1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1

DNS

2

BIND

• DNS– Resolve names to IP address– Resolve IP address to names (reverse DNS)

• BIND– Berkeley Internet Name Domain system

• Version 4 is still in use, but should be considered obsolete

• Version 8 improves efficiency, security, and robustness• Version 9 is a total rewrite and supports threads,

multiprocessor and more

3

Who needs DNS?

• DNS defines– A hierarchical namespace for hosts and IP

addresses– A distributed database of hostname and address

information– A “resolver” to query this database– Improved routing for email– A mechanism for finding services on a network– A protocol for exchanging naming information

4

5

6

DNS Lookup• Application

– Becomes DNS client– Sends request to local DNS server

• Local server– If answer known, returns response– If answer unknown

• Starts at top-level server• Follows links• Returns response

• Called name resolution

Resource Records

• Name: The domain name or IP address

• TTL: Time to Live– Indicate the maximum amount of time a server

may keep a record in cache before checking whether a newer one is available

• Class: Always IN for the Internet

• Type: Record type

• Data: Varies with record type

7

8

DNS Types

• Each entry in server consists of– Domain name– DNS type for name– Value to which name corresponds

• During lookup, client must supply– Name– Type

• Server– Matches both name and type

9

Example DNS Types

• Type A (Address)– Name-to-address mapping

• Type MX (Mail eXchanger)– Value is IP address of computer with mail server for name

• Type CNAME (Computer NAME)– Canonical name (for aliases)– Used to establish alias (www)

• SOA (Start of Authority)– Indicate authority for this zone data

• NS (Name Server)– A name server for this zone

• PTR– IP-Address to domain name mapping

Reverse Name Resolution

• To look up domain names given an IP address

• Implemented by means of special domains– in-adde.arpa

10

Reverse name resolution in-addr.arpa domain

11

IP address: 82.211.81.150Domain: 150.81.211.82.in-addr.arpa

12

DNS Record Types

13

Components of BIND

• Daemon named

• Library routines– Resolve hosts queries by contacting the servers of

the DNS distributed database

• Command-line interface:– nslookup, dig, and host

14

Masters, Slaves, and the Authorities

• Authoritative Servers– Master Server (keeps official copy of zone info on disk)– Slave server (gets copy of zone info from master via zone transfer)

• Cache Servers– Never authoritative– Load “root” domain servers but all others are accumulated in memory

only

• Resource Records– stored in zone data– retrieved by resolvers sending queries to nameservers– Different types of resource records: A, CNAME, MX…– Each resource record has a TTL specified in the zone data

15

Name Server Taxonomy

16

@ IN SOA beast.TCNJ.EDU. admin.beast.TCNJ.EDU. (

5923 ; serial number

10800 ; Refresh 3 hours

3600 ; Retry 1 hour

604800 ; Expire 168 hours/1 week

43200 ) ; Minimum 12 hour

IN NS beast.TCNJ.EDU.

IN NS seuss.TCNJ.EDU.

IN NS snuffy.TCNJ.EDU.

localhost 43200 IN A 127.0.0.1

beast IN A 159.91.15.220

beast IN MX 20 beast.TCNJ.EDU.

TCNJ.EDU. IN MX 20 beast.TCNJ.EDU.

lion IN A 159.91.15.221

lion IN MX 20 beast.TCNJ.EDU.

tsclion IN CNAME lion.TCNJ.EDU.

sa.tcnj.edu. IN NS cartman.sa.tcnj.edu.

cartman.sa.tcnj.edu. IN A 159.91.8.228

17

91.159.in-addr.arpa. IN SOA beast.TCNJ.EDU. ssivy.beast.TCNJ.EDU. (

5774 ; serial number

10800 ; Refresh 3 hours

3600 ; Retry 1 hour

604800 ; Expire 168 hours/1 week

43200 ) ; Minimum 12 hour

IN NS beast.Trenton.EDU.

IN NS snuffy.Trenton.EDU.

IN NS seuss.Trenton.EDU.

localhost 43200 IN A 127.0.0.1

220.15.91.159.IN-ADDR.ARPA. PTR beast.TCNJ.EDU.

221.15.91.159.IN-ADDR.ARPA. PTR lion.TCNJ.EDU.

228.8.91.159.IN-ADDR.ARPA. cartman.sa.tcnj.edu.

18

@ IN SOA beast.trenton.edu. admin.beast.tcnj.edu. (

3 ; Serial number

10800 ; Refresh rate in seconds for secondary servers

3600 ; Retry in seconds after failure

3600000 ; Expire in seconds

86400) ; Default time-to-live in seconds

IN NS beast.tcnj.edu.

1 IN PTR localhost.

19

DNS Query

20

DNS Server Architecture

21

Example - /etc/named.conf

22

Example - /etc/named.conf cont’d

23

/etc/named.conf cont’d

24

Security Features in named.conf