Transcript Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third
Edition
Chapter 7:
Domain Name System
Objectives
• Understand the history of Domain Name System
(DNS), types of services that DNS provides, types
of roles that DNS servers can play on a network,
and DNS database structure
• Understand how DNS servers handle name
resolution requests, including the role of nearby
and root servers in the resolution process, and the
difference between recursive and iterative name
resolution requests
• Explain the significance of DNS caching and the
value of data in DNS caches
IP Addressing and Related Topics
2
Objectives (continued)
• Understand DNS configuration files and resource
record formats, and describe the most common
DNS RR types
• Understand how to handle the loopback address
and root server data
• Use the NSLOOKUP command to gather name
server information, test DNS server configurations,
and inspect the contents of key DNS records on
such servers
IP Addressing and Related Topics
3
Objectives (continued)
• Explain how DNS queries and responses work, and
how they handle name resolution, DNS record
lookups, zone data transfers, and reverse DNS
queries
• Understand the purposes of, and drawbacks to,
implementing DNS in the real world
IP Addressing and Related Topics
4
DNS History and Background
• RFCs 882 and 883
– Original RFCs for DNS
– Created by Paul Mockapetris (also created JEEVES)
• BIND (Berkeley Internet Name Domain)
– Written by Kevin Dunlap in 1988
• Database segments
– Include only a portion of the overall namespace that
DNS can access for its clients
IP Addressing and Related Topics
5
DNS History and Background (continued)
• DNS combines the following virtues
– Allows local control over domain name database
segments
– Data from all database segments is available
everywhere
– Database information is robust and highly available
• DNS
– One of the most effective uses of distributed
database technology in the world today
IP Addressing and Related Topics
6
DNS Database Structure
• Mirrors structure of the domain namespace itself
• Top-level domains in the U.S.
–
–
–
–
–
–
.com
.edu
.gov
.mil
.net
.org
IP Addressing and Related Topics
7
IP Addressing and Related Topics
8
The DNS Namespace
• DNS
– Arbitrarily partitions tree and creates subtrees for
database information
• Domains (such as ibm.com)
– Can be broken into subdomains (such as
clearlake.ibm.com)
• Any valid domain name
– Ultimately resides within some specific DNS
database
IP Addressing and Related Topics
9
DNS Database Records
• Resource records
– Stores data associated with domain names, address
records, and other specific data
– Most commonly used types
•
•
•
•
•
Address (A) record
Canonical name (CNAME) record
Host information (HINFO) record
Mail exchange (MX) record
Name server (NS) record
IP Addressing and Related Topics
10
Delegating DNS Authority
• DNS
– Permits database record for primary DNS server to
delegate authority to DNS servers lower in domain
namespace
• Once authority is delegated
– Database for name server includes NS records that
point to name servers
• Organization of global DNS database
– Designed to make it quick and easy for name
servers to point to other name servers
IP Addressing and Related Topics
11
Types of DNS Servers
• Primary master name DNS server
– Where the primary DNS database files for the
domain(s) or subdomain(s) reside
• Primary master
– Distinguished from other name servers for a domain
• For any DNS zone
– There can be only one primary master name server
IP Addressing and Related Topics
12
Secondary DNS Server
• Gets its data for the zone from the master server
for that zone
• Zone data on a secondary server
– Always originates from a primary server
• Zone transfer
– Secondary DNS server gets data for the zone from
the master server for that zone
• Secondary, or slave, DNS servers
– Provide a back-up copy of the domain database for
a specific zone
IP Addressing and Related Topics
13
Caching Servers
• Store recently accessed DNS records from other
domains
• Caching-only server
– Speeds access to specific domain names by storing
a copy of the lookup data locally
• Size and Internet access volume
– Factors that determine if an organization implements
separate caching-only servers
IP Addressing and Related Topics
14
The Client Side of DNS
• Resolvers
– Issue requests for service, called name queries or
address requests, to domain name servers
• An address request
– Seeks to resolve a domain name to a corresponding
numeric IP address
• Name query (inverse DNS query)
– Seeks to resolve an address to a domain name
IP Addressing and Related Topics
15
How Domain Name Servers Work
• A TCP/IP client
– Usually some application or service that encounters
a domain name for which it needs an IP address
• Servers
– Queried in the order in which they appear in TCP/IP
configuration files (from top down)
• DNS servers
– Handle real name resolution
IP Addressing and Related Topics
16
Recursive Query
• Used by DNS resolvers to
– Delegate the first DNS server that they contact to go
out and find the necessary address translation
• In the grand DNS server hierarchy
– Any DNS server can issue iterative queries
– Only a DNS client or a root server can issue
recursive queries
IP Addressing and Related Topics
17
Iterative or Non-Recursive Queries
• Issued when one DNS server receives a recursive
request
• Do not cause other queries to be issued
• Reason some recursive name queries involve a
root server
– Root server always knows how to find whatever
DNS server is authoritative for the domain
IP Addressing and Related Topics
18
The Importance of DNS Caching
• All data in a DNS cache
– Has an expiration value
