14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.

14

DNS : The Domain Name System

14

Introduction - Problem

Computers are used to work with numbers

Humans are used to work with names

==> IP addresses are NUMBERS :-/

?

1011011011101110110110

14

Introduction

Hosts.txt

Distributed Database

Mapping between IP-address and Hostnames

Mail routing

Client-Server

Resolver - Name servers

14

Naming convention

Hierarchical

www.groept.be

wwwsnmp.cs.utwente.nl

[0..9,a..z,A..Z,-] Not case sensitive

hostname

domain

wwwsnmp

cs

utwente

nl

.Geography

IP Subnet

No Relation ?

14

DNS Tree

.

arpa com denlbeorgnetmilintgovedu

in-addr

193

58

9

1

groeptmonsanto

ea

country domainsgeneric domains

TLD

Root

1.9.58.193.in-addr.arpa. FQDN

14

Basics

Delegation by zone

Primary Name Server

Root Name Server

14

1. Connection initiated from web-browser or other service to request the name. RESOLVER

Internet

DNS Server

Forward Lookup

www.groept.be

14

Internet

DNS Server

www.groept.be

1. Connection initiated from web-browser or other service to request the ip address. RESOLVER

2. DNS replies with ip address

Forward Lookup

14

Internet

DNS Server

www.groept.be

1. Connection initiated from web-browser or other service to request the ip address. RESOLVER

2. DNS replies with ip address

3. Web browser requests page using the ip address

Forward Lookup

14

Internet

DNS Server

www.groept.be

1. Connection initiated from web-browser or other service to request the ip address. RESOLVER

2. DNS replies with ip address

3. Web browser requests page using the ip address

4. Web server replies with webpage

Forward Lookup

14

Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Resolver issues a recursive lookup

2. Local nameserver issues an itterative lookup to root name server for .com

Root name server

.com.

.cisco.com.

recursive

itterative

14

Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Resolver issues a recursive lookup

2. Local nameserver issues an itterative lookup to root name server for .com

Root name server

.com.

.cisco.com.

recursive

itterative

14

Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Resolver issues a recursive lookup

2. Local nameserver issues an itterative lookup to root name server for .com

Root name server

.com.

.cisco.com.

recursive

itterative

14

Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Resolver issues a recursive lookup

2. Local nameserver issues an itterative lookup to root name server for .com

3. Local nameserver answers with the IP address

Root name server

.com.

.cisco.com.

recursive

itterative

14

Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Resolver issues a recursive lookup

2. Local nameserver issues an itterative lookup to root name server for .com

3. Local nameserver answers with the IP address

4. Browser request the page using the IP address

Root name server

.com.

.cisco.com.

recursive

itterative

14

Sequential Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Second machine issues the same recursive lookup

Root name server

.com.

.cisco.com.

recursive

14

Sequential Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Second machine issues the same recursive lookup

2. Local nameserver provides a cached answer

Root name server

.com.

.cisco.com.

recursive

14

Sequential Lookup to www.cisco.com

Internet

groept.be.www.cisco.com

1. Second machine issues the same recursive lookup

2. Local nameserver provides a cached answer

3. Browser request the page using the IP address

Root name server

.com.

.cisco.com.

recursive

14

Name server types

Root name server

Primary name server

Secondary name server

Caching-only name server

Slave servers – forwarding server

14

NSLOOKUP – Your tool !

Forward Lookupnslookup gateway.pharmacia.com

Name: gateway.pharmacia.com

Address: 193.235.243.3

Reverse Lookupnslookup 193.235.243.3

Name: gateway.pharmacia.com

Address: 193.235.243.3

14

New developments

DNS dynamic updates using Secure DNS

Prompt notification of zone changes

Incremental zone transfers

14

Resource records

SOA-record

NS-record

A-record

CNAME-record

HINFO-record

PTR-record

MX-record

14

SOA-record

# nslookupDefault Server: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65> set type=SOA> monsanto.comServer: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

Non-authoritative answer:monsanto.com origin = srvsn0.monsanto.com mail addr = hostmaster.srvsn0.monsanto.com serial = 2001103098 refresh = 3600 (1H) retry = 1800 (30M) expire = 432000 (5D) minimum ttl = 86400 (1D)

Authoritative answers can be found from:srvsn0.monsanto.com internet address = 164.144.230.67

14

NS-Record

> set type=NS> groept.beServer: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

Non-authoritative answer:groept.be nameserver = mail.groept.begroept.be nameserver = ns.eu.netgroept.be nameserver = dns.eunet.be

Authoritative answers can be found from:mail.groept.be internet address = 193.75.206.83ns.eu.net internet address = 192.16.202.11dns.eunet.be internet address = 193.74.208.137>

14

A-record

> set type=A> www.groept.beServer: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

Name: www.groept.beAddress: 193.75.206.93

>

www.groept.be IN A 193.75.206.93

14

CNAME-record

<bijnaam> IN A <echte naam>

chekov.Belgium.EU.net IN A 193.74.208.163relay.eunet.be IN CNAME chekov.Belgium.EU.net

> relay.eunet.beServer: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

Name: relay.eunet.beAddresses: 193.74.208.163, 193.74.22.138, 193.74.208.147

14

HINFO-record

chekov.Belgium.EU.net IN HINFO “SUN E 450” “Solaris”

14

PTR-record

> set type=PTR> 193.74.208.137Server: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

137.208.74.193.in-addr.arpa name = jupiter.Belgium.EU.net208.74.193.in-addr.arpa nameserver = dns.eunet.be208.74.193.in-addr.arpa nameserver = ns.EU.netdns.eunet.be internet address = 193.74.208.137>

137.208.74.193.in-addr.arpa IN PTR jupiter.Belgium.EU.net

14

MX-record

> set type=MX> pharmacia.comServer: bebrump001.bebru.eu.pnu.comAddress: 10.240.72.65

Non-authoritative answer:pharmacia.com preference = 100, mail exchanger = gateway.pharmacia.compharmacia.com preference = 200, mail exchanger = gateway3.pharmacia.compharmacia.com preference = 100, mail exchanger = ns3.pharmacia.com

Authoritative answers can be found from:gateway.pharmacia.com internet address = 193.235.243.3gateway3.pharmacia.com internet address = 193.235.243.8>

pharmacia.com IN MX 100 gateway.pharmacia.compharmacia.com IN MX 100 ns3.pharmacia.compharmacia.com IN MX 200 gateway3.pharmacia.com

14

DNS Message Format

identification flagsQR opcode AA TC RD RA zero rcode

number of questions

questions

answers(variable number of resource records)

number of answer RRs

number of authority RRs number of additional RRs

authority(variable number of resource records)

additional information(variable number of resource records)

12 bytes

0 15 16 31

14

Question Portion of DNS Query Message

query name

query type query class

0 15 16 31