Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.

Basic DNS Course

Lecturer: Ron Aitchison

Module 1

DNS Theory

Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries

Name Server Function

The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.

Why not use an address?

Names are easier to remember (google.com vs 206.23.9.4)

Multiple addressing schemes can be used (IPv4 and IPv6)

We can relocate the resource without affecting the user's view of the network

We can duplicate the resource for resilience

History of Name Servers Historically used files to name local

devices 1974'ish IBM's SNA contained name

translation capabilities 1978 Open system Interconnect (OSI)

Model – Name/Address Translation (L4) 1984 NetBIOS Name Server -> WINS 1981 – 1987 RFC 1034/1034 DNS

Name Server becomes Critical No Name Server = no network

access Resilience Performance

Number of Names LANS – 10s ->1,000s of addresses WANs (Internet) 1,000s -> millions

Frequency of Change

Domain Name System (DNS)

Multiple Name Servers Performance Resilience

Hierarchy of names (Domains) volume of names frequency of changes performance

DNS Name Hierarchy Organized into tree hierarchy

Top of the tree is called the root Each branch is called a Domain

Any number of branches or levels Top Level Domain (TLD), Second Level Domain

(SLD) Responsibility for Domain is Delegated Each Level is Authoritative

DNS Hierarchy

Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.

DNS Domain Name

Typical user domain name Each level is separated by dots Highest level is on the right Authority controls everything to the left

left of example.com in above case Authority may delegate

www.example.com

DNS Name Hierarchy

root

.us.com .arpaTLDs

Delegation

Authoritative

DNS TLD's gTLDs (generic Top Level Domains)

.com, .net, .org, .mil, .edu, .int, etc.

Some are open .com, .net, .org

Some restricted .mil, .edu, .int

Since 2004 sTLDs Sponsored

.coop, .museum, .aero, .travel, .jobs, .mobi, .cat, .tel, .asia Generic .info, .biz, .pro, .name

Since 2011 auction (essentially no limits only $)

DNS TLDsccTLDs (country code)

.us, .ca, .uk etc. Defined by ISO 3166

.arpa (technically a gTLD) ICANN (IANA) use only specialized uses

DNS – Some Terminology TLD

Top Level Domain SLD

Second Level Domain Can be used to refer to a user domain Confusing since in many countries the

user domain is the third level (TLD!)

DNS Name Hierarchy

TLDs

SLDs/User

Delegation and AuthorityOwner is authoritative at levelOwner may do anything to left of

nameOwner may delegate

DNS Domain Name

.com is gTLDexample is user domain namewho chose www?what is www?

www.example.com

DNS Domain Name

www.example.com.

DNS Domain Name

With the ending dot Fully Qualified Domain Name (FQDN) unambiguously defines a name to the root the dot (.) is the root and is normally

silent

www.example.com.

Domain Nameswww.example.md.uswww.guardian.co.ukwww.bancobrasil.com.brftp.example.orgwww.nashville.tn.uswww.br.example.netwww.un.int

Module 1

DNS Operations and Protocol

DNS - Operations/Protocol Authoritative DNS at every level in

name hierarchy DNS is interrogated using queries

Port 53 UDP (mostly) 512 byte blocks (EDNS0 64K)

Other Operations TCP on port 53

DNS - Operations

DNS Operations

root DNS Servers

user DNS Servers(example.com)

TLD DNS Servers

www.example.com

Queries

Query

Query

Query

Referral

Answer

Referral

DNS Operations Authoritative Name Server at every

level in domain name Name lookup asks (Queries) each

level in hierarchy If Name Server not authoritative it

returns a referral to next level If Name Server authoritative it

returns an answer

DNS - Operations 13 root servers a.root-servers.net – m.root-servers.net gTLD/ccTLD servers – variable

.com = 12 .net = 12 .org = 6

User servers – variable 2 minimum (Microsoft 5, Google 4)

DNS Operations

root DNS Servers

user DNS Servers(example.com)

TLD DNS Servers

www.example.com

caching DNS Server

Resolver

Queries

DNS Servers and Resolvers DNS (name) servers are:

Authoritative Caching Combinations

Resolvers are: Never Authoritative Full – Function (follows referrals) Stub-Resolver (cannot follow referrals) Caching Stub-Resolver

Authoritative DNSMay be a Master or Slave

Sometimes called Primary and Secondary

Responds authoritatively to a query for the complete address example.com authoritative server will

respond to www.example.com

DNS – Master and Slave

DNS - Master and Slave Master reads zone file from local storage Slave reads via network from Master Both Master and Slave are Authoritative May be one or more Slaves May be no slaves (multiple Masters) May be no visible masters (hidden

Master)

DNS – Zone Transfers Passive – Slave Initiated

Slave reads zone record (SOA) periodically Full Transfer (AXFR) Incremental Transfer (IXFR) Uses TCP on port 53

Active - Master sends NOTIFY Slave reads SOA on receipt of NOTIFY AXFR or IXFR Speeds up zone change propagation to slaves

DNS Zone Transfer

DNS QueriesRecursive Queries

requested server will provide answer Optional

Iterative (non-recursive) Queries Server will provide answer if available Else sends referral Mandatory

DNS Recursive/Iterative Queries

DNS - Queries Locally configured DNS (properties)

will always point to a recursive (caching) name server

PC have stub-resolvers (cannot follow referrals)

Windows have caching resolver stub-resolver cache for performance

Quick Quiz Who controls the domain name space? What is www.ny.us.example.com.br? How many DNS servers may be involved

in the above? One method to speed up name changes? Will an iterative query give me answer? What type of resolver is on your PC?