• DNS servers
– Cache name and address pairs for addresses they
resolved
– Keep information about name requests that result in
error messages
IP Addressing and Related Topics
19
DNS Configuration Files and Resource
Record Formats
• domain.dns
– The files that map host names to addresses
• addr.in-addr.arpa.dns
– Files that map addresses to domain names for
reverse lookups
• Every DNS zone file must contain
– SOA and NS records
– Records about host names or addresses in that
zone
IP Addressing and Related Topics
20
Start of Authority Record
• Identifies the current name server as the best
source of information for data in its zone
• Both secondary and primary name servers can
– Designate themselves as authoritative in their own
SOA records
IP Addressing and Related Topics
21
Address and Canonical Name
Records
• DNS, by default
– Accesses only the first IP address for a host when
multiple entries for a single domain name are
defined
• DNS round robin load balancing
– Permits a DNS server to keep track of which IP
addresses it has provided for a specific translation
– Rotates the IP addresses within the list of addresses
available
IP Addressing and Related Topics
22
Mapping Addresses to Names
• Records in the db.addr file
– Provided to support reverse DNS lookups
• Reverse address lookups
– Used primarily to determine if IP address that user
presents matches originating domain name
• Classful
– File structure of reverse DNS lookups
IP Addressing and Related Topics
23
Handling the Loopback Address
• To ensure proper handling of the reserved
loopback address
– The db.127.0.0 file must be created on each
individual machine
• db.127.0.0 file
– Begins with the required SOA record
– Then provides NS records
– Concludes with a PTR record
IP Addressing and Related Topics
24
Obtaining and Storing Root Server
Data
• On a Windows server running DNS
– Copy file to directory named
%SystemRoot%\System32\DNS directory
– Rename the file to cache.dns
IP Addressing and Related Topics
25
The NSLOOKUP Command
• Supported by Windows and UNIX
• Provides access to all kinds of DNS information
• Essential tool for testing, when configuring or
troubleshooting a DNS server
• Syntax
– nslookup domain-name [name-server]
IP Addressing and Related Topics
26
IP Addressing and Related Topics
27
IP Addressing and Related Topics
28
Using NSLOOKUP
• set OPTION command
– Used to examine specific types of resource records
• ls –a or ls –d
– Used to extract information from certain well-known
name servers
IP Addressing and Related Topics
29
IP Addressing and Related Topics
30
IP Addressing and Related Topics
31
DNS Query/Response Packet Formats
• Four sections in the DNS response packets
–
–
–
–
Question section
Answer section
Authority section
Additional section
IP Addressing and Related Topics
32
IP Addressing and Related Topics
33
DNS Query/Response Packet Formats
(continued)
• DNS query packet fields
–
–
–
–
–
–
–
–
ID Number Field
QR (Query/Response) Field
Opcode (Operation Code) Field
AA (Authoritative Answer) Field
TC (Truncation) Field
RD (Recursion Desired) Field
RA (Recursion Available) Field
Z (Reserved) Field
IP Addressing and Related Topics
34
IP Addressing and Related Topics
35
IP Addressing and Related Topics
36
IP Addressing and Related Topics
37
DNS Query/Response Packet Formats
(continued)
• DNS query packet fields
–
–
–
–
–
–
–
–
Rcode (Response Code) Field
Question Count Field
Answer Count Field
Name Server Count Field
Additional Records Count Field
Question Name Field
Question Type Field
Question Class Field
IP Addressing and Related Topics
38
DNS Query/Response Packet Formats
(continued)
• DNS query packet fields
–
–
–
–
–
–
Name Field
Type Field
Class Field
Time to Live Field
Resource Data Length Field
Resource Data Field
IP Addressing and Related Topics
39
DNS Implementation
• Handles two major address related-activities
– Resolving symbolic domain names into numeric IP
addresses
– Providing authoritative hostname-to-IP mapping
• DNS servers for internal use
– Usually focus on alleviating administration hassles
by leveraging DHCP, WINS, Active Directory
IP Addressing and Related Topics
40
The Trouble with DNS
• DNS database updates
– Require that a qualified administrator operates
directly on the DNS database files, or
– Uses special-purpose tools to make changes
• “Propagation delay”
– Time it takes for cached values to catch up with
changes to authoritative databases
IP Addressing and Related Topics
41
Additional Readings on DNS
• Cricket Liu, et al.: DNS on Windows Server 2003,
O’Reilly & Associates
• William Wong: Windows 2000 DNS Server,
Osborne/McGraw-Hill
• Paul Albitz and Cricket Liu: DNS and BIND, 4th
Edition, O’Reilly & Associates
• Craig Hunt: Linux DNS Server Administration,
Sybex Books, Alameda, CA
IP Addressing and Related Topics
42
Summary
• The Domain Name System
– Provides key address resolution service that makes
today’s Internet possible
• Impetus for DNS
– Arose from difficulty of maintaining static HOSTS
files for computers on the ARPANET
• DNS name servers
– Come in multiple varieties
IP Addressing and Related Topics
43
Summary (continued)
• DNS
– Maintains its data on a large collection of name
servers around the Internet
• DNS databases
– Consist of a collection of resource records (RRs)
• DNS clients
– Rely on a software component called a resolver to
interact with an available
IP Addressing and Related Topics
44
Summary (continued)
• DNS clients
– Rely on resolver to interact with available DNS
server for name resolution services
• DNS packet structures
– Incorporate type information that identifies the kind
of RR being carried
IP Addressing and Related Topics
45