on Change F. Verify Computer name: ns G. Click on More… H. Enter Primary DNS suffix of this computer: ”my-site. com” or whatever this nameserver domain is. I. Click on OK to accept everything J. Go back to Control panel and click on Network Connections K. Click on properties and select TCP/IP L. Click on properties again M. The PRIMARY nameserver must not recieve DHCP IP address, enter it IP address and subnet mask and default gateway N. At Preferred DNS server: 127. 0. 0. 1 remove Alternate! O. Goto Advanced Wins and Disable Net. Bios over TCP/IP! P. Accept everyting
Install a DNS server, DNS installation 1. Open Windows Components Wizard. 2. In Components, select the Networking Services check box, and then click Details. 3. In Subcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then click Next. 4. If prompted, in Copy files from, type the full path to the distribution files, and then click OK. Required files are copied to your hard disk. You now have CACHING ONLY DNS
Configure a new DNS server To configure a new DNS server, you can: 1. Using the Windows interface (preferred method) Using a command line Using the Windows interface: To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS. 1. Open DNS. 2. If needed, add and connect to the applicable server in the console. 3. In the console tree, click the applicable DNS server. 4. Where? 5. DNS/Applicable DNS server 6. On the Action menu, click Configure a DNS Server. 7. Follow the instructions in the Configure a DNS Server Wizard.
Summary • • • • DNS server is used to resolve name and IP Configuration sit in /etc/named. conf Zonefiles are in /var/named/ Zone transfter from primary to secondary Stub zones speed up name resolution Cache only nameserver is default setting You have two files for each zone Hosts can share same IP with CNAME or in zones Stop dns server with dnsmgmt mmc GUI Reload dns server with dnsmgmt mmc GUI You can restrict and policy quieries It takes time for names to update globaly DNS server has 127. 0. 0. 1 default nameserver Primary DNS must have name ns
- Slides: 24